Hello all, I have 2 mail servers that have worked perfectly well for quite some time, until the past few days or so. My main server that has a lot more traffic ended up getting blacklisted because my isp didn't follow-through on my request to update the ptr record so that it wasn't generic. That has since been resolved, and the server is no longer blacklisted (as of a week and a half ago). However, since 11/16, I have been unable to send mail from my main server to my second server. My mail.log on the server being blocked shows: Nov 18 11:57:03 mail postfix/qmgr[22349]: AB2EF507A84F: from=<[email protected]>, size=11561, nrcpt=1 (queue active) Nov 18 11:57:33 mail postfix/smtp[1936]: connect to mail.myotherserver.com[aa.bb.cc.dd]:25: Connection timed out Nov 18 11:57:33 mail postfix/smtp[1936]: AB2EF507A84F: to=<[email protected]>, relay=none, delay=165659, delays=165629/0.01/30/0, dsn=4.4.1, status=deferred (connect to mail.myotherserver.com[aa.bb.cc.dd]:25: Connection timed out) On my other server, I modified my main.cf so that the rbls were commented out, in hopes that this would allow for traffic from my main server to pass through without an issue. Here's how it is configured at this moment (the file is identical on both servers): # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.myotherserver.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_command = mailbox_size_limit = 0 message_size_limit = 102400000 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom home_mailbox = Maildir/ virtual_maps = hash:/etc/postfix/virtusertable mydestination = /etc/postfix/local-host-names smtpd_sender_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, # reject_rbl_client b.barracudacentral.org, # reject_rbl_client bl.spamcop.net, # reject_rbl_client sbl-xbl.spamhaus.org, # reject_rbl_client zen.spamhaus.org, permit_mynetworks,reject_unauth_destination smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, # reject_rbl_client b.barracudacentral.org, # reject_rbl_client bl.spamcop.net, # reject_rbl_client sbl-xbl.spamhaus.org, # reject_rbl_client zen.spamhaus.org, permit_mynetworks,reject_unauth_destination So the question is - is there something in these configurations that could possibly still be blocking my server, or do I simply have to wait a while longer for the blacklist to propogate so that it no longer shows me? Both servers still send and receive mail just fine from any other legitimate source, and I can send from [email protected] to [email protected]. I have seen some other threads with similar issues, but the steps taken in there still didn't resolve what I'm experiencing. Thanks, Kamp
Most likely provider is blocking connections on port 25 or you configured a firewall to block port 25.
Port 25 Till, Thanks for the reply - port 25 is open - I'm still getting traffic from elsewhere without any issues, and I tested with telnet and dnsreport to ensure that the port is open. Any other possibilities? Thanks, Kamp
You tested with telnet on the shell of the server were you got the error messages in the log to connect to mail.myotherserver.com? All other tests mean nothing as they will not give you an answer if port 25 is blocked on the way between these two servers.
Till, Yes, I ran the telnet session from the server being blocked to see if it will connect to the other server: telnet aa.bb.cc.dd 25 Trying aa.bb.cc.dd... Connected to aa.bb.cc.dd. Escape character is '^]'. 220 mail.myotherserver.com ESMTP Postfix (Debian/GNU)
I do use fail2ban, but I have had both IP addresses in the ignoreip listing because I ran into issues before with users blocking themselves out by not remembering their passwords.
I've been trying to think of configuration changes that may have contributed to my current predicament... The only thing I can think of beyond the modifications of the main.cf that I posted is that I changed the ban time on fail2ban to be -1. This has resulted in a lot of banned ip addresses at a given time, but they are all legitimate bans (i.e. spammers and brute force attacks). Would the sheer number of banned ip addresses mess with anything? I rather enjoy having these all permanently banned because it has been a significant difference, but I don't want it to be at the expense of other functionality.
I turned off the firewalls and tested - it went through. I have another firewall that had my other ip still flagged because it was on the rbl from before. I added it to the safe networks list, and all seems to be fully functioning again. I can't believe I didn't check the other firewall before - I only bothered with fail2ban and my configuration of main.cf because the issues started around the time I was messing with those. Thanks - I appreciate your help, and all the work that has gone into ISPConfig. It's been a great help managing my sites.
