Here are two things that would help us getting started on determining the problem (if I understood the problem correctly):

From remote host "telnet problemhost 25": what happens?

What's the destination address for the email? Does that address have MX record associated or how do you determine where the email should be relayed?

Risto

Attempting a telnet connection to port 25 results in a timeout.

The destination e-mail addresses have MX records set up (ActivePerl discussion list, etc.) or are local.

I should add that the mail service was tested and working properly, including smtp from drac-authorized remote hosts, until the last couple of days. There have been no configuration changes to any of the scripts in /etc/init.d, /etc/conf.d or /etc/mail, and revdep-rebuild does not detect any broken packages.

Edit: To clarify one thing that I wrote initially, I have two forums running on the server, one in Perl (Ikonboard) and one in PHP (Invision). I have both of them set to use SMTP for outgoing e-mail, and I've tested them by sending PMs to my own account. Both boards are able to send the notification e-mails out properly and without any noticable delay.

I'm not an expert in any of this… is there something that I'm missing that would allow smtp connections from localhost but not from remote ones, and wouldn't give a connection refused or auth error? (When I've had config problems in the past, connection attempts have always resulted in one of those two errors.)

Sounds to me like a networking problem, iptables firewall or some other low level issue.

Can you ping the system?

Can you telnet to port 22?

Risto

Yep. I can ping the server (avg 95ms) and connect to all of the other services I have running (ftp, pop3, http, svnserve, ssh).

I'm running the 2.4 latest kernel, if that helps. uname -a gives "Linux omni 2.4.26-linode28-1um #1 Tue May 18 16:32:46 EDT 2004 i686 UML User Mode Linux GNU/Linux".

You must have some sort of firewall on preventing the connections. I don't know how that works in Gentoo.

Hmmm. I know that I haven't installed anything like that manually, and I went through the full list of net-firewall portage packages. None of them are emerged. I did notice that there are some references to an ip_filter kernel module being loaded, tho (/var/log/messages).

Could this be a UML kernel issue? I'm not sure exactly when it started, but the timing of when I first noticed it would place it around the time of the host11 powercycle that caker mentioned in the announcements forum.

IIRC, that thread suggested a possible problem with ebtables….

What's your IP?

My Linode's IP is 64.62.190.186.

Looks good to me… doesn't time out:

telnet 64.62.190.186 25

Trying 64.62.190.186…

Connected to 64.62.190.186.

Escape character is '^]'.

220 mail.terica.net ESMTP Sendmail 8.12.10/8.12.10; Thu, 20 May 2004 21:19:08 -0400

Thanks. I'll check with my ISP and see if they have any idea what could be causing the problem.

Ooooh…. some ISPs blocks outbound 25 to prevent spamming from their customers. You might be able to use their own mailrelays to send emails out instead of directly to your linode. The other choice is tunnel it through ssh:

ssh -L25:localhost:25 user@remotehost

Risto

Aargh. Looks like that's what happened. My ISP decided to block port 25 across the board due to virus/spam problems and didn't bother to post a notice.

Looks like I'll be making my first foray into port forwarding. :wink:

Thanks again for the help and advice.

@sbstudios:

Aargh. Looks like that's what happened. My ISP decided to block port 25 across the board due to virus/spam problems and didn't bother to post a notice.

The best way around that is to enable the use of SSL/TLS and SMTP AUTH for your SMTP connection. This eliminates the port 25 blockage issue, and also eliminates the need for ugly hacks like POP-before-SMTP.

I'm using Fedora Core 1 on a Linode that I'm running for my employer, and on an FC1 system there is a makefile that can easily generate a key pair in /usr/share/ssl (or you could use a certificate from a CA such as Verisign, Thawte, etc.).

> The best way around that is to enable the use of SSL/TLS and SMTP AUTH for your SMTP connection. This eliminates the port 25 blockage issue […]

TLS and authentication all take place after making the initial connection. If TCP to port 25 is blocked by the ISP, there's nothing any server configuration change can do about it.

@smerritt:

TLS and authentication all take place after making the initial connection. If TCP to port 25 is blocked by the ISP, there's nothing any server configuration change can do about it.

Not necessarily. In Mozilla, for instance, you can choose to use an all-SSL connection on port 465. Port 25 is never touched in this case. One of my co-workers uses this to get around port 25 blocking on his Verizon DSL connection and use the company Linode for outgoing mail.

(Edit: OE can also be configured to use SSL as well.)