Can't connect to the virtual mail server
I have followed this guide to set-up Postfix and Dovecot virtual mail server:
After the set-up, I have sent a couple of emails to the email address I set up at the email server but they dont show up in the mail.log file. Also, I cant set up the email address on my Outlook, Outlook is unable to connect to the server. To me it appears that the firewall may have the ports blocked. I have attempted to open the relevant ports (993, 995 and 465). Below is the output of the command sudo iptables -L -nv --line-numbers:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 17190 1546K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
2 397 32473 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3 0 0 REJECT all -- !lo * 127.0.0.0/8 0.0.0.0/0 reject-with icmp-port-unreachable
4 2 92 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW icmptype 8
5 640 37620 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
6 67 3700 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
7 65 3744 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
8 16 928 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 state NEW
9 11 660 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 state NEW
10 32 1800 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 state NEW
11 17565 1622K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
12 703 45106 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables_INPUT_denied: "
13 985 61242 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables_FORWARD_denied: "
2 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 2044 packets, 398K bytes)
num pkts bytes target prot opt in out source destination
Chain f2b-sshd (1 references)
num pkts bytes target prot opt in out source destination
1 17170 1545K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Please advise if ports 993, 995 and 465 are open to accept connections from the internet.
I only wish to run the mail server on secured ports hence I have not attempted to open non-secure ports i.e. 25, 110 and 587.
Thanks for help.
2 Replies
Mailserver-to-mailserver communication is done over port 25. The SMTP of your mail server must listen on port 25 and it must be reachable over public internet. This is not the case with your setup. The moment you allow 25 through the firewall your SMTP will start accepting connections (assuming no other configuration issues) and you will see the mail flow via logs.
In a well configured mailserver there are two instances of mail reception services: one for server-to-server delivery, over port 25, with support to upgrade to anonymous encrypted connections over STARTTLS, with authentication rejected, another for submission of authenticated mail by your users over port 587, with mandatory STARTTLS encryption and mandatory authentication, and possibly IP whitelists. There is also IMAP over port 143, preferably with mandatory STARTTLS encryption, and certainly with mandatory authentication and possibly IP whitelists. Usage of port 465 has been deprecated. Usage of port 993 coincides with SSL which should not be used. Ports 110 and 995 are for POP3, which is old and evil, and should not be used.
@emestee:
You're mixing things up. There is no "secure" or "non-secure" ports; there are standard ports where protocols work. For client protocols that are under your control, you can shuffle ports around as much as you want. You can move client-facing SMTP to port 8888 if you really want to, you'll just have to configure all the clients to use it.
Mailserver-to-mailserver communication is done over port 25. The SMTP of your mail server must listen on port 25 and it must be reachable over public internet. This is not the case with your setup. The moment you allow 25 through the firewall your SMTP will start accepting connections (assuming no other configuration issues) and you will see the mail flow via logs.
In a well configured mailserver there are two instances of mail reception services: one for server-to-server delivery, over port 25, with support to upgrade to anonymous encrypted connections over STARTTLS, with authentication rejected, another for submission of authenticated mail by your users over port 587, with mandatory STARTTLS encryption and mandatory authentication, and possibly IP whitelists. There is also IMAP over port 143, preferably with mandatory STARTTLS encryption, and certainly with mandatory authentication and possibly IP whitelists. Usage of port 465 has been deprecated. Usage of port 993 coincides with SSL which should not be used. Ports 110 and 995 are for POP3, which is old and evil, and should not be used.
Hi emestee. Thanks for the clarification. I now understand which ports are to be opened and for what purpose.
Cheers.