postfix/smtp[39358]: connect to mx1.hotmail.com[X.X.X.X]:25: Connection refused

Hi Moktar,

Thnak You for your feedback.

I have set all record : MX, PTR, SPF but still I can receive but I cant send
check scan:
https://mxtoolbox.com/SuperTool.aspx?action=mx%3acloudcast02.groupensia.com&run=toolpage#

If you just did that, it may take a while for it to be allowed (cache on hotmail servers)
could be upto 24 hours

ok but I have the same result with any email. Not only hotmail, Gmail, yahoo, etc....
at least that should work with other domain. Is there any other reason why connection is refused?

Thanks for your help

please check net_interfaces in postfix main.cf

inet_interfaces = all

anymore logs that can be referred to?
can you succesfully send and receive email to email accounts on same server?

What is the SMTP mail server name?

Yes im able to send and receive from the same server

here is the output of the command  : tail -f /var/log/maillog

OUTPUT:
When I send a mail to an account on the same server

May  3 15:03:09 cloudcast02 postfix/smtpd[12258]: connect from localhost[::1]
May  3 15:03:09 cloudcast02 postfix/smtpd[12258]: 6634A301D860B: client=localhost[::1], sasl_method=LOGIN, sasl_username=admin@mobile.groupensia.com
May  3 15:03:09 cloudcast02 postfix/cleanup[12266]: 6634A301D860B: message-id=<a615e2dc966db053aeb475130a8eabe9@mobile.groupensia.com>
May  3 15:03:09 cloudcast02 opendkim[1889]: 6634A301D860B: no signing table match for 'admin@mobile.groupensia.com'
May  3 15:03:09 cloudcast02 opendkim[1889]: 6634A301D860B: no signature data
May  3 15:03:09 cloudcast02 postfix/qmgr[2051]: 6634A301D860B: from=<admin@mobile.groupensia.com>, size=646, nrcpt=1 (queue active)
May  3 15:03:09 cloudcast02 postfix/pipe[12269]: 6634A301D860B: to=<cwpsupport@mobile.groupensia.com>, relay=dovecot, delay=0.13, delays=0.06/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service)
May  3 15:03:09 cloudcast02 postfix/qmgr[2051]: 6634A301D860B: removed
May  3 15:03:09 cloudcast02 postfix/smtpd[12258]: disconnect from localhost[::1]
May  3 15:03:23 cloudcast02 postfix/smtpd[12288]: warning: hostname no-reverse-dns-configured.com does not resolve to address 80.82.65.204
May  3 15:03:23 cloudcast02 postfix/smtpd[12288]: connect from unknown[80.82.65.204]
May  3 15:03:25 cloudcast02 postfix/smtpd[12288]: warning: unknown[80.82.65.204]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May  3 15:03:25 cloudcast02 postfix/smtpd[12288]: disconnect from unknown[80.82.65.204]

Select allOpen in new window

when I replied to the mail from the same server

May  3 15:04:44 cloudcast02 postfix/smtpd[12258]: connect from localhost[::1]
May  3 15:04:44 cloudcast02 postfix/smtpd[12258]: C5F61301D860B: client=localhost[::1], sasl_method=LOGIN, sasl_username=cwpsupport@mobile.groupensia.com
May  3 15:04:44 cloudcast02 postfix/cleanup[12266]: C5F61301D860B: message-id=<8e3f898f882b741a1f45d670bc199403@mobile.groupensia.com>
May  3 15:04:44 cloudcast02 opendkim[1889]: C5F61301D860B: no signing table match for 'cwpsupport@mobile.groupensia.com'
May  3 15:04:44 cloudcast02 opendkim[1889]: C5F61301D860B: no signature data
May  3 15:04:44 cloudcast02 postfix/qmgr[2051]: C5F61301D860B: from=<cwpsupport@mobile.groupensia.com>, size=850, nrcpt=1 (queue active)
May  3 15:04:44 cloudcast02 postfix/pipe[12269]: C5F61301D860B: to=<admin@mobile.groupensia.com>, relay=dovecot, delay=0.09, delays=0.05/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
May  3 15:04:44 cloudcast02 postfix/qmgr[2051]: C5F61301D860B: removed
May  3 15:04:44 cloudcast02 postfix/smtpd[12258]: disconnect from localhost[::1]

Select allOpen in new window

When I send mail outside the server

May  3 15:08:49 cloudcast02 postfix/smtpd[12454]: connect from localhost[::1]
May  3 15:08:49 cloudcast02 postfix/smtpd[12454]: D8A8E301D860B: client=localhost[::1], sasl_method=LOGIN, sasl_username=admin@mobile.groupensia.com
May  3 15:08:49 cloudcast02 postfix/cleanup[12461]: D8A8E301D860B: message-id=<85cbf25f3c7932c4381dec4fa8836772@mobile.groupensia.com>
May  3 15:08:49 cloudcast02 opendkim[1889]: D8A8E301D860B: no signing table match for 'admin@mobile.groupensia.com'
May  3 15:08:49 cloudcast02 opendkim[1889]: D8A8E301D860B: no signature data
May  3 15:08:49 cloudcast02 postfix/qmgr[2051]: D8A8E301D860B: from=<admin@mobile.groupensia.com>, size=626, nrcpt=1 (queue active)
May  3 15:08:50 cloudcast02 postfix/smtpd[12454]: disconnect from localhost[::1]
May  3 15:08:51 cloudcast02 postfix/smtp[12464]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c07::1b]:25: Network is unreachable
May  3 15:08:51 cloudcast02 postfix/smtp[12464]: connect to gmail-smtp-in.l.google.com[74.125.133.26]:25: Connection refused
May  3 15:08:51 cloudcast02 postfix/smtp[12464]: connect to alt1.gmail-smtp-in.l.google.com[2a00:1450:4010:c03::1b]:25: Network is unreachable
May  3 15:08:51 cloudcast02 postfix/smtp[12464]: connect to alt1.gmail-smtp-in.l.google.com[209.85.233.27]:25: Connection refused
May  3 15:08:51 cloudcast02 postfix/smtp[12464]: connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4003:c03::1a]:25: Network is unreachable
May  3 15:08:51 cloudcast02 postfix/smtp[12464]: D8A8E301D860B: to=<tanopatrice@gmail.com>, relay=none, delay=1.2, delays=0.06/0.02/1.1/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4003:c03::1a]:25: Network is unreachable)

Select allOpen in new window

Hi Jackie,

the smtp mail server is the localhost : cloudcast02

seems like it cannot resolve IPv6, have you tried turning it off?

No

I have turn IPv6 off Now
Nothing has change in the logs. connection is refused

your server is using IPv6? If yes, fix your IPv6 settings. If not, you can try disabling it and check whether it helps.

Im using IPv4
I have disabled IPv6
still refused connection

May  3 15:44:14 cloudcast02 postfix/smtpd[14354]: connect from localhost[127.0.0.1]
May  3 15:44:14 cloudcast02 postfix/smtpd[14354]: 1EDE3301D860D: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=admin@mobile.groupensia.com
May  3 15:44:14 cloudcast02 postfix/cleanup[14361]: 1EDE3301D860D: message-id=<eaac21971358f55f189a70db7f352d50@mobile.groupensia.com>
May  3 15:44:14 cloudcast02 opendkim[1889]: 1EDE3301D860D: no signing table match for 'admin@mobile.groupensia.com'
May  3 15:44:14 cloudcast02 opendkim[1889]: 1EDE3301D860D: no signature data
May  3 15:44:14 cloudcast02 postfix/qmgr[2051]: 1EDE3301D860D: from=<admin@mobile.groupensia.com>, size=831, nrcpt=1 (queue active)
May  3 15:44:14 cloudcast02 postfix/smtpd[14354]: disconnect from localhost[127.0.0.1]
May  3 15:44:17 cloudcast02 postfix/smtpd[14371]: warning: hostname no-reverse-dns-configured.com does not resolve to address 80.82.65.204
May  3 15:44:29 cloudcast02 postfix/pickup[11218]: 52F5B301D8615: uid=0 from=<root>
May  3 15:44:29 cloudcast02 postfix/cleanup[14361]: 52F5B301D8615: message-id=<20170503154429.52F5B301D8615@cloudcast02.groupensia.com>
May  3 15:44:29 cloudcast02 opendkim[1889]: 52F5B301D8615: no signing table match for 'root@cloudcast02.groupensia.com'
May  3 15:44:29 cloudcast02 opendkim[1889]: 52F5B301D8615: no signature data
May  3 15:44:29 cloudcast02 postfix/qmgr[2051]: 52F5B301D8615: from=<root@cloudcast02.groupensia.com>, size=1172, nrcpt=1 (queue active)
May  3 15:44:29 cloudcast02 postfix/local[14411]: 52F5B301D8615: to=<root@cloudcast02.groupensia.com>, orig_to=<root>, relay=local, delay=0.02, delays=0.01/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
May  3 15:44:29 cloudcast02 postfix/qmgr[2051]: 52F5B301D8615: removed
May  3 15:44:34 cloudcast02 postfix/smtp[14364]: connect to gmail-smtp-in.l.google.com[74.125.71.27]:25: Connection refused
May  3 15:44:34 cloudcast02 postfix/smtp[14364]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c02::1b]:25: Network is unreachable
May  3 15:44:34 cloudcast02 postfix/smtp[14364]: connect to alt1.gmail-smtp-in.l.google.com[74.125.68.26]:25: Connection refused
May  3 15:44:34 cloudcast02 postfix/smtp[14364]: connect to alt1.gmail-smtp-in.l.google.com[2404:6800:4003:c02::1b]:25: Network is unreachable
May  3 15:44:34 cloudcast02 postfix/smtp[14364]: connect to alt2.gmail-smtp-in.l.google.com[74.125.23.27]:25: Connection refused
May  3 15:44:34 cloudcast02 postfix/smtp[14364]: 1EDE3301D860D: to=<tanopatrice@gmail.com>, relay=none, delay=21, delays=0.06/0.03/20/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[74.125.23.27]:25: Connection refused)

Select allOpen in new window

May  3 15:44:34 cloudcast02 postfix/smtp[14364]: connect to gmail-smtp-in.l.google.com[74.125.71.27]:25: Connection refused

from my laptop, I too unable to connect to port 25 of 74.125.71.27

$ telnet 74.125.71.27 25
Trying 74.125.71.27...

so this must mean that port 25 on 74.125.71.27 does not open.

try sending with smtps

Looks like there's a problem with the OpenDKIM configuration.  Try disabling the OpenDKIM milter temporarily to see if you can get a message out.

If it's the OpenDKIM configuration, there's considerable information on this problem via Google search.

https://serverfault.com/questions/569823/no-signing-table-match-in-opendkim

https://linuxaria.com/howto/using-opendkim-to-sign-postfix-mails-on-debian

Dr Klahn I have disable and try sending mail. same result

1. Goto http://www.dnsstuff.com/tools

2. Under DNS Lookup, type the full URL your mail server hostname... say mail.domain.com

3. In the pull down menu of "Choose a DNS Record type" select MX, CNAME and PTR and click the blue triangle button next to the input field of the full URL your mail server hostname.

domain:groupensia.comView Report  

domain

 
      Test
      DOMAIN DNS Failure
dns lookup      dns check      mx lookup      whois lookup
Reported by mxtoolbox.com on 5/3/2017 at 4:22:57 PM, just for you.  (History)

The big providers are VERY picky about all things DNS and also all the repudiation systems.
I have had a domain for over 15 years and still have issues with the big 3 everytime we renegotiate our broadband and have to change address ranges...

attached is the complete report of the mail server hostname

Not attached...

Sorry Please find attached
dnsreport_cloudcast02.groupensia.com.pdf

Run the same report on your groupensia.com TLD...
That might be part of your problem... If the big guys get any DNS errors they might fail you...

please find attached the report for groupensia.com TLD
dnsreport_groupensia.com.pdf

Strange... When I ran it I got a fail...

Failed for PTR DNS lookup.

Your DNS lookup for MX record is successful.

Do you ISP charge you for Reverse DNS setup?

No we are not charge for reverse DNS Setup.

so you can't send to ANYBODY outside or just the big providers?
I can't find any good reason why you would be failing...
I am going to send you  a PM to try sending to me... That way I can see if I reject you and why.
PM me back with the address you use so I can search my logs...

ok please let's try. Send to admin@mobile.groupensia.com

I sent something

Hi Silva,

here is the log, when I try to reply to your mail

May  4 17:56:51 cloudcast02 postfix/smtpd[26391]: connect from unknown[80.82.65.204]
May  4 17:57:24 cloudcast02 postfix/smtpd[26391]: connect from localhost[::1]
May  4 17:57:24 cloudcast02 postfix/smtpd[26391]: 5DDBC68: client=localhost[::1], sasl_method=LOGIN, sasl_username=admin@mobile.groupensia.com
May  4 17:57:24 cloudcast02 postfix/cleanup[26399]: 5DDBC68: message-id=<9061b3f4bc38ad1c1deff4178d6b9940@mobile.groupensia.com>
May  4 17:57:24 cloudcast02 postfix/qmgr[2127]: 5DDBC68: from=<admin@mobile.groupensia.com>, size=783, nrcpt=1 (queue active)
May  4 17:57:24 cloudcast02 postfix/smtpd[26391]: disconnect from localhost[::1]
May  4 17:57:55 cloudcast02 postfix/smtp[26750]: connect to mx1.sgvwater.com[173.197.171.197]:25: Connection timed out
May  4 17:57:56 cloudcast02 postfix/smtp[26750]: connect to mx2.sgvwater.com[173.197.161.246]:25: Connection refused
May  4 17:57:56 cloudcast02 postfix/smtp[26750]: 5DDBC68: to=<XXXXX@sgvwater.com>, relay=none, delay=32, delays=0.05/0.02/32/0, dsn=4.4.1, status=deferred (connect to mx2.sgvwater.com[173.197.161.246]:25: Connection refused)

Select allOpen in new window

I do have greylisting.... Are your retry settings at a reasonable setting?

What do you mean. I dont get you

My server will delay your first connection for 5 seconds to push off spammers that dump and run... Your server timed that connection out and jumped to the next MX, which also had seen your first attempt and ended up dumping you.
I am not sure what postfix settings govern how long you wait before killing a slow connection, but that could be part of the problem...

looking at your log, your first try seemed to not wait very long for the connection. The second immediately jumped to the other MX, which is in a clustered pair with the first.

It could be that it will come thru on the next queue run, unless your mail client already got a fail...
I am not real strong with postfix config files.

Just a shot in the dark, but is your firewall set to allow outgoing port 25?
Do you have an ISP that doesn't block port 25 on certain types of accounts?
I dug in my logs and don't see any connection attempts...

From your log, the emails sent never leave your SMTP server.

Just notice one thing... Your email account's user name is user@mobile.domain.com whereas the domain name of your SMTP server is xxxxx@domain.com.

Have you done the test for SASL like the one mentioned in the link below?

https://wiki.centos.org/HowTos/postfix_sasl

In short, your problem is not related to DNS but on how do you set the SASL.

can you telnet from your mailserver over port 25 to a known mx host out there?

if you get a connect type "ehlo groupensia.com" and enter

You should get an intro dialog and server capabilities...

[root@cloudcast02 ~]# telnet smtp.gmx.com 25
Trying 212.227.17.174...
telnet: connect to address 212.227.17.174: Connection refused
Trying 212.227.17.184...
telnet: connect to address 212.227.17.184: Connection refused
[root@cloudcast02 ~]#

Yes I talk with my ISP  Port 25 was not allowed
Im goin to send details for them to activate

I'll get back to you after Action

Thanks a lot

I call my ISP to enable port 25 out. its now working. I also had to create the differentes records A MX TXT PTR.  thanks a lot for your help

Glad I could help