1 Topic by zuotoski (edited by zuotoski 2017-04-20 20:37:48)

  • zuotoski
  • Member
  • Offline
  • Registered: 2016-06-14
  • Posts: 72

Topic: Port 25 issue

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6 OPENLDAP edition
- Linux/BSD distribution name and version: Ubuntu 14.04 TLS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP (MS Active Directory)
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: As follows
====
PS.: Sorry, I filled the Required information, but somehow it has been erased.

I was interacting with this post, but it's got closed without a solution: http://www.iredmail.org/forum/topic3056 … t-587.html

/var/log/mail.log excerpt:

Apr 20 09:26:08 MYEMAILSERVER postfix/smtp[29357]: connect to mx2.hotmail.com[65.54.188.94]:25: Connection timed out
Apr 20 09:26:08 MYEMAILSERVER postfix/smtp[29356]: connect to zpeed.com.br[192.185.215.165]:25: Connection timed out
Apr 20 09:26:08 MYEMAILSERVER postfix/smtp[29355]: connect to zpeed.com.br[192.185.215.165]:25: Connection timed out
Apr 20 09:26:08 MYEMAILSERVER postfix/smtp[29359]: connect to zpeed.com.br[192.185.215.165]:25: Connection timed out
Apr 20 09:26:08 MYEMAILSERVER postfix/smtp[29356]: AADCA18407DA: to=<USER@zpeed.com.br>, relay=none, delay=45019, delays=44989/0.07/30/0, dsn=4.4.1, status=deferred (connect to zpeed.com.br[192.185.215.165]:25: Connection timed out)
Apr 20 09:26:08 MYEMAILSERVER postfix/smtp[29359]: 806CE1840414: to=<USER2@zpeed.com.br>, relay=none, delay=45020, delays=44989/0.16/30/0, dsn=4.4.1, status=deferred (connect to zpeed.com.br[192.185.215.165]:25: Connection timed out)
Apr 20 09:26:08 MYEMAILSERVER postfix/smtp[29355]: A28F218405ED: to=<USER@zpeed.com.br>, relay=none, delay=45019, delays=44989/0.04/30/0, dsn=4.4.1, status=deferred (connect to zpeed.com.br[192.185.215.165]:25: Connection timed out)
Apr 20 09:26:08 MYEMAILSERVER postfix/smtp[29358]: connect to gmail-smtp-in.l.google.com[64.233.190.27]:25: Connection timed out

I can ping all external domains, but when running "traceroute -n -T -p 25 hotmail.com", for example, it returns this:

traceroute to hotmail.com (157.56.198.220), 30 hops max, 60 byte packets
 1  MY-ROUTER-IP  0.483 ms  0.451 ms  0.424 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

My router has no firewall or any other kind of rule that blocks out traffic.

Iptables rules are these:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
fail2ban-sogo  tcp  --  anywhere             anywhere             multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
fail2ban-postfix  tcp  --  anywhere             anywhere             multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
fail2ban-postfix  tcp  --  anywhere             anywhere             multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
fail2ban-dovecot  tcp  --  anywhere             anywhere             multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
fail2ban-roundcube  tcp  --  anywhere             anywhere             multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
fail2ban-sshd-ddos  tcp  --  anywhere             anywhere             multiport dports ssh
fail2ban-sshd  tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
fail2ban-sogo  tcp  --  anywhere             anywhere             multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
fail2ban-postfix  tcp  --  anywhere             anywhere             multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
fail2ban-postfix  tcp  --  anywhere             anywhere             multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
fail2ban-dovecot  tcp  --  anywhere             anywhere             multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
fail2ban-roundcube  tcp  --  anywhere             anywhere             multiport dports http,https,smtp,submission,pop3,pop3s,imap2,imaps,sieve
fail2ban-sshd-ddos  tcp  --  anywhere             anywhere             multiport dports ssh
fail2ban-sshd  tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-dovecot (2 references)
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-dovecot (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain fail2ban-postfix (4 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain fail2ban-roundcube (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain fail2ban-sogo (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain fail2ban-sshd (2 references)
target     prot opt source               destination
REJECT     all  --  45.247.212.142       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  89.248.169.135       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  61.177.172.40        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  59.45.175.62         anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain fail2ban-sshd-ddos (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

So, what would be the solution? Why I can't send e-mails to the outside world? Any suggestion would be very much appreciated, I am trying to put the mail server in production.

Thank you.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,164

Re: Port 25 issue

seems your isp blocks port 25. contact them to get a confirm.

3 Reply by zuotoski (edited by zuotoski 2017-04-21 03:45:07)

  • zuotoski
  • Member
  • Offline
  • Registered: 2016-06-14
  • Posts: 72

Re: Port 25 issue

ZhangHuangbin wrote:

seems your isp blocks port 25. contact them to get a confirm.

Yeap, confirmed, port 25 was the only port that was blocked by them (Copel, an ISP from Brazil). I had to send an e-mail asking them to open it, it will take about 5 days.

Thank you.