telnet unable to connect to remote host
I have installed postfix and devcot on one of my live servers to send bulk mail (system messages on sign-up, wrong passwords etc). I use the php_imap function to check bounces and flag those email id's so that we don't keep sending emails to those address that have resulted in a bounce. I noticed that the php_imap function was not reading the bounces on the live servers it did read bounces on the test servers. But the live server is able to send mails! Both the servers have identical Centos 6.4 OS and have the same iptable configuration.
I compared the DNS entries of both "test" and "live" domains and they have the necessary SPF entries. The hosting provider has the necessary PTR records. But the bounces for some reason was not available to the php_imap program.
At this point I was not sure if the bounces were being delivered to the server and dovecot was unable to read them or if the bounces were not delivered at all.
So I compared the entries in /etc/postfix/main.cf and /etc/postfix/master.cf of both the "test" and "live" servers and found them to be the same except for the domain name.
To be sure I checked if postfix is running ps aux | grep postfix and it returned
LIVE SERVER
[root@bw sridhar]# ps aux | grep postfix
root 1433 0.0 0.1 13476 2696 ? Ss 09:32 0:00 /usr/libexec/postfix/master
postfix 1443 0.0 0.1 13720 2836 ? S 09:32 0:00 qmgr -l -t fifo -u
postfix 4724 0.0 0.1 13552 2668 ? S 12:00 0:00 pickup -l -t fifo -u
postfix 4850 0.0 0.1 13696 2776 ? S 12:15 0:00 cleanup -z -t unix -u
postfix 4852 0.0 0.1 13748 2928 ? S 12:15 0:00 smtp -t unix -u
postfix 4855 0.0 0.1 13748 2928 ? S 12:15 0:00 smtp -t unix -u
postfix 4856 0.0 0.1 13588 2656 ? S 12:15 0:00 bounce -z -n defer -t unix -u
root 4858 0.0 0.0 4360 736 pts/0 S+ 12:15 0:00 grep postfix
TEST SERVER
[root@bwStagingTesting sridhar]# ps aux | grep postfix
root 1258 0.0 0.2 12816 2480 ? Ss Feb17 0:13 /usr/libexec/postfix/master
postfix 1268 0.0 0.2 13228 2896 ? S Feb17 0:07 qmgr -l -t fifo -u
postfix 2158 0.0 0.2 12888 2468 ? S Feb17 0:00 tlsmgr -l -t unix -u
postfix 4860 0.0 0.2 12892 2496 ? S 12:12 0:00 pickup -l -t fifo -u
postfix 4988 0.0 0.2 13036 2604 ? S 12:15 0:00 cleanup -z -t unix -u
postfix 4990 0.0 0.3 13148 3096 ? S 12:15 0:00 local -t unix
root 5334 0.0 0.0 4356 728 pts/5 S+ 12:15 0:00 grep postfix
Seems OK to me. I then checked if I am able to telnet on the local host to port 25 and I got the following results
LIVE SERVER
[root@bw sridhar]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
TEST SERVER
[root@bwStagingTesting sridhar]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.st.biz ESMTP Postfix
ehlo localhost
250-mail.st.biz
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
I tried telnet to the ip addresses of the respective servers from my laptop. Telnet to the LIVE server resulted in telnet: Unable to connect to remote host: Connection refused
However I am able to telnet to the test server.
So I checked if someone is listening on port 25 on the two machines and on the live server I get the following
LIVE SERVER
[root@bw sridhar]# netstat -lnp | grep 25
unix 2 [ ACC ] STREAM LISTENING 8125 1341/dovecot /var/run/dovecot/login/pop3
unix 2 [ ACC ] STREAM LISTENING 8425 1433/master public/cleanup
TEST SERVER
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1258/master
tcp 0 0 :::25 :::* LISTEN 1258/master
unix 2 [ ACC ] STREAM LISTENING 8270 1258/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 8277 1258/master private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 8281 1258/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 8285 1258/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 8289 1258/master private/defer
unix 2 [ ACC ] STREAM LISTENING 8293 1258/master private/trace
unix 2 [ ACC ] STREAM LISTENING 8297 1258/master private/verify
unix 2 [ ACC ] STREAM LISTENING 8301 1258/master public/flush
unix 2 [ ACC ] STREAM LISTENING 8305 1258/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 8309 1258/master private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 8313 1258/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 8317 1258/master private/relay
unix 2 [ ACC ] STREAM LISTENING 8321 1258/master public/showq
unix 2 [ ACC ] STREAM LISTENING 8325 1258/master private/error
unix 2 [ ACC ] STREAM LISTENING 8329 1258/master private/retry
unix 2 [ ACC ] STREAM LISTENING 8333 1258/master private/discard
unix 2 [ ACC ] STREAM LISTENING 8337 1258/master private/local
unix 2 [ ACC ] STREAM LISTENING 8341 1258/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 8345 1258/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 8349 1258/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 8353 1258/master private/scache
I see that the first two lines displayed for the TEST SERVER are missing in the entries for LIVE server. Which means that postfix is not listening on port 25 on the LIVE server This has got me wondering if this could be the reason that the bounces are not reaching the LIVE SERVER but are reaching the TEST server.
Been at it for two days and still haven't found a clue on how to fix this. Any ideas on how I can resolve this?
update : iptable entries
LIVE SERVER
[root@bw sridhar]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:distinct
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TEST SERVER
[root@bwStagingTesting sridhar]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:distinct
ACCEPT tcp -- anywhere anywhere tcp dpt:munin
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
update : Verbose iptable listing
[root@bookingwire sridhar]# iptables -L --verbose
Chain INPUT (policy DROP 1662 packets, 103K bytes)
pkts bytes target prot opt in out source destination
184K 190M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
7 400 DROP tcp -- any any anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
2140 128K ACCEPT all -- lo any anywhere anywhere
1176 67092 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
3 120 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
6 360 ACCEPT tcp -- any any anywhere anywhere tcp dpt:distinct
8 432 ACCEPT tcp -- any any anywhere anywhere tcp dpt:smtp
1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:urd
2 88 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3
38 2260 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3s
1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imap
1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:imaps
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 112K packets, 103M bytes)
pkts bytes target prot opt in out source destination
update : complete master.cf listing
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
update:postfix listening on 587
[root@bw sridhar]# netstat -lnp | grep master
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 16536/master
tcp 0 0 :::587 :::* LISTEN 16536/master
unix 2 [ ACC ] STREAM LISTENING 152749 16536/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 152756 16536/master private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 152760 16536/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 152764 16536/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 152768 16536/master private/defer
unix 2 [ ACC ] STREAM LISTENING 152772 16536/master private/trace
unix 2 [ ACC ] STREAM LISTENING 152776 16536/master private/verify
unix 2 [ ACC ] STREAM LISTENING 152780 16536/master public/flush
unix 2 [ ACC ] STREAM LISTENING 152784 16536/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 152788 16536/master private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 152792 16536/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 152796 16536/master private/relay
unix 2 [ ACC ] STREAM LISTENING 152800 16536/master public/showq
unix 2 [ ACC ] STREAM LISTENING 152804 16536/master private/error
unix 2 [ ACC ] STREAM LISTENING 152808 16536/master private/retry
unix 2 [ ACC ] STREAM LISTENING 152812 16536/master private/discard
unix 2 [ ACC ] STREAM LISTENING 152816 16536/master private/local
unix 2 [ ACC ] STREAM LISTENING 152820 16536/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 152824 16536/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 152828 16536/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 152832 16536/master private/scache
unix 2 [ ACC ] STREAM LISTENING 149905 16103/dovecot /var/run/dovecot/auth-master
[root@bw sridhar]# telnet localhost 587
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.bookingwire.co.uk ESMTP Postfix
ehlo localhost
250-mail.bookingwire.co.uk
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
Since Postfix runs as "master" I did grep's for master in netstat. Notice the first two lines its obvious that postfix is listening on port 587. I then telnet to port 587 and verified that my assumption was right. Now what I don't understand is why would it listen on port 587 and how do I change it to listen on port 25
Your master.cf doesn't have a configuration line to handle SMTP on port 25. A single line is missing:
smtp inet n - n - - smtpd
In my file, this is the first line after the initial comment block.