| Linode Forum https://forum.linode.com/ |
|
| Confirm mail client setup? https://forum.linode.com/viewtopic.php?f=11&t=11370 |
Page 2 of 2 |
| Author: | vonskippy [ Tue Oct 21, 2014 12:08 am ] |
| Post subject: | Re: Confirm mail client setup? |
Now I don't see any email ports opened in your IPTABLES rules (25, 465, 587, 993, 995) Also, when you use telnet for testing services, you need to remember to ADD the port number after the IP number so.... telnet 106.185.45.57 25 Assuming you've just setup your server (i.e. there isn't much of anything important or confidential on it), there's little to risk by turning off your firewall and testing your email setup. If it works, then you just need to figure out the firewall rules, if it doesn't, then you need to fix your email server config before worrying about your firewall config. Just remember to turn your firewall back on after your tests. What distro are you using? |
|
| Author: | Fufu [ Tue Oct 21, 2014 5:51 am ] |
| Post subject: | Re: Confirm mail client setup? |
vonskippy wrote: Now I don't see any email ports opened in your IPTABLES rules (25, 465, 587, 993, 995) Also, when you use telnet for testing services, you need to remember to ADD the port number after the IP number so.... telnet 106.185.45.57 25 Assuming you've just setup your server (i.e. there isn't much of anything important or confidential on it), there's little to risk by turning off your firewall and testing your email setup. If it works, then you just need to figure out the firewall rules, if it doesn't, then you need to fix your email server config before worrying about your firewall config. Just remember to turn your firewall back on after your tests. What distro are you using? Thank you. The telnet does work when I put a space in between the ports and the ip address. The ports are open are 25, 443, 567, 465, 80, 993, and 995. Other ports are not open when I use telnet. I am running Debian 7.6. There is not a single line command to disable Debian's iptables, is there? I see a lot of lengthy tutorials that cut access to my server right away and I am not sure if it is correct or not? The MX records are correct? I have combed over-and-over these Linode tutorials and roubleshooting ones too and have verified for several days I have followed every step correctly. I have them almost memorized by now. *lol* |
|
| Author: | sweh [ Tue Oct 21, 2014 11:07 am ] |
| Post subject: | Re: Confirm mail client setup? |
Fufu wrote: Thank you. The telnet does work when I put a space in between the ports and the ip address. The ports are open are 25, 443, 567, 465, 80, 993, and 995. Other ports are not open when I use telnet. No, they are not. Some are (443, 80) but others aren't (25, 995). You have to do the test _off_ your linode from another machine. Local traffic from the linode to the same linode won't be caught by the firewall |
|
| Author: | Fufu [ Tue Oct 21, 2014 7:55 pm ] |
| Post subject: | Re: Confirm mail client setup? |
Thanks sweh sweh wrote: Fufu wrote: Thank you. The telnet does work when I put a space in between the ports and the ip address. The ports are open are 25, 443, 567, 465, 80, 993, and 995. Other ports are not open when I use telnet. No, they are not. Some are (443, 80) but others aren't (25, 995). You have to do the test _off_ your linode from another machine. Local traffic from the linode to the same linode won't be caught by the firewall I made the edits to sudo nano /etc/iptables.firewall.rules Code: *filter telnet from another machine's results Code: # telnet 106.185.45.57 80 sudo iptables -L Code: Chain INPUT (policy DROP) |
|
| Author: | sweh [ Tue Oct 21, 2014 8:56 pm ] |
| Post subject: | Re: Confirm mail client setup? |
Quote: # telnet 106.185.45.57 25 Trying 106.185.45.57... telnet: connect to address 106.185.45.57: Connection timed out I'm guessing you did this from a home machine; many ISPs block outgoing port 25 to prevent spam. Port 567 you have no process listening. I don't know why you're not getting a response on some of these ports; application misconfig. For SSL enabled ports you need to use openssl eg Code: % openssl s_client -connect 106.185.45.57:993 |
|
| Author: | vonskippy [ Tue Oct 21, 2014 9:34 pm ] |
| Post subject: | Re: Confirm mail client setup? |
Something answers on TCP25, but it doesn't seem to be a SMTP service (I get a blank terminal session, which no matter what I type doesn't echo any commands or error messages, and eventually times out the telnet session). |
|
| Author: | Fufu [ Thu Oct 23, 2014 12:05 am ] |
| Post subject: | Re: Confirm mail client setup? |
I really appreciate the help a ALOT!!! What other information/command result/screenshots/file conf do you need from me? sweh wrote: Quote: # telnet 106.185.45.57 25 Trying 106.185.45.57... telnet: connect to address 106.185.45.57: Connection timed out I'm guessing you did this from a home machine; many ISPs block outgoing port 25 to prevent spam. Port 567 you have no process listening. I don't know why you're not getting a response on some of these ports; application misconfig. For SSL enabled ports you need to use openssl eg Code: % openssl s_client -connect 106.185.45.57:993 Already I have found this missing, maybe this needs to be somewhere else? Code: # Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL). Is my mail server setup correctly with MX in Linode? MX Records Mail Server: mail.harris.hk Preference: 10 Subdomain: mail TTL: Default I have done all the troubleshoot checks with no errors. Is there anything missing in the Linode documentation? DNS is reversed. |
|
| Author: | vonskippy [ Thu Oct 23, 2014 12:54 am ] |
| Post subject: | Re: Confirm mail client setup? |
Ok, you seem to be doing many changes - not all for the better. Your DNS and MX settings seem to be ok: http://mxtoolbox.com/SuperTool.aspx?act ... n=toolpage http://network-tools.com/default.asp?pr ... .harris.hk Your PTR points to your domain name (i.e. harris.hk) which is ok, but I think most anti-spam wants it to point to the hostname (i.e. mail.harris.hk) http://www.myiptest.com/staticpages/ind ... DNS-Lookup But your firewall is getting worse not better http://mxtoolbox.com/SuperTool.aspx?act ... n=toolpage https://pentest-tools.com/discovery-pro ... nline-nmap Once again, you should pick a topic (either email service, or firewall) and fix that before moving on. Working on several problems at once just means you have too many variables to determine what's being changed for the better and what's being changed for the worse. Turn off IPTABLES, and get your Email service working. Once it's working, turn on IPTABLES and once again, get Email working (knowing that any problems with email now are caused by the firewall). |
|
| Author: | Fufu [ Thu Oct 23, 2014 1:37 am ] |
| Post subject: | Re: Confirm mail client setup? |
permissions set for mail server: ls -ld /var/mail Code: drwxrwsr-x 3 vmail vmail 4096 Oct 22 21:59 /var/mail ls -ld /etc/dovecot Code: drwxr-x--- 4 vmail dovecot 4096 Oct 22 21:58 /etc/dovecot /var/log/mail.log Code: Oct 20 17:42:48 kalos postfix/smtpd[28156]: fatal: bad boolean configuration: smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_s$ service postfix status Code: [ ok ] postfix is running. service dovecot status Code: [ ok ] dovecot is running. service postfix restart Code: [ ok ] Stopping Postfix Mail Transport Agent: postfix. service dovecot restart Code: [ ok ] Restarting IMAP/POP3 mail server: dovecot. tail /var/log/mail.log Code: Oct 21 02:26:11 kalos postfix/lmtp[4974]: 7450AE8B6: to=<root@harris.hk>, orig_to=<root>, relay=kalos.harris.hk[private/dovecot-lmtp], delay=0.14, delays=0.04/0.02/0.02/0.06, dsn=5.1.1, status=bounced (host kalos.harris.hk[private/dovecot-lmtp] said: 550 5.1.1 <root@harris.hk> User doesn't exist: root@harris.hk (in reply to RCPT TO command)) tail /var/log/upstart/dovecot.log Code: tail: cannot open `/var/log/upstart/dovecot.log' for reading: No such file or directory vonskippy wrote: Turn off IPTABLES, and get your Email service working. Once it's working, turn on IPTABLES and once again, get Email working (knowing that any problems with email now are caused by the firewall). How can I turn off iptables in Debian?As root: '/etc/init.d/iptables stop' output: (doesn't work) 'iptables -X' output: iptables: Too many links. The CentOS commands do not work either. I am using Debian. |
|
| Author: | vonskippy [ Thu Oct 23, 2014 3:35 pm ] |
| Post subject: | Re: Confirm mail client setup? |
Here's a good thread on the Debian forum explaining it (follow it to the Ubuntu forum for info on UFW) - and a good recommendation - install UFW to manage your IPTABLES. With UFW installed, then it's a simple 'sudo service ufw stop' and 'sudo service ufw start' http://forums.debian.net/viewtopic.php?f=10&t=112759 After researching something as simple as turning IPTABLES on and off in Debian, I'm oh so glad I use CentOS (service iptables stop / service iptables start). |
|
| Author: | Fufu [ Wed Oct 29, 2014 5:18 pm ] |
| Post subject: | Re: Confirm mail client setup? |
UFW doesn't function properly in Debian 7.6. It says it will "enables" and "stops" on a reboot, but always displays "inactive" and never actually does anything with Debian 7.6 kernel 3.15. this is my '$/var/log/mail.log' excerpt of the error I am receiving. Oct 24 22:03:06 kalos postfix/smtpd[3998]: connect from mta.email.jacquielawson.com[66.231.90.157] Oct 24 22:03:06 kalos postfix/smtpd[3998]: NOQUEUE: reject: RCPT from mta.email.jacquielawson.com[66.231.90.157]: 554 5.7.1 <username@harris.hk>: Relay access denied; from=<bounce-910$ Oct 24 22:03:06 kalos postfix/smtpd[3998]: disconnect from mta.email.jacquielawson.com[66.231.90.157] I believe I have my firewall sorted out: $iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp ACCEPT tcp -- anywhere anywhere tcp dpt:submission ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT icmp -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere |
|
| Page 2 of 2 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|