telnet unable to connect to remote host

I have installed postfix and devcot on one of my live servers to send bulk mail (system messages on sign-up, wrong passwords etc). I use the php_imap function to check bounces and flag those email id's so that we don't keep sending emails to those address that have resulted in a bounce. I noticed that the php_imap function was not reading the bounces on the live servers it did read bounces on the test servers. But the live server is able to send mails! Both the servers have identical Centos 6.4 OS and have the same iptable configuration.

I compared the DNS entries of both "test" and "live" domains and they have the necessary SPF entries. The hosting provider has the necessary PTR records. But the bounces for some reason was not available to the php_imap program.

At this point I was not sure if the bounces were being delivered to the server and dovecot was unable to read them or if the bounces were not delivered at all.

So I compared the entries in /etc/postfix/main.cf and /etc/postfix/master.cf of both the "test" and "live" servers and found them to be the same except for the domain name.

To be sure I checked if postfix is running ps aux | grep postfix and it returned

LIVE SERVER

[root@bw sridhar]# ps aux | grep postfix
root      1433  0.0  0.1  13476  2696 ?        Ss   09:32   0:00 /usr/libexec/postfix/master
postfix   1443  0.0  0.1  13720  2836 ?        S    09:32   0:00 qmgr -l -t fifo -u
postfix   4724  0.0  0.1  13552  2668 ?        S    12:00   0:00 pickup -l -t fifo -u
postfix   4850  0.0  0.1  13696  2776 ?        S    12:15   0:00 cleanup -z -t unix -u
postfix   4852  0.0  0.1  13748  2928 ?        S    12:15   0:00 smtp -t unix -u
postfix   4855  0.0  0.1  13748  2928 ?        S    12:15   0:00 smtp -t unix -u
postfix   4856  0.0  0.1  13588  2656 ?        S    12:15   0:00 bounce -z -n defer -t unix -u
root      4858  0.0  0.0   4360   736 pts/0    S+   12:15   0:00 grep postfix

TEST SERVER

[root@bwStagingTesting sridhar]# ps aux | grep postfix
root      1258  0.0  0.2  12816  2480 ?        Ss   Feb17   0:13 /usr/libexec/postfix/master
postfix   1268  0.0  0.2  13228  2896 ?        S    Feb17   0:07 qmgr -l -t fifo -u
postfix   2158  0.0  0.2  12888  2468 ?        S    Feb17   0:00 tlsmgr -l -t unix -u
postfix   4860  0.0  0.2  12892  2496 ?        S    12:12   0:00 pickup -l -t fifo -u
postfix   4988  0.0  0.2  13036  2604 ?        S    12:15   0:00 cleanup -z -t unix -u
postfix   4990  0.0  0.3  13148  3096 ?        S    12:15   0:00 local -t unix
root      5334  0.0  0.0   4356   728 pts/5    S+   12:15   0:00 grep postfix

Seems OK to me. I then checked if I am able to telnet on the local host to port 25 and I got the following results

LIVE SERVER

[root@bw sridhar]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

TEST SERVER

[root@bwStagingTesting sridhar]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.st.biz ESMTP Postfix
ehlo localhost
250-mail.st.biz
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

I tried telnet to the ip addresses of the respective servers from my laptop. Telnet to the LIVE server resulted in telnet: Unable to connect to remote host: Connection refused

However I am able to telnet to the test server.

So I checked if someone is listening on port 25 on the two machines and on the live server I get the following

LIVE SERVER

[root@bw sridhar]# netstat -lnp | grep 25
unix  2      [ ACC ]     STREAM     LISTENING     8125   1341/dovecot        /var/run/dovecot/login/pop3
unix  2      [ ACC ]     STREAM     LISTENING     8425   1433/master         public/cleanup

TEST SERVER

tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      1258/master         
tcp        0      0 :::25                       :::*                        LISTEN      1258/master         
unix  2      [ ACC ]     STREAM     LISTENING     8270   1258/master         public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     8277   1258/master         private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     8281   1258/master         private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     8285   1258/master         private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     8289   1258/master         private/defer
unix  2      [ ACC ]     STREAM     LISTENING     8293   1258/master         private/trace
unix  2      [ ACC ]     STREAM     LISTENING     8297   1258/master         private/verify
unix  2      [ ACC ]     STREAM     LISTENING     8301   1258/master         public/flush
unix  2      [ ACC ]     STREAM     LISTENING     8305   1258/master         private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     8309   1258/master         private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     8313   1258/master         private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     8317   1258/master         private/relay
unix  2      [ ACC ]     STREAM     LISTENING     8321   1258/master         public/showq
unix  2      [ ACC ]     STREAM     LISTENING     8325   1258/master         private/error
unix  2      [ ACC ]     STREAM     LISTENING     8329   1258/master         private/retry
unix  2      [ ACC ]     STREAM     LISTENING     8333   1258/master         private/discard
unix  2      [ ACC ]     STREAM     LISTENING     8337   1258/master         private/local
unix  2      [ ACC ]     STREAM     LISTENING     8341   1258/master         private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     8345   1258/master         private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     8349   1258/master         private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     8353   1258/master         private/scache

I see that the first two lines displayed for the TEST SERVER are missing in the entries for LIVE server. Which means that postfix is not listening on port 25 on the LIVE server This has got me wondering if this could be the reason that the bounces are not reaching the LIVE SERVER but are reaching the TEST server.

Been at it for two days and still haven't found a clue on how to fix this. Any ideas on how I can resolve this?

update : iptable entries

LIVE SERVER

[root@bw sridhar]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:distinct 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:urd 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

TEST SERVER

[root@bwStagingTesting sridhar]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
DROP       tcp  --  anywhere             anywhere            tcp     flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:urd 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:distinct 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:munin 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

update : Verbose iptable listing

[root@bookingwire sridhar]# iptables -L --verbose
Chain INPUT (policy DROP 1662 packets, 103K bytes)
pkts bytes target     prot opt in     out     source               destination         
184K  190M ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
0     0 DROP       tcp  --  any    any     anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
7   400 DROP       tcp  --  any    any     anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
0     0 DROP       tcp  --  any    any     anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
2140  128K ACCEPT     all  --  lo     any     anywhere             anywhere            
1176 67092 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:http 
3   120 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:https 
6   360 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:distinct 
8   432 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:smtp 
1    40 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:urd 
2    88 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:pop3 
38  2260 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:pop3s 
1    40 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:imap 
1    40 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:imaps 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 112K packets, 103M bytes)
pkts bytes target     prot opt in     out     source               destination         

update : complete master.cf listing

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
submission inet n   -   n   -   -   smtpd
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n   -   n   -   -   smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n   -   n   -   -   qmqpd
pickup    fifo  n   -   n   60  1   pickup
cleanup   unix  n   -   n   -   0   cleanup
qmgr      fifo  n   -   n   300     1   qmgr
#qmgr     fifo  n   -   n   300     1   oqmgr
tlsmgr    unix  -   -   n   1000?   1   tlsmgr
rewrite   unix  -   -   n   -   -   trivial-rewrite
bounce    unix  -   -   n   -   0   bounce
defer     unix  -   -   n   -   0   bounce
trace     unix  -   -   n   -   0   bounce
verify    unix  -   -   n   -   1   verify
flush     unix  n   -   n   1000?   0   flush
proxymap  unix  -   -   n   -   -   proxymap
proxywrite unix -   -   n   -   1   proxymap
smtp      unix  -   -   n   -   -   smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -   -   n   -   -   smtp
        -o smtp_fallback_relay=
    #   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n   -   n   -   -   showq
error     unix  -   -   n   -   -   error
retry     unix  -   -   n   -   -   error
discard   unix  -   -   n   -   -   discard
local     unix  -   n   n   -   -   local
virtual   unix  -   n   n   -   -   virtual
lmtp      unix  -   -   n   -   -   lmtp
anvil     unix  -   -   n   -   1   anvil
scache    unix  -   -   n   -   1   scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -   n   n   -   -   pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix  -   n   n   -   -   pipe
#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -   n   n   -   -   pipe
#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -   n   n   -   -   pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -   n   n   -   -   pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -   n   n   -   -   pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -   n   n   -   2   pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -   n   n   -   -   pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}

update:postfix listening on 587

[root@bw sridhar]# netstat -lnp | grep master
tcp        0      0 0.0.0.0:587                 0.0.0.0:*                   LISTEN      16536/master        
tcp        0      0 :::587                      :::*                        LISTEN      16536/master        
unix  2      [ ACC ]     STREAM     LISTENING     152749 16536/master        public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     152756 16536/master        private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     152760 16536/master        private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     152764 16536/master        private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     152768 16536/master        private/defer
unix  2      [ ACC ]     STREAM     LISTENING     152772 16536/master        private/trace
unix  2      [ ACC ]     STREAM     LISTENING     152776 16536/master        private/verify
unix  2      [ ACC ]     STREAM     LISTENING     152780 16536/master        public/flush
unix  2      [ ACC ]     STREAM     LISTENING     152784 16536/master        private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     152788 16536/master        private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     152792 16536/master        private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     152796 16536/master        private/relay
unix  2      [ ACC ]     STREAM     LISTENING     152800 16536/master        public/showq
unix  2      [ ACC ]     STREAM     LISTENING     152804 16536/master        private/error
unix  2      [ ACC ]     STREAM     LISTENING     152808 16536/master        private/retry
unix  2      [ ACC ]     STREAM     LISTENING     152812 16536/master        private/discard
unix  2      [ ACC ]     STREAM     LISTENING     152816 16536/master        private/local
unix  2      [ ACC ]     STREAM     LISTENING     152820 16536/master        private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     152824 16536/master        private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     152828 16536/master        private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     152832 16536/master        private/scache
unix  2      [ ACC ]     STREAM     LISTENING     149905 16103/dovecot       /var/run/dovecot/auth-master

[root@bw sridhar]# telnet localhost 587
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.bookingwire.co.uk ESMTP Postfix
ehlo localhost
250-mail.bookingwire.co.uk
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

Since Postfix runs as "master" I did grep's for master in netstat. Notice the first two lines its obvious that postfix is listening on port 587. I then telnet to port 587 and verified that my assumption was right. Now what I don't understand is why would it listen on port 587 and how do I change it to listen on port 25


Your master.cf doesn't have a configuration line to handle SMTP on port 25. A single line is missing:

smtp      inet  n       -       n       -       -       smtpd

In my file, this is the first line after the initial comment block.