View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions SMTP with Postfix only works internally.
Log in to Ask a Question

SMTP with Postfix only works internally.

email

I've got my email server set up with Postfix/Dovecot using the documentation from Linode. I've installed roundcube as a web interface and it can send and receive email without trouble. However, when I try to use an external client, I can only receive mail.

So my first thought was the firewall. Here's iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             127.0.0.0/8         reject-with icmp-port-unreachable 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap2 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:585 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:2025 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssmtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:submission 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request 
LOG        all  --  anywhere             anywhere            limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: ' 
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere

Any obvious mistakes?

And here's the output of netstat -lntp:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      10153/dovecot   
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      10153/dovecot   
tcp        0      0 127.0.0.1:44069         0.0.0.0:*               LISTEN      23261/current   
tcp        0      0 127.0.0.1:54470         0.0.0.0:*               LISTEN      27868/current   
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      6765/mysqld     
tcp        0      0 127.0.0.1:40718         0.0.0.0:*               LISTEN      18128/current   
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      10153/dovecot   
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      10153/dovecot   
tcp        0      0 127.0.0.1:39154         0.0.0.0:*               LISTEN      19565/current   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2084/sshd       
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      16962/master    
tcp6       0      0 :::80                   :::*                    LISTEN      14926/apache2   
tcp6       0      0 :::22                   :::*                    LISTEN      2084/sshd

So it looks like something is listening on port 25, right?

Thanks for any help you can offer.

5 Replies

telnet mail.domain.com 25 and see how it responds

It times out:

telnet waffles.ovrmnd.com 25
Trying 50.116.39.110...
telnet: connect to address 50.116.39.110: Operation timed out
telnet: Unable to connect to remote host

Locally, it's fine and dandy:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 waffles.ovrmnd.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-waffles.ovrmnd.com
250-PIPELINING
250-SIZE 30720000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Works for me. Is your home ISP blocking port 25?

% telnet waffles.ovrmnd.com 25
Trying 50.116.39.110...
Connected to waffles.ovrmnd.com.
Escape character is '^]'.
220 waffles.ovrmnd.com ESMTP Postfix (Ubuntu)

Well, well. That's an excellent question!

And that's exactly what it was! I've got an AT&T U-Verse "Small Business" connection, if anyone else would like to avoid them.

For future reference, I got it to work by adding these lines to /etc/postfix/master.cf:

465      inet  n     -     n     -     -     smtpd
587      inet  n     -     n     -     -     smtpd
2025      inet  n     -     n     -     -     smtpd

Which tells postfix to listen to those ports, too.

So now I can connect! (But I'm getting a new set of errors regarding authentication. Which I will save for another post.)

Thanks!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct