Postfix+MySql+Dovecot: Connection refused externally

I have been fighting with this the whole day, but still couldn't understand why. Any help would be truly appreciated.

I followed every step in the Linode guide for setting up Postfix, Dovecot and Mysql on a Lucid distro. I read through the original workaround.org tutorial that the guide was based on. All the telnet tests worked without any errors. I can send emails from sales@example.com within the telnet session to other addresses either from the linode server or external servers.

I set my FQDN, "fqdn.example.com" as the mail server in postfix. In my DNS manager, I set up 3 MX records: example.com (priority 10, which is for the email address sales@example.com), fqdn.example.com (priority 20, to match postfix settings), and mail.example.com (priority 30, just a placeholder). All these MX records have corresponding A records, which all point to one IP address.

I also followed the articles on slicehost for iptables, and allowed accept for all the ports related to smtp, pop3 and imap.

The problem is that

1) emails sent from external servers like gmail to sales@example.com never showed up in the sales mailbox.

2) I can't connect to the mail server with local clients like Mac Mail or Gmail. Both seem to say that connection is refused. I tried to put in each MX record and different ports, but all returned the connection refused error.

I browsed the forum and googled quite a bit, but couldn't quite figure out what the problem is exactly.

Thanks so much for any hints!

-Leo

2 Replies

First obvious question: is Postfix actually running? Telnet into your IP and port 25 and see if you get a Postfix response. If you get connection rejected, then Postfix isn't running at all, or isn't bound to the correct IP and port. A firewall may block it as well. If you set up dovecot-based authentication in Postfix and Dovecot or it's authentication component isn't running, then Postfix won't be able to reach it. If this is the case, then Postfix will run and listen on port 25, but it will not show the SMTP banner upon connection.

In any case, tail -f /var/log/mail.log and see what happens when you connect from outside. Logs are always the first step in debugging a problem.

Thanks a lot, mst!

The problem was solved by reconfiguring my iptables. When connection is refused, nothing seems to be logged in /var/log/mail.log, so mail logs are not much of help here.

I have no knowledge of the syntax for iptables, but it appears that my linode begins to accept smtp calls after I added these two lines in the iptables.

-I INPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-I OUTPUT -p tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

Although Slicehost is THE competitor to Linode, I often find their tutorials and guides complementary to the rarely ambiguous guides from linode, like this one

http://articles.slicehost.com/2010/3/1/ … l-overview">http://articles.slicehost.com/2010/3/1/barebones-postfix-install-overview.

One question though,
> "You would also need to open ports if you intend to allow mail clients to send email through your mail server, but this is not recommended and will not be covered in this article."

Does this refer to the OUTPUT line of iptables? Is it safe to leave this in the ip rules?

Many thanks anyway. The linode community is just awesome. :D

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct