Hi, Fom my own network when I perform a telnet on port 25 I got the following result: [root@websrv postfix]# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 websrv.viewmynetowrk.ch ESMTP Postfix But from public networks I got only : 220 ************************************* Where is the blocking point? I am using last release from ISPConfig on CentOS. Jackouille-CH
Hi Till, Thanks for your answer. Here are the requested outputs: [root@websrv ~]# netstat -ntap | grep 25 tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 13261/master tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 13261/master tcp6 0 0 :::25 :::* LISTEN 13261/master [root@websrv ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@websrv ~]# And my Firewall, ports 25,587,465, IMAP4, IMAPS are opened for everyone.
The server side is ok, postfix listens on port 25 of the external interface and there is no local firewall rule that blocks port 25. Most internet access prviders today block port 25 incoming as tehy dont allow their customers to run a mail server at home or in office. so if your server is not located in a datacenter, then you should ask your provider if they block port 25.
I have my own DataCenter infrastructure and port 25 is opened on my Firewall, you can do a telnet on port 25 and you receive an answer. I suspect a configuration issue but I haven't found the place where to check. Nothing special in main.cf and master.cf Is there another config file to investigate?
Yes it works with server IP: [root@websrv ~]# telnet 10.41.1.188 25 Trying 10.41.1.188... Connected to 10.41.1.188. Escape character is '^]'. 220 websrv.viewmynetowrk.ch ESMTP Postfix And I checked from another server on same subnet and got the same result (meaning correct). It's only when I am on other networks (not only Firewalled) that I receive only stars.
The result shows that it's a problem on the network or in your external firewall and not a problem on the server or in the server config. if there would be a server config problem, then the mail system wont be available on the external network interface at all.
Till, you were right, sorry for this ticket, problem was coming from Cisco ASA which has too restrictive rules by default. Here are the changes to apply in order to solve this issue: fw-1(config)# policy-map type inspect esmtp tls-allow fw-1(config-pmap)# parameters fw-1(config-pmap-p)# allow-tls fw-1(config-pmap-p)# no mask-banner fw-1(config-pmap-p)# exit fw-1(config-pmap)# policy-map global_policy fw-1(config-pmap)# class inspection_default fw-1(config-pmap-c)# no inspect esmtp fw-1(config-pmap-c)# inspect esmtp tls-allow fw-1(config-pmap-c)# exit fw-1(config-pmap)# exit fw-1(config)# exit fw-1# wr
