# Mail Server (Postfix) SMTP problem



## SomeoneHere (Apr 27, 2009)

I can't seem to figure out what is the issue and am hoping someone can help me.  I have set up a postfix mail server that can send and receive mail.  But if I try to telnet mydomain.com 25 from a different public ip it does not connect.  Though if I ssh to the box and telnet mydomain.com 25 I connect.  I am not using a firewall currently just to eliminate that as an issue.  My thoughts are that the problem is with the mynetworks = in postfix.  But that is set right 


```
mynetworks = 66.244.243.24/29, 127.0.0.0/8
```

(not my real ip but I use 66.244.243.26/29 as public ip and 66.244.243.27/29 as mail server)

I can connect from this public ip for imap but smtp will not connect.  Basically I only want this other public IP to be allowed to use this mail server to send.  I have used squirrelmail to send mail so the smtp is working for localhost.  I just don't know is there any settings on freebsd that you need to open to allow to connect to smtp (port 25)?  Because I would think that telnet mydomain.com 25 would work.  Because as I said there is no firewall on.  I have tried enabling inetd in rc.conf and uncommenting the telnet part thinking that was this issue.  Still the same result.  Any suggestions on where else I can look to figure out where it is getting blocked?  The maillog is not showing any attempt of a connection.


----------



## DutchDaemon (Apr 27, 2009)

I hope you disabled telnetd and inetd about one minute later? Never run telnetd on a public interface. Telnetting to a given port does not require telnetd to be enabled.

Is Postfix running on your external IP address at all? What does


```
sockstat -4 -p 25
```

say, for example?


----------



## SomeoneHere (Apr 27, 2009)

Yeah I disabled it right after.  But sockstat -4 -p 25 gives me 


```
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
root     master     1168  12 tcp4   *:25                  *:*
```


----------



## DutchDaemon (Apr 27, 2009)

And what does 
	
	



```
telnet public_ip 25
```
 give you (from an external IP)?


----------



## SomeoneHere (Apr 27, 2009)

Connecting to (public IP)  Could not open connection to the host on port 25 Connect Failed


----------



## DutchDaemon (Apr 27, 2009)

Anything in between your Postfix daemon and the IP connecting to it? Firewall, NAT, DSL bridged modem?


----------



## SomeoneHere (Apr 27, 2009)

Naw only have one ethernet card in there and configured with public IP.  Disabled firewall to eliminate that as issue.  And I never configured the box for NAT.


----------



## mwatkins (Apr 27, 2009)

Is the postfix machine sitting on a residential ISP network? i.e. your home network?

If so, and if you can telnet to the public IP from within the postfix machine, but not from an external public IP, you can thank your ISP for that. Many block port 25 outbound from residential customers. Here's one example from a major Canadian ISP:



> Port 25 Block
> Connections made to Port 25 (the standard SMTP port for outbound email) that are not directed toward a Shaw Email server are blocked.
> 
> In an effort to reduce the volume of Unsolicited Bulk Email (SPAM), any outbound traffic on Port 25 that is not directed toward a Shaw Email Server is blocked.
> ...


----------



## phoenix (Apr 28, 2009)

Install *tcptraceroute* on the remote box.  Then run *tcptraceroute mail.server.ip 25*

That will trace the route (show all the routers) between "remote host" and the "mail server", and will show whether or not port 25 is open all the way between the two.

Sounds like there's an ISP router somewhere blocking port 25 traffic.


----------



## vivek (Apr 28, 2009)

66.244.243.26/29 is subnet and not IP address (you mentioned that twice in your post). So try IP address:

```
telnet 66.244.243.26 25
```


----------



## SomeoneHere (Apr 29, 2009)

Thanks for all the help.  I figured out it was a hardware firewall not allowing outgoing telnet sessions from my public ip.  So it was set up correctly.  Thanks for all the help.


----------

