Hi,

I'm running ISP Config 3.0.3.2 (incl. Postfix) based server on Ubuntu 10.04. Everything has been working fine but suddenly SMTP connections from email clients stopped working for all domains.

This is what I know so far:

1) "telnet xxx.members.linode.com 25" reports immediately
220 xxx.members.linode.com ESMTP Postfix (Ubuntu)
so looks like postfix is alive

2) Thunderbird client reports "server timed out". Windows Live Mail same error, basically.

3) /var/log/mail.log and /var/log/mail.err don't have any errors.

Any ideas or suggestions? Would be greatly appreciated. Thanks!


Jani

Now I found out that telnet servername 25 works from *another Linode* but not outside Linode network (stupid of me to test it from another linode in the first place). So it appears Linode has blocked port 25 suddenly? My Linodes are in Dallas.

linode do not block port 25.
Either you have firewall rules in place that are causing this, or your other test source is blocking 25 outbound.

Whats your ip? ill test from here

_________________
ServerAdmin - www.our-lan.com
"Diplomacy is the art of saying nice doggy whilst looking for a really big stick"
"In my experiece, any attempt to make any system idiot proof will only challenge God to make a better idiot"

exactly, it's actually likely that your ISP is blocking outbound 25. Set your server to listen to 2525 or something like that in addition to 25 and try it out.

Yep telnet didn't work because of my ISP, tried from another server and it works fine.

So it does look like ISP firewall issue. However, what puzzles me is that email clients suddenly stopped working from multiple locations in multiple countries - including several US ISPs and several Vietnam-based ISPs. I have not changed any server settings or anything, so "something in the middle" has changed.

I guess I try next to change the port. Thanks for your suggestion! I report back here if I have any success fixing this.

Thanks again,
Jani

The issue "fixed itself". Suddenly after being two days unreachable through port 25, the port magically opened.

Save yourself future headaches by enabling MSA port 587 now.

A two-second change, add a firewall rule to allow the traffic in, and restart your postfix instance & firewall instance and you're done.

To listen on both tcp port 25 and 587, modify /etc/postfix/master.cf (or whatever path your Postfix configuration resides within), and uncomment the line beginning with "submission inet", which should be found immediately below your 'smtp inet' line:

smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd

Modify your firewall to allow inbound tcp 587 traffic (as wide open or as restricted for the port as you prefer), reload your firewall rules/restart your firewall and reload or restart Postfix. You can confirm postfix is bound to port 587 via netstat -plan as root:

# netstat -plan | grep "master" | grep tcp
tcp        0      0 0.0.0.0:587                 0.0.0.0:*                   LISTEN      3227/master
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      3227/master
tcp        0      0 :::587                      :::*                        LISTEN      3227/master
tcp        0      0 :::25                       :::*                        LISTEN      3227/master

Here Postfix is listening on all interfaces on both IPv4 and IPv6 on both tcp ports 25 and 587.

Additionally, you can just telnet to port 587 from localhost and from your ISP connection.