Forum

This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
Sentora Support Forums Sentora Forum Archives Sentora Public Support Forums v1.0.x Email Support v1.0.x v Email server not working to external (host rejected)

Email server not working to external (host rejected)
Mykael Offline
Sentora Member
*
OS: CentOS 6.8 / 64-bit
Version: 1.0.3
Server: Work, Dedicated
Posts: 4
Threads: 2
Joined: Aug 2015
Reputation: 0
Sex: Male
Thanks: 0
Given 1 thank(s) in 1 post(s)
#1
Email server not working to external (host rejected)
 04-30-2016, 11:34 PM
Hello ,my name is Mykael, i own my own private server for my company.
I installed sentora and made all configs but seems that i cannot receive mails that i sent from the sentora panel to yahoo, gmail, etc...
Is been a month already with many installs and different tests on centos 6.5 , 6.7, Centos 7.2 and Ubuntu 14.04.4 LTS, but is the same thing, everything is working good, except the mail server.

I changed my ip with a new clean one that is not blacklisted and talked with my internet provider to create PTR Reverse Entries for my ip (mail.rocomputers.ro is the ptr record).

If i set the smtp on google or gmail all work perfectly, but from my own mail server, mails are deferred.
With external mail client is the same thing, i get mails sending to server, but cannot send them outside.

Im running Centos 6.7 64bits, sentora 1.0.3, and opened the following in iptables, TCP and UDP needed ports. (none are blocked)
TCP ports : 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 3306
UDP ports : 25, 53, 80, 110, 143, 465, 587, 993, 995

In /etc/network i have the folowing:
default 0.0.0.0
loopback 127.0.0.0
link-local 169.254.0.0

In /etc/hosts i have:
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 MYSENTORAPANEL.MYDEFAULTDOMAIN.COM
127.0.0.1 autoreply.MYSENTORAPANEL.MYDEFAULTDOMAIN.COM

In /etc/sentora/configs/postfix/mynetworks i have the folowing ip's:
176.31.61.0/28
127.0.0.0/8
193.138.195.0/24 (i added my network class , if i remove it, it still don't work)

In master.cf i added the missing line:
submission inet  n       -       n       -       -       smtpd
the rest of configs are default one.

In main.cf everyting is default
# network settings
inet_interfaces = all
mydomain = MYSENTORAPANEL.MYDEFAULTDOMAIN.COM
myhostname = MYSENTORAPANEL.MYDEFAULTDOMAIN.COM
mynetworks = 127.0.0.1, MY IP
mydestination = localhost.$mydomain, localhost
relay_domains = proxy:mysql:/etc/sentora/configs/postfix/mysql-relay_domains_maps.cf
#relayhost
= [mail.rocomputers.ro]:587 - i've tried to add this line but i got this: [ error too many hops (in reply to end of data command) ]

Added in sentora panel, a spf record:
Host Name         TTL          Target
    @            86400   v =spf1 a mx ~all


Tested the server to see if all is working good, on following links:
http://www.dnsinspect.com/rocomputers.ro/1462013406
http://www.intodns.com/rocomputers.ro
http://dnscheck.pingdom.com/?domain=rocomputers.ro
http://mxtoolbox.com/SuperTool.aspx?acti...n=toolpage
http://www.yougetsignal.com/tools/open-ports/ , ip server ports are opened

http://mxtoolbox.com/ - got errors here
Connecting to .....MY IP
220 MYSENTORAPANEL.MYDEFAULTDOMAIN.COM ESMTP Romania Computers Inc. : We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail. [767 ms]
EHLO PWS3.mxtoolbox.com
250-MYSENTORAPANEL.MYDEFAULTDOMAIN.COM
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [766 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 2.1.0 Ok [766 ms]
RCPT TO:<test@example.com>
454 4.7.1 <test@example.com>: Relay access denied [766 ms]
PWS3v2 4627ms

http://checktls.com/perl/TestReceiver.pl

Checking admin@rocomputers.ro
looking up MX hosts on domain "rocomputers.ro"

    mail.rocomputers.ro (preference:10)

Trying TLS on mail.rocomputers.ro[MY IP] (10):
seconds         test stage and result
[000.156]         Connected to server
[000.622]     <--     220 MYSENTORAPANEL.MYDEFAULTDOMAIN.COM ESMTP Romania Computers Inc. : We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.
[000.622]         We are allowed to connect
[000.623]     -->     EHLO checktls.com
[000.778]     <--     250-MYSENTORAPANEL.MYDEFAULTDOMAIN.COM
250-PIPELINING
250-SIZE 20480000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.778]         We can use this server
[000.778]         TLS is not an option on this server
[000.779]     -->     MAIL FROM:<test@checktls.com>
[000.983]     <--     250 2.1.0 Ok
[000.983]         Sender is OK
[000.984]     -->     RCPT TO:<admin@rocomputers.ro>
[001.170]     <--     250 2.1.5 Ok
[001.171]         Recipient OK, E-mail address proofed
[001.171]     -->     QUIT
[001.326]     <--     221 2.0.0 Bye

Changed the mail method in sentora panel to mail:
The maillog is this: tail /var/log/maillog
 postfix/master[1546]: terminating on signal 15
 postfix/postfix-script[1777]: starting the Postfix mail system
 postfix/master[1778]: daemon started -- version 2.6.6, configuration /etc/postfix
 postfix/qmgr[1780]: 8917F12083E: from=<admin@rocomputers.ro>, size=15262, nrcpt=1 (queue active)
 postfix/smtp[1786]: connect to mta7.am0.yahoodns.net[66.196.118.36]:25: Connection timed out
 postfix/smtp[1786]: connect to mta7.am0.yahoodns.net[98.136.216.25]:25: Connection timed out
 postfix/smtp[1786]: connect to mta5.am0.yahoodns.net[98.136.217.203]:25: Connection timed out
 postfix/smtp[1786]: connect to mta6.am0.yahoodns.net[98.136.216.26]:25: Connection timed out
 postfix/smtp[1786]: connect to mta7.am0.yahoodns.net[98.138.112.33]:25: Connection timed out
 postfix/smtp[1786]: 8917F12083E: to=<rocomputers@ymail.com>, relay=none, delay=5560, delays=5409/0.03/150/0, dsn=4.4.1, status=deferred (connect to mta7.am0.yahoodns.net[98.138.112.33]:25: Connection timed out)
 postfix/smtp[1845]: connect to gmail-smtp-in.l.google.com[74.125.133.27]:25: Connection timed out
 
Changed the mail method in sentora panel to smtp, with SMTP requires authentication (yes)
The maillog is this: tail /var/log/maillog
 postfix/smtpd[1838]: connect from localhost[127.0.0.1]
 postfix/smtpd[1838]: 77FFB12084C: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=admin@rocomputers.ro
 postfix/cleanup[1844]: 77FFB12084C: message-id=<e8dc31546ea64ddd7f75a6d80750a1c8@rocomputers.ro>
 postfix/qmgr[1553]: 77FFB12084C: from=<admin@rocomputers.ro>, size=1074, nrcpt=1 (queue active)
 postfix/smtpd[1838]: disconnect from localhost[127.0.0.1]
 postfix/smtp[1845]: connect to gmail-smtp-in.l.google.com[74.125.133.27]:25: Connection timed out
 postfix/smtp[1845]: connect to alt1.gmail-smtp-in.l.google.com[173.194.222.26]:25: Connection timed out
 postfix/smtp[1845]: connect to alt2.gmail-smtp-in.l.google.com[74.125.68.27]:25: Connection timed out

Also i've seen that after a while i get some errors and warnings in DNS setting:
Bind errors:
 security: error: client 176.221.80.21#33961: zone transfer 'rocomputers.ro/AXFR/IN' denied
 security: error: client 176.221.80.21#33968: zone transfer 'rocomputers.ro/AXFR/IN' denied
 security: error: client 176.221.80.21#48822: zone transfer 'rocomputers.ro/AXFR/IN' denied
 security: error: client 176.221.80.21#48828: zone transfer 'rocomputers.ro/AXFR/IN' denied
 security: error: client 176.221.80.21#48836: zone transfer 'rocomputers.ro/AXFR/IN' denied
 security: error: client 176.221.80.21#48844: zone transfer 'rocomputers.ro/AXFR/IN' denied

Bind warnings:
 security: warning: using built-in DLV key for view _default
 general: warning: managed-keys-zone ./IN: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
Why im getting this?
 

Im missing something ? i don't know  how to make my mail to work externaly, i tried everything.

Please help me.
THx
Find
Reply
Thanks given by:
Me.B Offline
Sentora Freak
**
OS: Linux/windows
Version: 1.0.3
Server: Dedicated/VPS/Cloud
Posts: 4 ,004
Threads: 193
Joined: Jul 2014
Reputation: 83
Sex: Undisclosed
Thanks: 68
Given 433 thank(s) in 393 post(s)
#2
RE: Email server not working to external (host rejected)
 05-01-2016, 05:46 AM
If I try to telnet port 25 on your server, it's not responding...

Are you sure port 25 is open? I tried using the domain you posted here. That's an issue.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Find
Reply
Thanks given by:
Mykael Offline
Sentora Member
*
OS: CentOS 6.8 / 64-bit
Version: 1.0.3
Server: Work, Dedicated
Posts: 4
Threads: 2
Joined: Aug 2015
Reputation: 0
Sex: Male
Thanks: 0
Given 1 thank(s) in 1 post(s)
#3
RE: Email server not working to external (host rejected)
 05-01-2016, 07:21 PM (This post was last modified: 05-01-2016, 08:32 PM by Mykael.)
(05-01-2016, 05:46 AM)Me.B Wrote: If I try to telnet port 25 on your server, it's not responding...

Are you sure port 25 is open? I tried using the domain you posted here. That's an issue.

M B

I flushed all configs from iptables, added again new rules, installed Nmap to check if tcp/udp ports are opened.
here are the result:

Starting Nmap 5.51 ( http://nmap.org ) at 2016-05-01 11:13 EEST
Nmap scan report for mail.rocomputers.ro (193.138.195.25)
Host is up (0.000094s latency).
PORT    STATE  SERVICE
25/udp  closed smtp
53/udp  open   domain
80/udp  closed http
465/udp closed smtps
All 1000 scanned ports on mail.rocomputers.ro (193.138.195.25) are open|filtered

I can see now that something is wrong in the udp ports, but seems that even if i set the rules to allow them, they are ignored and remain closed.
------------------------------
Another scan for TCP ports:
Starting Nmap 5.51 ( http://nmap.org ) at 2016-05-01 11:53 EEST
Nmap scan report for mail.rocomputers.ro (193.138.195.25)
Host is up (0.000015s latency).
Not shown: 10006 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
587/tcp  open  submission
3306/tcp open  mysql
4190/tcp open  sieve

My current iptables rules are this:

# Generated by iptables-save v1.4.7 on Sun May  1 10:52:50 2016
*filter
:INPUT DROP [3:1728]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9:3096]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -s 89.40.29.186/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 193.138.195.25/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 80 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10025 -j ACCEPT
COMMIT
# Completed on Sun May  1 10:52:50 2016
--------------------------------------------

Tested the iptables chain policy:
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  186.29.40.89.abcnet.ro  anywhere            tcp dptConfusedsh
ACCEPT     tcp  --  mail.rocomputers.ro  anywhere            tcp dptConfusedsh
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:http
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:igmpv3lite
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            tcp dptConfusedsh
ACCEPT     tcp  --  anywhere             anywhere            tcp dptConfusedmtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:urd
ACCEPT     tcp  --  anywhere             anywhere            tcp dptConfusedubmission
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10025

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I test also in telnet, and it gives me the ESMT mesage that i added in configs, and nothing else.. Huh
Can i get a working iptables with corect rules (il add manually for test)? if you have..., or tell me if something is wrong with them, pls.

Im still newbie to linux, i come from zpanel from windows, but i'm learning fast the new operating system.
Find
Reply
Thanks given by:
Mykael Offline
Sentora Member
*
OS: CentOS 6.8 / 64-bit
Version: 1.0.3
Server: Work, Dedicated
Posts: 4
Threads: 2
Joined: Aug 2015
Reputation: 0
Sex: Male
Thanks: 0
Given 1 thank(s) in 1 post(s)
#4
RE: Email server not working to external (host rejected)
 05-15-2016, 11:06 PM
Problem solved, reinstalled again and added the correct rulles in iptables, thx for not helping me .....
Il add a guide to help newbies like me to configure corectly the iptables on centos 6.7.
Find
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Email has suddenly stopped coming through rsthomas 4 4 ,808 10-12-2022, 09:29 PM
Last Post: rsthomas
user: 'postfix' host: 'localhost' (Got an error reading communication packets) cezars 0 2 ,456 02-01-2022, 08:58 PM
Last Post: cezars
External mail client cannot connect to server iraqiboy90 2 6 ,243 02-28-2021, 11:34 AM
Last Post: iraqiboy90

Forum Jump:


Users browsing this thread: 1 Guest(s)