Hey everyone. I am having an issue with my smtp server. I tried changing the internal ip of my server and in doing so I think something may have changed. I have switched it back. Not sure if that change would have affected it or not. I am able to send email but i am not able to receive them. I have been and to narrow it down to port 25 timing out. I'm not sure why its timing out. Any guidance would be great. Thanks.
Please run the test script and post the result: https://forum.howtoforge.com/threads/please-read-before-posting.58408/
Hi Till Here are the results Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 10 (buster) [INFO] uptime: 04:59:04 up 2:31, 1 user, load average: 1.01, 0.90, 0.88 [INFO] memory: total used free shared buff/cache available Mem: 54Gi 9.4Gi 43Gi 106Mi 2.3Gi 44Gi Swap: 975Mi 0B 975Mi [INFO] systemd failed services status: 0 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.2 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.3.33-1+0~20211119.91+debian10~1.gbp618351 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.33 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 13742) [INFO] I found the following mail server(s): Postfix (PID 14772) [INFO] I found the following pop3 server(s): Dovecot (PID 7520) [INFO] I found the following imap server(s): Dovecot (PID 7520) [INFO] I found the following ftp server(s): PureFTP (PID 1199) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:110 (7520/dovecot) [localhost]:10030 (851/clamsmtpd) [localhost]:10031 (14772/master) [anywhere]:143 (7520/dovecot) [localhost]:783 (4204/perl) [anywhere]:1935 (761/nginx:) [anywhere]:80 (13742/apache2) [anywhere]:465 (14772/master) [anywhere]:8081 (13742/apache2) ***.***.***.***:53 (861/named) [anywhere]:21 (1199/pure-ftpd) ***.***.***.***:53 (861/named) ***.***.***.***:53 (861/named) [localhost]:53 (861/named) [localhost]:22 (846/sshd) ***.***.***.***:22 (846/sshd) [localhost]:631 (645/cupsd) [anywhere]:25 (14772/master) [localhost]:953 (861/named) [anywhere]:443 (13742/apache2) ***.***.***.***:445 (1796/smbd) [localhost]:53566 (870/java) [anywhere]:8000 (1662/./sc_serv) [anywhere]:993 (7520/dovecot) [anywhere]:8001 (1662/./sc_serv) [anywhere]:995 (7520/dovecot) [localhost]:11332 (1643/rspamd:) [localhost]:11333 (1643/rspamd:) [localhost]:11334 (1643/rspamd:) [localhost]:10023 (1057/postgrey) [localhost]:10024 (4256/amavisd-new) [localhost]:10025 (14772/master) [localhost]:10026 (4256/amavisd-new) [anywhere]:3306 (1072/mysqld) [localhost]:10027 (14772/master) [anywhere]:587 (14772/master) ***.***.***.***:139 (1796/smbd) [anywhere]:6379 (1038/redis-server) [localhost]:11211 (817/memcached) [anywhere]:3052 (870/java) [localhost]10 (7520/dovecot) [localhost]43 (7520/dovecot) *:*:*:*::*:465 (14772/master) *:*:*:*::*:21 (1199/pure-ftpd) [localhost]:3350 (871/xrdp-sesman) *:*:*:*::*:25 (14772/master) *:*:*:*::*:3389 (900/xrdp) *:*:*:*::*:993 (7520/dovecot) *:*:*:*::*:995 (7520/dovecot) *:*:*:*::*:587 (14772/master) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25,465,587,143,993,110,995 Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- [anywhere]/0 [anywhere]/0 DOCKER-ISOLATION-STAGE-1 all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED DOCKER all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- [anywhere]/0 [anywhere]/0 RETURN all -- [anywhere]/0 [anywhere]/0 Chain DOCKER-ISOLATION-STAGE-2 (1 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 RETURN all -- [anywhere]/0 [anywhere]/0 Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 ##### LET'S ENCRYPT ##### Certbot is installed in /usr/bin/letsencrypt
According to the netstat output, postfix is listening on port 25. maybe you closed port 25 in an external firewall or so? Do you get any error in mail.log file when you restart postfix or when you send an email to your server? Does webmail work? (login and send an email to the same email address that you used for logging into webmail)
I can send both internally and externally from webmail. I seem to be able to receive internally. But I cannot receive from external (gmail). I have tried it with both my firewall on and off. The firewall is configured to allow incoming connections to port 25. No. I do not get any errors when sending an email from gmail to my local address. The following is my mail log: Code: Oct 27 05:48:14 www postfix/postfix-script[23054]: stopping the Postfix mail system Oct 27 05:48:14 www postfix/master[14772]: terminating on signal 15 Oct 27 05:48:14 www postfix/postfix-script[23216]: warning: symlink leaves directory: /etc/postfix/./makedefs.out Oct 27 05:48:14 www postfix/postfix-script[23283]: starting the Postfix mail system Oct 27 05:48:14 www postfix/master[23285]: daemon started -- version 3.4.14, configuration /etc/postfix I do get the following when running openssl s_client -starttls smtp -showcerts -connect creativefreedom.ca:25 -servername creativefreedom.ca Code: CONNECTED(00000003) 139676137514176:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 307 bytes and written 343 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
Was the server connected at the same location and ISP before? If not, your new ISP might just block port 25. many ISP's do that today. As the support of the company that provides the internet connection for the server now if they are blocking and mail-related ports like port 25 incoming or outgoing. and check your DNS records to ensure that all of them use the correct new IP and also check the MX record.
Yes same location and same ISP. So I did just notice this in my logs Code: Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: smtp_get: timeout Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: > host-24-89-239-190.public.eastlink.ca[24.89.239.190]: 421 4.4.2 www.creativefreedom.ca Error: timeout exceeded Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: match_hostname: smtpd_client_event_limit_exceptions: host-24-89-239-190.public.eastlink.ca ~? 127.0.0.0/8 Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: match_hostaddr: smtpd_client_event_limit_exceptions: 24.89.239.190 ~? 127.0.0.0/8 Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: match_hostname: smtpd_client_event_limit_exceptions: host-24-89-239-190.public.eastlink.ca ~? [::1]/128 Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: match_hostaddr: smtpd_client_event_limit_exceptions: 24.89.239.190 ~? [::1]/128 Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: match_list_match: host-24-89-239-190.public.eastlink.ca: no match Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: match_list_match: 24.89.239.190: no match Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: send attr request = disconnect Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: send attr ident = smtp:24.89.239.190 Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: private/anvil: wanted attribute: status Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: input attribute name: status Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: input attribute value: 0 Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: private/anvil: wanted attribute: (list terminator) Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: input attribute name: (end) Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: timeout after STARTTLS from host-24-89-239-190.public.eastlink.ca[24.89.239.190] Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: disconnect event to all milters Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: milter8_disc_event: quit milter inet:localhost:11332 Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: disconnect from host-24-89-239-190.public.eastlink.ca[24.89.239.190] ehlo=1 starttls=1 commands=2 Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: free all milters Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: free milter inet:localhost:11332 Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: master_notify: status 1 Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: connection closed Particularly Code: Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: match_list_match: host-24-89-239-190.public.eastlink.ca: no match Oct 27 13:39:07 www postfix/smtp/smtpd[9966]: match_list_match: 24.89.239.190: no match Any idea how I would make this match up?
Your servers port 25 is filtered see: Code: nmap -p 25 creativefreedom.ca Starting Nmap 7.92 ( https://nmap.org ) at 2022-10-27 19:19 CEST Nmap scan report for creativefreedom.ca (24.89.239.190) Host is up (0.22s latency). rDNS record for 24.89.239.190: host-24-89-239-190.public.eastlink.ca PORT STATE SERVICE 25/tcp filtered smtp Nmap done: 1 IP address (1 host up) scanned in 2.71 seconds This should however say open. Filtered: Just wondering as eastlink is an ISP, is this a homeserver?
Yes, It is a home server. I ran that same command on the server and it does say open. Code: nmap -p 25 creativefreedom.ca Starting Nmap 7.70 ( https://nmap.org ) at 2022-10-27 16:19 ADT Nmap scan report for creativefreedom.ca (24.89.239.190) Host is up (0.0021s latency). rDNS record for 24.89.239.190: host-24-89-239-190.public.eastlink.ca PORT STATE SERVICE 25/tcp open smtp Nmap done: 1 IP address (1 host up) scanned in 0.60 seconds Possible yours says filtered because I have the port forwarded to my server?
Is does not make any sense to run it on the same network you're trying to test. Make sure to test it from an external system that is not on the same network. I've just tested it from 2 diffrent locations, both show the port as filtered. On the other hand port 22(ssh) is open and accessable. This truly seems like your ISP is filtering port 25, can you check with their support?
oh ok. Yes... All my ports are fine except this one... somewhat strange... I spoke with eastlink customer support and they informed me that the port was open on thier end. So I went over and got a new modem but that still did not help. port 25 is still closed. I just found these two lines in my mail.log Code: Line 239: Oct 28 00:15:02 www postfix/smtp/smtpd[7260]: policy_client_register: name="unix:private/quota-status" default_action="451 4.3.5 Server configuration problem" max_idle=300 max_ttl=1000 request_limit=0 retry_delay=1 timeout=100 try_limit=2 policy_context="" Line 244: Oct 28 00:15:02 www postfix/smtp/smtpd[7260]: policy_client_register: name="inet:127.0.0.1:10023" default_action="451 4.3.5 Server configuration problem" max_idle=300 max_ttl=1000 request_limit=0 retry_delay=1 timeout=100 try_limit=2 policy_context="" Would the 4.3.5 Server configuration problem be causing a timeout?
Do you forward the port 25 to the mailserver within your firewall configuration? Can you please post the output of the "netstat -tunlp" command form the mailserver. And may provide the postfix main.cf and master.cf for further debugging.
Port 25 is forwarded from my modem to the server. Public 25 / Private 25. TCP netstat -tunlp Code: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1719/dovecot tcp 0 0 127.0.0.1:11332 0.0.0.0:* LISTEN 1733/rspamd: main p tcp 0 0 127.0.0.1:11333 0.0.0.0:* LISTEN 1733/rspamd: main p tcp 0 0 127.0.0.1:11334 0.0.0.0:* LISTEN 1733/rspamd: main p tcp 0 0 192.168.0.4:10023 0.0.0.0:* LISTEN 1135/postgrey --pid tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 2046/amavisd-new (m tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 2099/master tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 2046/amavisd-new (m tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1178/mysqld tcp 0 0 192.168.0.4:139 0.0.0.0:* LISTEN 2230/smbd tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 2099/master tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 2099/master tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 1155/redis-server 0 tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 951/memcached tcp 0 0 0.0.0.0:3052 0.0.0.0:* LISTEN 997/java tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1719/dovecot tcp 0 0 127.0.0.1:10030 0.0.0.0:* LISTEN 973/clamsmtpd tcp 0 0 127.0.0.1:10031 0.0.0.0:* LISTEN 2099/master tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1719/dovecot tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 1212/perl tcp 0 0 0.0.0.0:1935 0.0.0.0:* LISTEN 879/nginx: master p tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1255/apache2 tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 2099/master tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 1255/apache2 tcp 0 0 172.17.0.1:53 0.0.0.0:* LISTEN 987/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1355/pure-ftpd (SER tcp 0 0 192.168.1.4:53 0.0.0.0:* LISTEN 987/named tcp 0 0 192.168.0.4:53 0.0.0.0:* LISTEN 987/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 987/named tcp 0 0 127.0.0.1:22 0.0.0.0:* LISTEN 971/sshd tcp 0 0 192.168.0.4:22 0.0.0.0:* LISTEN 971/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 774/cupsd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2099/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 987/named tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1255/apache2 tcp 0 0 192.168.0.4:445 0.0.0.0:* LISTEN 2230/smbd tcp 0 0 127.0.0.1:53566 0.0.0.0:* LISTEN 997/java tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 1743/./sc_serv tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1719/dovecot tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 1743/./sc_serv tcp6 0 0 :::995 :::* LISTEN 1719/dovecot tcp6 0 0 :::587 :::* LISTEN 2099/master tcp6 0 0 :::110 :::* LISTEN 1719/dovecot tcp6 0 0 :::143 :::* LISTEN 1719/dovecot tcp6 0 0 :::465 :::* LISTEN 2099/master tcp6 0 0 :::21 :::* LISTEN 1355/pure-ftpd (SER tcp6 0 0 127.0.0.1:3350 :::* LISTEN 989/xrdp-sesman tcp6 0 0 :::25 :::* LISTEN 2099/master tcp6 0 0 :::3389 :::* LISTEN 1014/xrdp tcp6 0 0 :::993 :::* LISTEN 1719/dovecot udp 0 0 0.0.0.0:3052 0.0.0.0:* 997/java udp 0 0 0.0.0.0:5353 0.0.0.0:* 773/avahi-daemon: r udp 0 0 0.0.0.0:40547 0.0.0.0:* 773/avahi-daemon: r udp 0 0 0.0.0.0:43057 0.0.0.0:* 997/java udp 0 0 172.17.0.1:53 0.0.0.0:* 987/named udp 0 0 192.168.1.4:53 0.0.0.0:* 987/named udp 0 0 192.168.0.4:53 0.0.0.0:* 987/named udp 0 0 127.0.0.1:53 0.0.0.0:* 987/named udp 0 0 192.168.1.4:123 0.0.0.0:* 964/ntpd udp 0 0 192.168.0.4:123 0.0.0.0:* 964/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 964/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 964/ntpd udp 0 0 192.168.0.255:137 0.0.0.0:* 1717/nmbd udp 0 0 192.168.0.4:137 0.0.0.0:* 1717/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 1717/nmbd udp 0 0 192.168.0.255:138 0.0.0.0:* 1717/nmbd udp 0 0 192.168.0.4:138 0.0.0.0:* 1717/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 1717/nmbd udp 0 0 0.0.0.0:162 0.0.0.0:* 997/java udp 0 0 0.0.0.0:631 0.0.0.0:* 852/cups-browsed udp6 0 0 :::5353 :::* 773/avahi-daemon: r udp6 0 0 :::56834 :::* 773/avahi-daemon: r udp6 0 0 :::123 :::* 964/ntpd
main.cf Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. myorigin = /etc/mailname smtpd_banner = host-24-89-239-190.public.eastlink.ca. biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = /etc/letsencrypt/live/creativefreedom.ca/cert.pem smtpd_tls_key_file = /etc/letsencrypt/live/creativefreedom.ca/privkey.pem smtpd_tls_CAfile = /etc/letsencrypt/live/creativefreedom.ca/fullchain.pem smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination myhostname = www.creativefreedom.ca mydomain = creativefreedom.ca relayhost = smtp.eastlink.ca alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 127.0.0.0/8 192.168.0.0/28 24.138.35.31 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all # MAIL FORWARDING virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf # Sni multi ssl certs tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:192.168.0.4:10023 smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, permit smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_reject_unlisted_sender = yes smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining, permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = lmtp:unix:private/dovecot-lmtp header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = dane smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA tls_preempt_cipherlist = yes address_verify_negative_refresh_time = 60s enable_original_recipient = no smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS address_verify_sender_ttl = 15686s smtp_dns_support_level = dnssec dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth in_flow_delay = ${stress?{3}:{1}}s smtp_connect_timeout = ${stress?{10}:{60}}s smtp_helo_timeout = ${stress?{10}:{60}}s smtp_mail_timeout = ${stress?{10}:{60}}s smtpd_error_sleep_time = ${stress?{1}:{2}}s smtpd_hard_error_limit = ${stress?{1}:{10}} smtpd_recipient_overshoot_limit = ${stress?{60}:{600}} smtpd_soft_error_limit = ${stress?{2}:{5}} smtpd_timeout = ${stress?{10}:{60}}s message_size_limit = 0 smtpd_milters = inet:localhost:11332 non_smtpd_milters = inet:localhost:11332 milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_default_action = accept master.cf Code: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd -v -o content_filter=spamassassin -o syslog_name=postfix/smtp #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd -o content_filter=spamassassin -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o content_filter=spamassassin # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} dovecot unix - n n - - pipe flags=DRhu user=email:email argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} # # Amavis # amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o smtp_bind_address= 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes # # Clamav # scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes 127.0.0.1:10031 inet n - n - 16 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o milter_default_action=accept -o milter_macro_daemon_name=ORIGINATING -o disable_dns_lookups=yes
At first glance this seems fine. The inet_interfaces is set to all and the server is listing on 0.0.0.0:25 which means all IP Adresses the server has on port 25. You got to have NAT Rules/Forwarding Rules set in your local firewall to route traffic such as port 22 to this machine right?
Can you please check the rule for Port 25? May delete it, test the port from a external network with nmap again and post the output. After recreating the rule test again to see If anything has changed
Hey, I have removed and tested many times. I have have tried it on port 2525 and it also times out. I was speaking with my ipsp and they did say they no longer support port 25. But now the mail server is still timing out on port 2525 Code: Starting Nmap 7.92 ( https://nmap.org ) at 2022-10-31 19:20 EDT Nmap scan report for streetbeatz.net (24.138.35.31) Host is up (0.041s latency). rDNS record for 24.138.35.31: host-24-138-35-31.public.eastlink.ca PORT STATE SERVICE VERSION 21/tcp open ftp Pure-FTPd 22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0) 25/tcp filtered smtp 80/tcp open http Apache httpd 110/tcp open pop3 Dovecot pop3d 143/tcp open imap Dovecot imapd 443/tcp open ssl/http Apache httpd 445/tcp filtered microsoft-ds Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 17.81 seconds
You can not run a mail server when your ISP blocks port 25, you will not be able to receive any emails if this port is blocked. You can not use a different port like 2525 as no other mail system will communicate with your system on that port. Also, outgoing emails will not work unless you run a second mail server on the internet where you can forward emails to or use a mail relay service. If you want to run a mail system, better get a small cloud server at a ISP that allows email sending.
Thanks for pointing me in the right direction Till. I was able to get my mail server back up and running. The reason it was timing out on port 2525 is because of some misconfigured settings in the main.cf file. In the end I decided to use a mail relay service, as you suggested, and configured smtp for port 26. Much Thanks.
