Hi all, I'm trying to configure email-forwarder using postfix, but I can't connect to my linode port 25.

here some technical details:
There is a daemon listening to this port

> netstat --listening --inet --program
..
tcp        0      0 *:smtp                  *:*                     LISTEN      2133/master 
..

I can connect (telnet to port 25) from my linode

> telnet localhost 25 // sucess

Unable to connect (telnet to port 25) from my desktop

> telnet 178.79.128.210 25
Trying 178.79.128.210...
telnet: Unable to connect to remote host: Connection timed out

nmap said that the port is filterd:

> nmap -sS 178.79.128.210
..
25/tcp   filtered smtp
80/tcp   open     http
..

And i've deleted all rules from iptables:

> iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Any idea someone???
Thanks,
Ziv

You might be getting filtering at your source location rather than at the Linode end. Some ISPs filter traffic to port 25 - ostensibly to help block relaying/spamming - forcing you to use their smart gateways for outbound mail.

You might try shifting your server to a different port and see if that works any better. Or if you specifically want to forward through that port you could see about a VPN or SSH forwarding tunnel between your home machine and your Linode, and then connect over that.

-- David

It was it
connected to my home desktop and all was good

thanks a lot

I'm having a similar problem, except that I can connect to postfix on an alternate port from external hosts. I've ruled out the firewall, first I had ssh answer port 25 successfully (then I took the port back), then I completely ripped out the firewall. I even tried installing postfix on a machine at my house, was able to connect to it from other hosts and then copied its' main and master files to my linode, and still have the issue!

I know that postfix is running because it can answer on a different port (and locally) and I know the firewall isn't the culprit because the problem exists when there is no firewall and other services can answer port 25. I'm running Ubuntu 10.04, with no added repositories.

main.cf 
myhostname = node.brainbuz.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = brainbuz.org, node.brainbuz.org, localhost.brainbuz.org, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

inet part of master.cf
# =================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + a
#               (yes)   (yes)   (yes)   (never) (100)
# =================================================================
smtp      inet  n       -       -       -       -       smtpd
58        inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd


I'm running ufw which makes iptables output excessively verbose here is the outpout from ufw and nmap: 

To                         Action      From
--                         ------      ----
110                        ALLOW       Anywhere
Apache                     ALLOW       Anywhere
22                         ALLOW       Anywhere
58/tcp                     ALLOW       Anywhere
443                        ALLOW       Anywhere
25/tcp                     ALLOW       Anywhere


Interesting ports on node.brainbuz.org (173.255.233.30):
Not shown: 996 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
80/tcp  open  http
443/tcp open  https



Finally an ssh session from an external shell account (dreamhost).
[steelers]$ telnet 173.255.233.30 25
Trying 173.255.233.30...
telnet: Unable to connect to remote host: Connection refused
[steelers]$ telnet 173.255.233.30 58
Trying 173.255.233.30...
Connected to 173.255.233.30.
Escape character is '^]'.
220 node.brainbuz.org ESMTP Postfix (Ubuntu)

The tests you showed don't seem to eliminate possible filtering for outbound port 25 at your source location (in your sample, your Dreamhost shell account). And testing inbound to your home host doesn't preclude outbound filtering by your provider. The comment above about making an ssh connection to port 25 is about the only thing that would seem to indicate no such filtering, so it might be helpful to see a sample of that test just to be sure, since that still seems to be the most likely possibility given that a different port works.

It is interesting that you get a port refused rather than just no response, since I suspect most ISP filters would just blackhole the traffic (I know mine does), but such blocks could certainly be active as well.

However, I will note that I tried a quick test (see below) and could access your server on port 25 from one of my Newark Linodes. Also successful from a random web server in CA. So I do think things are ok on your Linode itself and the problem is likely elsewhere, unless something changed since you posted.

telnet> open node.brainbuz.org 25
Trying 173.255.233.30...
Connected to node.brainbuz.org.
Escape character is '^]'.
220 node.brainbuz.org ESMTP Postfix (Ubuntu)

-- David

I just tried checkOR.com (open relay tester) and it said it connected and I'm not a relay . That dreamhost would allow ssh to 25 but not telnet to 25 doesn't make any sense to me. For the time being I have to trust that port 25 is really working and continue building it as a gateway/private relay (testing will be extra fun since I won't fully trust it to answer 25).

That's why I asked for a sample of the ssh test - are you absolutely sure you really switched ports?

If you're concerned for future testing, you could always provision a second Linode (even in a different DC) if only for a few days and use it as a test source.

-- David

I just reran the ssh test and it didn't work. I must have mistyped the command in earlier in a manner that appeared to work. Of course little things like being blocked on outbound ports from my shell account are exactly why I'm moving from Dreamhost to Linode.