I have installed Postfix on my server with DNS. I am not sure what information I should provide here so let me explain the setup and goals.

I have SuSE Enterprise 9, Apache, Static IP address. In other words a hosted website/server. I am able to send emails to certain addresses like hotmail, but not others. I am also able to send to a local email address. I am not able to receive amything.




In the failure header of trying to send to the postfix address:

**********************************************
** THIS IS A WARNING MESSAGE ONLY **
** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
**********************************************

The original message was received at Wed, 28 Dec 2005 08:09:37 -0600 (CST)
from localhost [127.0.0.1]

----- Transcript of session follows -----
<sapient@hingedmind.com>... Deferred: Connection timed out with mail.hingedmind.com.
Warning: message still undelivered after 1 hour
Will keep trying until message is 1 day old

Reporting-MTA: dns; ccsi.com
Arrival-Date: Wed, 28 Dec 2005 08:09:37 -0600 (CST)

Final-Recipient: RFC822; sapient@hingedmind.com
Action: delayed
Status: 4.4.1
Remote-MTA: DNS; mail.hingedmind.com
Last-Attempt-Date: Wed, 28 Dec 2005 09:18:52 -0600 (CST)
Will-Retry-Until: Thu, 29 Dec 2005 08:09:37 -0600 (CST)

--------------------------------

The email logs are as follows:

Mail:
Dec 28 08:58:32 Mind postfix/pickup[26436]: 00E64225BE: uid=0 from=<root>
Dec 28 08:58:32 Mind postfix/cleanup[27033]: 00E64225BE: message-id=<200512280858.31363.sapient@hingedmind.com>
Dec 28 08:58:32 Mind postfix/qmgr[25223]: 00E64225BE: from=<root@hingedmind.com>, size=521, nrcpt=2 (queue active)
Dec 28 08:58:32 Mind postfix/local[27035]: 00E64225BE: to=<sapient@hingedmind.com>, relay=local, delay=1, status=sent (delivered to mailbox)
Dec 28 08:59:02 Mind postfix/smtp[27036]: connect to gateway.hingedmind.com[24.176.227.138]: Connection timed out (port 25)
Dec 28 08:59:02 Mind postfix/smtp[27036]: 00E64225BE: to=<bemiller@ccsi.com>, relay=none, delay=31, status=deferred (connect to gateway.hingedmind.com[24.176.227.138]: Connection timed out)
Dec 28 09:00:07 Mind postfix/qmgr[25223]: 9331E2258E: from=<root@hingedmind.com>, size=1476, nrcpt=1 (queue active)
Dec 28 09:00:37 Mind postfix/smtp[27036]: connect to gateway.hingedmind.com[24.176.227.138]: Connection timed out (port 25)
Dec 28 09:00:37 Mind postfix/smtp[27036]: 9331E2258E: to=<dmckk@aol.com>, relay=none, delay=7080, status=deferred (connect to gateway.hingedmind.com[24.176.227.138]: Connection timed out)


Messages Log:

Dec 28 08:34:49 Mind smbd[26987]: [2005/12/28 08:34:49, 0] lib/util_sock.c:get_peer_addr(1150)
Dec 28 08:34:49 Mind smbd[26987]: getpeername failed. Error was Transport endpoint is not connected
Dec 28 08:34:49 Mind smbd[26987]: [2005/12/28 08:34:49, 0] lib/util_sock.c:write_socket_data(430)
Dec 28 08:34:49 Mind smbd[26987]: write_socket_data: write failure. Error = Connection reset by peer
Dec 28 08:34:49 Mind smbd[26987]: [2005/12/28 08:34:49, 0] lib/util_sock.c:write_socket(455)
Dec 28 08:34:49 Mind smbd[26987]: write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer
Dec 28 08:34:49 Mind smbd[26987]: [2005/12/28 08:34:49, 0] lib/util_sock.c:send_smb(647)
Dec 28 08:34:49 Mind smbd[26987]: Error writing 4 bytes to client. -1. (Connection reset by peer)
Dec 28 08:45:30 Mind -- MARK --
Dec 28 08:59:01 Mind /USR/SBIN/CRON[27042]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)

Thanks

Not sure about the receiving, I'd guess that would be something to do with the MX record that is set up at your host provider not pointing to the IP where the mail server is actually running. (Do you have a static IP on your mailserver or does it change every now and then?)

As for not being able to send to some places it could be that there is no reverse DNS for your mail server (related to the DNS stuff above).

I had the same problem when I set up my mail server. In the end what I had to do was just get postfix to forward all mail for sending to the smtp address of my service provider. Worked a treat then..

I'd like to go into more detail but I set things up a while ago and as is the case with Linux once it working it just keeps going and I invariably forget what I did to get it working...

Plus I’m at work (boo!) and haven’t got access to my machine right now..

Not sure about the receiving, I'd guess that would be something to do with the MX record that is set up at your host provider not pointing to the IP where the mail server is actually running. (Do you have a static IP on your mailserver or does it change every now and then?)

As for not being able to send to some places it could be that there is no reverse DNS for your mail server (related to the DNS stuff above).

I had the same problem when I set up my mail server. In the end what I had to do was just get postfix to forward all mail for sending to the smtp address of my service provider. Worked a treat then..

I'd like to go into more detail but I set things up a while ago and as is the case with Linux once it working it just keeps going and I invariably forget what I did to get it working...

Plus I’m at work (boo!) and haven’t got access to my machine right now..


Thank you for responding the.spike. I have a static IP, I want this server to be a mail server.

Here are my configuration files. Perhaps you can see the obvious.


I could be wrong, but in looking at the logs, it appears it is timing out.

Dec 29 06:27:21 Mind postfix/pickup[24304]: 8060F2269B: uid=0 from=<root>
Dec 29 06:27:23 Mind postfix/cleanup[24401]: 8060F2269B: message-id=<200512290626.52870.sapient@hingedmind.com>
Dec 29 06:27:23 Mind postfix/qmgr[24305]: 8060F2269B: from=<root@hingedmind.com>, size=505, nrcpt=2 (queue active)
Dec 29 06:27:27 Mind postfix/local[24403]: 8060F2269B: to=<sapient@hingedmind.com>, relay=local, delay=10, status=sent (delivered to command: /usr/bin/procmail -Y -a $DOMAIN)
Dec 29 06:27:54 Mind postfix/smtp[24404]: connect to gateway.hingedmind.com[24.176.227.138]: Connection timed out (port 25)
Dec 29 06:27:58 Mind postfix/smtp[24404]: 8060F2269B: to=<bemiller@ccsi.com>, relay=none, delay=41, status=deferred (connect to gateway.hingedmind.com[24.176.227.138]: Connection timed out)


Could this be related to my MX records? Remember this is a static IP address. I have a business line piped in here.

Note:

LAN IP: 10.0.0.1
Machine IP: 10.0.0.10
Static IP: 24.176.227.138
hostname: Mind
Domain: www.hingedmind.com


File: 10.0.0.conf
#
# Configuration file for the reverse lookup of the 10.0.0.1/24 network.
#
zone "0.0.10.in-addr.arpa" in {
type master;
file "master/10.0.0.in-addr.arpa.zone";
};

10.0.0.in-addr.arpa.zone

$TTL 2D
@ IN SOA hingedmind.com. sapient.hingedmind.com. (
1999092901 ; serial
1D ; refresh
2H ; retry
1W ; expiry
2D ) ; minimum

IN NS ns.hingedmind.com.
1 IN PTR hingedmind.com.
2 IN PTR www.hingedmind.com.

hingedmind.com.conf

#
# Configuration file for the hingedmind.com zone.
#
zone "hingedmind.com" in {
type master;
file "master/hingedmind.com.zone";
};


hingedmind.com.zone

$TTL 2D
@ IN SOA hingedmind.com. postmaster.hingedmind.com. (
1999092901 ; serial
1D ; refresh
2H ; retry
1W ; expiry
2D ) ; minimum

IN NS hingedmind.com.
IN MX 10 mail.hingedmind.com.
TXT "hingedmind"

localhost IN A 127.0.0.1
Mind.hingedmind.com. IN A 10.0.0.10
www.hingedmind.com. IN A 10.0.0.10
hingedmind.com. IN A 10.0.0.10

www IN CNAME hingedmind.com
ftp IN CNAME www.hingedmind.com.
mail IN CNAME hingedmind.com.
news IN CNAME hingedmind.com.

Are you actually running the DNS server that serves out the address for your website to people on the web? It seems from your config that you might be, or at least you are trying to.

The way I've got things set up I use my hosting company's DNS for the mail records and web hosting and just point the MX record at my mailserver at home. (Remembering to open port 25 so SMTP traffic can get in). Anyone that browses to a web page gets served the hosting company’s address that has my page.

I also run a DNS but it is only internal. My windows machines use it for addressing. My postfix mail server doesn't need it as it forwards all outgoing mail to my internet provider so doesn't need to look anyone up (the provide has a reverse DNS address my semi static one served to me doesn't).

If you are trying to run a full DNS (ie you are setting up a company's website called www.company.com and the DNS will serve address for all company.com subdomains) then I can't help you since I've only got the simple setup I mention above.

Although having just written all of the above and then looking at your log again it might just be that port 25 needs opening up. That would explain the timeout..

Yes, this is a static IP domain. www.hingedmind.com (24.176.227.138).. And yes, a DNS server... However, I depend on my Netgear router to hand out LAN IPs and forward any http requests to my domain i.e. 10.0.0.10.

I would like this server to be a mail server so that I can send email to people who sign up for the forums or request passwords from say a forum, etc... I am not (at this time) interested in setting up email accounts and such. Except for of course the local stuff.


It appears that 25 is open...

Mind:/home/Sapient/postfix # nmap -vv localhost

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-12-29 07:54 PST
Host localhost (127.0.0.1) appears to be up ... good.
Initiating SYN Stealth Scan against localhost (127.0.0.1) at 07:54
Adding open port 110/tcp
Adding open port 22/tcp
Adding open port 53/tcp
Adding open port 3306/tcp
Adding open port 111/tcp
Adding open port 25/tcp
Adding open port 445/tcp
Adding open port 80/tcp
Adding open port 389/tcp
Adding open port 139/tcp
Adding open port 427/tcp
Adding open port 953/tcp
Adding open port 631/tcp
The SYN Stealth Scan took 1 second to scan 1659 ports.
Interesting ports on localhost (127.0.0.1):
(The 1646 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
139/tcp open netbios-ssn
389/tcp open ldap
427/tcp open svrloc
445/tcp open microsoft-ds
631/tcp open ipp
953/tcp open rndc
3306/tcp open mysql

Nmap run completed -- 1 IP address (1 host up) scanned in 1.094 seconds
Mind:/home/Sapient/postfix #

OK.. checked out your DNS at http://www.dnsstuff.com/tools/lookup.ch?name=hingedmind.com&type=ALL and all looks well (it's set up the same as mine so we know that's working!).

You said that you rely on your netgear router to forward http requests to your domain. Does it also forward smtp request on 25? nmap says the port is open but it might not be getting traffic from the router. Check out http://www.grc.com/ and click on shieldsup. Have a read and run the test. It will show you what ports are open at the IP address you browse to it with. This will show us whether port 25 is open on the router.

Then we can move on to the postfix config..

OK.. checked out your DNS at http://www.dnsstuff.com/tools/lookup.ch?name=hingedmind.com&type=ALL and all looks well (it's set up the same as mine so we know that's working!).

You said that you rely on your netgear router to forward http requests to your domain. Does it also forward smtp request on 25? nmap says the port is open but it might not be getting traffic from the router. Check out http://www.grc.com/ and click on shieldsup. Have a read and run the test. It will show you what ports are open at the IP address you browse to it with. This will show us whether port 25 is open on the router.

Then we can move on to the postfix config..

Thanks the.spike... great site! Needed that one earlier....

Let me check it out and I will get back with you....

Not sure which one you were wanting to to run. Here is the stealth check.


25
SMTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

also



GRC Port Authority Report created on UTC: 2005-12-29 at 18:51:51

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Not sure which one you were wanting to to run. Here is the stealth check.


25
SMTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

This basically means that port 25 can not be seen from the internet. Therefore no smtp server will ever be able to send mail to your mail server. You'll need to open up port 25 on your router (or get it to forward traffic for port 25).

Without doing that you'll never be able to receive email to that server.

<edit>
And looking at the other output it looks like port 80 is stealth as well?
</edit>

so none of your ports are being forwarded through the netgear.

This basically means that port 25 can not be seen from the internet. Therefore no smtp server will ever be able to send mail to your mail server. You'll need to open up port 25 on your router (or get it to forward traffic for port 25).

Without doing that you'll never be able to receive email to that server.

<edit>
And looking at the other output it looks like port 80 is stealth as well?
</edit>


Yes, they are all stealth and the http works great. However, I am port forwarding through the router on port 80 i.e.


service start stop ip
http 80 80 10.0.0.10 (server)

OK, is the same port forwarding set up for port 25 as well?

No, it is not.

OK, update.... Everything works now except receiving email on the server. So I can send and it is delivered just fine. I might add it was a rewrite of the conf and some changes in the /etc/postfix transport (which was nothing more than getting rid of a reference to gateway).

Still no returns....


I also might add that I had help with this from an individual.

OK, is the same port forwarding set up for port 25 as well?
No its not

You need to have your router to forward all requests on port 25 to your server. This is the port that SMTP works on, not port 80 (which is http). (Obviously leaving the port 80 forwarding there so that http still works!).

Your postfix service will by default be listening on port 25. You COULD change this but it would be pointless as all other mail servers on the internet will be trying to communicate with port 25.

Although you could have postfix listening on port x and have your router forward traffic for port 25 to port x, but that would just be silly.

So, crux of it is, set up the forwarding for port 25!

spike...