OmniUnlimited
asked on
JIRA mail not working
Hello Experts,
I tried to set up JIRA email on my server, and JIRA tells me that the test emails are sent successfully, but I never get anything.
Anyone able to help?
Thanks!
I tried to set up JIRA email on my server, and JIRA tells me that the test emails are sent successfully, but I never get anything.
Anyone able to help?
Thanks!
ASKER
Arnold, thank you so much for responding! The problem is that I don't know how to fill out the JIRA form correctly, I think. It asks for mailservers, and most mailservers I have seen use a subdomain prefix like mail.example.com. You helped set up the mail on this server. What would I use as the mailservers?
Is JIRA setup on the same system? you can use localhost/127.0.0.1. If JIRA is on a separate system, you have to update the DNS records to create a hostname i.e. such as internalmail.yourdomain.co m pointing to the Static IP of the mail server (must be static or RESERVED DHCP assigned IP i.e. you do not want a mail server that may shift to a new IP) Then within JIRA you will point to internalmail.yourdomain.co m
Note the configuration I helped you with only dealt with the functionality of the mail server and other components within the server, nothing dealt with how an external system/user will access it.
Note the configuration I helped you with only dealt with the functionality of the mail server and other components within the server, nothing dealt with how an external system/user will access it.
ASKER
I tried switching to localhost on JIRA. Once again, JIRA tells me the connection was successful, and so was the test email, but I received nothing.
Here is the maillog:
tail -f /usr/local/psa/var/log/mai llog
Here is the maillog:
tail -f /usr/local/psa/var/log/mai
Sep 30 20:21:53 xx-xx-xx-xx courier-pop3d: LOGOUT, user=noreply@example.com, ip=[::ffff:127.0.0.1], port=[xxx15], top=0, retr=0, rcvd=6, sent=30, time=0
Sep 30 20:22:46 xx-xx-xx-xx postfix/smtpd[xxx96]: connect from localhost.localdomain[127.0.0.1]
Sep 30 20:22:46 xx-xx-xx-xx postfix/smtpd[xxx96]: disconnect from localhost.localdomain[127.0.0.1]
Sep 30 20:23:01 xx-xx-xx-xx postfix/smtpd[xxx96]: connect from localhost.localdomain[127.0.0.1]
Sep 30 20:23:01 xx-xx-xx-xx postfix/smtpd[xxx96]: 0A5B0138053E: client=localhost.localdomain[127.0.0.1], sasl_method=LOGIN, sasl_username=noreply@example.com
Sep 30 20:23:01 xx-xx-xx-xx postfix/cleanup[xxx45]: 0A5B0138053E: message-id=<1698192024.5.1380597781045.JavaMail.jira@localhost.localdomain>
Sep 30 20:23:01 xx-xx-xx-xx postfix/qmgr[xxx70]: 0A5B0138053E: from=<noreply@example.com>, size=842, nrcpt=1 (queue active)
Sep 30 20:23:01 xx-xx-xx-xx postfix/smtpd[xxx96]: disconnect from localhost.localdomain[127.0.0.1]
Sep 30 20:23:01 xx-xx-xx-xx postfix/smtp[xxx47]: connect to mail.example.com[xx.xx.xx.xx]:25: Connection refused
Sep 30 20:23:01 xx-xx-xx-xx postfix/smtp[xxx47]: 0A5B0138053E: to=<joe@example.com>, relay=none, delay=0.28, delays=0.05/0.01/0.22/0, dsn=4.4.1, status=deferred (connect to mail.example.com[xx.xx.xx.xx]:25: Connection refused)
Sep 30 20:25:44 xx-xx-xx-xx postfix/qmgr[xxx70]: EE457138052F: from=<noreply@example.com>, size=855, nrcpt=1 (queue active)
Sep 30 20:25:44 xx-xx-xx-xx postfix/smtp[xxx88]: connect to mail.example.com[xx.xx.xx.xx]:25: Connection refused
Sep 30 20:25:44 xx-xx-xx-xx postfix/smtp[xxx88]: EE457138052F: to=<joe@example.com>, relay=none, delay=2313, delays=2313/0.02/0.22/0, dsn=4.4.1, status=deferred (connect to mail.example.com[xx.xx.xx.xx]:25: Connection refused)
The problem for me is without explicit detail where mail.example.com is, i.e. is it a local server or is it an external server that is refusing connections.
In the log it indicates that your postfix now tries to connect to an external mail.example.com to deliver email for user joe@example.com, but the connection is being refused.
Is this mail server (postfix) supposed to handle emails for example.com?
If so, make sure it is listed in the mydomain within /etc/postfix/main.cf
it looks as though you configured your postfix to require authentication from user, but did not exclude the local lan nor 127.0.0.1.
In the log it indicates that your postfix now tries to connect to an external mail.example.com to deliver email for user joe@example.com, but the connection is being refused.
Is this mail server (postfix) supposed to handle emails for example.com?
If so, make sure it is listed in the mydomain within /etc/postfix/main.cf
it looks as though you configured your postfix to require authentication from user, but did not exclude the local lan nor 127.0.0.1.
ASKER
Sorry for the delay in getting back to you. The Internet went down! (Lousy timing)
Is this mail server (postfix) supposed to handle emails for example.com?
Yes.
If so, make sure it is listed in the mydomain within /etc/postfix/main.cf
Ok, I did not set mydomain on the last question, just myhostname which is example.com. Is mydomain supposed to be example.com, or mail.example.com (which is the one pointed to in the MX record)?
it looks as though you configured your postfix to require authentication from user, but did not exclude the local lan nor 127.0.0.1.
Um, I really don't know what you are talking about... sorry. Can you guide me to get this setup right?
Is this mail server (postfix) supposed to handle emails for example.com?
Yes.
If so, make sure it is listed in the mydomain within /etc/postfix/main.cf
Ok, I did not set mydomain on the last question, just myhostname which is example.com. Is mydomain supposed to be example.com, or mail.example.com (which is the one pointed to in the MX record)?
it looks as though you configured your postfix to require authentication from user, but did not exclude the local lan nor 127.0.0.1.
Um, I really don't know what you are talking about... sorry. Can you guide me to get this setup right?
myhostname you can change to mail.example.com
mydomain you can set to example.com
The difficulty deals with where the information to resolve mail.example.com to xxx.xxx.xxx.xxx comes from and whether the xxx.xxx.xxx.xxx has a firewall that allows port 25 through.
mydomain you can set to example.com
The difficulty deals with where the information to resolve mail.example.com to xxx.xxx.xxx.xxx comes from and whether the xxx.xxx.xxx.xxx has a firewall that allows port 25 through.
ASKER
Good Morning arnold,
Thanks for staying with me. I've changed myhostname to the name on the MX record, and mydomain as the site domain as you instructed, and restarted postfix.
You were right, and I am sorry I missed that (I missed it because the two domains are so similar) but the mail server that is rejecting is an external server (which I should have listed as mail.othersite.com, not mail.example.com)
I sent a test message again through PHP just to make sure I didn't screw things up on that end and that message came through fine. I tried the JIRA, and the same errors are occurring:
I have root access to the other server. What info do you need to determine if port 25 is blocked?
Thanks for staying with me. I've changed myhostname to the name on the MX record, and mydomain as the site domain as you instructed, and restarted postfix.
You were right, and I am sorry I missed that (I missed it because the two domains are so similar) but the mail server that is rejecting is an external server (which I should have listed as mail.othersite.com, not mail.example.com)
I sent a test message again through PHP just to make sure I didn't screw things up on that end and that message came through fine. I tried the JIRA, and the same errors are occurring:
Oct 1 07:26:00 xx-xx-xx-xx postfix/smtpd[xx62]: connect from localhost.localdomain[127.0.0.1]
Oct 1 07:26:00 xx-xx-xx-xx postfix/smtpd[xx62]: 9FDE713803D8: client=localhost.localdomain[127.0.0.1], sasl_method=LOGIN, sasl_username=noreply@example.com
Oct 1 07:26:00 xx-xx-xx-xx postfix/cleanup[xx65]: 9FDE713803D8: message-id=<233045696.6.1380637560657.JavaMail.jira@localhost.localdomain>
Oct 1 07:26:00 xx-xx-xx-xx postfix/qmgr[xx54]: 9FDE713803D8: from=<noreply@example.com>, size=845, nrcpt=1 (queue active)
Oct 1 07:26:00 xx-xx-xx-xx postfix/smtpd[xx62]: disconnect from localhost.localdomain[127.0.0.1]
Oct 1 07:26:00 xx-xx-xx-xx postfix/smtp[xx66]: connect to mail.othersite.com[xx.xx.xx.xx]:25: Connection refused
Oct 1 07:26:00 xx-xx-xx-xx postfix/smtp[xx66]: 9FDE713803D8: to=<joe@othersite.com>, relay=none, delay=0.31, delays=0.04/0.01/0.26/0, dsn=4.4.1, status=deferred (connect to mail.othersite.com[xx.xx.xx.xx]:25: Connection refused)
I have root access to the other server. What info do you need to determine if port 25 is blocked?
Look at the log on the othersite server to see whether it has a record of the incoming connection from mail.example.com. I suspect you have something else in front that ..
Try the following while in the shell of mail.example.com
telnet mail.example.com 25
What is the response?
ehlo Mail.example.com
Mail from: joe@example.com
Rcpt to: joe@othersite.com
Data
From: joe@example.com
To: joe@othersite.com
Subject: testing smtp
This is a test
.
See whether you always get 2xx, 3xx to the commands you send if a connection can be established.
Try the following while in the shell of mail.example.com
telnet mail.example.com 25
What is the response?
ehlo Mail.example.com
Mail from: joe@example.com
Rcpt to: joe@othersite.com
Data
From: joe@example.com
To: joe@othersite.com
Subject: testing smtp
This is a test
.
See whether you always get 2xx, 3xx to the commands you send if a connection can be established.
ASKER
I ran the tail -f /usr/local/psa/var/log/mai llog command on the othersite.com server after I tried to send it an email through JIRA and there was nothing regarding my attempt registered in the log. The log contains references to qmail on this server.
As you suspected, it looks like the connection through port 25 is blocked because doing a telnet to mail.othersite.com from the same server where it supposedly sits results in a "Connection refused" error. I was able to connect through port 26, however.
Would it be easy to switch the example.com port to 26 instead of 25?
The server tells me that the ehlo command is not found. I could not run your test. I thought maybe you meant "echo" like you did in the test you ran in the previous question, but the two formats were too different, I wanted to ask you first.
As you suspected, it looks like the connection through port 25 is blocked because doing a telnet to mail.othersite.com from the same server where it supposedly sits results in a "Connection refused" error. I was able to connect through port 26, however.
Would it be easy to switch the example.com port to 26 instead of 25?
The server tells me that the ehlo command is not found. I could not run your test. I thought maybe you meant "echo" like you did in the test you ran in the previous question, but the two formats were too different, I wanted to ask you first.
port 25 is the standard MX/Mail port.
Are you currently getting external emails sent to othersite.com delivered?
Check the firewall if any to make sure it is allowing traffic through on port 25.
if mail.othersite.com and mail.example.com are one and the same, edit /etc/hosts with an entry
127.0.0.1 mail.othersite.com mail.example.com
And see if that makes a difference.
The example in the recent post was to establish and perform and actual SMTP transaction with you behaving/functioning as a sending email server/client.
Are you currently getting external emails sent to othersite.com delivered?
Check the firewall if any to make sure it is allowing traffic through on port 25.
if mail.othersite.com and mail.example.com are one and the same, edit /etc/hosts with an entry
127.0.0.1 mail.othersite.com mail.example.com
And see if that makes a difference.
The example in the recent post was to establish and perform and actual SMTP transaction with you behaving/functioning as a sending email server/client.
ASKER
Are you currently getting external emails sent to othersite.com delivered?
Yes, the othersite.com server is our main email system, I would suspect that the firewall is allowing traffic through port 25.
mail.example.com and mail.othersite.com are not one in the same, if they even exist, because I don't remember having set up anything like that in the email setup I did with you. If they exist, they would be housed on separate servers.
Can any other command perform the SMTP transaction you talked about besides ehlo?
Yes, the othersite.com server is our main email system, I would suspect that the firewall is allowing traffic through port 25.
mail.example.com and mail.othersite.com are not one in the same, if they even exist, because I don't remember having set up anything like that in the email setup I did with you. If they exist, they would be housed on separate servers.
Can any other command perform the SMTP transaction you talked about besides ehlo?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wait, I am sorry. Did I say that I'm very new at this? You left me in the dust back there.
I don't know how to do half of the things you talked about, like checking the firewall to see if it allows connections to port 25.
Now you stated:
One option is to configure mail.example.com to send all its mail through mail.othersite.com using its internal IP.
I know I don't know what I'm doing, but that sounds very bad to me. Why would I want to route mail from one server through the email system of another server (especially since one server has absolutely nothing to do with the other) when the server that generates the mail has a working email system? (At least it is working for PHP and roundcube.) In fact, now that we have been working on this, it appears that the only problem with the email system is that it won't send emails to our othersite.com server.
Are you saying there is no way to get this to work using the example.com server? I mean, now that we've been at this, it appears that something could be done, like I had mentioned that telneting through port 26 worked. Can't we change the mail port on example.com to 26?
I don't know how to do half of the things you talked about, like checking the firewall to see if it allows connections to port 25.
Now you stated:
One option is to configure mail.example.com to send all its mail through mail.othersite.com using its internal IP.
I know I don't know what I'm doing, but that sounds very bad to me. Why would I want to route mail from one server through the email system of another server (especially since one server has absolutely nothing to do with the other) when the server that generates the mail has a working email system? (At least it is working for PHP and roundcube.) In fact, now that we have been working on this, it appears that the only problem with the email system is that it won't send emails to our othersite.com server.
Are you saying there is no way to get this to work using the example.com server? I mean, now that we've been at this, it appears that something could be done, like I had mentioned that telneting through port 26 worked. Can't we change the mail port on example.com to 26?
Often, for application based servers as your mail.example.com it is easier to have the email handled by the local mail server and it delivers the message to the recipient versus having the application within the web server, etc. trying to connect to a remote mail server performing an SMTP message exchange. The difference deals with overhead direct submission to local mailserver is less taxing then the other alternative.
Back to your question. There are situation where only certain systems are allowed external access and routing emails from internal servers that have no external access to those that do is necessary.
In your case, as my prior posts suggests you have two options.
One deals with creating an entry in /etc/hosts pointing mail.othersite.com to its internal IP.
The other deals with setting up a transport file that says send all messages addressed to othersite.com through the smtp:internalIP:25
A yet another option deals with whether your organization has internal DNS servers within which you can define mail.othersite.com that points to the internal IP. This requires that your mail.example.com server uses the internal DNS servers for name resolution.
Many options. You can choose whichever suits you best. Note that DNS management provides the highest flexibility while file based change will require you to make changes should the server ever change IP or additional servers are added.
Back to your question. There are situation where only certain systems are allowed external access and routing emails from internal servers that have no external access to those that do is necessary.
In your case, as my prior posts suggests you have two options.
One deals with creating an entry in /etc/hosts pointing mail.othersite.com to its internal IP.
The other deals with setting up a transport file that says send all messages addressed to othersite.com through the smtp:internalIP:25
A yet another option deals with whether your organization has internal DNS servers within which you can define mail.othersite.com that points to the internal IP. This requires that your mail.example.com server uses the internal DNS servers for name resolution.
Many options. You can choose whichever suits you best. Note that DNS management provides the highest flexibility while file based change will require you to make changes should the server ever change IP or additional servers are added.
ASKER
Oops, may have to scratch my last idea, a telnet mail.othersite.com 26 got a connection timed out error.
I don't understand why the mail.othersite.com server is having such a hard time getting emails?
There are situation where only certain systems are allowed external access and routing emails from internal servers that have no external access to those that do is necessary.
I am not certain what you mean by "internal" vs. "external" servers. As I mentioned before, the two servers are very different servers. They are not even housed in the same room. And both servers house different websites. I would say they have external access.
The mail.othersite.com server should have full external access. If it does not, can we make it have it, because this should have been done in the first place and is probably due to some misconfiguration somewhere?
I don't understand why the mail.othersite.com server is having such a hard time getting emails?
There are situation where only certain systems are allowed external access and routing emails from internal servers that have no external access to those that do is necessary.
I am not certain what you mean by "internal" vs. "external" servers. As I mentioned before, the two servers are very different servers. They are not even housed in the same room. And both servers house different websites. I would say they have external access.
The mail.othersite.com server should have full external access. If it does not, can we make it have it, because this should have been done in the first place and is probably due to some misconfiguration somewhere?
Mail.othersite.com has full access to external and external senders have access to it as well. In your case your Mail.example.com internal mail server is also trying to reach mail.othersite.com via external means.
Internet <=> router/firewall <=> LAN switch/systems.
Mail.othersite.com has xx.xx.xx.xx IP address which is on the Internet side' public
Your mail.example.com tries the following <=> LAN <=> router/firewall
/*
mail.othersite.com <=>LAN <= _x*
The * marked route is on most routers/firewalls is configured to deny this dealt with the old spoofing attacks which I will not go through to avoid adding extraneous information.
The short dealt with information sent to the router with the source reflected as an internal IP.
If you are interested in ore details, look up "IP spoofing attack."
Internet <=> router/firewall <=> LAN switch/systems.
Mail.othersite.com has xx.xx.xx.xx IP address which is on the Internet side' public
Your mail.example.com tries the following <=> LAN <=> router/firewall
/*
mail.othersite.com <=>LAN <= _x*
The * marked route is on most routers/firewalls is configured to deny this dealt with the old spoofing attacks which I will not go through to avoid adding extraneous information.
The short dealt with information sent to the router with the source reflected as an internal IP.
If you are interested in ore details, look up "IP spoofing attack."
ASKER
But, mail.example.com is trying to access mail.othersite.com by external means because it IS external to mail.othersite.com. They share nothing in common. I am simply trying to access mail.othersite.com just like everybody else in the world can do.
Oh, and BTW, I updated iptables on the mail.othersite.com to accept connections via port 26. I did a telnet from the mail.example.com server and it successfully connected! woohoo!
Can't we try changing the smtp port on mail.example.com to port 26 and see if it will work?
Oh, and BTW, I updated iptables on the mail.othersite.com to accept connections via port 26. I did a telnet from the mail.example.com server and it successfully connected! woohoo!
Can't we try changing the smtp port on mail.example.com to port 26 and see if it will work?
Is mail.example.com outside the LAN of mail.othersite.com?
In this case you have something configured on the firewall that allows some, but denies others.
Are there any VPN test up between the location where mail.example.com is and where mail.othersite.com is?
is there any telnet IP 25 that you can run that will get you successfully from mail.example.com to the mail.othersite.com?
Does your othersite.com subscribe to google mail's or any other mail filtering service?
In this case you have something configured on the firewall that allows some, but denies others.
Are there any VPN test up between the location where mail.example.com is and where mail.othersite.com is?
is there any telnet IP 25 that you can run that will get you successfully from mail.example.com to the mail.othersite.com?
Does your othersite.com subscribe to google mail's or any other mail filtering service?
ASKER
Is mail.example.com outside the LAN of mail.othersite.com?
I don't know. I would assume that it is. Is there any way to check?
Are there any VPN test up between the location where mail.example.com is and where mail.othersite.com is?
Also don't know (sorry if I'm not being very helpful.)
is there any telnet IP 25 that you can run that will get you successfully from mail.example.com to the mail.othersite.com?
I can't find any. I tried running tests through php and roundcube and they all had "connection refused" errors. I am wondering if these problems would still occur through port 26 since I was able to successfully telnet through it.
Does your othersite.com subscribe to google mail's or any other mail filtering service?
No. Not to my knowledge.
I don't know. I would assume that it is. Is there any way to check?
Are there any VPN test up between the location where mail.example.com is and where mail.othersite.com is?
Also don't know (sorry if I'm not being very helpful.)
is there any telnet IP 25 that you can run that will get you successfully from mail.example.com to the mail.othersite.com?
I can't find any. I tried running tests through php and roundcube and they all had "connection refused" errors. I am wondering if these problems would still occur through port 26 since I was able to successfully telnet through it.
Does your othersite.com subscribe to google mail's or any other mail filtering service?
No. Not to my knowledge.
Any chance you can post the actual domain names involved? Is it any variation/derivative of your username?
Compare the internal Ips of mail.othersite.com to that of mail.example.com.
Netstat -rn.
Ping the default gateway/router often .1 on the LAN.
After you ping use arp -a default_router.
Compare the two results. If they are one and the same, that means they are on the same network.
Can mail.example.com send any email to an external email address?gmail, yahoo, hotmail,live, etc.
Compare the internal Ips of mail.othersite.com to that of mail.example.com.
Netstat -rn.
Ping the default gateway/router often .1 on the LAN.
After you ping use arp -a default_router.
Compare the two results. If they are one and the same, that means they are on the same network.
Can mail.example.com send any email to an external email address?gmail, yahoo, hotmail,live, etc.
ASKER
Any chance you can post the actual domain names involved?
No, I'm sorry I can't. The best I can do is to tell you that the two domains are the same with the exception of the top level domains which are different (e.g. .org vs. .com).
Is it any variation/derivative of your username?
Are you talking the username of the email we are using? If this is the case then yes, because the username is just the email address (e.g. noreply@example.com)
Compare the internal Ips of mail.othersite.com to that of mail.example.com
The netstat command showed very different ip's for both servers with the exception of two listings:
mail.othersite.com
mail.example.com
Ping the default gateway/router often .1 on the LAN.
How do I find the IP of the gateway/router? I mean, I know how to do it on my home network, the IP is generally 192.168.0.1 or something like that, but on a server, I have no idea.
Can mail.example.com send any email to an external email address?
Yes, it can. It sends messages fine to everywhere with the exception of mail.othersite.com.
No, I'm sorry I can't. The best I can do is to tell you that the two domains are the same with the exception of the top level domains which are different (e.g. .org vs. .com).
Is it any variation/derivative of your username?
Are you talking the username of the email we are using? If this is the case then yes, because the username is just the email address (e.g. noreply@example.com)
Compare the internal Ips of mail.othersite.com to that of mail.example.com
The netstat command showed very different ip's for both servers with the exception of two listings:
mail.othersite.com
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
mail.example.com
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
Ping the default gateway/router often .1 on the LAN.
How do I find the IP of the gateway/router? I mean, I know how to do it on my home network, the IP is generally 192.168.0.1 or something like that, but on a server, I have no idea.
Can mail.example.com send any email to an external email address?
Yes, it can. It sends messages fine to everywhere with the exception of mail.othersite.com.
169.254.0.0 are ranges used when DHCP IP assignment fails.
usually IPs on the LAN are in the form of 10.x.x.x, 172.16-31.x.x or 192.168.x.x
is the IP for mail.othersite.com that you are masking starts with 169.254.x.x?
If so, that may explain the issue. mail.example.com having an IP on the 169.254.y.y sees mail.othersite.com with IP 169.254.x.x as local and tries to reach it directly versus sending the data to the default router/gateway.
usually IPs on the LAN are in the form of 10.x.x.x, 172.16-31.x.x or 192.168.x.x
is the IP for mail.othersite.com that you are masking starts with 169.254.x.x?
If so, that may explain the issue. mail.example.com having an IP on the 169.254.y.y sees mail.othersite.com with IP 169.254.x.x as local and tries to reach it directly versus sending the data to the default router/gateway.
ASKER
I tried pinging 192.168.0.1 like I would on my home system and got responses from both servers.
I ran arp -a 192.168.0.1 (hope this was right) and the results are as follows:
mail.othersite.com
mail.example.com
is the IP for mail.othersite.com that you are masking starts with 169.254.x.x?
If you are talking about the IP for mail.othersite.com that shows up when I execute the tail -f command, then no, it shows the proper IP for that site.
I ran arp -a 192.168.0.1 (hope this was right) and the results are as follows:
mail.othersite.com
arp: in 1 entries no match found.
mail.example.com
arp: in 2 entries no match found.
is the IP for mail.othersite.com that you are masking starts with 169.254.x.x?
If you are talking about the IP for mail.othersite.com that shows up when I execute the tail -f command, then no, it shows the proper IP for that site.
While people can use any IP on their LAN, there are recommended/IPs designed for this purpose. The use of other IPs can have issues as your situation seems to point to.
Who within your organization can address the IP setup question?
You need to check with them how to get mail.example.com to contact Mail.othersite.com.
Who within your organization can address the IP setup question?
You need to check with them how to get mail.example.com to contact Mail.othersite.com.
ASKER
Ok, so it's your premise then that mail.example.com is actually an internal server and that there is no way to connect to mail.othersite.com using external means?
Usually an IP on the 169.254.x.x indicates an issue. In your case given both systems can and do send/receive and access the net indicates there is some different setup.
The problem you are running into
both systems see 169.254.x.x as local
i.e. person A resides at 300 west main street (some city)
Person B resides at 302 west main street (some other city)
Each knows only the street address of the other (no info on city).
The mail person is courteous and looks at the address.
Person A addresses a letter to 302 west main street and puts it into the mail box.
The mail person, picks up, and drops the letter one place down at 302 west main street.
The neighbor of the sender, indicates that this is not meant for them and sends it back.
This is effectively what seems to be going on with your mail servers. othersite might be somewhere else, but as far as mail.example.com the 169.254.x.x IP is right around the corner.
http://whois.arin.net/rest/net/NET-169-254-0-0-1/pft
The problem you are running into
both systems see 169.254.x.x as local
i.e. person A resides at 300 west main street (some city)
Person B resides at 302 west main street (some other city)
Each knows only the street address of the other (no info on city).
The mail person is courteous and looks at the address.
Person A addresses a letter to 302 west main street and puts it into the mail box.
The mail person, picks up, and drops the letter one place down at 302 west main street.
The neighbor of the sender, indicates that this is not meant for them and sends it back.
This is effectively what seems to be going on with your mail servers. othersite might be somewhere else, but as far as mail.example.com the 169.254.x.x IP is right around the corner.
http://whois.arin.net/rest/net/NET-169-254-0-0-1/pft
ASKER
Ah, ok. I really appreciate the break down. That was very helpful! Thank you.
One of your suggestions you suggested making a new entry in the /etc/hosts file:
One way is to do it in /etc/hosts
Xxx.xxx.xxx.xxx mail.othersite.com
Where Xxx.xxx.xxx.xxx is the internal IP of mail.othersite.co
The only IP address I know is the one where I can access it through SSH and via a web browser. Is this the one you were referring to, or is there another "internal" version?
One of your suggestions you suggested making a new entry in the /etc/hosts file:
One way is to do it in /etc/hosts
Xxx.xxx.xxx.xxx mail.othersite.com
Where Xxx.xxx.xxx.xxx is the internal IP of mail.othersite.co
The only IP address I know is the one where I can access it through SSH and via a web browser. Is this the one you were referring to, or is there another "internal" version?
The IP you use for ssh, are you able to use the same IP with port 25 via telnet to connect? If so, yes, adding this IP to /etc/hosts with mail.othersite.com may work.
ASKER
No, I get a "connection refused" error when I try to telnet port 25 on that IP address. I am able to connect via port 26, however.
What is on port 26?
Does it say
200 mail.othersite.com qmail?
Does it say
200 mail.othersite.com qmail?
ASKER
No. It says
220 othersite.com ESMTP
Can I route this port over to 25 and bypass the block, or can I reconfigure this port to read mail.othersite.com qmail?
220 othersite.com ESMTP
Can I route this port over to 25 and bypass the block, or can I reconfigure this port to read mail.othersite.com qmail?
You can using the transport file
Othersite.com SMTP:IP:26
Othersite.com SMTP:IP:26
ASKER
Ok, looking over your comment ID: 39537614 I found the following statements containing the word "transport" within the main.cf file:
Do I change any of these, or are they just reference? I checked the /var/spool/postfix/plesk/ folder and it is filled with databases, which I presume gets updated/created using the postmap command.
You stated:
The transport file in /etc/postfix/transport has an example
I.e.
Othersite.com. Smtp:xxx.xxx.xxx.xxx:25
You then need to run postmap to convert the plain text transport file to a hash, database as configured within the main.cf.
I found the transport file, and basically it's just a text file with syntax and formats for the file. Since I've never done this before, I was wondering if you could take me by the hand and show me the way? Do I just set up a text file (using nano or some other similar editor) with that line Othersite.com SMTP:IP:26 and run postmap on it? What is the syntax of postmap to do this?
Also, why are we doing all this on mail.example.com? Shouldn't we be modifying settings on mail.othersite.com? And if so, I know nothing about qmail.
virtual_transport = plesk_virtual
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#mailbox_transport = cyrus
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport =
transport_maps = , hash:/var/spool/postfix/plesk/transport
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
Do I change any of these, or are they just reference? I checked the /var/spool/postfix/plesk/ folder and it is filled with databases, which I presume gets updated/created using the postmap command.
You stated:
The transport file in /etc/postfix/transport has an example
I.e.
Othersite.com. Smtp:xxx.xxx.xxx.xxx:25
You then need to run postmap to convert the plain text transport file to a hash, database as configured within the main.cf.
I found the transport file, and basically it's just a text file with syntax and formats for the file. Since I've never done this before, I was wondering if you could take me by the hand and show me the way? Do I just set up a text file (using nano or some other similar editor) with that line Othersite.com SMTP:IP:26 and run postmap on it? What is the syntax of postmap to do this?
Also, why are we doing all this on mail.example.com? Shouldn't we be modifying settings on mail.othersite.com? And if so, I know nothing about qmail.
First thing first, the reason you need to jump through these hoops is because your mail.example.com has an issue accessing mail.othersite.com through regular means.
I.e. Lookup the mail server responsible for othersite.com.
Connect to the mail server and deliver the message it has for the recipient on the othersite.com domain.
The transport_map
http://www.postfix.org/transport.5.html
Check whether plesk has a directive to rebuild transport or actually add records into it.
Using nano, open /var/spool/postfix/plesk/t ransport
At the bottom of the page add
Othersite.com smtp:ssh_external_ip:26
After saving the file,
postmap -c /etc/postfix/main.cf hash:/var/spool/postfix/pl esk/transp ort
There is no need to restart postfix, postfix will reread the changes the next time an outgoing message is processed by it.
I.e. Lookup the mail server responsible for othersite.com.
Connect to the mail server and deliver the message it has for the recipient on the othersite.com domain.
The transport_map
http://www.postfix.org/transport.5.html
Check whether plesk has a directive to rebuild transport or actually add records into it.
Using nano, open /var/spool/postfix/plesk/t
At the bottom of the page add
Othersite.com smtp:ssh_external_ip:26
After saving the file,
postmap -c /etc/postfix/main.cf hash:/var/spool/postfix/pl
There is no need to restart postfix, postfix will reread the changes the next time an outgoing message is processed by it.
ASKER
Thanks arnold! I really appreciate all the assistance.
There is no /var/spool/postfix/plesk/t ransport file, nano opens a new file. Is this ok?
There is no /var/spool/postfix/plesk/t
Yes.
An alternative could be to do the following.
Use nano to edit /etc/postfix/main.cf
Get to transport_map between the = and the , there add hash:/etc/postfix/transpor t
This way you will have two transport maps. One presumably managed by plesk if you add additional domains that are handled by this mail server (future consideration deals withi.e. You need the mail server to handle example.com and examples.com, another example.com, etc. while each has its own mailboxes.)
The /etc/postfix/transport includes at the top the instruction/examples.
Within this transport file add
Othersite.com smtp:ssh_ip:26
postmap hash:/etc/postfix/transpor t
Then see if your currently queued up emails start going out. Or generate a test message and check the log.
An alternative could be to do the following.
Use nano to edit /etc/postfix/main.cf
Get to transport_map between the = and the , there add hash:/etc/postfix/transpor
This way you will have two transport maps. One presumably managed by plesk if you add additional domains that are handled by this mail server (future consideration deals withi.e. You need the mail server to handle example.com and examples.com, another example.com, etc. while each has its own mailboxes.)
The /etc/postfix/transport includes at the top the instruction/examples.
Within this transport file add
Othersite.com smtp:ssh_ip:26
postmap hash:/etc/postfix/transpor
Then see if your currently queued up emails start going out. Or generate a test message and check the log.
ASKER
Ok, /etc/postfix/main.cf now has the following line:
Is this correct?
I included othersite.com smtp:ssh_ip:26 at the bottom of the /etc/postfix/transport file and ran the postmap hash:/etc/postfix/transpor t command.
Still not getting anything. I checked the log using the tail -f command and got the following:
Per your instructions, I did not restart postfix. Looks like it is in some sort of a loop?
transport_maps = hash:/etc/postfix/transport, hash:/var/spool/postfix/plesk/transport
Is this correct?
I included othersite.com smtp:ssh_ip:26 at the bottom of the /etc/postfix/transport file and ran the postmap hash:/etc/postfix/transpor
Still not getting anything. I checked the log using the tail -f command and got the following:
Oct 1 17:13:33 xx-xx-xx-xx courier-imapd: Connection, ip=[::1]
Oct 1 17:13:33 xx-xx-xx-xx courier-imapd: LOGIN, user=noreply@example.com, ip=[::1], port=[xx411], protocol=IMAP
Oct 1 17:13:33 xx-xx-xx-xx courier-imapd: LOGOUT, user=noreply@example.com, ip=[::1], headers=0, body=0, rcvd=52, sent=156, time=0
Oct 1 17:14:33 xx-xx-xx-xx courier-imapd: Connection, ip=[::1]
Oct 1 17:14:33 xx-xx-xx-xx courier-imapd: LOGIN, user=noreply@example.com, ip=[::1], port=[xx413], protocol=IMAP
Oct 1 17:14:33 xx-xx-xx-xx courier-imapd: LOGOUT, user=noreply@example.com, ip=[::1], headers=0, body=0, rcvd=52, sent=156, time=0
Oct 1 17:15:33 xx-xx-xx-xx courier-imapd: Connection, ip=[::1]
Oct 1 17:15:33 xx-xx-xx-xx courier-imapd: LOGIN, user=noreply@example.com, ip=[::1], port=[xx418], protocol=IMAP
Oct 1 17:15:33 xx-xx-xx-xx courier-imapd: LOGOUT, user=noreply@example.com, ip=[::1], headers=0, body=0, rcvd=52, sent=156, time=0
Oct 1 17:16:33 xx-xx-xx-xx courier-imapd: Connection, ip=[::1]
Oct 1 17:16:33 xx-xx-xx-xx courier-imapd: LOGIN, user=noreply@example.com, ip=[::1], port=[xx420], protocol=IMAP
Oct 1 17:16:33 xx-xx-xx-xx courier-imapd: LOGOUT, user=noreply@example.com, ip=[::1], headers=0, body=0, rcvd=52, sent=156, time=0
Per your instructions, I did not restart postfix. Looks like it is in some sort of a loop?
You are looking in the wrong log. Courier-imap is the front end interface allowing an IMAP enabled email client to access/view emails delivered.
You need to look at /usr/psa/var/log/maillog for message handling by postfix.
You need to look at /usr/psa/var/log/maillog for message handling by postfix.
ASKER
? The log I displayed IS the /usr/local/psa/var/log/mai llog file?
tail -f /usr/local/psa/var/log/mai llog
NEWS UPDATE -
The loop seems to have stopped, and I ran a test. It looks like the connection took! However, the message bounced for some reason:
tail -f /usr/local/psa/var/log/mai
NEWS UPDATE -
The loop seems to have stopped, and I ran a test. It looks like the connection took! However, the message bounced for some reason:
Oct 1 17:48:28 xx-xx-xx-xx postfix/pickup[xx63]: 729621380538: uid=10000 from=<openoffi>
Oct 1 17:48:28 xx-xx-xx-xx postfix/cleanup[xx51]: 729621380538: message-id=<20131002004828.729621380538@mail.example.com>
Oct 1 17:48:28 xx-xx-xx-xx postfix/qmgr[xx84]: 729621380538: from=<joe@mail.example.com>, size=936, nrcpt=1 (queue active)
Oct 1 17:48:28 xx-xx-xx-xx postfix/smtp[xx54]: 729621380538: to=<joe@othersite.com>, relay=none, delay=0.09, delays=0.08/0.01/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=ssh_ip type=AAAA: Host not found)
Oct 1 17:48:28 xx-xx-xx-xx postfix/cleanup[xx51]: 89CC8138053A: message-id=<20131002004828.89CC8138053A@mail.example.com>
Oct 1 17:48:28 xx-xx-xx-xx postfix/bounce[xx55]: 729621380538: sender non-delivery notification: 89CC8138053A
Oct 1 17:48:28 xx-xx-xx-xx postfix/qmgr[xx84]: 89CC8138053A: from=<>, size=2876, nrcpt=1 (queue active)
Oct 1 17:48:28 xx-xx-xx-xx postfix/qmgr[xx84]: 729621380538: removed
Oct 1 17:48:29 xx-xx-xx-xx postfix/smtp[xx54]: 89CC8138053A: to=<joe@mail.example.com>, relay=none, delay=0.42, delays=0.03/0/0.38/0, dsn=5.4.6, status=bounced (mail for mail.example.com loops back to myself)
Oct 1 17:48:29 xx-xx-xx-xx postfix/qmgr[xx84]: 89CC8138053A: removed
not sure whether plesk allows, or whether you need to edit the courier-imap configuration to have it log to a different log file /usr/psa/var/log/courier-i map/maillo g.
I do not know what mail server actually is answering the call on ssh_ip port 26.
But it is not mail.othersite.com since it is rejecting emails to user@othersite.com.
look at the bounce emails delivered to joe@mail.example.com to see what system that lands on.
I suggest you check with someone who setup the othersite mail server network on how your system mail.example.com can reach it. The fact that both locations use the same IP segment and that is what is being published in DNS shows that there is an issue that can not be resolved here.
I have no problem going back and forth trying different things, but it is like throwing darts at a map saying, try this country, try that one.
I do not know what mail server actually is answering the call on ssh_ip port 26.
But it is not mail.othersite.com since it is rejecting emails to user@othersite.com.
look at the bounce emails delivered to joe@mail.example.com to see what system that lands on.
I suggest you check with someone who setup the othersite mail server network on how your system mail.example.com can reach it. The fact that both locations use the same IP segment and that is what is being published in DNS shows that there is an issue that can not be resolved here.
I have no problem going back and forth trying different things, but it is like throwing darts at a map saying, try this country, try that one.
ASKER
not sure whether plesk allows, or whether you need to edit the courier-imap configuration to have it log to a different log file /usr/psa/var/log/courier-i map/maillo g.
I don't see anything in my Plesk 11.5.30 Control Panel, and looking at the /etc/courier-imap/ files I didn't see anything to modify the path of the log file. I did note that it does use sendmail, the same as postfix, which may or may not be the reason it shares the log.
You should know that I had made a change to the /etc/postfix/master.cf file as well as in other areas, in that I changed
I had also made some changes (in my ignorance) to some postfix files on othersite.com, as well as played with iptables.
Could anything I had done affected how the email is going out from example.com or how, if it is even being received, it is entering into othersite.com?
How can I trace that bounced email? Where can I find logs of the attempt?
Thanks!
I don't see anything in my Plesk 11.5.30 Control Panel, and looking at the /etc/courier-imap/ files I didn't see anything to modify the path of the log file. I did note that it does use sendmail, the same as postfix, which may or may not be the reason it shares the log.
You should know that I had made a change to the /etc/postfix/master.cf file as well as in other areas, in that I changed
smtp inet n - n - - smtpd
to26 inet n - n - - smtpd
I had also made some changes (in my ignorance) to some postfix files on othersite.com, as well as played with iptables.
Could anything I had done affected how the email is going out from example.com or how, if it is even being received, it is entering into othersite.com?
How can I trace that bounced email? Where can I find logs of the attempt?
Thanks!
The change to master.cf from smtp to 26 on which system was this change made?
All the changes in master.cf controls the incoming traffic to mail.example.com
Iptbles also affect the incoming traffic often.
iptables -t filter -L --line-numbers
At this stage because we were discussing both, first thing is to correct what changes you made to reverse and restore the postfix functionality on mail.example.com to what it needs to be. Then you would need to check with how the network/IPs are setup and how they interact.
The bounced ma l should be accessible through courier-imap (thought you were setting up dovecot with postfix and mysql) accessing the joe@example.com email account.
The difficulty is that the error message the system got is non standard.
Checking the othersite firewall to identify the system to which port 26 is being forwarded is the straight forward way to determine which system and what is going on.
All the changes in master.cf controls the incoming traffic to mail.example.com
Iptbles also affect the incoming traffic often.
iptables -t filter -L --line-numbers
At this stage because we were discussing both, first thing is to correct what changes you made to reverse and restore the postfix functionality on mail.example.com to what it needs to be. Then you would need to check with how the network/IPs are setup and how they interact.
The bounced ma l should be accessible through courier-imap (thought you were setting up dovecot with postfix and mysql) accessing the joe@example.com email account.
The difficulty is that the error message the system got is non standard.
Checking the othersite firewall to identify the system to which port 26 is being forwarded is the straight forward way to determine which system and what is going on.
ASKER
The change to master.cf from smtp to 26 on which system was this change made?
Example.com
iptables -t filter -L --line-numbers
Example.com
othersite.com
I went ahead and took out the port 26 entry out of /etc/postfix/master.cf and replaced it with the smtp entry it had originally, and restarted postfix.
How do I check the setup of the network/IP's as you suggested?
Example.com
iptables -t filter -L --line-numbers
Example.com
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
2 ACCEPT tcp -- anywhere anywhere tcp dpt:26
3 ACCEPT udp -- anywhere anywhere udp dpt:26
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
othersite.com
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp_p26
2 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
3 REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
4 DROP all -- anywhere anywhere state INVALID
5 ACCEPT all -- anywhere anywhere
6 ACCEPT tcp -- anywhere anywhere tcp dpts:60000:65000
7 ACCEPT tcp -- anywhere anywhere tcp dpt:pcsync-https
8 ACCEPT tcp -- anywhere anywhere tcp dpt:cddbp-alt
9 ACCEPT tcp -- anywhere anywhere tcp dpt:http
10 ACCEPT tcp -- anywhere anywhere tcp dpt:https
11 ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
12 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
13 ACCEPT tcp -- anywhere anywhere tcp dpt:submission
14 ACCEPT tcp -- anywhere anywhere tcp dpt:25
15 ACCEPT tcp -- anywhere anywhere tcp dpt:smtps
16 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
17 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
18 ACCEPT tcp -- anywhere anywhere tcp dpt:imap
19 ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
20 DROP tcp -- anywhere anywhere tcp dpt:poppassd
21 ACCEPT tcp -- mail.example.com anywhere tcp dpt:mysql
22 ACCEPT tcp -- thirdsite.com anywhere tcp dpt:mysql
23 ACCEPT tcp -- thirdsite.com anywhere tcp dpt:mysql
24 ACCEPT tcp -- thirdsite.com anywhere tcp dpt:mysql
25 ACCEPT tcp -- cpe-xx-xx-xx-xx.socal.res.rr.com anywhere tcp dpt:mysql
26 ACCEPT tcp -- xx.xx.xx.xx anywhere tcp dpt:mysql
27 ACCEPT tcp -- mail.othersite.com anywhere tcp dpt:mysql
28 DROP tcp -- anywhere anywhere tcp dpt:mysql
29 DROP tcp -- anywhere anywhere tcp dpt:postgres
30 DROP tcp -- anywhere anywhere tcp dpt:9008
31 DROP tcp -- anywhere anywhere tcp dpt:glrpc
32 DROP udp -- anywhere anywhere udp dpt:netbios-ns
33 DROP udp -- anywhere anywhere udp dpt:netbios-dgm
34 DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
35 DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
36 DROP udp -- anywhere anywhere udp dpt:openvpn
37 ACCEPT udp -- anywhere anywhere udp dpt:domain
38 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
39 ACCEPT icmp -- anywhere anywhere icmp type 8 code 0
40 DROP all -- anywhere anywhere
41 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp_p26
Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
3 DROP all -- anywhere anywhere state INVALID
4 ACCEPT all -- anywhere anywhere
5 DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
3 DROP all -- anywhere anywhere state INVALID
4 ACCEPT all -- anywhere anywhere
5 ACCEPT all -- anywhere anywhere
I went ahead and took out the port 26 entry out of /etc/postfix/master.cf and replaced it with the smtp entry it had originally, and restarted postfix.
How do I check the setup of the network/IP's as you suggested?
You need to correct the changes to iptables on mail.example.com
The iptables for othersite.com presumably are for mail.othersite.com rather than a router/firewall.
You need to define what the source of information is and what it is I am looking at.
You need to look at iptables -t nat -L --line-numbers
The iptables for othersite.com presumably are for mail.othersite.com rather than a router/firewall.
You need to define what the source of information is and what it is I am looking at.
You need to look at iptables -t nat -L --line-numbers
ASKER
Ok, I corrected the changes to iptables on mail.example.com
iptables -t filter -L --line-numbers
The iptables for othersite.com presumably are for mail.othersite.com rather than a router/firewall.
I don't know, I just ssh into othersite.com and run the iptables command you gave me. How can I tell the difference?
You need to define what the source of information is and what it is I am looking at.
I'm sorry, I thought I was. I'll try harder.
iptables -t nat -L --line-numbers
SSH to example.com
SSH to othersite.com
iptables -t filter -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
The iptables for othersite.com presumably are for mail.othersite.com rather than a router/firewall.
I don't know, I just ssh into othersite.com and run the iptables command you gave me. How can I tell the difference?
You need to define what the source of information is and what it is I am looking at.
I'm sorry, I thought I was. I'll try harder.
iptables -t nat -L --line-numbers
SSH to example.com
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
SSH to othersite.com
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Trying to figure out what your network is like and the interactions is a difficult proposition.
Run
On othersite.com,
lsof -i:25
lsof -i:26
lsof -i:465
Run
On othersite.com,
lsof -i:25
lsof -i:26
lsof -i:465
ASKER
Yeah, I know I haven't made it easy on you. I really, really appreciate all the help! :)
Here is the info from othersite.com:
Here is the info from othersite.com:
# lsof -i:25
# lsof -i:26
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
xinetd xxx20 root 8u IPv4 256945432 TCP *:smtp_p26 (LISTEN)
# lsof -i:465
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
xinetd xxx20 root 9u IPv4 256945433 TCP *:smtps (LISTEN)
#
You are running a mail service out of xinetd. Port binder. Look in /etc/xinetd.d
Need to see how the mail server is run from there whether it has a restriction.
Look to see if you have data in /etc/hosts,deny
All:all
If the above matches, look in /etc/hosts.allow to see which services are permitted and from where.
The puzzling thing in your iptables data for othersite, there is an entry for mail.othersite.com with access right to mysql, suggesting there are two separate servers so not sure which and what functions this one provides...
Need to see how the mail server is run from there whether it has a restriction.
Look to see if you have data in /etc/hosts,deny
All:all
If the above matches, look in /etc/hosts.allow to see which services are permitted and from where.
The puzzling thing in your iptables data for othersite, there is an entry for mail.othersite.com with access right to mysql, suggesting there are two separate servers so not sure which and what functions this one provides...
ASKER
/etc/xinetd.d - not sure what I'm supposed to look for here?
ls -alhls
I'm afraid there's nothing in /etc/hosts.deny:
nor in /etc/hosts.allow:
The puzzling thing in your iptables data for othersite, there is an entry for mail.othersite.com with access right to mysql
Yeah, I was curious about that myself. I was wondering why both mail.example.com and mail.othersite.com were set up as mysql. If that is wrong, let's change them. To be honest with you, I don't remember if maybe I was the one responsible for putting those there or not. I could have used the wrong iptables command for all I know.
ls -alhls
8.0K drwxr-xr-x 2 root root 4.0K Sep 24 19:45 .
16K drwxr-xr-x 99 root root 12K Oct 1 00:00 ..
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 chargen-dgram
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 chargen-stream
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 daytime-dgram
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 daytime-stream
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 discard-dgram
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 discard-stream
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 echo-dgram
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 echo-stream
8.0K -rw-r--r-- 1 root root 323 Jun 5 12:01 eklogin
8.0K -rw-r--r-- 1 root root 347 Jun 5 12:01 ekrb5-telnet
8.0K -rw-r--r-- 1 root root 286 Dec 8 2010 ftp_psa
8.0K -rw-r--r-- 1 root root 326 Apr 23 10:46 gssftp
8.0K -rw-r--r-- 1 root root 310 Jun 5 12:01 klogin
8.0K -rw-r--r-- 1 root root 323 Jun 5 12:01 krb5-telnet
8.0K -rw-r--r-- 1 root root 308 Jun 5 12:01 kshell
8.0K -rw-r--r-- 1 root root 331 Oct 7 2010 poppassd_psa
8.0K -rw-r--r-- 1 root root 317 Sep 9 2004 rsync
8.0K -rw-r--r-- 1 root root 407 Sep 3 13:18 smtp_psa
8.0K -rw-r--r-- 1 root root 411 Sep 24 19:46 smtp_psa_p26
8.0K -rw-r--r-- 1 root root 408 Sep 3 13:18 smtps_psa
8.0K -rw-r--r-- 1 root root 392 Sep 3 13:18 submission_psa
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 tcpmux-server
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 time-dgram
8.0K -rw-r--r-- 1 root root 1.2K Oct 7 2010 time-stream
I'm afraid there's nothing in /etc/hosts.deny:
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
nor in /etc/hosts.allow:
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
The puzzling thing in your iptables data for othersite, there is an entry for mail.othersite.com with access right to mysql
Yeah, I was curious about that myself. I was wondering why both mail.example.com and mail.othersite.com were set up as mysql. If that is wrong, let's change them. To be honest with you, I don't remember if maybe I was the one responsible for putting those there or not. I could have used the wrong iptables command for all I know.
Mysql is the backend where the information for the domains and user mailboxes are stored.
The access would depend on the setup One central mysql server and .... There are various ways that can be setup/configured.
Look at psa_smtp
You may have two instances of incoming mail server handling one on port 25 and one on port 26 with one listening on port SMTPS 456.
The access would depend on the setup One central mysql server and .... There are various ways that can be setup/configured.
Look at psa_smtp
You may have two instances of incoming mail server handling one on port 25 and one on port 26 with one listening on port SMTPS 456.
ASKER
I found more things that I did to othersite.com and reverted them to the way they were. I had made a change to the /etc/xinetd.d/ directory, smtp_psa file by adding a copy called smtp_psa_p26 file to that directory and reconfiguring it to port 26. That is all gone now. I've also closed port 26 in the iptables.
Here is the smtp_psa file from othersite.com:
Here is the smtp_psa file from othersite.com:
service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
env = SMTPAUTH=1 POPAUTH=1
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}
I used to run qmail, but not under xinetd.
Daemontols that monitor the service and restart it if it crashes.
In your case however, you need to find a path from Mail.example.com 25.
Run on n external system nslookup -q=MX othersite.com and see where all others are sending emails for othersite.com
Then try to see whether you can connect to that from mail.example.com and send a test message to a user@othersite.com.
Then use the transport configuration to point it to that location.
Daemontols that monitor the service and restart it if it crashes.
In your case however, you need to find a path from Mail.example.com 25.
Run on n external system nslookup -q=MX othersite.com and see where all others are sending emails for othersite.com
Then try to see whether you can connect to that from mail.example.com and send a test message to a user@othersite.com.
Then use the transport configuration to point it to that location.
ASKER
Thanks again arnold. I ran the nslookup from my home computer and got an "Can't find server name for address xx.xx.xx.xx: Non-existant domain" error.
I did some research on this, and I found the following statement:
and
What do you think of this? Do you think this could be possible?
I did some research on this, and I found the following statement:
If reverse DNS for that IP address is not setup correctly, then NSLOOKUP cannot determine the name associated with the IP address.
On Windows Vista/2008, it then says "Default Server: UnKnown".
On earlier Windows versions, it displays the error message "*** Can't find server name for address ...".
and
Many e-mail servers on the Internet are configured to reject incoming e-mails from any IP address which does not have reverse DNS.
What do you think of this? Do you think this could be possible?
Usually, the rejection is when the two do not match
I.e.
But lookup of x.x.x.y shows up as mail.example.com which in turn resolves to x.x.x.a
The nslookup -q=MX yourotherdomain.com
If you get an error this means the domain is not valid. You should not be using an IP in the above lookup.
I.e.
But lookup of x.x.x.y shows up as mail.example.com which in turn resolves to x.x.x.a
The nslookup -q=MX yourotherdomain.com
If you get an error this means the domain is not valid. You should not be using an IP in the above lookup.
ASKER
I am using othersite.com in the nslookup, not the IP address. The domain has to be valid, I can browse to it and see the web page on the server.
***UPDATE
Well, I just ran nslookup on google.com and got the same error. Must be a Windows problem.
***UPDATE
Well, I just ran nslookup on google.com and got the same error. Must be a Windows problem.
If you do not have an MX record, the mail delivery attempts will go to the IP to which othersite.com resolves
nslookup othersite.com
Then try to telnet to the above returned IP port 25 and see if you can send email then.
Look at DNSstuff.com http://www.dnsgoodies.com to get MX and IPs.
Your issue might be that your internal DNS records points to one thing while the external email. Goes to a different location.
nslookup othersite.com
Then try to telnet to the above returned IP port 25 and see if you can send email then.
Look at DNSstuff.com http://www.dnsgoodies.com to get MX and IPs.
Your issue might be that your internal DNS records points to one thing while the external email. Goes to a different location.
ASKER
telnet to the returned IP port 25 gave me a "Could not open connection to the host, on port 25: Connect failed" error.
MX from http://www.dnsgoodies.com shows MX as 10 mail.othersite.com. The A record shows same IP as that which was returned by nslookup.
MX from http://www.dnsgoodies.com shows MX as 10 mail.othersite.com. The A record shows same IP as that which was returned by nslookup.
Is the email to othersite.com still being received?
You may need to make sure your iptables are configured correctly, check any external firewall?
Unfortunately it seems that you do not have a copy of iptables prior to making any changes.
You may need to make sure your iptables are configured correctly, check any external firewall?
Unfortunately it seems that you do not have a copy of iptables prior to making any changes.
ASKER
Hey arnold,
You know you might have given me a clue as to what is going on here. The emails that are arriving at the othersite.com inboxes are all from other othersite.com emails. I just tried to send an email to one of the othersite.com addresses from an outside account and it has not arrived. I take it that emails sent from accounts on a particular server to other accounts on the same server do not have to worry about firewalls, etc. Am I right?
You know you might have given me a clue as to what is going on here. The emails that are arriving at the othersite.com inboxes are all from other othersite.com emails. I just tried to send an email to one of the othersite.com addresses from an outside account and it has not arrived. I take it that emails sent from accounts on a particular server to other accounts on the same server do not have to worry about firewalls, etc. Am I right?
Yes, you can setup a domain that is only internal in nature.
ASKER
Hmm. Ok, well I guess I'm going to have to take up this issue with the hosting company. I'll keep you informed.
Thanks again, arnold.
Thanks again, arnold.
ASKER
arnold, I am so sorry it took so long to get back to you. I had to work with the hosting company for several days in order to resolve this issue. It seems that our server had been compromised and infected with a particularly nasty Trojan, as well has having experienced some unrelated breaches by other hackers. Needless to say, it has not been a fun week. We are still working on the issue, but I couldn't keep you hanging any longer. I wish I could award more than 2,000 points, you really did go above and beyond the call of duty. Thank you. I really appreciate all your help.
Best Regards,
Jason
Best Regards,
Jason
Note that your local mail server treats your domain as local which means if the local mail server is not the default system that handles your domain, that would explain why the messages are not making their way to where you expect.
you should have an entry
from <>
to <>
and then disposition connected to X and received a response etc. ref your prior question's examples.