I am running Redhat 7.2 and I am trying to install an email server. However when I try to telnet to port 25 it comes immediately back with connection refused. When I installed I picked no firewall. So I don't know why this port is blocked. Where can I find who what when and where is blocking this port.

I would make sure ipchains isn't starting. Look in /var/log/messages to see if it's there.

Then look in /etc/sysconfig/ipchains to see if there is a rule set up for port 25.

And just some friendly advice, if you're running a mail server, put a firewall in, you'll be happy you did and never know it!

Good Luck
;)

get 'nmap' and scan your network (it works offline as well).

you can try running 'ps waux' or 'pstree' in the console/terminal to see if anything funny is running in the background, too.

when you find the troublesome item, I suppose you can just uninstall it (or if it's an essential item, you should be able to disable it from starting when you boot).

Thanks for the replies.
I know I need a firewall setup I just don't want one just yet. They screw me up if i don't have them installed right and I always ask myself is it the firewall. LOL. I always question stuff like that.

Anyway, I looked in /var/log/messages and didn't see any thing about my blocked access. Then I went into /etc/sysconfig/ipchains and saw a line
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT so I commented it out and rebooted. Which didnt help either.

I am getting ready to install nmap and see what happens.

Any other suggestions??

I think this is related to the default firewall rules when you setup Red Hat 7.2. It should be just setting up iptables and not ipchains, but I really haven't looked much into the newer distros of Red Hat until very recently.

Let us suppose it is using ipchains, there is probably a rule set that is preventing SMTP, TCP/25. Try running these commands in a script or just by themseleves:

/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward ACCEPT

next try:

ipchains -A input -p tcp -i $INTERFACE -d $MYIP 25 -j ACCEPT
ipchains -A output -p tcp -i $INTERFACE -s $MYIP 25 -j ACCEPT

Change $INTERFACE to ppp0 or eth0 (whatever you are using) and $MYIP to your IP address. This should allow smtp from anywhere. This is not a very secure implementation, but I'm tired....I just hope it works for ya.

When I actually moved the telnet port to use 25 i could telnet to there no problem but when I moved it back to 23 i could not telnet to 25 anymore. I did the ipchains commands and those didnt work either. Still trying to do nmap.

Ok I ran nmap and it tells me only these ports are open

22,23,3128, 6000.

So how can I open 25???? I have qmail working on the server but I don't know if it will work on the network until I get this resolved. Shouldn't qmail be listening on ports 110 and 25???

I could however telnet to 127.0.0.1 and it came up. but it said it was SENDMAIL

[ 22 January 2002: Message edited by: sdunn ]

On a side note to this, I've noticed that some ISPs have started filtering port 25 to try and stop spammers. In Canada, sympatico.ca just started doing this and I went nuts trying to figure out why a couple of our clients weren't able to use our main webserver for sending mail. Sympatico now forces its users to use its own outgoing mailserver. If you're trying to telnet in from outside your network, this might be a possible reason why its refused. If inside, please ignore this message.

Oh, here's an excerpt from Sympatico's Email Settings statement:

To maintain an industry best-practice network configuration, and in turn help protect Sympatico members and members of other ISPs from Email Spam (unwanted or unsolicited email messages) the Sympatico service has implemented tighter controls over use of its email servers.

Tight controls on the use of Sympatico email servers helps prevent the proliferation of Spam originating from, and being received by, Sympatico members, and ensure that our members continue to enjoy their online experience. This mail server restriction is sometimes refered to as "Port 25 Filtering".

What Port 25 filtering means for Sympatico members
This means that Sympatico members must use the designated mail server setting to send email. It also means that only those connected to the Internet as Sympatico members (Dial-Up Internet or High Speed Edition) can use the Sympatico mail servers to send email.

[ 22 January 2002: Message edited by: Syngin ]

Originally posted by Taizong:
<STRONG>I think this is related to the default firewall rules when you setup Red Hat 7.2. It should be just setting up iptables and not ipchains, but I really haven't looked much into the newer distros of Red Hat until very recently.

</STRONG>
That is wrong. RedHat 7.2 by default uses ipchains. Infact during the boot process, the kernel tries to load ipchains first, and only if it is not found will it try to load iptables.

That is why if you want iptables to work, you need to uninstall ipchains, along with lokkit and one other rpm.

For the original poster... have you actually activated the mail server yet. I think maybe actually having a service running on the port might let you in.

And when you're ready for a firewall, I have a real nice iptables script you can have. It works great.

Good Luck

Can you pass that script onto me to take a look at? I would like to learn to use iptables.

taizong@upinthispiece.net

What's your hosts.allow and hosts.deny files look like? Could be they're not allowing access to anything but LOCAL (127.0.0.1) and thus when you telnet 127.0.0.1:25 sendmail comes up.

I would also like to see a nice iptable-firewall. I currently have a working ipchains firewall, but not a iptables. zaerth@yahoo.com would be the place to send it. Thanks.

I have qmail running. But I guess I don't have it running right. When I look and see what services are running everything that is open is in this box. I reinstalled and added ftp and pop3 and now these ports are open as well. I can move telnet to this port and it works fine but when I move it back to 23 i can no longer telnet to 25 I can telnet to 110 now though WOO HOO!!! I can check mail using outlook on the network. I just can't receive mail yet.

My hosts.allow and hosts.deny are both empty

You guys can check out my iptables script here (http://www.linuxnewbie.org/cgi-bin/ubbcgi/ultimatebb.cgi?ubb=get_topic&f=13&t=005795).

post on that thread to let me know of any questions or comments.

Good Luck

Mike

Ok. Everything that is opened is inside the /etc/xinetd.d folder I don't have something in there for SMTP so the port stays closed. So I thing if I put the right stuff in a file in this directory everything should work. However qmail tells me how to set up inetd.conf but not xinetd.conf does anyone know what I need to put in the folder.
This is what I put in the inetd.conf folder

Set up qmail-smtpd in /etc/inetd.conf (all on one line):
smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env
tcp-env /var/qmail/bin/qmail-smtpd

Some systems use /etc/inetd and others use /etc/xinetd. AFIK you can use the same entries. Just check out the form of entries for other ports.
You might also check /etc/services to make sure the desired port entries are not commented out.

Hook me up with that script man. jenne44@cox.net
I have been trying to figure out how to allow port 21 for an ftp server running on a winders XP machine connected to the network. Would that script help? Heck, even if it wouldn't pass it on :) Thanx.