Join Log in
Score:3
岁月倾城197 avatar Server

Linux port 25 is not working, and postfix unable to establish external connections at port 465, internal connection works with issues

mr flag
岁月倾城197

I guess these are two typical issues, at least first one is. I'm trying to configure postfix dovecot on CentOS 7.

First, the port 25 is open, but it is not accepting any outer connections.

The internal connection at port 25 is working. I did:

[root@myhost ~]# telnet localhost smtp
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 xxxx.com ESMTP Postfix (CentOS)
helo xxxx
250 xxxx.com
mail from:<[email protected]>
250 2.1.0 Ok
rcpt to:<[email protected]>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
from:[email protected]
to:[email protected]
subject:Testing email
test test
.
250 2.0.0 Ok: queued as CBE5F6039
quit
221 2.0.0 Bye
Connection closed by foreign host.

Then I checked my Dovecot server at /var/mail/vhosts/xxxx.com/user1:

./new
./new/1693231789.M572537P2155.xxxx,S=495,W=510

So for typical SMTP (port 25), my configuration is totally correct. But the problem is, when I try to either send out or telnet it, it doesn't respond anything. The log document is empty. So I tried tcpdump -i any port smtp and it tells me that port 25 is not opening at all.

So I guess this is just some typical Linux error, something blocking the port 25 from listening. Please tell me if anyone knows what it is.

Second, the port 465 is not working.

seems like postfix is either not listening to it because of some misconfiguration or been blocked from port 465 by something inside my Linux. (Or maybe SSL is incorrect)

I tried tcpdump -i any port smtps and did telnet mail.xxxx.com smtps on my own PC.

The server shows me that port 465 did received the packet. However, the postfix is not responding anything.

So I looked at the maillog at /var/log/maillog, and it shows that postfix didn't recognize and respond to my telnet connection at all. Here's the log:

Aug 28 13:42:37 xxxx postfix/postfix-script[1692]: starting the Postfix mail system
Aug 28 13:42:37 xxxx postfix/master[1694]: daemon started -- version 2.10.1, configuration /etc/postfix

Just simply nothing. So I guess there are some settings or firewalls on linux that are blocking services from 'actually' listen to smtp port. Anyone knows this?

Then I tried to telnet from localhost at port 465, but seems like even inner connection at port 465 is not working either.

On my server, I did:

[root@myhost ~]# telnet localhost smtps
Trying ::1...
Connected to localhost.
Escape character is '^]'.
helo xxxx
Connection closed by foreign host.

It just closed after 'helo'. Then I went to /var/log/maillog again, and it shows as the following:

Aug 28 13:45:57 xxxx postfix/smtps/smtpd[1974]: connect from unknown[::1]
Aug 28 13:46:01 xxxx postfix/smtps/smtpd[1974]: SSL_accept error from unknown[::1]: -1
Aug 28 13:46:01 xxxx postfix/smtps/smtpd[1974]: warning: TLS library problem: 1974:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:640:
Aug 28 13:46:01 xxxx postfix/smtps/smtpd[1974]: lost connection after CONNECT from unknown[::1]
Aug 28 13:46:01 xxxx postfix/smtps/smtpd[1974]: disconnect from unknown[::1]

Here are my configuration files.

sudo postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = localhost, localhost.$mydomain
mydomain = xxxx.com
myhostname = xxxx.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name (CentOS)
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/xxxx.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/xxxx.com/privkey.pem
smtpd_tls_security_level = may
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

part of /etc/postfix/main.cf

mail_owner = postfix
myhostname = xxxx.com
mydomain = xxxx.com

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/xxxx,com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/xxxx.com/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous

inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = localhost
# Enable IPv4, and IPv6 if supported
inet_protocols = all

mydestination = localhost, localhost.$mydomain

virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
recipient_delimiter = +
virtual_transport = lmtp:unix:private/dovecot-lmtp

Part of /etc/postfix/master.cf

smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_reject_unlisted_recipient=no
  #-o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
465     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  #-o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
78
1 + 9
HBruijn avatar
in flag
HBruijn
CentOS 7 is over 9 years old now and quite close to reaching EOL, certainly not recommended for new deployments and installations.
2
Reply
HBruijn avatar
in flag
HBruijn
SMTPS is explicit TLS which you should test with a client that "speaks" TLS/SSL like `openssl s_client -connect localhost:465` rather than telnet. - You have multiple `inet_interfaces` definitions `inet_interfaces = all` followed by `inet_interfaces = localhost` Your `postconf -n` output shows that the final definition is what gets used and thus Postfix only listens on localhost and not on all interfaces.
3
Reply
djdomi avatar
za flag
djdomi
as postfix read like nginx from top to down I believe that this leads to localhost, please show `lsof -i :25,465`
0
Reply
岁月倾城197 avatar
mr flag
岁月倾城197
@HBruijn, thank you so much point this out. Seems like the SMTPS server worked after this. My email client saids that my email successfully sent out, but my gmail didn't receive it (I checked spam already).
0
Reply
岁月倾城197 avatar
mr flag
岁月倾城197
Message from google: The IP address sending this message does not have a 550-5.7.25 PTR record setup, or the corresponding forward DNS entry does not 550-5.7.25 point to the sending IP. As a policy, Gmail does not accept messages 550-5.7.25 from IPs with missing PTR records. Please visit 550-5.7.25 https://support.google.com/mail/answer/81126#ip-practices for more 550 5.7.25 information. u21-20020a05620a0c5500b0076841c3ee40si4976570qki.598 - gsmtp (in reply to end of DATA command))
0
Reply
岁月倾城197 avatar
mr flag
岁月倾城197
@djdomi, Thank you for reply. I did that, and it's kinda weird: [root@myhost ~]# lsof -i :25,465 \n master 2826 root 13u IPv4 32637 0t0 TCP *:smtp (LISTEN) \n master 2826 root 14u IPv6 32638 0t0 TCP *:smtp (LISTEN) \n master 2826 root 22u IPv4 32649 0t0 TCP *:urd (LISTEN) \n master 2826 root 23u IPv6 32650 0t0 TCP *:urd (LISTEN) \n [root@myhost ~]# ps \n PID TTY TIME CMD \n 2621 pts/0 00:00:00 bash \n 2883 pts/0 00:00:00 ps \n
0
Reply
djdomi avatar
za flag
djdomi
never answer as a commentary, always edit your question instead please moreover, you need to have a PTR that matches the Mailserver name, meaning mx.example.com must resolve to 1.2.3.4 and reverse must match it
0
Reply
岁月倾城197 avatar
mr flag
岁月倾城197
@djdomi Sorry, I'm kinda new to Stack Exchange. And that works, thank you so much!
0
Reply
djdomi avatar
za flag
djdomi
you're still welcome ;) but remind that only business related question in a business environment are on topic. for similar not business or home and enduser question should be asked on [su]. keep us updated and if you solved it on your own, please answer the question and apply the solution to it. remember that you need to accept your answer after 24h ;)
0
Reply
Score:1
岁月倾城197 avatar Server
mr flag
岁月倾城197

Thank to the comments of @HBruijn above, I solved this problem. The problem is that I configured two inet_interfaces.

One thing valuable is that seems like in the current postfix configuration file, the inet_interfaces = localhost is a default value, and uncommented as a defualt. However, inet_interfaces = all is commented. Therefore, you need to comment the inet_interfaces = localhost when you uncomment the inet_interfaces = all.

The file is: /etc/postfix/master.cf.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.