Hi folks, A few months ago, I posted this thread: http://www.howtoforge.com/forums/showthread.php?p=253185 about trying to get SMTP traffic to work for our users outside of our office. Long story short, in the end, it was never our firewall but actually the ISP filtering port 25. So here I am, still trying to get SMTP to work outside of our office. Which has brought me to using port 587, but I'm hitting some snags. I found this thread: http://www.howtoforge.com/forums/showthread.php?t=31977 and went through the steps advised. Some Info ISPConfig 2.2.6 My firewall has port 587 open Through the WebGUI for ISPconfig, it also says port 587 is open. As suggested by Antennipasi in the thread linked above, I uncommented the correct line and added the information he suggested. I was able to telnet on localhost to port 25 and 587 and receive the same response. I was unable to telnet to port 25 and 587 from another machine. Here is my master.cf file: Code: # # Postfix master process configuration file. For details on the format # of the file, see the Postfix master(5) manual page. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd submission inet n - - - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,check_relay_dom ains,reject #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - - - - smtpd # -o smtpd_etrn_restrictions=reject # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${ extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} Thoughts?
netstat -tap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 5 474/mysqld tcp 0 0 *:submission *:* LISTEN 1 0408/master tcp 0 0 *:81 *:* LISTEN 5 800/ispconfig_http tcp 0 0 *:ftp *:* LISTEN 6 203/proftpd: (acce tcp 0 0 192.168.1.100:domain *:* LISTEN 6 188/named tcp 0 0 localhost.locald:domain *:* LISTEN 6 188/named tcp 0 0 *:smtp *:* LISTEN 1 0408/master tcp 0 0 localhost.localdoma:953 *:* LISTEN 6 188/named tcp 0 0 192.168.1.100:smtp mail.kaestle-ski.:30934 ESTABLISHED5153/smtpd tcp 0 0 192.168.1.100:smtp content120c.lga2.:48952 ESTABLISHED3034/smtpd tcp 0 0 192.168.1.100:smtp mail-gw0-f43.goog:56613 ESTABLISHED5148/smtpd tcp 0 0 192.168.1.100:smtp 230.177.187.78.st:28890 ESTABLISHED3658/smtpd tcp6 0 0 *:imaps *:* LISTEN 5348/couriertcpd tcp6 0 0 *:pop3s *:* LISTEN 5383/couriertcpd tcp6 0 0 *:submission *:* LISTEN 10408/master tcp6 0 0 *:pop3 *:* LISTEN 5363/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 5328/couriertcpd tcp6 0 0 *:www *:* LISTEN 6050/apache2 tcp6 0 0 *:ssh *:* LISTEN 5641/sshd tcp6 0 0 *:smtp *:* LISTEN 10408/master tcp6 0 0 ip6-localhost:953 *:* LISTEN 6188/named tcp6 0 0 *:https *:* LISTEN 6050/apache2 tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:49358 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 153.232.133.219.b:62512 ESTABLISHED5341/courierpop3d tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:4567 TIME_WAIT - tcp6 0 148 ::ffff:192.168.1.10:ssh ::ffff:10.0.0.1%3:51692 ESTABLISHED5373/0 tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:1948 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:51823 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:2820 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:52227 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:1870 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:1873 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 bda-74-82-81-144.:45251 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:51317 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:49424 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%3:52242 TIME_WAIT - tcp6 0 0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:2860 TIME_WAIT - iptables -L Code: Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere 127.0.0.0/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- base-address.mcast.net/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain PAROLE (9 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:www PAROLE tcp -- anywhere anywhere tcp dpt:81 PAROLE tcp -- anywhere anywhere tcp dpt:pop3 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:10000 ACCEPT udp -- anywhere anywhere udp dpt:domain DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere
Thanks till, I did that and can now send on port 587. EDIT I will try it from outside the office later today to confirm that it's working.