Confirm mail client setup?
Server Information
Account Type: (POP3)
Incoming mail server: (mail.example.com)
Outgoing mail server (SMTP): (mail.example.com)
Logon Information
User Name: (
Password:
Require logon using Secure Password Authentication (SPA) ?
Outgoing Server
My outgoing server (SMTP) requires authentication (Yes)
Server Port Numbers
Incoming server (POP3): (995)
This server requires an encrypted connection (SSL) Yes
Outgoing server (SMTP): (25)
Use the following type of encrypted connection: (TLS)
What am I missing?
25 Replies
> What am I missing?
It's hard to tell. What problem are you having?
Running a Mail Server
Email with Postfix, Dovecot, and MySQL
How to Make a Self-Signed SSL Certificate
and even did the double checks with no errors -Troubleshooting Problems with Postfix, Dovecot, and MySQL
and I cannot connect to the 'mail.example.com' in my mail client.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:42575 0.0.0.0:* LISTEN 2785/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2754/rpcbind
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 23222/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6475/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 23222/master
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 23686/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 23686/dovecot
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 3749/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 23222/master
tcp 0 288 106.185.45.57:22 75.196.59.40:57669 ESTABLISHED 23631/sshd: username
tcp6 0 0 :::111 :::* LISTEN 2754/rpcbind
tcp6 0 0 :::465 :::* LISTEN 23222/master
tcp6 0 0 :::22 :::* LISTEN 6475/sshd
tcp6 0 0 :::25 :::* LISTEN 23222/master
tcp6 0 0 :::443 :::* LISTEN 19833/apache2
tcp6 0 0 :::993 :::* LISTEN 23686/dovecot
tcp6 0 0 :::995 :::* LISTEN 23686/dovecot
tcp6 0 0 :::46569 :::* LISTEN 2785/rpc.statd
tcp6 0 0 :::587 :::* LISTEN 23222/master
udp 0 0 0.0.0.0:58421 0.0.0.0:* 2785/rpc.statd
udp 0 0 0.0.0.0:68 0.0.0.0:* 2951/dhclient
udp 0 0 0.0.0.0:111 0.0.0.0:* 2754/rpcbind
udp 0 0 106.185.45.57:123 0.0.0.0:* 4735/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 4735/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 4735/ntpd
udp 0 0 0.0.0.0:809 0.0.0.0:* 2754/rpcbind
udp 0 0 127.0.0.1:841 0.0.0.0:* 2785/rpc.statd
udp 0 0 0.0.0.0:54165 0.0.0.0:* 2951/dhclient
udp6 0 0 :::5596 :::* 2951/dhclient
udp6 0 0 :::111 :::* 2754/rpcbind
udp6 0 0 2400:8900::f03c:91f:123 :::* 4735/ntpd
udp6 0 0 fe80::f03c:91ff:fe5:123 :::* 4735/ntpd
udp6 0 0 ::1:123 :::* 4735/ntpd
udp6 0 0 :::123 :::* 4735/ntpd
udp6 0 0 :::809 :::* 2754/rpcbind
udp6 0 0 :::45948 :::* 2785/rpc.statd
@vonskippy:
I can connect to mail.example.com just fine, maybe you made a typo. hahaa
mail.harris.hk
@Main Street James:
Are you running a firewall such as iptables? I ask because your mail ports are not available. When I check mail.harris.hk for open mail ports (25,587,993,995) I get no response. iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 106.185.45.57 0.0.0.0/0 tcp dpt:22
fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
DROP all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* Allow loopback connections */
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 /* Allow Ping to work as expected */
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22,25,53,80,443,465,993,995,5222,5269,5280,8999:9003
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
@vonskippy:
Your mail.harris.hk 'A' records resolve, but there doesn't seem to be a 'MX' record for your domain. How can I check the MX record? Where would I look locally in the server to verify?
You also have multiple rules for TCP22
MX records are setup in your DNS manager (so in the Linode DNS manager). You want to point your MX record to mail, then have a A record for mail.harris.hk (which you already have).
In the future, remember it's always a good test to TEMPORARILY disable your firewall rules, test your problem, if it works, then it's a firewall rule, if it still doesn't work, then it's not a firewall rule. Just remember to re-enable your firewall after you complete your tests.
@vonskippy:
Your IPTABLE rules are messed up - you have a REJECT ALL several lines ABOVE your ACCEPT 22,25,53,80,443,465,993,995,5222,5269,5280,8999:9003 rule.
You also have multiple rules for TCP22
How can I do this carefully, without locking myself out of my own server? I am thinking if I DROP 22 it will take out all the rules. Any suggestions, ideas?
@vonskippy:MX records are setup in your DNS manager (so in the Linode DNS manager). You want to point your MX record to mail, then have a A record for mail.harris.hk (which you already have).
Okay, I edited the subdomain to 'mail' on the MX records for 'mail.harris.hk'
@vonskippy:In the future, remember it's always a good test to TEMPORARILY disable your firewall rules, test your problem, if it works, then it's a firewall rule, if it still doesn't work, then it's not a firewall rule. Just remember to re-enable your firewall after you complete your tests. I was following all the Linode tutorial guides and following them. oops To re-enable, I think that means restarting the service then testing, then re-edit?
@Fufu:
@vonskippy:Your IPTABLE rules are messed up - you have a REJECT ALL several lines ABOVE your ACCEPT 22,25,53,80,443,465,993,995,5222,5269,5280,8999:9003 rule.
You also have multiple rules for TCP22
How can I do this carefully, without locking myself out of my own server? I am thinking if I DROP 22 it will take out all the rules. Any suggestions, ideas?
Use Lish:
You can completely disable network access and still access a Linode server with Lish.
@masonm:
@Fufu:
@vonskippy:Your IPTABLE rules are messed up - you have a REJECT ALL several lines ABOVE your ACCEPT 22,25,53,80,443,465,993,995,5222,5269,5280,8999:9003 rule.
You also have multiple rules for TCP22
How can I do this carefully, without locking myself out of my own server? I am thinking if I DROP 22 it will take out all the rules. Any suggestions, ideas?Use Lish:
https://www.linode.com/docs/networking/ … shell-lish">https://www.linode.com/docs/networking/using-the-linode-shell-lish You can completely disable network access and still access a Linode server with Lish. Which iptables commands should I be using to DROP and ACCEPT?
I am new to self-managed webservers and feel if I really mess this up, I will not know how to fix it.
This is in a chain? Okay, so what command would I use first and last that would not kill my chain?
Sorry for all the questions.
In CentOS, that file is located /etc/sysconfig/iptables, I'm not sure where it's located in DEB based systems.
After you edit the config file, either restart IPTABLES or just reboot the server to load the new ruleset.
sudo iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
s3r3na@kalos:~$ sudo nano /etc/network/if-pre-up.d/firewall
s3r3na@kalos:~$ sudo chmod +x /etc/network/if-pre-up.d/firewall
s3r3na@kalos:~$ sudo iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Looked over Prerequisites:
Troubleshot - Telnet, which I cannot check:
sudo telnet 106.185.45.57
Trying 106.185.45.57…
telnet: Unable to connect to remote host: Connection refused
"Checking Port Availability
Sometimes email problems occur because the mail server and mail client aren’t talking to each other on the same ports. For mail to get from client to server, or vice versa, both have to be using the same ports, and those ports also have to be open along the internet route between the two. If you are following the accompanying Postfix, Dovecot, and MySQL installation guide, you should be using the following ports:
25, 465, or 587 with TLS encryption for outgoing mail (SMTP)
993 with SSL encryption for incoming IMAP
995 with SSL encryption for incoming POP3
First, check your mail client settings and make sure that you have the correct ports and security settings selected.
Next, use the Telnet tool to check that ports are open both on your Linode and on the route between your client and your Linode. The same test should be run on both your Linode and your home computer. First we’ll present how to run the test from both locations, and then we’ll discuss the implications."
Also, when you use telnet for testing services, you need to remember to ADD the port number after the IP number
so….
telnet 106.185.45.57 25
Assuming you've just setup your server (i.e. there isn't much of anything important or confidential on it), there's little to risk by turning off your firewall and testing your email setup. If it works, then you just need to figure out the firewall rules, if it doesn't, then you need to fix your email server config before worrying about your firewall config. Just remember to turn your firewall back on after your tests.
What distro are you using?
@vonskippy:
Now I don't see any email ports opened in your IPTABLES rules (25, 465, 587, 993, 995)
Also, when you use telnet for testing services, you need to remember to ADD the port number after the IP number
so….
telnet 106.185.45.57 25
Assuming you've just setup your server (i.e. there isn't much of anything important or confidential on it), there's little to risk by turning off your firewall and testing your email setup. If it works, then you just need to figure out the firewall rules, if it doesn't, then you need to fix your email server config before worrying about your firewall config. Just remember to turn your firewall back on after your tests.
What distro are you using?
Thank you. The telnet does work when I put a space in between the ports and the ip address.
The ports are open are 25, 443, 567, 465, 80, 993, and 995. Other ports are not open when I use telnet.
I am running Debian 7.6.
There is not a single line command to disable Debian's iptables, is there?
I see a lot of lengthy tutorials that cut access to my server right away and I am not sure if it is correct or not?
The MX records are correct? I have combed over-and-over these Linode tutorials and roubleshooting ones too and have verified for several days I have followed every step correctly. I have them almost memorized by now. lol
@Fufu:
Thank you. The telnet does work when I put a space in between the ports and the ip address.
The ports are open are 25, 443, 567, 465, 80, 993, and 995. Other ports are not open when I use telnet.
No, they are not. Some are (443, 80) but others aren't (25, 995).
You have to do the test off your linode from another machine. Local traffic from the linode to the same linode won't be caught by the firewall
@sweh:
@Fufu:Thank you. The telnet does work when I put a space in between the ports and the ip address.
The ports are open are 25, 443, 567, 465, 80, 993, and 995. Other ports are not open when I use telnet.
No, they are not. Some are (443, 80) but others aren't (25, 995).You have to do the test off your linode from another machine. Local traffic from the linode to the same linode won't be caught by the firewall
I made the edits to sudo nano /etc/iptables.firewall.rules
*filter
# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT
# Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
-A INPUT -p tcp --dport 567 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
# Allow SSH connections
#
# The -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow ping
-A INPUT -p icmp -j ACCEPT
# Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
telnet from another machine's results
# telnet 106.185.45.57 80
Trying 106.185.45.57...
Connected to 106.185.45.57.
Escape character is '^]'.
^]
telnet> close
Connection closed.
# telnet 106.185.45.57 443
Trying 106.185.45.57...
Connected to 106.185.45.57.
Escape character is '^]'.
^]
telnet> close
Connection closed.
# telnet 106.185.45.57 995
Trying 106.185.45.57...
Connected to 106.185.45.57.
Escape character is '^]'.
^]
telnet> close
Connection closed.
# telnet 106.185.45.57 993
Trying 106.185.45.57...
Connected to 106.185.45.57.
Escape character is '^]'.
^]
telnet> close
Connection closed.
# telnet 106.185.45.57 465
Trying 106.185.45.57...
Connected to 106.185.45.57.
Escape character is '^]'.
^]
telnet> close
Connection closed.
# telnet 106.185.45.57 567
Trying 106.185.45.57...
telnet: connect to address 106.185.45.57: Connection refused
# telnet 106.185.45.57 25
Trying 106.185.45.57...
telnet: connect to address 106.185.45.57: Connection timed out
sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp
ACCEPT tcp -- anywhere anywhere tcp dpt:567
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
> # telnet 106.185.45.57 25
Trying 106.185.45.57…
telnet: connect to address 106.185.45.57: Connection timed out
I'm guessing you did this from a home machine; many ISPs block outgoing port 25 to prevent spam.
Port 567 you have no process listening.
I don't know why you're not getting a response on some of these ports; application misconfig.
For SSL enabled ports you need to use openssl
eg
% openssl s_client -connect 106.185.45.57:993
CONNECTED(00000003)
depth=0 O = Dovecot mail server, OU = kalos.harris.hk, CN = kalos.harris.hk, emailAddress = root@harris.hk
verify error:num=18:self signed certificate
verify return:1
depth=0 O = Dovecot mail server, OU = kalos.harris.hk, CN = kalos.harris.hk, emailAddress = root@harris.hk
verify return:1
...
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
0 logout
closed
What other information/command result/screenshots/file conf do you need from me?
@sweh:
> # telnet 106.185.45.57 25Trying 106.185.45.57…
telnet: connect to address 106.185.45.57: Connection timed out
I'm guessing you did this from a home machine; many ISPs block outgoing port 25 to prevent spam.Port 567 you have no process listening.
I don't know why you're not getting a response on some of these ports; application misconfig.
For SSL enabled ports you need to use openssl
eg
% openssl s_client -connect 106.185.45.57:993 CONNECTED(00000003) depth=0 O = Dovecot mail server, OU = kalos.harris.hk, CN = kalos.harris.hk, emailAddress = root@harris.hk verify error:num=18:self signed certificate verify return:1 depth=0 O = Dovecot mail server, OU = kalos.harris.hk, CN = kalos.harris.hk, emailAddress = root@harris.hk verify return:1 ... --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 0 logout closed
Already I have found this missing, maybe this needs to be somewhere else?
# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
-A INPUT -p tcp --dport 567 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
Is my mail server setup correctly with MX in Linode?
MX Records
Mail Server: mail.harris.hk Preference: 10 Subdomain: mail TTL: Default
I have done all the troubleshoot checks with no errors.
Is there anything missing in the Linode documentation?
DNS is reversed.
Your DNS and MX settings seem to be ok:
Your PTR points to your domain name (i.e. harris.hk) which is ok, but I think most anti-spam wants it to point to the hostname (i.e. mail.harris.hk)
But your firewall is getting worse not better
Once again, you should pick a topic (either email service, or firewall) and fix that before moving on. Working on several problems at once just means you have too many variables to determine what's being changed for the better and what's being changed for the worse.
Turn off IPTABLES, and get your Email service working. Once it's working, turn on IPTABLES and once again, get Email working (knowing that any problems with email now are caused by the firewall).
ls -ld /var/mail
drwxrwsr-x 3 vmail vmail 4096 Oct 22 21:59 /var/mail
ls -ld /etc/dovecot
drwxr-x--- 4 vmail dovecot 4096 Oct 22 21:58 /etc/dovecot
/var/log/mail.log
Oct 20 17:42:48 kalos postfix/smtpd[28156]: fatal: bad boolean configuration: smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_s$
Oct 20 17:42:49 kalos postfix/master[24019]: warning: process /usr/lib/postfix/smtpd pid 28156 exit status 1
Oct 20 17:42:49 kalos postfix/master[24019]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Oct 20 17:43:13 kalos postfix/master[24019]: terminating on signal 15
Oct 20 17:43:13 kalos postfix/master[28299]: daemon started -- version 2.9.6, configuration /etc/postfix
Oct 21 02:13:37 kalos postfix/master[4048]: daemon started -- version 2.9.6, configuration /etc/postfix
Oct 21 02:26:11 kalos postfix/pickup[4054]: 7450AE8B6: uid=0 from= <root>Oct 21 02:26:11 kalos postfix/cleanup[4966]: 7450AE8B6: message-id=<20141021092611.7450AE8B6@kalos.harris.hk>
Oct 21 02:26:11 kalos postfix/qmgr[4055]: 7450AE8B6: from=<root@harris.hk>, size=1777, nrcpt=1 (queue active)
Oct 21 02:26:11 kalos postfix/lmtp[4974]: 7450AE8B6: to=<root@harris.hk>, orig_to=<root>, relay=kalos.harris.hk[private/dovecot-lmtp], delay=0.14, delays=0.$
Oct 21 02:26:11 kalos postfix/cleanup[4966]: 91B96E8B9: message-id=<20141021092611.91B96E8B9@kalos.harris.hk>
Oct 21 02:26:11 kalos postfix/qmgr[4055]: 91B96E8B9: from=<>, size=3710, nrcpt=1 (queue active)
Oct 21 02:26:11 kalos postfix/bounce[4981]: 7450AE8B6: sender non-delivery notification: 91B96E8B9
Oct 21 02:26:11 kalos postfix/qmgr[4055]: 7450AE8B6: removed
Oct 21 02:26:11 kalos postfix/lmtp[4974]: 91B96E8B9: to=<root@harris.hk>, relay=kalos.harris.hk[private/dovecot-lmtp], delay=0.01, delays=0/0/0/0, dsn=5.1.1$
Oct 21 02:26:11 kalos postfix/qmgr[4055]: 91B96E8B9: removed
Oct 22 22:07:34 kalos postfix/master[4597]: daemon started -- version 2.9.6, configuration /etc/postfix</root@harris.hk></root></root@harris.hk></root@harris.hk></root>
service postfix status
[ ok ] postfix is running.
service dovecot status
[ ok ] dovecot is running.
service postfix restart
[ ok ] Stopping Postfix Mail Transport Agent: postfix.
[ ok ] Starting Postfix Mail Transport Agent: postfix.
service dovecot restart
[ ok ] Restarting IMAP/POP3 mail server: dovecot.
tail /var/log/mail.log
Oct 21 02:26:11 kalos postfix/lmtp[4974]: 7450AE8B6: to=<root@harris.hk>, orig_to=<root>, relay=kalos.harris.hk[private/dovecot-lmtp], delay=0.14, delays=0.04/0.02/0.02/0.06, dsn=5.1.1, status=bounced (host kalos.harris.hk[private/dovecot-lmtp] said: 550 5.1.1 <root@harris.hk> User doesn't exist: root@harris.hk (in reply to RCPT TO command))
Oct 21 02:26:11 kalos postfix/cleanup[4966]: 91B96E8B9: message-id=<20141021092611.91B96E8B9@kalos.harris.hk>
Oct 21 02:26:11 kalos postfix/qmgr[4055]: 91B96E8B9: from=<>, size=3710, nrcpt=1 (queue active)
Oct 21 02:26:11 kalos postfix/bounce[4981]: 7450AE8B6: sender non-delivery notification: 91B96E8B9
Oct 21 02:26:11 kalos postfix/qmgr[4055]: 7450AE8B6: removed
Oct 21 02:26:11 kalos postfix/lmtp[4974]: 91B96E8B9: to=<root@harris.hk>, relay=kalos.harris.hk[private/dovecot-lmtp], delay=0.01, delays=0/0/0/0, dsn=5.1.1, status=bounced (host kalos.harris.hk[private/dovecot-lmtp] said: 550 5.1.1 <root@harris.hk> User doesn't exist: root@harris.hk (in reply to RCPT TO command))
Oct 21 02:26:11 kalos postfix/qmgr[4055]: 91B96E8B9: removed
Oct 22 22:07:34 kalos postfix/master[4597]: daemon started -- version 2.9.6, configuration /etc/postfix
Oct 22 22:46:23 kalos postfix/master[4597]: terminating on signal 15
Oct 22 22:46:23 kalos postfix/master[6166]: daemon started -- version 2.9.6, configuration /etc/postfix</root@harris.hk></root@harris.hk></root@harris.hk></root></root@harris.hk>
tail /var/log/upstart/dovecot.log
tail: cannot open `/var/log/upstart/dovecot.log' for reading: No such file or directory
@vonskippy:
Turn off IPTABLES, and get your Email service working. Once it's working, turn on IPTABLES and once again, get Email working (knowing that any problems with email now are caused by the firewall). How can I turn off iptables in Debian?
As root:
'/etc/init.d/iptables stop'
output: (doesn't work)
'iptables -X'
output: iptables: Too many links.
The CentOS commands do not work either. I am using Debian.
After researching something as simple as turning IPTABLES on and off in Debian, I'm oh so glad I use CentOS (service iptables stop / service iptables start).
this is my '$/var/log/mail.log' excerpt of the error I am receiving.
Oct 24 22:03:06 kalos postfix/smtpd[3998]: connect from mta.email.jacquielawson.com[66.231.90.157]
Oct 24 22:03:06 kalos postfix/smtpd[3998]: NOQUEUE: reject: RCPT from mta.email.jacquielawson.com[66.231.90.157]: 554 5.7.1 <
I believe I have my firewall sorted out:
$iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere
REJECT all -- anywhere loopback/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere