I've got (2) ISPConfig 3 servers. Server A hosts most domains and all emails. Server B hosts 1 domain, but no email. Server A has a direct IP address, Server B is behind a NAT. I would like to set it up so Server B can send mail (via SMTP) through Server A. Right now, I'm getting the following on Server B when I try to send mail through Server A: SMTP Error: Could not connect to SMTP host. Neither servers logs show anything (including running tail -f /var/log/syslog on both servers and watching what happens when I hit "send"). Thoughts
Can you send email from A to B? Some isp block port 25 to prevent spam from infected computers or spamers. Try to check your firewall/iptables configuration and try to connect manually to anothers mail servers(from B) with: Code: telnet mailservername 25
Thanks... it does appear port 25 is blocked. However, our ISP itself doesn't block any of our ports (I've had this conversation with them in the past). Also, both servers are connected to the same router, with nothing in the hardware firewall. If the firewall isn't on the router, where else might I look? FYI: using http://network-tools.com/ I get a connection (that's rejected because relaying isn't allowed)
What are the outputs of Code: netstat -tap and Code: iptables -L on server A? Are there any errors in your mail logs (on both servers)?
Still pulling my hair out! Server A: netstat -tap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdo:10024 *:* LISTEN 1113/amavisd (maste tcp 0 0 localhost.localdo:10025 *:* LISTEN 10998/master tcp 0 0 *:mysql *:* LISTEN 1061/mysqld tcp 0 0 *:submission *:* LISTEN 10998/master tcp 0 0 *:http-alt *:* LISTEN 11464/apache2 tcp 0 0 *:www *:* LISTEN 11464/apache2 tcp 0 0 XX-XXX-XXX-XXX.b:domain *:* LISTEN 2740/named tcp 0 0 thisismydomain:domain *:* LISTEN 2740/named tcp 0 0 localhost.locald:domain *:* LISTEN 2740/named tcp 0 0 *:ftp *:* LISTEN 1934/pure-ftpd (SER tcp 0 0 *:ssh *:* LISTEN 937/sshd tcp 0 0 *:smtp *:* LISTEN 10998/master tcp 0 0 localhost.localdoma:953 *:* LISTEN 2740/named tcp 0 0 *:https *:* LISTEN 11464/apache2 tcp 0 0 localhost.localdo:mysql localhost.localdo:50214 ESTABLISHED 1061/mysqld tcp 0 248 thisismydomain.c:ssh 69-168-254-123.br:55688 ESTABLISHED 17411/sshd: ohdweb tcp 0 0 localhost.localdo:50216 localhost.localdo:mysql ESTABLISHED 11489/smtpd tcp 0 0 localhost.localdo:50213 localhost.localdo:mysql ESTABLISHED 13573/trivial-rewri tcp 0 0 localhost.localdo:mysql localhost.localdo:50216 ESTABLISHED 1061/mysqld tcp 0 0 localhost.localdo:mysql localhost.localdo:50213 ESTABLISHED 1061/mysqld tcp 0 0 localhost.localdo:50204 localhost.localdo:mysql ESTABLISHED 13630/amavisd (ch1- tcp 0 0 localhost.localdo:50215 localhost.localdo:mysql ESTABLISHED 11489/smtpd tcp 0 0 localhost.localdo:50218 localhost.localdo:mysql ESTABLISHED 13574/proxymap tcp 0 0 localhost.localdo:mysql localhost.localdo:50217 ESTABLISHED 1061/mysqld tcp 0 0 thisismydomain.:smtp static.227.227.47:47934 TIME_WAIT - tcp 0 0 localhost.localdo:50221 localhost.localdo:mysql ESTABLISHED 13574/proxymap tcp 0 0 localhost.localdo:10025 localhost.localdo:59219 TIME_WAIT - tcp 0 0 localhost.localdo:mysql localhost.localdo:50212 ESTABLISHED 1061/mysqld tcp 0 0 localhost.localdo:59204 localhost.localdo:10025 ESTABLISHED 13630/amavisd (ch1- tcp 0 0 localhost.localdo:49970 localhost.localdo:mysql TIME_WAIT - tcp 0 0 localhost.localdo:mysql localhost.localdo:50218 ESTABLISHED 1061/mysqld tcp 0 0 localhost.localdo:mysql localhost.localdo:50221 ESTABLISHED 1061/mysqld tcp 0 0 localhost.localdo:mysql localhost.localdo:50215 ESTABLISHED 1061/mysqld tcp 0 0 localhost.localdo:10025 localhost.localdo:59204 ESTABLISHED 13654/smtpd tcp 0 0 thisismydomain.:smtp 42.113.172.235:50138 TIME_WAIT - tcp 0 0 localhost.localdo:50214 localhost.localdo:mysql ESTABLISHED 13574/proxymap tcp 0 0 localhost.localdo:50212 localhost.localdo:mysql ESTABLISHED 13574/proxymap tcp 0 0 localhost.localdo:mysql localhost.localdo:50204 ESTABLISHED 1061/mysqld tcp 0 0 localhost.localdo:50217 localhost.localdo:mysql ESTABLISHED 13574/proxymap tcp6 0 0 [::]:imaps [::]:* LISTEN 1752/couriertcpd tcp6 0 0 [::]:pop3s [::]:* LISTEN 1818/couriertcpd tcp6 0 0 [::]:pop3 [::]:* LISTEN 1782/couriertcpd tcp6 0 0 [::]:imap2 [::]:* LISTEN 1711/couriertcpd tcp6 0 0 [::]:domain [::]:* LISTEN 2740/named tcp6 0 0 [::]:ftp [::]:* LISTEN 1934/pure-ftpd (SER tcp6 0 0 [::]:ssh [::]:* LISTEN 937/sshd tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 2740/named tcp6 0 0 thisismydomain.:pop3 69-168-254-123.br:58708 TIME_WAIT - tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49616 ESTABLISHED 8828/couriertls tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49610 ESTABLISHED 8824/couriertls tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49611 ESTABLISHED 8808/imapd tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49615 ESTABLISHED 8829/couriertls tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49617 ESTABLISHED 8813/imapd tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:53905 ESTABLISHED 4950/couriertls tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49597 ESTABLISHED 8815/couriertls tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:65311 ESTABLISHED 5303/imapd tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49595 ESTABLISHED 8817/couriertls tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49603 ESTABLISHED 8825/couriertls tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49612 ESTABLISHED 8819/couriertls tcp6 0 0 thisismydomain.:pop3 69-168-254-123.br:58723 TIME_WAIT - iptables -L Code: Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh fail2ban-courierimaps tcp -- anywhere anywhere multiport dports imaps fail2ban-courierpop3 tcp -- anywhere anywhere multiport dports pop3 fail2ban-courierimap tcp -- anywhere anywhere multiport dports imap2 fail2ban-pure-ftpd tcp -- anywhere anywhere multiport dports ftp,ftp-data,ftps,ftps-data Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-courierimap (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-courierimaps (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-courierpop3 (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-courierpop3s (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-pure-ftpd (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-sasl (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere /etc/postfix/main.cf Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = thisismydomain.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = thisismydomain.com, localhost, localhost.localdomain, $mydomains relayhost = mynetworks = 127.0.0.0/8 [::1]/128, XXX.XXX.XXX.XXX mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_tls_security_level = may transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_$ smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = maildrop header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom message_size_limit = 0 Just looking to get Server B to send through Server A... Server B is behind a NAT on a Cisco router. All ports open, nothing blocked at the router level.
if you can't get it to work directly, an alternate approach would be to setup a open between those two servers. Then you can route the email though the vpn tunnel hence it uses a different port. Or you can use alternate ports for smtp... I usually do also free 2500 and 2525 or you could try the submission port (587)
i assume that you are running this from your house, or work. i would check the outside ports to make sure they are open. i have heard that line before yes port 25 is open but the person that you are talking to knows nothing other then what is on the monitor in front of them. to check your ports you can use this site http://www.yougetsignal.com/tools/open-ports/ if port 25 is blocked you can use a relay service to send mail out on port 2525 this is how i have to do it sucks having to pay for a service but what are you going to do.
Thanks. Going to http://www.yougetsignal.com/tools/open-ports/ shows port 25 open at Server A. When I send an email from Server B, though, I'm getting this: Code: Mar 16 17:00:21 myserver postfix/smtpd[26622]: connect from unknown[192.168.1.220] Mar 16 17:00:21 myserver postfix/smtpd[26622]: DA35B1C014C6: client=unknown[192.168.1.220], sasl_method=PLAIN, [email protected] Mar 16 17:00:21 myserver postfix/cleanup[26624]: DA35B1C014C6: message-id=<[email protected]> Mar 16 17:00:21 myserver postfix/qmgr[13490]: DA35B1C014C6: from=<[email protected]>, size=1227, nrcpt=1 (queue active) Mar 16 17:00:22 myserver postfix/smtpd[26622]: disconnect from unknown[192.168.1.220] Mar 16 17:00:28 myserver postfix/smtpd[26684]: connect from localhost.localdomain[127.0.0.1] Mar 16 17:00:28 myserver postfix/smtpd[26684]: 3A0AB1C01543: client=localhost.localdomain[127.0.0.1] Mar 16 17:00:28 myserver postfix/cleanup[26624]: 3A0AB1C01543: message-id=<[email protected]> Mar 16 17:00:28 myserver postfix/qmgr[13490]: 3A0AB1C01543: from=<[email protected]>, size=1747, nrcpt=1 (queue active) Mar 16 17:00:28 myserver postfix/smtpd[26684]: disconnect from localhost.localdomain[127.0.0.1] Mar 16 17:00:28 myserver amavis[21490]: (21490-05) Passed CLEAN, LOCAL [192.168.1.220] [192.168.1.220] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: 2Yyk4P8SpjER, Hits: -0.999, size: 1227, queued_as: 3A0AB1C01543, 6339 ms Mar 16 17:00:28 myserver postfix/smtp[26681]: DA35B1C014C6: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.6, delays=0.22/0/0.01/6.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3A0AB1C01543) Mar 16 17:00:28 myserver postfix/qmgr[13490]: DA35B1C014C6: removed Mar 16 17:00:28 myserver postfix/error[26704]: 3A0AB1C01543: to=<[email protected]>, relay=none, delay=0.15, delays=0.08/0.01/0/0.06, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mail.servera.com[69.168.254.122]:25: Connection timed out) Maybe I should just go enjoy the weather which is abnormally, but fantastically warm, and come back to this Monday...
Ok... so this is what I've got. A & B won't talk to each other, but I can send from out side (for instance Gmail) to A and B. Here's the setup: Cisco Router has a static IP of XXX.XXX.XXX.123 Server A is behind the Cisco router with a static IP XXX.XXX.XXX.122 Server B is behind the Cisco Router with a static IP 192.168.1.252, but NATed to XXX.XXX.XXX.124. Web services work great on A & B. Email is just fine on A. Email is fine on B. Except B won't talk to A and vice versa. I can't send mail to A or B. If I try to send from B to A, on server B I get: Code: Mar 19 17:31:39 serverB postfix/smtp[23088]: 340211C01594: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.69, delays=0.14/0/0.01/0.54, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B80CE1C0159E) Also, nothing shows in the logs on Server A when sending from B to A. When I send from A to B, on server A I get: Code: Mar 19 15:24:41 serverA postfix/smtpd[3997]: warning: XXX.XXX.XXX.123: hostname XXX-XXX-XXX-123.myisp.net verification failed: Name or service not known Mar 19 15:24:41 serverA postfix/smtpd[3997]: connect from unknown[XXX.XXX.XXX.123] Mar 19 15:24:41 serverA postfix/smtpd[3997]: BBAC71EA0047: client=unknown[XXX.XXX.XXX.123], sasl_method=PLAIN, [email protected] Mar 19 15:24:41 serverA postfix/cleanup[4000]: BBAC71EA0047: message-id=<[email protected]> Mar 19 15:24:41 serverA postfix/qmgr[9943]: BBAC71EA0047: from=<[email protected]>, size=52240, nrcpt=1 (queue active) Mar 19 15:24:41 serverA postfix/smtpd[3997]: disconnect from unknown[XXX.XXX.XXX.123] Mar 19 15:24:42 serverA postfix/smtpd[4004]: connect from localhost.localdomain[127.0.0.1] Mar 19 15:24:42 serverA postfix/smtpd[4004]: 35B071EA0AB7: client=localhost.localdomain[127.0.0.1] Mar 19 15:24:42 serverA postfix/cleanup[4000]: 35B071EA0AB7: message-id=<[email protected]> Mar 19 15:24:42 serverA postfix/smtpd[4004]: disconnect from localhost.localdomain[127.0.0.1] Mar 19 15:24:42 serverA postfix/qmgr[9943]: 35B071EA0AB7: from=<[email protected]>, size=52750, nrcpt=1 (queue active) Mar 19 15:24:42 serverA amavis[5714]: (05714-11) Passed CLEAN, [XXX.XXX.XXX.123] [XXX.XXX.XXX.123] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: QDiV7azwhtUI, Hits: -1.205, size: 52240, queued_as: 35B071EA0AB7, 429 ms Mar 19 15:24:42 serverA postfix/smtp[4001]: BBAC71EA0047: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.55, delays=0.12/0/0/0.43, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 35B071EA0AB7) Mar 19 15:24:42 serverA postfix/qmgr[9943]: BBAC71EA0047: removed Mar 19 15:24:42 serverA postfix/smtp[4026]: 35B071EA0AB7: to=<[email protected]>, relay=none, delay=0.14, delays=0.04/0/0.09/0, dsn=5.4.6, status=bounced (mail for serverB.com loops back to myself) Mar 19 15:24:42 serverA postfix/cleanup[4000]: 60C611EA0C3B: message-id=<[email protected]> Mar 19 15:24:42 serverA postfix/bounce[4027]: 35B071EA0AB7: sender non-delivery notification: 60C611EA0C3B Mar 19 15:24:42 serverA postfix/qmgr[9943]: 60C611EA0C3B: from=<>, size=3247, nrcpt=1 (queue active) Mar 19 15:24:42 serverA postfix/qmgr[9943]: 35B071EA0AB7: removed Mar 19 15:24:42 serverA postfix/pipe[4007]: 60C611EA0C3B: to=<[email protected]>, relay=maildrop, delay=0.1, delays=0.03/0/0/0.07, dsn=2.0.0, status=sent (delivered via maildrop service) Mar 19 15:24:42 serverA postfix/qmgr[9943]: 60C611EA0C3B: removed and on Server B: Code: Mar 19 17:40:35 serverB postfix/smtp[24568]: B80CE1C0159E: to=<[email protected]>, relay=none, delay=535, delays=505/0.08/30/0, dsn=4.4.1, status=deferred (connect to serverA.com[XXX.XXX.XXX.122]:25: Connection timed out) Mar 19 17:40:35 serverB postfix/smtp[24572]: connect to serverA.com[XXX.XXX.XXX.122]:25: Connection timed out Originally, I was trying to get a web site on Server B to use SMTP to connect to Server A to send emails, but nothing was working. As an alternative, I created some accounts on Server B to send to the Server A accounts, but those weren't working, either. There is something with how things are configured that keeps A and B from talking to each other on Port 25 (or 587)... but both can talk to the rest of the world.
Do A and MX records for serverA.com and serverB.com point to the same hosts/IPs, or are they different? Have you tried inserting records for serverA.com and serverB.com in each server's /etc/hosts file (you can use their local IP addresses in that file)?
A & MX records point to different places: ServerA A record points to the XXX.XXX.XXX.122 IP ServerA MX record points to ServerA (10 serverA.com) ServerB A record points to the XXX.XXX.XXX.124 IP ServerB MX record points to ServerB (10 serverB.com) I'll try adding each other to their respective hosts file. UPDATE: Changing hosts didn't seem to make a difference. UPDATED UPDATE: Changing hosts, rebooting on both machines made the difference. We're good now!
