Should port 25 timeout?
Right now emails are being delivered just fine, however connection to the port 25 is not possible externally.
port 25 is bound to all ips:
iptables has nothing blocked and smtp rules are set to allow:
Also checked if my IP was block, and no it was not. exim is running and receiving/sending emails, confirmed on the /var/log/exim_mainlog. Looked around but no idea how to fix, exim_paniclog is spamming every X minutes:
I did try the only suggestion I found /scripts/updateuserdomains to no avail. If I do telnet ip 25 from within the server, it works, if I do from outside it timeouts. If I do telnet ip 465 from outside it connects but exim_mainlog throws:
And connection is closed. Would love some help here, should port 25 be accessible? How to fix the certificate issues?
[root@s ~]# netstat -ltn |grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 :::25 :::* LISTENiptables has nothing blocked and smtp rules are set to allow:
[root@master ~]# iptables -L | grep smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner GID match mailman
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner GID match mail
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner UID match cpanel
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner UID match root
LOGDROPOUT tcp -- anywhere anywhere multiport dports smtp,urd,submissionAlso checked if my IP was block, and no it was not. exim is running and receiving/sending emails, confirmed on the /var/log/exim_mainlog. Looked around but no idea how to fix, exim_paniclog is spamming every X minutes:
2016-08-24 00:50:33 Warning: No server certificate defined; TLS connections will fail.
Suggested action: either install a certificate or change tls_advertise_hosts optionI did try the only suggestion I found /scripts/updateuserdomains to no avail. If I do telnet ip 25 from within the server, it works, if I do from outside it timeouts. If I do telnet ip 465 from outside it connects but exim_mainlog throws:
(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
TLS client disconnected cleanly (rejected our certificate?)And connection is closed. Would love some help here, should port 25 be accessible? How to fix the certificate issues?
-
This thread may be of some use regarding the TLS connections fail message: Warning: No server certificate defined; TLS connections will fail. 0 -
Thanks infopro, what about the port 25? It's VPS on a datacenter so I doubt port 25 is blocked by them. 0 -
Port 25 is blocked by many ISPs of course, I agree it's probably not blocked by the datacenter though. Do you have CSF installed? 0 -
Hello, You may also want to check with your hosting provider to verify port 25 isn't blocked at the network level. Some providers block port 25 on purpose as a method of reducing SPAM. Thank you. 0 -
Yes, I do have csf, but as I early mentioned 25 is not blocked by the firewall and is configured on the in/out of csf as well. I will check with my provider, but is there any side effect having it blocked? I tough it was a necessary port for incoming emails and whatnot, but since I am receiving everything just fine, doesn't impose any problems to me. And once again, thanks for the prompt answers. EDIT: just checked with my provider and their answer was no, port 25 is not blocked at network level, I also tried to completely disable my firewall and even so exim still time out at it. 0 -
just checked with my provider and their answer was no, port 25 is not blocked at network level, I also tried to completely disable my firewall and even so exim still time out at it.
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you.0 -
Hi Michael, Even thought I appreciate the ticket offer and all the help so far, I did like to find the root of the issue myself, so if you guys remember even the tiniest thing that I could do, let me know. I've just used this site Telnet-like TCP/IP Service Testing and tested all the stmp options pertinent to the port 25 and all of it worked. So I assume the block happening is perhaps due to the IP's not meting certain requirements, even tough I can't seem to see anything on the /var/log/ about drops oor reject connections from exim or firewall, could there be any other log file I would need to check for to see it? Currently using mainlog, exim_mainlog, exim_paniclog, secure. 0 -
Could you verify if "WHM >> SMTP Restrictions" is enabled? It's documented at: Thank you. 0 -
Again, Michael, very appreciated for sticking along, thanks! SMTP restrictions are off as CSF asks to disable it when using STMP_BLOCK, which from what I read does not block incoming connections to the port 25, and SMTPAUTH_RESTRICT in the link you sent is also turned off. Like I early mentioned, I did test that site and on top of that I am not being affect by mail deliveries and such(as I am normally receiving mails, and can send mails from gmail/hotmail to my self just fine), which makes me think its fine. I just found it odd that it doesn't let me connect to the port 25 given its not being blocked. As of now I couldn't find anything that would lead to why that happens, further in, any drop/reject CSF/iptables are shown to /var/log/messages and I can't see my IP there and I can see exim_mainlog receiving connects as well, not from me(my ip), but hotmail and other providers. I guess this is pretty much me trying to figure out what is the configuration not allowing me to connect to port 25 while other places can do it. Also I don't think it could be my broadband provider since I believe issuing a telnet ip 25 would use a random source port to connect to it right? OK, I think that is the only viable thing left, my broadband provider does a wide block on users trying to reach destination port 25. Feel silly now, sorry for taking your time, I would expect them from blocking me from creating a smtp server, but I wasn't expecting them from blocking me to globally access any ip on that destination port regardless of my source port. Just in case I have sent you my IP, if you don't mind giving a small test to the smtp port just to make this clear I would greatly appreciate. --------------------------- Bottom line, even if your server provider does not block port 25, does not mean your own home/office internet provider does not block access to the destination port 25. 0 -
OK, I think that is the only viable thing left, my broadband provider does a wide block on users trying to reach destination port 25. Feel silly now, sorry for taking your time, I would expect them from blocking me from creating a smtp server, but I wasn't expecting them from blocking me to globally access any ip on that destination port regardless of my source port. Just in case I have sent you my IP, if you don't mind giving a small test to the smtp port just to make this clear I would greatly appreciate.
Hello, I'm happy to see you were able to address the issue. I've confirmed the IP address you provided is responding to connection attempts over port 25. Thanks!0
Please sign in to leave a comment.
Comments
10 comments