Messages not being delivered

[buee]

I know the title is awfully vague but I'm at a loss. I recently threw in a firewall to prevent some unauthorized attempts to access my systems. I have the networking and everything set up with 1:1 NAT and all ports appear to forwarded correctly as I can get to the web console, SSH, POP, IMAP, etc. However, no messages are being delivered to my inbox. I have looked at a bunch of stuff and nothing's raising a red flag. The only difference should be that the server went from being directly on the net with a static public IP to being in a DMZ with 1:1 NAT being configured and it having a private IP address on the DMZ interface so I'm guessing it has something to do with either DNS or hostnames somewhere along the line but cannot find it for the life of me. I looked at the mail queues on the admin console and everything is being deferred at the moment, no matter how many times I queue it up. I do NOT get any bounce messages at all. This has apparently been going on for 2 weeks and I just realized it today so I have a few messages in there waiting to be delivered.

I have search the forum for the symptoms and tried some of the fixes but have not found anything that resolves this issue. To tell you the truth, I don't even know where to look. Please, someone help me!!!

[sokhar]

Have you ran the following from outside your network?

telnet publicip 25

Does it return any output? If it does try to manually see if the server is accepting mail by doing a

HELO myhostname
MAIL FROM: externaladdress@something.com
RCPT TO: internaladdress@myserver.com
DATA
test
.

It should show that the message was accepted. What is the firewall you are using? If it is an ASA you may need to configure it to allow ESMTP....

[buee]

That failed saying that it received no response on that port. The firewall that I'm using is the Endian Firewall.

Sending e-mail works, it's the receiving part that is not. For some reason, it's like the server doesn't want to accept the mail so it gets put in a holding pattern or something.

[buee]

Quote:

Originally Posted by sokhar

Have you ran the following from outside your network?

telnet publicip 25

Does it return any output? If it does try to manually see if the server is accepting mail by doing a

HELO myhostname
MAIL FROM: externaladdress@something.com
RCPT TO: internaladdress@myserver.com
DATA
test
.

It should show that the message was accepted. What is the firewall you are using? If it is an ASA you may need to configure it to allow ESMTP....

It does not fail. I was looking at the wrong window. I just get a blank screen, but am unclear as to where to issue the HELO command from. I'm on a winblows box right now.

[sokhar]

You should get output similar to this

root@sdseclin1:~# telnet mail.1903solutions.com 25
Trying 64.87.16.10...
Connected to mail.1903solutions.com.
Escape character is '^]'.
220 mail.1903solutions.com ESMTP Postfix
HELO
501 Syntax: HELO hostname
HELO myhostname
250 mail.1903solutions.com
MAIL FROM:test@test.org
250 2.1.0 Ok
RCPT TO: test@test.org
554 5.7.1 <test@test.org>: Relay access denied
421 4.4.2 mail.1903solutions.com Error: timeout exceeded
Connection closed by foreign host.


If you don't, try doing the same thing inside of the firewall to the mail servers internal IP. If you still don't get output then there is an issue on the mail server. If inside the firewall you get a response then the firewall ruleset needs investigating further....

[buee]

Quote:

Originally Posted by sokhar

You should get output similar to this

root@sdseclin1:~# telnet mail.1903solutions.com 25
Trying 64.87.16.10...
Connected to mail.1903solutions.com.
Escape character is '^]'.
220 mail.1903solutions.com ESMTP Postfix
HELO
501 Syntax: HELO hostname
HELO myhostname
250 mail.1903solutions.com
MAIL FROM:test@test.org
250 2.1.0 Ok
RCPT TO: test@test.org
554 5.7.1 <test@test.org>: Relay access denied
421 4.4.2 mail.1903solutions.com Error: timeout exceeded
Connection closed by foreign host.


If you don't, try doing the same thing inside of the firewall to the mail servers internal IP. If you still don't get output then there is an issue on the mail server. If inside the firewall you get a response then the firewall ruleset needs investigating further....

No, I just get a blank command prompt with a flashing cursor, nothing more, nothing less....couldn't get much less

[sokhar]

Even from behind the firewall? If you aren't getting anything from behind the firewall then the issue is definitely on the server itself....

Try locally on the mail server but connect to 127.0.0.1

It may be possible that postfix isn't listening on all the IPs...

[menno.pieters]

A blank screen usually means that Postfix is waiting for something. In the end, it will show a prompt, but that could take minutes, which is too long for many MTA's to actually deliver mail. Most of the time it's DNS, that Postfix is waiting for. On the host, try "host some.remote.host" or "nslookup some.remote.host". If that times out, too... Look at your firewall for outgoing DNS settings.

Also, the /var/log/mail.log or /var/log/maillog (depending on your OS) could show some hints...

Best regards,

Menno Pieters

[buee]

Quote:

Originally Posted by sokhar

Even from behind the firewall? If you aren't getting anything from behind the firewall then the issue is definitely on the server itself....

Try locally on the mail server but connect to 127.0.0.1

It may be possible that postfix isn't listening on all the IPs...

Quote:

A blank screen usually means that Postfix is waiting for something. In the end, it will show a prompt, but that could take minutes, which is too long for many MTA's to actually deliver mail. Most of the time it's DNS, that Postfix is waiting for. On the host, try "host some.remote.host" or "nslookup some.remote.host". If that times out, too... Look at your firewall for outgoing DNS settings.

Also, the /var/log/mail.log or /var/log/maillog (depending on your OS) could show some hints...

Best regards,

Menno Pieters

Code:

root@webmail:~# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.baerconsult.com ESMTP Postfix
421 4.4.2 mail.baerconsult.com Error: timeout exceeded
Connection closed by foreign host.
root@webmail:~# nslookup mail.baerconsult.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   mail.baerconsult.com
Address: 75.150.206.10

root@webmail:~#

It looks like DNS is working properly as near as I can tell. Mail is getting to the server, it's just not getting to any inboxes.

[buee]

Quote:

Originally Posted by menno.pieters

A blank screen usually means that Postfix is waiting for something. In the end, it will show a prompt, but that could take minutes, which is too long for many MTA's to actually deliver mail. Most of the time it's DNS, that Postfix is waiting for. On the host, try "host some.remote.host" or "nslookup some.remote.host". If that times out, too... Look at your firewall for outgoing DNS settings.

Also, the /var/log/mail.log or /var/log/maillog (depending on your OS) could show some hints...

Best regards,

Menno Pieters

Code:

Feb  4 12:04:31 mail postfix/smtpd[30645]: timeout after CONNECT from localhost[127.0.0.1]
Feb  4 12:04:31 mail postfix/smtpd[30645]: disconnect from localhost[127.0.0.1]
Feb  4 12:04:31 mail zmmailboxdmgr[32558]: status requested
Feb  4 12:04:31 mail zmmailboxdmgr[32558]: status OK
Feb  4 12:05:45 mail zmmailboxdmgr[322]: status requested
Feb  4 12:05:45 mail zmmailboxdmgr[322]: status OK
Feb  4 12:05:47 mail zmmailboxdmgr[417]: status requested
Feb  4 12:05:47 mail zmmailboxdmgr[417]: status OK
Feb  4 12:05:48 mail postfix/anvil[31739]: statistics: max connection rate 1/60s for (smtp:192.168.10.75) at Feb  4 12:02:28
Feb  4 12:05:48 mail postfix/anvil[31739]: statistics: max connection count 1 for (smtp:192.168.10.75) at Feb  4 12:02:28
Feb  4 12:05:48 mail postfix/anvil[31739]: statistics: max cache size 1 at Feb  4 12:02:28
Feb  4 12:06:05 mail zmmailboxdmgr[527]: status requested
Feb  4 12:06:05 mail zmmailboxdmgr[527]: status OK
Feb  4 12:06:29 mail postfix/qmgr[25860]: 0EBBE594034: from=<notification@opmanager.com>, size=3829, nrcpt=1 (queue active)
Feb  4 12:06:29 mail postfix/qmgr[25860]: 38DAF594031: from=<notification@opmanager.com>, size=3771, nrcpt=1 (queue active)
Feb  4 12:07:01 mail zmmailboxdmgr[825]: status requested
Feb  4 12:07:01 mail zmmailboxdmgr[825]: status OK
Feb  4 12:07:03 mail zmmailboxdmgr[924]: status requested
Feb  4 12:07:03 mail zmmailboxdmgr[924]: status OK
Feb  4 12:07:29 mail postfix/smtpd[938]: connect from unknown[192.168.10.75]
Feb  4 12:07:29 mail postfix/smtpd[938]: lost connection after CONNECT from unknown[192.168.10.75]
Feb  4 12:07:29 mail postfix/smtpd[938]: disconnect from unknown[192.168.10.75]
Feb  4 12:08:08 mail zmmailboxdmgr[1126]: status requested
Feb  4 12:08:08 mail zmmailboxdmgr[1126]: status OK
Feb  4 12:08:21 mail zmmailboxdmgr[1333]: status requested
Feb  4 12:08:21 mail zmmailboxdmgr[1333]: status OK
Feb  4 12:08:23 mail zmmailboxdmgr[1428]: status requested
Feb  4 12:08:23 mail zmmailboxdmgr[1428]: status OK
Feb  4 12:09:37 mail zmmailboxdmgr[1660]: status requested
Feb  4 12:09:37 mail zmmailboxdmgr[1660]: status OK
Feb  4 12:09:38 mail postfix/lmtp[610]: connect to mail.baerconsult.com[75.150.206.10]: Connection timed out (port 7025)
Feb  4 12:09:38 mail postfix/lmtp[611]: connect to mail.baerconsult.com[75.150.206.10]: Connection timed out (port 7025)
Feb  4 12:09:38 mail postfix/lmtp[610]: 0EBBE594034: to=<siteadmin@baerconsult.com>, relay=none, delay=44630, delays=44441/0.02/189/0, dsn=4.4.1, status=deferred (connect to mail.baerconsult.com[75.150.206.10]: Connection timed out)
Feb  4 12:09:38 mail postfix/lmtp[611]: 38DAF594031: to=<siteadmin@baerconsult.com>, relay=none, delay=44639, delays=44450/0.03/189/0, dsn=4.4.1, status=deferred (connect to mail.baerconsult.com[75.150.206.10]: Connection timed out)
Feb  4 12:09:39 mail zmmailboxdmgr[1757]: status requested
Feb  4 12:09:39 mail zmmailboxdmgr[1757]: status OK
Feb  4 12:10:09 mail zmmailboxdmgr[1978]: status requested
Feb  4 12:10:09 mail zmmailboxdmgr[1978]: status OK
Feb  4 12:10:49 mail postfix/anvil[940]: statistics: max connection rate 1/60s for (smtp:192.168.10.75) at Feb  4 12:07:29
Feb  4 12:10:49 mail postfix/anvil[940]: statistics: max connection count 1 for (smtp:192.168.10.75) at Feb  4 12:07:29
Feb  4 12:10:49 mail postfix/anvil[940]: statistics: max cache size 1 at Feb  4 12:07:29
Feb  4 12:10:53 mail zmmailboxdmgr[2270]: status requested
Feb  4 12:10:53 mail zmmailboxdmgr[2270]: status OK
Feb  4 12:10:55 mail zmmailboxdmgr[2365]: status requested
Feb  4 12:10:55 mail zmmailboxdmgr[2365]: status OK
Feb  4 12:12:10 mail zmmailboxdmgr[2672]: status requested
Feb  4 12:12:10 mail zmmailboxdmgr[2672]: status OK
Feb  4 12:12:14 mail zmmailboxdmgr[2730]: status requested
Feb  4 12:12:14 mail zmmailboxdmgr[2730]: status OK
Feb  4 12:12:17 mail zmmailboxdmgr[2868]: status requested
Feb  4 12:12:17 mail zmmailboxdmgr[2868]: status OK
Feb  4 12:12:29 mail postfix/smtpd[2882]: connect from unknown[192.168.10.75]
Feb  4 12:12:29 mail postfix/smtpd[2882]: lost connection after CONNECT from unknown[192.168.10.75]
Feb  4 12:12:29 mail postfix/smtpd[2882]: disconnect from unknown[192.168.10.75]
Feb  4 12:13:31 mail zmmailboxdmgr[3107]: status requested
Feb  4 12:13:31 mail zmmailboxdmgr[3107]: status OK
Feb  4 12:13:33 mail zmmailboxdmgr[3202]: status requested
Feb  4 12:13:33 mail zmmailboxdmgr[3202]: status OK
Feb  4 12:14:05 mail zmmailboxdmgr[3320]: status requested
Feb  4 12:14:05 mail zmmailboxdmgr[3320]: status OK

That is output of the last ~30 lines of my log file. Btw, the OS is Ubuntu 6.06 LTS Server, fully updated.