unable to conenct port 25
here some technical details:
There is a daemon listening to this port
> netstat --listening --inet --program
..
tcp 0 0 *:smtp *:* LISTEN 2133/master
..
I can connect (telnet to port 25) from my linode
> telnet localhost 25 // sucess
Unable to connect (telnet to port 25) from my desktop
> telnet 178.79.128.210 25
Trying 178.79.128.210...
telnet: Unable to connect to remote host: Connection timed out
nmap said that the port is filterd:
> nmap -sS 178.79.128.210
..
25/tcp filtered smtp
80/tcp open http
..
And i've deleted all rules from iptables:
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Any idea someone???
Thanks,
Ziv
7 Replies
You might try shifting your server to a different port and see if that works any better. Or if you specifically want to forward through that port you could see about a VPN or SSH forwarding tunnel between your home machine and your Linode, and then connect over that.
– David
connected to my home desktop and all was good
thanks a lot
I know that postfix is running because it can answer on a different port (and locally) and I know the firewall isn't the culprit because the problem exists when there is no firewall and other services can answer port 25. I'm running Ubuntu 10.04, with no added repositories.
main.cf
myhostname = node.brainbuz.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = brainbuz.org, node.brainbuz.org, localhost.brainbuz.org, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet part of master.cf
# =================================================================
# service type private unpriv chroot wakeup maxproc command + a
# (yes) (yes) (yes) (never) (100)
# =================================================================
smtp inet n - - - - smtpd
58 inet n - - - - smtpd
#submission inet n - - - - smtpd
I'm running ufw which makes iptables output excessively verbose here is the outpout from ufw and nmap:
To Action From
-- ------ ----
110 ALLOW Anywhere
Apache ALLOW Anywhere
22 ALLOW Anywhere
58/tcp ALLOW Anywhere
443 ALLOW Anywhere
25/tcp ALLOW Anywhere
Interesting ports on node.brainbuz.org (173.255.233.30):
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
443/tcp open https
Finally an ssh session from an external shell account (dreamhost).
[steelers]$ telnet 173.255.233.30 25
Trying 173.255.233.30...
telnet: Unable to connect to remote host: Connection refused
[steelers]$ telnet 173.255.233.30 58
Trying 173.255.233.30...
Connected to 173.255.233.30.
Escape character is '^]'.
220 node.brainbuz.org ESMTP Postfix (Ubuntu)
@brainbuz:
I'm having a similar problem, except that I can connect to postfix on an alternate port from external hosts. I've ruled out the firewall, first I had ssh answer port 25 successfully (then I took the port back), then I completely ripped out the firewall. I even tried installing postfix on a machine at my house, was able to connect to it from other hosts and then copied its' main and master files to my linode, and still have the issue!
The tests you showed don't seem to eliminate possible filtering for outbound port 25 at your source location (in your sample, your Dreamhost shell account). And testing inbound to your home host doesn't preclude outbound filtering by your provider. The comment above about making an ssh connection to port 25 is about the only thing that would seem to indicate no such filtering, so it might be helpful to see a sample of that test just to be sure, since that still seems to be the most likely possibility given that a different port works.
It is interesting that you get a port refused rather than just no response, since I suspect most ISP filters would just blackhole the traffic (I know mine does), but such blocks could certainly be active as well.
However, I will note that I tried a quick test (see below) and could access your server on port 25 from one of my Newark Linodes. Also successful from a random web server in CA. So I do think things are ok on your Linode itself and the problem is likely elsewhere, unless something changed since you posted.
telnet> open node.brainbuz.org 25
Trying 173.255.233.30...
Connected to node.brainbuz.org.
Escape character is '^]'.
220 node.brainbuz.org ESMTP Postfix (Ubuntu)
– David
@brainbuz:
I just tried checkOR.com (open relay tester) and it said it connected and I'm not a relay . That dreamhost would allow ssh to 25 but not telnet to 25 doesn't make any sense to me. For the time being I have to trust that port 25 is really working and continue building it as a gateway/private relay (testing will be extra fun since I won't fully trust it to answer 25).
That's why I asked for a sample of the ssh test - are you absolutely sure you really switched ports?
If you're concerned for future testing, you could always provision a second Linode (even in a different DC) if only for a few days and use it as a test source.
– David