Postfix fails for local IP

Discussion in 'Installation/Configuration' started by dregan, Aug 21, 2006.

  1. dregan

    dregan New Member

    hi,

    Thank you for the perfect installation howto... It covered almost everything that I needed.

    I can happily access my new mail server from external locations but get a "Sending of message failed" from my local network ip address range.

    the message says;
    The message could not be sent because connecting to SMTP server fruity.realtek.net.au failed. The server may be unavailable or is refusing SMTP connections. Please very that your SMTP server setting is correct and try atain, or else contact your network administrator.

    I can read emails or reveiw them in folders but cannot transfer them (or junk) into correct folders when I am using a local networ pc.

    As a newbie to the form, thankyou, I don't know what other info you would like... But any suggestions will be welcome.
     
  2. themachine

    themachine ISPConfig Developer ISPConfig Developer

    What shows up in the mail log when this happens:

    tail -f /var/log/maillog


    It sounds like the clients are not enabling SMTP Authentication. By default, the Postfix server will only allow mail to be sent if the client has authenticated, or if the client's IP is listed in the '$mynetworks' variable.

    That said, if you do not want users on the local network to have to authenticate, then you could simply add the local networks IP range to the '$mynetworks' variable in '/etc/postfix/main.cf':

    Code:
    mynetworks = 127.0.0.0/8, 192.168.0.0/24
    

    or something like that.
     
  3. dregan

    dregan New Member

    Yup, that was the problem, I had 192.168.1.1 instead of 192.168.1.0 <g> Thank you very much.

    I can now send emails but nothing gets to a local pc on the network (it actually dissapears) - the mail.log file has this message;

    Aug 21 21:39:01 fruity postfix/smtpd[10047]: connect from unknown[192.168.1.4]
    Aug 21 21:39:01 fruity postfix/smtpd[10047]: A3D391502EA: client=unknown[192.168.1.4]
    Aug 21 21:39:01 fruity postfix/cleanup[10050]: A3D391502EA: message-id=<[email protected]>
    Aug 21 21:39:02 fruity postfix/qmgr[9912]: A3D391502EA: from=<[email protected]>, size=654, nrcpt=1 (queue active)
    Aug 21 21:39:02 fruity postfix/smtpd[10047]: disconnect from unknown[192.168.1.4]
    Aug 21 21:39:02 fruity postfix/smtp[10061]: connect to realtek.net.au[220.233.28.17]: Connection refused (port 25)
    Aug 21 21:39:02 fruity postfix/smtp[10061]: connect to fruity.realtek.net.au[220.233.28.17]: Connection refused (port 25)
    Aug 21 21:39:02 fruity postfix/smtp[10061]: A3D391502EA: to=<[email protected]>, relay=none, delay=1, status=deferred (connect to fruity.realtek.net.au[220.233.28.17]: Connection refused)

    Could this be a problem with my DynaLink Modem and its NAT from the local network?

    Thanks again
     
  4. themachine

    themachine ISPConfig Developer ISPConfig Developer


    Yes, I would assume that it is a NAT issue. The request for a message going to 'realtek.net.au' is received. Postfix does a DNS lookup, which resolved to the Public IP of '220.233.28.17'. However, if the actual machine is behind the same firewall (i.e. the same NAT'd environment) then connections to the Public IP will fail. Any communication that happens between devices that are both behind the same firewall/NAT'd environment must communicate with eachother using the NAT/Private IP Addresses.

    Resolution: Add an entry to the mail server's '/etc/hosts' file such as:

    192.168.1.17 fruity.realtek.net.au fruity


    Therefore any connections to 'fruity' or 'fruity.realtek.net.au' coming from this machine will resolve to the NAT IP. This should be done on all systems in the NAT environment, including IPs/hostsnames for all servers.

    Hope that helps.
     
  5. dregan

    dregan New Member

    Thank you for your comments - the host file on both mail server and posting pc appear to have correct hosts files.

    Do you think I should put some reverse lookups and local domains in the stock bind files?

    I have since made some vain attempts to modify the settings in the dynlink modems setup and now get the following messages;

    Aug 22 20:19:49 fruity postfix/qmgr[9912]: EE7F01502FE: to=<[email protected]>, relay=none, delay=15603, status=deferred (delivery temporarily suspended: connect to fruity.realtek.net.au[220.233.28.17]: Connection refused)
    Aug 22 20:19:49 fruity postfix/qmgr[9912]: 764DD150304: from=<[email protected]>, size=656, nrcpt=1 (queue active)
    Aug 22 20:19:49 fruity postfix/qmgr[9912]: 764DD150304: to=<[email protected]>, relay=none, delay=1345, status=deferred (delivery temporarily suspended: connect to fruity.realtek.net.au[220.233.28.17]: Connection refused)
    Aug 22 20:19:49 fruity postfix/qmgr[9912]: 50CB3150305: from=<[email protected]>, size=26389, nrcpt=1 (queue active)
    Aug 22 20:19:49 fruity postfix/qmgr[9912]: 50CB3150305: to=<[email protected]>, relay=none, delay=1090, status=deferred (delivery temporarily suspended: connect to fruity.realtek.net.au[220.233.28.17]: Connection refused)

    It appears that now the mail is "temporarily suspended"...... A copy is still put in the sent folder even though the actual email dissappears!

    Danny
     
    Last edited: Aug 22, 2006
  6. falko

    falko Super Moderator ISPConfig Developer

    Make sure port 25 is forwarded from your router to your server.
     
  7. dregan

    dregan New Member

    I am an utter dill...... the main.cf line for mydestinations was ' # ' out as I had it directing to "#mydestination = $config_directory/mydestination" and with the list as in main.cf - it was also commented out...... <g take your best shot>

    I have also botched an install for spamassassin and clamav - if you care to offer any more advise to me (I will not blame you if you dont!) - can you recommend a howto for spamassassin, clamav to me ---- please!

    Thank you again for all your help!

    Danny
     
  8. falko

    falko Super Moderator ISPConfig Developer

  9. dregan

    dregan New Member

    Thank you,

    I will give that a go.

    Thank you again for your support.

    Danny
     

Share This Page