Shorewall users - Jan 2005 - smtp blocked by verizon.net los angeles??

I have a fedora 3 with postfix and apache
apache is ok, webmin is fine, etc
no 25 or 110 ?
kevin

Jan  4 15:47:13 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= 
MAC=00:06:29:33
:e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 
TOS=0x00
  PREC=0x00 TTL=44 ID=33681 PROTO=TCP SPT=57621 DPT=25 WINDOW=2048 
RES=0x00 SYN U
RGP=0
Jan  4 15:47:20 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= 
MAC=00:06:29:33
:e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 
TOS=0x00
  PREC=0x00 TTL=46 ID=42848 PROTO=TCP SPT=47635 DPT=110 WINDOW=4096 
RES=0x00 SYN
URGP=0
-- 
Kevin and Martha Brown
Dynamic Management
11448 Brawley Rd
RR 395-3
Oak Hills, CA 92345
760-956-9359
kevin@xkmail.com

On Tue, 2005-01-04 at 15:49 -0800, Kevin Brown wrote:
> I have a fedora 3 with postfix and apache
> apache is ok, webmin is fine, etc
> no 25 or 110 ?
> kevin
> 
> Jan  4 15:47:13 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= 
> MAC=00:06:29:33
> :e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 
> TOS=0x00
>   PREC=0x00 TTL=44 ID=33681 PROTO=TCP SPT=57621 DPT=25 WINDOW=2048 
> RES=0x00 SYN U
> RGP=0
> Jan  4 15:47:20 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= 
> MAC=00:06:29:33
> :e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 
> TOS=0x00
>   PREC=0x00 TTL=46 ID=42848 PROTO=TCP SPT=47635 DPT=110 WINDOW=4096 
> RES=0x00 SYN
> URGP=0

I''m very unclear what you are asking -- you appear to be asking if
traffic blocked while at the same time offering evidence that it isn''t.

We have seen reports recently of an ISP blocking outgoing TCP traffic
with *source port 25*; possibly that''s what your ISP is doing.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Hi,
On Tue, 2005-01-04 at 16:49, Kevin Brown wrote:
> I have a fedora 3 with postfix and apache
> apache is ok, webmin is fine, etc
> no 25 or 110 ?
> kevin
> 
> Jan  4 15:47:13 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= 
> MAC=00:06:29:33
> :e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 
> TOS=0x00
>   PREC=0x00 TTL=44 ID=33681 PROTO=TCP SPT=57621 DPT=25 WINDOW=2048 
> RES=0x00 SYN U
> RGP=0
> Jan  4 15:47:20 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= 
> MAC=00:06:29:33
> :e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 
> TOS=0x00
>   PREC=0x00 TTL=46 ID=42848 PROTO=TCP SPT=47635 DPT=110 WINDOW=4096 
> RES=0x00 SYN
> URGP=0
Not sure exactly what you are asking. Big ISP''s do block SMTP and force
you to use their servers only. This is to stop spammers from using their
network to send spam. Port 110 (POP3) typically is allowed to pass
through no problem. As an example from my home I can get my mail from my
company mail server. I however can not send mail through it. If you set
up your own mail server you can use what qmail call a smarthost.
Sendmail has a different name for it I think. 

--
 _
/-\ ndrew

On Tue, 2005-01-04 at 16:56 -0800, Kevin Brown wrote:
> for some reason if I ssh into a customers linux box, and nmap back to my 
> mail server, it shows port 25 closed.
> and port 80 is open as that is ok it is my web server
> so my question is, why is shorewall dropping port 25 requests?
> I am trying to setup this box at home on my dsl for a backup mx box.
> 
> HERE ARE THE NMAP OUPUT
> 
>  [root@ibm root]# nmap -p 25 xkmail.hopto.org
> Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2005-01-04 16:52
PST
> Interesting ports on wbar8.lax1-4-11-105-055.dsl-verizon.net (4.11.105.55):
> PORT   STATE  SERVICE
> 25/tcp closed smtp
That means that *some host between your client and server* replied with
an error (either an RST or a port-unreachable ICMP).
> Nmap run completed -- 1 IP address (1 host up) scanned in 0.412 seconds
> [root@ibm root]# nmap -p 80 xkmail.hopto.org
> Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2005-01-04 16:52
PST
> Interesting ports on wbar8.lax1-4-11-105-055.dsl-verizon.net (4.11.105.55):
> PORT   STATE SERVICE
> 80/tcp open  http
> Nmap run completed -- 1 IP address (1 host up) scanned in 0.372 seconds
> 
> HERE IS THE /VAR/LOG/MESSAGES
> 
> Jan  4 16:52:39 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= 
> MAC=00:06:29:33
> :e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 
> TOS=0x00
>  PREC=0x00 TTL=29 ID=52791 PROTO=TCP SPT=48913 DPT=25 WINDOW=3072 
> RES=0x00 SYN U
> RGP=0
> 
> THIS IS A DROPPED PACKET RIGHT?
Stop shouting. 

No, that is not a dropped packet; do you think I''m stupid enough to log
dropped packets by marking them as ACCEPT?
> OR WAS THIS ACCEPTED BUT NO POSTFIX LISTENING?
It was accepted -- the packet filter doesn''t know or care if a process
is listening on the port.

You can see what your firewall is doing by using a packet sniffer like
tcpdump (tcpdump -ni eth0 port 25) then try to connect.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Tue, 2005-01-04 at 17:02 -0800, Kevin Brown wrote:
> PS> This is in my rules file:
> # ACCEPT        net     $FW     tcp     25
> # ACCEPT        net     $FW     tcp     110
> 
> I know I have a similar line in above but can''t find the man pages
on "$FW"
> so what is $FW
$FW is the contents of the FW shell variable and is the name of the zone
assigned to the firewall itself. The variable has the default value
''fw''
but can be changed in /etc/shorewall/shorewall.conf.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Tue, 2005-01-04 at 17:22 -0800, Kevin Brown wrote:
> thats odd, I thought it would be just fw instead of $FW.
> I found that line in my shorewall.conf
If $FW=fw then of course you can use either.

-Tom
PS -- please keep your posts on the list
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Tue, 2005-01-04 at 17:21 -0800, Kevin Brown wrote:
> Ok, here is a rtcpdump:
> [root@ibm mail]# tcpdump dst port 25
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 17:20:56.903573 IP adsl-67-127-200-22.dsl.lsan03.pacbell.net.45744 > 
> wbar8.lax1-
> 4-11-105-055.dsl-verizon.net.25: S 890417746:890417746(0) win 4096
> SO I guess it is safe to say it was received, but I can''t tell if
it was
> blocked or dropped or rejected.
If you would have shown ALL of the packets, I could have told you.

-Tom
ps - Keep this on the list!
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Thats odd, I have a FW=fw but not a $fw=fw
This is a pretty standard 2 nic download from shoreline.

[root@ibm mail]# grep -e FW /etc/shorewall/shorewall.conf
FW=fw

Tom Eastep wrote:
>On Tue, 2005-01-04 at 17:22 -0800, Kevin Brown wrote:
>  
>
>>thats odd, I thought it would be just fw instead of $FW.
>>I found that line in my shorewall.conf
>>    
>>
>
>If $FW=fw then of course you can use either.
>
>-Tom
>PS -- please keep your posts on the list
>  
>
-- 
Kevin and Martha Brown
Dynamic Management
11448 Brawley Rd
RR 395-3
Oak Hills, CA 92345
760-956-9359
kevin@xkmail.com

On Tue, 2005-01-04 at 17:19 -0800, Kevin Brown wrote:
> Sorry about the capitals,
> I was trying to make the questions stand out from the text.
> So, I thought if it was logged it was dropped.
> 
> Jan  4 16:52:39 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= 
> MAC=00:06:29:33
> :e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 
> TOS=0x00
>  PREC=0x00 TTL=29 ID=52791 PROTO=TCP SPT=48913 DPT=25 WINDOW=3072 
> RES=0x00 SYN U
> RGP=0
> 
> So this means that machine 67.127.200.22 sent a packet from port 48913 to
my box at 4.11.105.55 on port 25.
> Does the first line that says ACCEPT mean it was accepted?
Yes. You haven''t given us any details about your configuration but
either you have this in /etc/shorewall/rules:

ACCEPT:<level>	   net    fw    tcp    25

or you have this in /etc/shorewall/policy:

net        fw        ACCEPT       <level>

Where <level> is a syslog level (see
http://shorewall.net/shorewall_logging.html).

Shorewall FAQ 17 tells you how to interpret Shorewall log messages.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Tue, 2005-01-04 at 17:32 -0800, Kevin Brown wrote:
> Thats odd, I have a FW=fw but not a $fw=fw
Kevin,

You need to do some basic reading about Linux and the shell. When you
assign variable V the value v, you write:

V=v

When you want to refer to the value of V, you write $V.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Sorry for top posting....but the list only seems to be getting one side 
of the conversation.  I thought "private reply" posts were to be 
silently dropped?  :-)

Tom Eastep wrote:
> On Tue, 2005-01-04 at 17:19 -0800, Kevin Brown wrote:
> 
>>Sorry about the capitals,
>>I was trying to make the questions stand out from the text.
>>So, I thought if it was logged it was dropped.
>>
>>Jan  4 16:52:39 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= 
>>MAC=00:06:29:33
>>:e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 
>>TOS=0x00
>> PREC=0x00 TTL=29 ID=52791 PROTO=TCP SPT=48913 DPT=25 WINDOW=3072 
>>RES=0x00 SYN U
>>RGP=0
>>
>>So this means that machine 67.127.200.22 sent a packet from port 48913
to my box at 4.11.105.55 on port 25.
>>Does the first line that says ACCEPT mean it was accepted?
> 
> 
> Yes. You haven''t given us any details about your configuration but
> either you have this in /etc/shorewall/rules:
> 
> ACCEPT:<level>	   net    fw    tcp    25
> 
> or you have this in /etc/shorewall/policy:
> 
> net        fw        ACCEPT       <level>
> 
> Where <level> is a syslog level (see
> http://shorewall.net/shorewall_logging.html).
> 
> Shorewall FAQ 17 tells you how to interpret Shorewall log messages.
> 
> -Tom
-- 
"A common mistake that people make when trying to design something
completely foolproof was to underestimate the ingenuity of complete
fools."

--Ford Prefect in "Mostly Harmless".

On Wed, 2005-01-05 at 09:42 +0800, Ed Greshko wrote:
> Sorry for top posting....but the list only seems to be getting one side 
> of the conversation.  I thought "private reply" posts were to be 
> silently dropped?  :-)
Yep, I answered two posts before I discovered that the OP thinks I''m
his private Unix consultant.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Tue, 2005-01-04 at 17:29 -0800, Kevin Brown wrote:
> Ok, I got half of it figured out.
> If I nmap port 25 it says closed.
> but as I receive a tcpdump port 25 I know that shorewall answers...
> I jsut don''t know why it doesn''t connect.
> Nmap should say |open| not closed
One last time -- If you will show me ALL of the tcpdump output, I can
tell you exactly what your firewall is doing.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Tom Eastep wrote:
> On Tue, 2005-01-04 at 17:19 -0800, Kevin Brown wrote:
> 
>>Sorry about the capitals,
>>I was trying to make the questions stand out from the text.
>>So, I thought if it was logged it was dropped.
>>
>>Jan  4 16:52:39 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= 
>>MAC=00:06:29:33
>>:e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 
>>TOS=0x00
>> PREC=0x00 TTL=29 ID=52791 PROTO=TCP SPT=48913 DPT=25 WINDOW=3072 
>>RES=0x00 SYN U
>>RGP=0
>>
>>So this means that machine 67.127.200.22 sent a packet from port 48913
to my box at 4.11.105.55 on port 25.
>>Does the first line that says ACCEPT mean it was accepted?
Since it does mean the packet was accepted it seems difficult to blame 
it on iptables.  Shouldn''t the OP be trying simple things like:

1.  issue a "shorewall clear" to see what happens when all the rules
are
eliminated.

2.  With the rules enabled, on the host "ibm" type in "telnet
localhost
25" and "telnet 4.11.105.55 25" to see if there is a difference. 
I''ve
not done this in a while....but I sort of recall that if a process was 
configured to not listen on all available ports you''d get
"connection
refused".  In most cases "sendmail" is configured out of the box
to only
listen on 127.0.0.1 but not sure about postfix.

3.  Use a nice tool like "netstat".

Just some ideas off the top of my head, before coffee....on a cool morning.



-- 
"A common mistake that people make when trying to design something
completely foolproof was to underestimate the ingenuity of complete
fools."

--Ford Prefect in "Mostly Harmless".

HI tom,
I thought I sent you the tcpdump output, here it is when i nmap it.
tcpdump -ni eth0 port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18:08:14.730274 IP 67.127.200.22.55852 > 4.11.105.55.smtp: S 
9009381:9009381(0)
win 4096
18:08:14.733459 IP 4.11.105.55.smtp > 67.127.200.22.55852: R 0:0(0) ack 
9009382
win 0
[root@ibm root]# nmap -p 25 xkmail.hopto.org

Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2005-01-04 18:07 PST
Interesting ports on wbar8.lax1-4-11-105-055.dsl-verizon.net (4.11.105.55):
PORT   STATE  SERVICE
25/tcp closed smtp

Nmap run completed -- 1 IP address (1 host up) scanned in 0.417 seconds
Tom Eastep wrote:
>On Tue, 2005-01-04 at 17:29 -0800, Kevin Brown wrote:
>  
>
>>Ok, I got half of it figured out.
>>If I nmap port 25 it says closed.
>>but as I receive a tcpdump port 25 I know that shorewall answers...
>>I jsut don''t know why it doesn''t connect.
>>Nmap should say |open| not closed
>>    
>>
>
>One last time -- If you will show me ALL of the tcpdump output, I can
>tell you exactly what your firewall is doing.
>
>-Tom
>  
>
-- 
Kevin and Martha Brown
Dynamic Management
11448 Brawley Rd
RR 395-3
Oak Hills, CA 92345
760-956-9359
kevin@xkmail.com

On Tue, 2005-01-04 at 18:08 -0800, Kevin Brown wrote:
> HI tom,
> I thought I sent you the tcpdump output, here it is when i nmap it.
> tcpdump -ni eth0 port 25
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 18:08:14.730274 IP 67.127.200.22.55852 > 4.11.105.55.smtp: S 
> 9009381:9009381(0)
> win 4096
> 18:08:14.733459 IP 4.11.105.55.smtp > 67.127.200.22.55852: R 0:0(0) ack 
> 9009382
> win 0
Your firewall is responding with an RST. Given that Shorwall is
ACCEPTing the connection, this means that:

a) There is no process listening on 4.11.105.55 port 25; or
b) That process is rejecting the open.

This is not a Shorewall problem, Kevin unless there is something you
aren''t telling us. I agree with Ed -- Issue a "shorewall
clear" and see
if you are able to connect to port 25. If you can''t then (as
I''m
betting), your problem has nothing to do with Shorewall.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Tue, 2005-01-04 at 18:14 -0800, Tom Eastep wrote:
> 
> This is not a Shorewall problem, Kevin unless there is something you
> aren''t telling us. I agree with Ed -- Issue a "shorewall
clear" and see
> if you are able to connect to port 25. If you can''t then (as
I''m
> betting), your problem has nothing to do with Shorewall.
Hint: Most default Postfix configurations only listen on 127.0.0.1 --
you should:

	netstat -tnap 

What is listening on port 25 and what is the IP address?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

OK.
I did a shorewall clear and still shows port 25 closed :-(, and 80 open, 
22 open,
heck nmap me from your end.
nmap -25 xkmail.hopto.org

So I guess we can close this out and call it a postifx config error 
somewhere.
I will repost if I figure it out.
I''m not an expert, I''m not a newbie, I''m a new-pert


Tom Eastep wrote:
>On Tue, 2005-01-04 at 18:08 -0800, Kevin Brown wrote:
>  
>
>>HI tom,
>>I thought I sent you the tcpdump output, here it is when i nmap it.
>>tcpdump -ni eth0 port 25
>>tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
>>listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
>>18:08:14.730274 IP 67.127.200.22.55852 > 4.11.105.55.smtp: S 
>>9009381:9009381(0)
>>win 4096
>>18:08:14.733459 IP 4.11.105.55.smtp > 67.127.200.22.55852: R 0:0(0)
ack
>>9009382
>>win 0
>>    
>>
>
>Your firewall is responding with an RST. Given that Shorwall is
>ACCEPTing the connection, this means that:
>
>a) There is no process listening on 4.11.105.55 port 25; or
>b) That process is rejecting the open.
>
>This is not a Shorewall problem, Kevin unless there is something you
>aren''t telling us. I agree with Ed -- Issue a "shorewall
clear" and see
>if you are able to connect to port 25. If you can''t then (as
I''m
>betting), your problem has nothing to do with Shorewall.
>
>-Tom
>  
>
-- 
Kevin and Martha Brown
Dynamic Management
11448 Brawley Rd
RR 395-3
Oak Hills, CA 92345
760-956-9359
kevin@xkmail.com

Ok, looks like something is listening on port 25
Obviously the last line is my ssh
webmin on 10000, httpd on 80,
I don''t know why sendmail is listening, I didn''t install it ,
only postfix.
But then again:
[root@ibm ~]# rpm -q sendmail
sendmail-8.13.1-2

[root@ibm ~]# netstat -tnap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign 
Address             Stat
e       PID/Program name
tcp        0      0 0.0.0.0:32768               
0.0.0.0:*                   LISTEN      1753/rpc.statd
tcp        0      0 0.0.0.0:111                 
0.0.0.0:*                   LISTEN      1734/portmap
tcp        0      0 0.0.0.0:10000               
0.0.0.0:*                   LISTEN      3449/perl
tcp        0      0 127.0.0.1:5335              
0.0.0.0:*                   LISTEN      3162/mDNSResponder
tcp        0      0 127.0.0.1:25                
0.0.0.0:*                   LISTEN      3241/sendmail: acce
tcp        0      0 :::80                       
:::*                        LISTEN      3346/httpd
tcp        0      0 :::22                       
:::*                        LISTEN      3213/sshd
tcp        0      0 :::25                       
:::*                        LISTEN      3325/master
tcp        0      0 :::443                      
:::*                        LISTEN      3346/httpd
tcp        0      0 ::ffff:192.168.1.1:22       
::ffff:192.168.1.5:1298     ESTA
BLISHED 3827/0

Tom Eastep wrote:
>On Tue, 2005-01-04 at 18:14 -0800, Tom Eastep wrote:
>
>  
>
>>This is not a Shorewall problem, Kevin unless there is something you
>>aren''t telling us. I agree with Ed -- Issue a "shorewall
clear" and see
>>if you are able to connect to port 25. If you can''t then (as
I''m
>>betting), your problem has nothing to do with Shorewall.
>>    
>>
>
>Hint: Most default Postfix configurations only listen on 127.0.0.1 --
>you should:
>
>	netstat -tnap 
>
>What is listening on port 25 and what is the IP address?
>
>-Tom
>  
>
-- 
Kevin and Martha Brown
Dynamic Management
11448 Brawley Rd
RR 395-3
Oak Hills, CA 92345
760-956-9359
kevin@xkmail.com

On 4 Jan 2005 at 18:36, Kevin Brown wrote:
> tcp        0      0 127.0.0.1:25   
Yes, but only to that machine, not listening to the net.
It should say 0.0.0.0:25 like the other lines.

You are only listening to localhost as Tom Surmised.

-- 
______________________________________
John Andersen
NORCOM / Juneau, Alaska
http://www.screenio.com/
(907) 790-3386

.

Kevin Brown wrote:
> Ok, looks like something is listening on port 25
Yes....but only in the 127.0.0.1 interface!
> 0.0.0.0:*                   LISTEN      3162/mDNSResponder
> tcp        0      0 127.0.0.1:25    
If it were all interfaces it would read: 0.0.0.0:25.

>> Hint: Most default Postfix configurations only listen on 127.0.0.1 --
>> you should:
Applies....

Time to start going to the postfix documentation and fixing your 
configuration.


-- 
"A common mistake that people make when trying to design something
completely foolproof was to underestimate the ingenuity of complete
fools."

--Ford Prefect in "Mostly Harmless".

On Tue, 2005-01-04 at 17:43 -0900, John S. Andersen
wrote:
> On 4 Jan 2005 at 18:36, Kevin Brown wrote:
> 
> > tcp        0      0 127.0.0.1:25   
> 
> Yes, but only to that machine, not listening to the net.
> It should say 0.0.0.0:25 like the other lines.
> 
> You are only listening to localhost as Tom Surmised.
> 
Looks like Kevin has both Postfix and Sendmail installed but Postfix is
listening only on IPV6 addresses:
> tcp        0      0 :::25                       
> :::*                        LISTEN      3325/master
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On 5 Jan 2005 at 10:45, Ed Greshko wrote:
> 
> 
> Kevin Brown wrote:
> > Ok, looks like something is listening on port 25
> 
> Yes....but only in the 127.0.0.1 interface!
> 
> > 0.0.0.0:*                   LISTEN      3162/mDNSResponder
> > tcp        0      0 127.0.0.1:25    
> 
> If it were all interfaces it would read: 0.0.0.0:25.
> 
> 
> >> Hint: Most default Postfix configurations only listen on 
127.0.0.1
> >> -- you should:
I think he''s using sendmail.
In any event, fixing this the best way for him is usually
via his distro''s configuration utilities.  I''m not sure
I ever saw that info in his posts either.



-- 
______________________________________
John Andersen
NORCOM / Juneau, Alaska
http://www.screenio.com/
(907) 790-3386

.

Ok, I am a newbie.
I installed MailScanner, but failed to install the mailscanner webmin 
module.
So did that, edited Mailscanner dirs, permissions, etc.
port 25 up.
Still working on setting a few other things like
spamassassin settings, clamav settings.
Funny fedora 3 lets mdns startup automatically so I chacnged that,
also remember Mailscanner starts/stops postfix so remove postfix daemon 
from /etc/rc.d/init.d

So does this look right?
[root@ibm spool]# netstat -tnap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign 
Address             Stat
e       PID/Program name
tcp        0      0 0.0.0.0:32768               
0.0.0.0:*                   LISTEN      1753/rpc.statd
tcp        0      0 0.0.0.0:111                 
0.0.0.0:*                   LISTEN      1734/portmap
tcp        0      0 0.0.0.0:10000               
0.0.0.0:*                   LISTEN      3449/perl
tcp        0      0 0.0.0.0:25                  
0.0.0.0:*                   LISTEN      4381/master
tcp        0      0 :::80                       
:::*                        LISTEN      3346/httpd
tcp        0      0 :::22                       
:::*                        LISTEN      3213/sshd
tcp        0      0 :::25                       
:::*                        LISTEN      4381/master
tcp        0      0 :::443                      
:::*                        LISTEN      3346/httpd
tcp        0    144 ::ffff:192.168.1.1:22       
::ffff:192.168.1.5:1298     ESTA
BLISHED 3827/0

Ed Greshko wrote:
>
>
> Kevin Brown wrote:
>
>> Ok, looks like something is listening on port 25
>
>
> Yes....but only in the 127.0.0.1 interface!
>
>> 0.0.0.0:*                   LISTEN      3162/mDNSResponder
>> tcp        0      0 127.0.0.1:25    
>
>
> If it were all interfaces it would read: 0.0.0.0:25.
>
>
>>> Hint: Most default Postfix configurations only listen on 127.0.0.1
--
>>> you should:
>>
>
> Applies....
>
> Time to start going to the postfix documentation and fixing your 
> configuration.
>
>
-- 
Kevin and Martha Brown
Dynamic Management
11448 Brawley Rd
RR 395-3
Oak Hills, CA 92345
760-956-9359
kevin@xkmail.com

PS> I see JOhn on dynamic dns too.
Are you running your own dynamic dns mail server?
kevin
I amtrying to set mine for mx backup of two other domains.
This is really a postfix issue, but thanks alot guys, I do appreciate it.

Jan  4 19:03:59 ibm postfix/smtpd[4560]: connect from 
out004pub.verizon.net[206.
46.170.142]
Jan  4 19:03:59 ibm postfix/smtpd[4560]: NOQUEUE: reject: RCPT from 
out004pub.ve
rizon.net[206.46.170.142]: 554 <kevin@xkmail.hopto.org>: Relay access 
denied; fr
om=<kevinbrown@mailblocks.com> to=<kevin@xkmail.hopto.org>
proto=ESMTP
helo=<out
004.verizon.net>
Jan  4 19:04:00 ibm postfix/smtpd[4560]: disconnect from 
out004pub.verizon.net[2
06.46.170.142]

Tom Eastep wrote:
>On Tue, 2005-01-04 at 17:43 -0900, John S. Andersen wrote:
>  
>
>>On 4 Jan 2005 at 18:36, Kevin Brown wrote:
>>
>>    
>>
>>>tcp        0      0 127.0.0.1:25   
>>>      
>>>
>>Yes, but only to that machine, not listening to the net.
>>It should say 0.0.0.0:25 like the other lines.
>>
>>You are only listening to localhost as Tom Surmised.
>>
>>    
>>
>
>Looks like Kevin has both Postfix and Sendmail installed but Postfix is
>listening only on IPV6 addresses:
>
>  
>
>>tcp        0      0 :::25                       
>>:::*                        LISTEN      3325/master
>>    
>>
>
>-Tom
>  
>
-- 
Kevin and Martha Brown
Dynamic Management
11448 Brawley Rd
RR 395-3
Oak Hills, CA 92345
760-956-9359
kevin@xkmail.com

On Tue, 2005-01-04 at 19:02 -0800, Kevin Brown wrote:
> Ok, I am a newbie.
> I installed MailScanner, but failed to install the mailscanner webmin 
> module.
> So did that, edited Mailscanner dirs, permissions, etc.
> port 25 up.
> Still working on setting a few other things like
> spamassassin settings, clamav settings.
> Funny fedora 3 lets mdns startup automatically so I chacnged that,
> also remember Mailscanner starts/stops postfix so remove postfix daemon 
> from /etc/rc.d/init.d
> 
> So does this look right?
Kevin,

This is now completely OT.

Good Night,
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Bingo!
Lets all go to bed...


Jan  4 19:10:52 ibm postfix/smtpd[4797]: connect from 
out009pub.verizon.net[206.
46.170.131]
Jan  4 19:10:52 ibm postfix/smtpd[4797]: 7849C44020: 
client=out009pub.verizon.ne
t[206.46.170.131]
Jan  4 19:10:52 ibm postfix/cleanup[4800]: 7849C44020: 
message-id=<41DB5A87.7040
906@mailblocks.com>
Jan  4 19:10:52 ibm postfix/qmgr[4786]: 7849C44020: 
from=<kevinbrown@mailblocks.
com>, size=1249, nrcpt=1 (queue active)
Jan  4 19:10:52 ibm postfix/smtpd[4797]: disconnect from 
out009pub.verizon.net[2
06.46.170.131]
Jan  4 19:10:52 ibm postfix/local[4801]: 7849C44020: 
to=<kevin@xkmail.hopto.org>
, relay=local, delay=0, status=sent (delivered to mailbox)
Jan  4 19:10:52 ibm postfix/qmgr[4786]: 7849C44020: removed



PS> I see JOhn on dynamic dns too.
Are you running your own dynamic dns mail server?
kevin
I amtrying to set mine for mx backup of two other domains.
This is really a postfix issue, but thanks alot guys, I do appreciate it.

Jan  4 19:03:59 ibm postfix/smtpd[4560]: connect from
out004pub.verizon.net[206.
46.170.142]
Jan  4 19:03:59 ibm postfix/smtpd[4560]: NOQUEUE: reject: RCPT from
out004pub.ve
rizon.net[206.46.170.142]: 554 <kevin@xkmail.hopto.org>: Relay access
denied; fr
om=<kevinbrown@mailblocks.com> to=<kevin@xkmail.hopto.org>
proto=ESMTP
helo=<out
004.verizon.net>
Jan  4 19:04:00 ibm postfix/smtpd[4560]: disconnect from
out004pub.verizon.net[2
06.46.170.142]

Tom Eastep wrote:
>On Tue, 2005-01-04 at 17:43 -0900, John S. Andersen wrote:
>  
>
>>On 4 Jan 2005 at 18:36, Kevin Brown wrote:
>>
>>    
>>
>>>tcp        0      0 127.0.0.1:25   
>>>      
>>>
>>Yes, but only to that machine, not listening to the net.
>>It should say 0.0.0.0:25 like the other lines.
>>
>>You are only listening to localhost as Tom Surmised.
>>
>>    
>>
>
>Looks like Kevin has both Postfix and Sendmail installed but Postfix is
>listening only on IPV6 addresses:
>
>  
>
>>tcp        0      0 :::25                       
>>:::*                        LISTEN      3325/master
>>    
>>
>
>-Tom
>  
>
-- 
Kevin and Martha Brown
Dynamic Management
11448 Brawley Rd
RR 395-3
Oak Hills, CA 92345
760-956-9359
kevin@xkmail.com

Kevin Brown wrote:
> PS> I see JOhn on dynamic dns too.
> Are you running your own dynamic dns mail server?
> kevin
> I amtrying to set mine for mx backup of two other domains.
> This is really a postfix issue, but thanks alot guys, I do appreciate it.
Correct.  And since this is a "shorewall" list....

You now want:

http://www.postfix.org/docs.html

and

http://www.postfix.org/lists.html
> Jan  4 19:03:59 ibm postfix/smtpd[4560]: connect from 
> out004pub.verizon.net[206.
> 46.170.142]
> Jan  4 19:03:59 ibm postfix/smtpd[4560]: NOQUEUE: reject: RCPT from 
> out004pub.ve
> rizon.net[206.46.170.142]: 554 <kevin@xkmail.hopto.org>: Relay access
> denied; fr
> om=<kevinbrown@mailblocks.com> to=<kevin@xkmail.hopto.org>
proto=ESMTP
> helo=<out
> 004.verizon.net>
> Jan  4 19:04:00 ibm postfix/smtpd[4560]: disconnect from 
> out004pub.verizon.net[2
> 06.46.170.142]
> 
> Tom Eastep wrote:
> 
>> On Tue, 2005-01-04 at 17:43 -0900, John S. Andersen wrote:
>>  
>>
>>> On 4 Jan 2005 at 18:36, Kevin Brown wrote:
>>>
>>>   
>>>
>>>> tcp        0      0 127.0.0.1:25       
>>>
>>> Yes, but only to that machine, not listening to the net.
>>> It should say 0.0.0.0:25 like the other lines.
>>>
>>> You are only listening to localhost as Tom Surmised.
>>>
>>>   
>>
>>
>> Looks like Kevin has both Postfix and Sendmail installed but Postfix is
>> listening only on IPV6 addresses:
>>
>>  
>>
>>> tcp        0      0 :::25                       
>>> :::*                        LISTEN      3325/master
>>>   
>>
>>
>> -Tom
>>  
>>
> 
-- 
"A common mistake that people make when trying to design something
completely foolproof was to underestimate the ingenuity of complete
fools."

--Ford Prefect in "Mostly Harmless".