| Linode Forum https://forum.linode.com/ |
|
| Confirm mail client setup? https://forum.linode.com/viewtopic.php?f=11&t=11370 |
Page 1 of 2 |
| Author: | Fufu [ Sat Oct 18, 2014 8:27 pm ] |
| Post subject: | Confirm mail client setup? |
I followed Linode's guide: https://www.linode.com/docs/email/postf ... -and-mysql Server Information Account Type: (POP3) Incoming mail server: (mail.example.com) Outgoing mail server (SMTP): (mail.example.com) Logon Information User Name: (someone@example.com) Password: Require logon using Secure Password Authentication (SPA) ? Outgoing Server My outgoing server (SMTP) requires authentication (Yes) Server Port Numbers Incoming server (POP3): (995) This server requires an encrypted connection (SSL) Yes Outgoing server (SMTP): (25) Use the following type of encrypted connection: (TLS) What am I missing? |
|
| Author: | Main Street James [ Sat Oct 18, 2014 9:52 pm ] |
| Post subject: | Re: Confirm mail client setup? |
Quote: What am I missing? It's hard to tell. What problem are you having?
|
|
| Author: | Fufu [ Sun Oct 19, 2014 12:47 am ] |
| Post subject: | Re: Confirm mail client setup? |
I followed these Linode guides: Running a Mail Server https://www.linode.com/docs/email/runni ... il-server/ Email with Postfix, Dovecot, and MySQL https://www.linode.com/docs/email/postf ... -and-mysql How to Make a Self-Signed SSL Certificate https://www.linode.com/docs/security/ss ... rtificate/ and even did the double checks with no errors -Troubleshooting Problems with Postfix, Dovecot, and MySQL https://www.linode.com/docs/email/postf ... and-mysql/ and I cannot connect to the 'mail.example.com' in my mail client. |
|
| Author: | vonskippy [ Sun Oct 19, 2014 1:13 am ] |
| Post subject: | Re: Confirm mail client setup? |
I can connect to mail.example.com just fine, maybe you made a typo. |
|
| Author: | Fufu [ Sun Oct 19, 2014 1:23 am ] |
| Post subject: | Re: Confirm mail client setup? |
sudo netstat -plantu Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:42575 0.0.0.0:* LISTEN 2785/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2754/rpcbind tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 23222/master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6475/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 23222/master tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 23686/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 23686/dovecot tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 3749/mysqld tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 23222/master tcp 0 288 106.185.45.57:22 75.196.59.40:57669 ESTABLISHED 23631/sshd: username tcp6 0 0 :::111 :::* LISTEN 2754/rpcbind tcp6 0 0 :::465 :::* LISTEN 23222/master tcp6 0 0 :::22 :::* LISTEN 6475/sshd tcp6 0 0 :::25 :::* LISTEN 23222/master tcp6 0 0 :::443 :::* LISTEN 19833/apache2 tcp6 0 0 :::993 :::* LISTEN 23686/dovecot tcp6 0 0 :::995 :::* LISTEN 23686/dovecot tcp6 0 0 :::46569 :::* LISTEN 2785/rpc.statd tcp6 0 0 :::587 :::* LISTEN 23222/master udp 0 0 0.0.0.0:58421 0.0.0.0:* 2785/rpc.statd udp 0 0 0.0.0.0:68 0.0.0.0:* 2951/dhclient udp 0 0 0.0.0.0:111 0.0.0.0:* 2754/rpcbind udp 0 0 106.185.45.57:123 0.0.0.0:* 4735/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 4735/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 4735/ntpd udp 0 0 0.0.0.0:809 0.0.0.0:* 2754/rpcbind udp 0 0 127.0.0.1:841 0.0.0.0:* 2785/rpc.statd udp 0 0 0.0.0.0:54165 0.0.0.0:* 2951/dhclient udp6 0 0 :::5596 :::* 2951/dhclient udp6 0 0 :::111 :::* 2754/rpcbind udp6 0 0 2400:8900::f03c:91f:123 :::* 4735/ntpd udp6 0 0 fe80::f03c:91ff:fe5:123 :::* 4735/ntpd udp6 0 0 ::1:123 :::* 4735/ntpd udp6 0 0 :::123 :::* 4735/ntpd udp6 0 0 :::809 :::* 2754/rpcbind udp6 0 0 :::45948 :::* 2785/rpc.statd vonskippy wrote: I can connect to mail.example.com just fine, maybe you made a typo. hahaamail.harris.hk |
|
| Author: | Main Street James [ Sun Oct 19, 2014 6:13 am ] |
| Post subject: | Re: Confirm mail client setup? |
Are you running a firewall such as iptables? I ask because your mail ports are not available. When I check mail.harris.hk for open mail ports (25,587,993,995) I get no response. |
|
| Author: | vonskippy [ Sun Oct 19, 2014 1:32 pm ] |
| Post subject: | Re: Confirm mail client setup? |
Your mail.harris.hk 'A' records resolve, but there doesn't seem to be a 'MX' record for your domain. |
|
| Author: | Fufu [ Mon Oct 20, 2014 12:42 am ] |
| Post subject: | Re: Confirm mail client setup? |
Main Street James wrote: Are you running a firewall such as iptables? I ask because your mail ports are not available. When I check mail.harris.hk for open mail ports (25,587,993,995) I get no response. iptables -L -nChain INPUT (policy DROP) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 106.185.45.57 0.0.0.0/0 tcp dpt:22 fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: " DROP all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* Allow loopback connections */ ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 /* Allow Ping to work as expected */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22,25,53,80,443,465,993,995,5222,5269,5280,8999:9003 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 Chain FORWARD (policy DROP) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 |
|
| Author: | Fufu [ Mon Oct 20, 2014 12:45 am ] |
| Post subject: | Re: Confirm mail client setup? |
vonskippy wrote: Your mail.harris.hk 'A' records resolve, but there doesn't seem to be a 'MX' record for your domain. How can I check the MX record? Where would I look locally in the server to verify?
|
|
| Author: | vonskippy [ Mon Oct 20, 2014 1:07 am ] |
| Post subject: | Re: Confirm mail client setup? |
Your IPTABLE rules are messed up - you have a REJECT ALL several lines ABOVE your ACCEPT 22,25,53,80,443,465,993,995,5222,5269,5280,8999:9003 rule. You also have multiple rules for TCP22 MX records are setup in your DNS manager (so in the Linode DNS manager). You want to point your MX record to mail, then have a A record for mail.harris.hk (which you already have). In the future, remember it's always a good test to TEMPORARILY disable your firewall rules, test your problem, if it works, then it's a firewall rule, if it still doesn't work, then it's not a firewall rule. Just remember to re-enable your firewall after you complete your tests. |
|
| Author: | Fufu [ Mon Oct 20, 2014 1:41 am ] |
| Post subject: | Re: Confirm mail client setup? |
vonskippy wrote: Your IPTABLE rules are messed up - you have a REJECT ALL several lines ABOVE your ACCEPT 22,25,53,80,443,465,993,995,5222,5269,5280,8999:9003 rule. You also have multiple rules for TCP22 How can I do this carefully, without locking myself out of my own server? I am thinking if I DROP 22 it will take out all the rules. Any suggestions, ideas? vonskippy wrote: MX records are setup in your DNS manager (so in the Linode DNS manager). You want to point your MX record to mail, then have a A record for mail.harris.hk (which you already have). Okay, I edited the subdomain to 'mail' on the MX records for 'mail.harris.hk' vonskippy wrote: In the future, remember it's always a good test to TEMPORARILY disable your firewall rules, test your problem, if it works, then it's a firewall rule, if it still doesn't work, then it's not a firewall rule. Just remember to re-enable your firewall after you complete your tests. I was following all the Linode tutorial guides and following them. *oops* To re-enable, I think that means restarting the service then testing, then re-edit?
|
|
| Author: | masonm [ Mon Oct 20, 2014 11:58 am ] |
| Post subject: | Re: Confirm mail client setup? |
Fufu wrote: vonskippy wrote: Your IPTABLE rules are messed up - you have a REJECT ALL several lines ABOVE your ACCEPT 22,25,53,80,443,465,993,995,5222,5269,5280,8999:9003 rule. You also have multiple rules for TCP22 How can I do this carefully, without locking myself out of my own server? I am thinking if I DROP 22 it will take out all the rules. Any suggestions, ideas? Use Lish: https://www.linode.com/docs/networking/ ... shell-lish You can completely disable network access and still access a Linode server with Lish. |
|
| Author: | Fufu [ Mon Oct 20, 2014 7:56 pm ] |
| Post subject: | Re: Confirm mail client setup? |
Thanks masonm wrote: Fufu wrote: vonskippy wrote: Your IPTABLE rules are messed up - you have a REJECT ALL several lines ABOVE your ACCEPT 22,25,53,80,443,465,993,995,5222,5269,5280,8999:9003 rule. You also have multiple rules for TCP22 How can I do this carefully, without locking myself out of my own server? I am thinking if I DROP 22 it will take out all the rules. Any suggestions, ideas? Use Lish: https://www.linode.com/docs/networking/ ... shell-lish You can completely disable network access and still access a Linode server with Lish. I am new to self-managed webservers and feel if I really mess this up, I will not know how to fix it. This is in a chain? Okay, so what command would I use first and last that would not kill my chain? Sorry for all the questions. |
|
| Author: | vonskippy [ Mon Oct 20, 2014 8:19 pm ] |
| Post subject: | Re: Confirm mail client setup? |
I find it's easiest to edit the rules in their saved config file - that way you can put them in the EXACT order you need (versus typing in your rules one at a time via a terminal session). In CentOS, that file is located /etc/sysconfig/iptables, I'm not sure where it's located in DEB based systems. After you edit the config file, either restart IPTABLES or just reboot the server to load the new ruleset. |
|
| Author: | Fufu [ Mon Oct 20, 2014 8:56 pm ] |
| Post subject: | Re: Confirm mail client setup? |
Reset securing my Server: https://www.linode.com/docs/security/se ... ur-server/ sudo iptables -L -n Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: " DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 s3r3na@kalos:~$ sudo nano /etc/network/if-pre-up.d/firewall s3r3na@kalos:~$ sudo chmod +x /etc/network/if-pre-up.d/firewall s3r3na@kalos:~$ sudo iptables -L -n Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: " DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Looked over Prerequisites: https://www.linode.com/docs/email/postf ... -and-mysql Troubleshot - Telnet, which I cannot check: https://www.linode.com/docs/email/postf ... and-mysql/ sudo telnet 106.185.45.57 Trying 106.185.45.57... telnet: Unable to connect to remote host: Connection refused "Checking Port Availability Sometimes email problems occur because the mail server and mail client aren’t talking to each other on the same ports. For mail to get from client to server, or vice versa, both have to be using the same ports, and those ports also have to be open along the internet route between the two. If you are following the accompanying Postfix, Dovecot, and MySQL installation guide, you should be using the following ports: 25, 465, or 587 with TLS encryption for outgoing mail (SMTP) 993 with SSL encryption for incoming IMAP 995 with SSL encryption for incoming POP3 First, check your mail client settings and make sure that you have the correct ports and security settings selected. Next, use the Telnet tool to check that ports are open both on your Linode and on the route between your client and your Linode. The same test should be run on both your Linode and your home computer. First we’ll present how to run the test from both locations, and then we’ll discuss the implications." |
|
| Page 1 of 2 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|