FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 05-08-2011, 06:37 AM
Barry Brimer
 
Default Help Needed: My RHEL5 box suddenly stopped accepting e-mails

I've not been following this too closely, but I'll make a few suggestions
in no particular order.


1. Add an iptables logging rule that logs and connections to port 25 not
from localhost. Something like:

iptables -I INPUT -i ! lo -p tcp -m tcp --dport 25 -j LOG

Verify connections (or lack thereof) in /var/log/messages

2. Is SELinux enabled? Find out with "getenforce" .. if it is on, turn
it off temporarily with "setenforce 0" (as root)


3. Is there anything relevant in /var/log/messages /var/log/maillog
/var/log/audit/audit.log ??


4. Make sure you're not out of inodes with "df -i"

5. Try connecting to the mail server manually from another machine on the
same subnet.


6. Verify other Internet communications work .. perhaps you've got a bad
route of some kind.


7. Run some tests with swaks <http://jetmore.org/john/code/swaks/>

8. Use system-switch-mail to verify that your system is using sendmail.

9. Add a second local IP address to your machine .. test that as well,
see if there are any different results.


Good luck.

Barry
On Sat, 7 May 2011, Mun wrote:


Hi Bohdan,


On Sat, May 7, 2011 at 10:21 PM, Bohdan Sydor <bohdan@harazd.net> wrote:


On 05/08/2011 06:30 AM, Mun wrote:


Does everything above look okay?


Yes, they all seem to be alright.

Next, let's try to telnet to the smtp port:

- from the localhost. Simply telnet localhost 25 and try to submit a
sample msg.



You are now beyond my understanding of sendmail. After telnetting,
what is the command I should enter?



- from any other machine that is in the same subnet as the mail server



From any other remote hosts we already know that it fails. But do you

refer to the MTA by address or by name? Check the DNS entries for the MTA:

host -t mx yourDomainName



This returned a name (not an address). Let say "xyz1.domain"




host -t a theResultNameFromPreviousCmd
Is it the same IP as assigned to the server?



Yes, the IP does match that of "xyz1.domain"

But this piqued my interest, and when I look in sendmail.cf I see the
following lines:
# "Smart" relay host (may be null)
DSabc1.domain

Should this entry be "xyz1.domain" (to match the the 'host -t mx' command's
output)?
Or is it okay that the line in sendmail.cf refers to a different server?

Best regards,

--
Mun






--
regards

Bohdan Sydor
www.sydor.net

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

!DSPAM:4dc6368f135391813713156!




--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 05-08-2011, 06:07 PM
Mun
 
Default Help Needed: My RHEL5 box suddenly stopped accepting e-mails

Hi Robert,


On Sun, May 8, 2011 at 4:09 AM, lists-redhat <
replies-lists-b3z1-redhat@listmail.innovate.net> wrote:

> I don't think that you explicitly responded to the status of
> iptables. I use the "old-fashioned" way to control services ..
>
> /etc/rc.d/init.d/iptables status
> ... stop (if it's running)
>

My apologies for missing that. Here is the output of the 'iptables status'
command:
Firewall is stopped.



>
> [this is done as root of course.] If you have iptables running
> you'll want to only have it off for testing periods.
>
> If iptables was on, try telnetting to port 25 from off-host again.
>
> If that (still) failes, do you have access to another machine on the
> same subnet? If so, try telnetting to port 25 on your machine from
> there. If you get the sendmail herald, then the issue is definitely
> off-host (and you just proved it). By being on the same subnet, with
> no serious network hardware between the machines, you're avoiding
> policy stuff they your networking types may have put in place in
> routers.
>

Okay, so to do a checkpoint here: since my firewall is off, *and* because
other Linux
boxes on the same subnet as my box _can_ successfully telnet into port 25
of my box, that implies the issue is not with my box, right?


>
> If things fail to this point (e.g., you don't have access to another
> machine on your subnet), there are still a few things to do.
>
> >From another machine try telnetting to ports on your machine where
> you don't have a service running - e.g., 1025, 2025, 3080, etc.,
> until you get a "Connection refused" response. That will tell you
> that your machine is reachable on that port, but you don't have
> anything running there. If that's successful (i.e., they haven't
> totally firewalled you off), you can start up sendmail on this other
> port (this requires a one-line modification to your sendmail.cf so
> make certain you have a copy of your current sendmail.cf. **this is
> only to prove a point, and won't work for general mail delivery**.
>
>
> Following up on a few points in other threads:
>
> An entry in hosts.deny (or a deny entry in hosts.allow) will still
> get you a sendmail connection herald. You'll just get a rejection
> when you try to submit a message (with a "550 5.0.0 Access denied"
> error on it). Your issue is that the message delivery is timing out,
> so this isn't related to the host.deny/allow settings.
>

Thanks for the explanation.


>
> You don't need to prove that your machine will deliver mail (yet),
> as the issue is that connections to it are timing out. So, don't
> worry about trying to have a chat with sendmail in order to submit a
> message manually. Once you can reach sendmail/port 25 from a machine
> off your subnet, if it still has issues with accepting/delivering
> mail, then those issues can be addressed.
>

I see. So does the fact that I get a "Connection timed out." when I try to
telnet into port 25 from a machine
from a different subnet than my machine imply the company has something
mis-configured
somewhere?


>
> If you have SELinux enabled (and there were some updates on it
> recently), that would effect sendmail's ability to start and run,
> but you've proved that it's running (you're getting the herald from
> on-host connections).
>
> The smarthost entry applies to how outbound mail is handled, not
> inbound, so of no effect here.
>

Oh, okay.

Thanks very much for all the help (everyone!). I'd be lost without you
folks.

Kind regards,

--
Mun



>
>
> - Richard
>
>
>
> ------------ Original Message ------------
> > Date: Saturday, May 07, 2011 09:51:53 PM -0700
> > From: Mun <mjelists@gmail.com>
> > To: redhat-list@redhat.com
> > Subject: Re: Help Needed: My RHEL5 box suddenly stopped accepting
> e-mails
> >
> > Hi Richard,
> >
> > On Sat, May 7, 2011 at 1:50 PM, lists-redhat <
> > replies-lists-b3z1-redhat@listmail.innovate.net> wrote:
> >
> >> if you're telnetting specifically to port 25, the smtp port (not
> >> generically to the machine, which will get you to port 23) and
> >> you're getting "connection lost" or "connection timed out", then
> >> you most likely have some type of a firewall issue.
> >>
> >
> > Yes, for the experiment I was telnetting specifically to port 25.
> > Your assessment of the issue does appear to have merit: Note that
> > when I sent
> > an email from my gmail account to my workstation, gmail eventually
> > sent me a warning
> > stating that "The recipient server did not accept our requests to
> > connect." Which
> > seems to reinforce your theory.
> >
> >
> >> from the machine itself, try telnetting to its port 25 *by
> >> ipnumber* (not name). make certain that you see that it's not
> >> trying to connect to 127.0.0.1 (which will probably happen if you
> >> try by name). if you get a connect, then it's likely an off-host
> >> firewall/routing issue.
> >>
> >
> > I got a connection to sendmail.
> >
> >
> >>
> >> then, try telnetting to "127.0.0.1 25" -- you should get sendmail
> >> connect.
> >>
> >
> > I got a connection to sendmail.
> >
> >
> >> if the telnetting to port 25 by the machine's ipnumber gets a hang
> >> then you likely have an on-host firewall issue. iptables is the
> >> most likely machine-specific firewall. you can look in
> >> /etc/sysconfig to see if you have an iptables setup. if so, turn
> >> iptables off and try telnetting in to port 25 (by ipnumber and
> >> from off-host) and see what you get.
> >>
> >> if the issue appears to be an off-host firewall issue, then you
> >> need to step back and see what's going on from the outside.
> >>
> >
> > It would seem that I am here, right?
> >
> >
> >>
> >> [honestly, if you did nothing to your machine setup, i'd bet on
> >> some external/network change to be causing your issue.]
> >>
> >
> > I'm a little nervous that the updates that were installed did
> > something to cause this
> > side affect--but by reading their descriptions, that shouldn't of
> > been the case. Furthermore,
> > since I downgraded the respective patches I should be back to a
> > working system.
> >
> > Thus, I am in agreement that it _does_ seem to be something
> > external to my machine.
> > Although, my IT dept does not agree; so I may be out of luck.
> >
> >
> >>
> >> [by the way, you don't need to reboot the machine to restart
> >> sendmail, or other service starts/stops (rebooting to restart/fix
> >> things is the windows approach to life, and not generally
> >> necessary, or recommended, in the unix world.)]
> >>
> >
> > Agreed. I did the reboots in response to downgrading packages.
> > Strictly speaking,
> > the downgrades did not require reboots. But because the downgrade
> > had no affect on my problem,
> > I thought I'd reboot--just in case. Plus, I was desperate.
> >
> > Kind regards,
> >
> > --
> > Mun
> >
> >
> >
> >>
> >> - Richard
> >>
> >>
> >> ------------ Original Message ------------
> >> > Date: Saturday, May 07, 2011 01:09:55 PM -0700
> >> > From: Mun <mjelists@gmail.com>
> >> > To: redhat-list@redhat.com
> >> > Subject: Re: Help Needed: My RHEL5 box suddenly stopped
> >> > accepting
> >> e-mails
> >> >
> >> > Hi Richard,
> >> >
> >> >
> >> > On Sat, May 7, 2011 at 3:38 AM, lists-redhat <
> >> > replies-lists-b3z1-redhat@listmail.innovate.net> wrote:
> >> >
> >> >> in your .cf, what do you have as an active (not commented out)
> >> >> option the under:
> >> >>
> >> >> # SMTP daemon options
> >> >>
> >> >> tag?
> >> >>
> >> >> is it:
> >> >>
> >> >> O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
> >> >>
> >> >> or something more along the lines of one of the following:
> >> >>
> >> >> O DaemonPortOptions=Name=IPv4, Family=inet
> >> >>
> >> >> O DaemonPortOptions=Name=MTA
> >> >>
> >> >
> >> > I have the choice immediately above in my sendmail.cf:
> >> > DaemonPortOptions=Name=MTA
> >> >
> >> >
> >> >>
> >> >> The first, with the 127.0.0.1, is the default for RHEL and will
> >> >> only accept localhost mail. The other two are forms will allow
> >> >> it to accept mail from off localhost.
> >> >>
> >> >> If that looks ok, try telnetting to port 25 on this machine
> >> >> from off-host - e.g., from the exchange server. Do you get a
> >> >> "connection refused" response or a "hang". If "connection
> >> >> refused", then it's most likely the sendmail daemon doing the
> >> >> blocking. If you get a "hang", then it's likely a firewall of
> >> >> some nature, e.g., iptables.
> >> >>
> >> >
> >> > I get "connection lost" or "Connection timed out"; depending on
> >> > the computer I use to run telnet.
> >> > The "connection lost" is what my Windows XP box returned; and
> >> > the "Connection timed out" is what
> >> > another Linux box returned.
> >> >
> >> >
> >> >> Have you looked at your machine's logs (maillog, messages,
> >> >> secure being the most obvious) they may give some hints.
> >> >>
> >> >
> >> > Yes. I have looked at those, as has the company's IT dept. But
> >> > there were no messages that
> >> > would help with this issue.
> >> >
> >> >
> >> >>
> >> >> Have you restarted sendmail?
> >> >>
> >> >
> >> > Yes. I've also rebooted a coupled of times; nothing seems to
> >> > help.
> >> >
> >> > It's just so weird that with no obvious changes made (except for
> >> > the updates applied and then
> >> > downgraded that I mentioned in my initial message) that my box
> >> > would just all of the sudden
> >> > stop accepting email.
> >> >
> >> > Thanks very much for the reply. I greatly appreciate the ideas.
> >> >
> >> > Regards,
> >> >
> >> > --
> >> > Mun
> >> >
> >> >
> >> >
> >> >>
> >> >> - Richard
> >> >>
> >> >>
> >> >>
> >> >> ------------ Original Message ------------
> >> >> > Date: Friday, May 06, 2011 04:48:34 PM -0700
> >> >> > From: Mun.Johl@emulex.com
> >> >> > Subject: RE: Help Needed: My RHEL5 box suddenly stopped
> >> >> > accepting
> >> >> e-mails
> >> >> >
> >> >> > Hi Richard,
> >> >> >
> >> >> > Thanks for your reply.
> >> >> >
> >> >> > I had saved off /etc/mail when we first got email working
> >> >> > properly on my system (a couple of years ago) and I compared
> >> >> > the current sendmail.cf to the "known good" copy. The only
> >> >> > difference I see is that IT has uncommented the following
> >> >> > line:
> >> >> >
> >> >> > O Timeout.ident=0
> >> >> >
> >> >> > With respect to sendmail.mc, the version currently used by
> >> >> > the system had the following lines commented out:
> >> >> >
> >> >> > MASQUERADE_AS(`mydomain.com')dnl
> >> >> > FEATURE(masquerade_envelope)dnl
> >> >> > MASQUERADE_DOMAIN(localhost)dnl
> >> >> > MASQUERADE_DOMAIN(localhost.localdomain)dnl
> >> >> >
> >> >> > I'm not too experienced with sendmail, but it doesn't appear
> >> >> > to me as if the changes above would result in the problem I
> >> >> > am having; does it?
> >> >> >
> >> >> > Regards,
> >> >>
> >> >> ------------ End Original Message ------------
> >> >>
> >> >>
> >>
> >> ------------ End Original Message ------------
> >>
> >>
>
> ------------ End Original Message ------------
>
>
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 05-08-2011, 06:34 PM
Mun
 
Default Help Needed: My RHEL5 box suddenly stopped accepting e-mails

Hi Barry,

Thanks for replying.
Some of the points were previously brought up by others; but I'll try to
address
your points the best I can.


On Sat, May 7, 2011 at 11:37 PM, Barry Brimer <lists@brimer.org> wrote:

> I've not been following this too closely, but I'll make a few suggestions
> in no particular order.
>
> 1. Add an iptables logging rule that logs and connections to port 25 not
> from localhost. Something like:
> iptables -I INPUT -i ! lo -p tcp -m tcp --dport 25 -j LOG
>

I am going to wait on the change because I don't feel comfortable doing this
just yet. Note
that we have established that systems on my subnet can successfully telnet
into port 25 of
my system; whereas systems on other subnets cannot. Would the logging rule
above provide
additional information regarding the failed connection attempts to port 25?



>
> Verify connections (or lack thereof) in /var/log/messages
>
> 2. Is SELinux enabled? Find out with "getenforce" .. if it is on, turn it
> off temporarily with "setenforce 0" (as root)
>

SELinux is Disabled.


>
> 3. Is there anything relevant in /var/log/messages /var/log/maillog
> /var/log/audit/audit.log ??
>

None that I or my IT dept could find.


>
> 4. Make sure you're not out of inodes with "df -i"
>

Plenty of inodes.


>
> 5. Try connecting to the mail server manually from another machine on the
> same subnet.
>

I can do that successfully.


>
> 6. Verify other Internet communications work .. perhaps you've got a bad
> route of some kind.
>

I seem to be able to do other internet activity without any problems.


>
> 7. Run some tests with swaks <http://jetmore.org/john/code/swaks/>
>

I'm not familiar with swaks; but I'll look into it.


>
> 8. Use system-switch-mail to verify that your system is using sendmail.
>

My system is running sendmail. However, I'm not familiar with
system-switch-mail, nor could
I find that command on my system.


> 9. Add a second local IP address to your machine .. test that as well, see
> if there are any different results.
>

That's a good idea, but not easily executed because I would need IT to help
me out.


>
> Good luck.
>

Thanks! And thank you for replying.

Regards,

--
Mun



>
> Barry
>
> On Sat, 7 May 2011, Mun wrote:
>
> Hi Bohdan,
>>
>>
>> On Sat, May 7, 2011 at 10:21 PM, Bohdan Sydor <bohdan@harazd.net> wrote:
>>
>> On 05/08/2011 06:30 AM, Mun wrote:
>>>
>>> Does everything above look okay?
>>>>
>>>
>>> Yes, they all seem to be alright.
>>>
>>> Next, let's try to telnet to the smtp port:
>>>
>>> - from the localhost. Simply telnet localhost 25 and try to submit a
>>> sample msg.
>>>
>>>
>> You are now beyond my understanding of sendmail. After telnetting,
>> what is the command I should enter?
>>
>>
>> - from any other machine that is in the same subnet as the mail server
>>>
>>>
>>> From any other remote hosts we already know that it fails. But do you
>>>>
>>> refer to the MTA by address or by name? Check the DNS entries for the
>>> MTA:
>>>
>>> host -t mx yourDomainName
>>>
>>>
>> This returned a name (not an address). Let say "xyz1.domain"
>>
>>
>>
>> host -t a theResultNameFromPreviousCmd
>>> Is it the same IP as assigned to the server?
>>>
>>>
>> Yes, the IP does match that of "xyz1.domain"
>>
>> But this piqued my interest, and when I look in sendmail.cf I see the
>> following lines:
>> # "Smart" relay host (may be null)
>> DSabc1.domain
>>
>> Should this entry be "xyz1.domain" (to match the the 'host -t mx'
>> command's
>> output)?
>> Or is it okay that the line in sendmail.cf refers to a different server?
>>
>> Best regards,
>>
>> --
>> Mun
>>
>>
>>
>>
>>
>>> --
>>> regards
>>>
>>> Bohdan Sydor
>>> www.sydor.net
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> !DSPAM:4dc6368f135391813713156!
>>
>>
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 05-08-2011, 08:58 PM
Allen Chen
 
Default Help Needed: My RHEL5 box suddenly stopped accepting e-mails

I've read those posts, actually I have no idea about your environment.
so I can not help anything right now. can you post:
1. server OS version, is it a shared server or a dedicate mail server?
2. sendmail version: compiled or rpm?
3. Are incoming and outgoing mail services on the same machine?
3. do you use any spam filter or virus scan system? if yes, how?
4. do you use cyrus-imap? version? compiled or rpm? is it on the same
machine?

5. Your internal network number? internal server IP?

Allen


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 05-08-2011, 09:27 PM
Barry Brimer
 
Default Help Needed: My RHEL5 box suddenly stopped accepting e-mails

1. Add an iptables logging rule that logs and connections to port 25 not
from localhost. Something like:
iptables -I INPUT -i ! lo -p tcp -m tcp --dport 25 -j LOG



I am going to wait on the change because I don't feel comfortable doing this
just yet. Note
that we have established that systems on my subnet can successfully telnet
into port 25 of
my system; whereas systems on other subnets cannot. Would the logging rule
above provide
additional information regarding the failed connection attempts to port 25?


You're not blocking/allowing anything .. just logging, before any ACCEPT
rules. If you try to telnet to port 25 from another subnet with this rule
in place and you don't see connections getting logged, they're not getting
to your server.



6. Verify other Internet communications work .. perhaps you've got a bad
route of some kind.



I seem to be able to do other internet activity without any problems.


What about connecting to other internal hosts that are on a different
subnet. I still think this could be routing related. Have you verified
your routing table with IT?



7. Run some tests with swaks <http://jetmore.org/john/code/swaks/>


I'm not familiar with swaks; but I'll look into it.


I usually manually telnet to port 25 and have an SMTP conversation with
the mail server. If you don't speak fluent SMTP, swaks can help.



8. Use system-switch-mail to verify that your system is using sendmail.



My system is running sendmail. However, I'm not familiar with
system-switch-mail, nor could
I find that command on my system.


If you ever had postfix or qmail installed from RH it installs in a way
that allows you to switch between MTAs. system-switch-mail manages
symlinks to make sure everything lines up correctly. You can install the
system-switch-mail package if you like. Probably not needed.


Barry


On Sat, 7 May 2011, Mun wrote:

Hi Bohdan,



On Sat, May 7, 2011 at 10:21 PM, Bohdan Sydor <bohdan@harazd.net> wrote:

On 05/08/2011 06:30 AM, Mun wrote:


Does everything above look okay?




Yes, they all seem to be alright.

Next, let's try to telnet to the smtp port:

- from the localhost. Simply telnet localhost 25 and try to submit a
sample msg.



You are now beyond my understanding of sendmail. After telnetting,
what is the command I should enter?


- from any other machine that is in the same subnet as the mail server



From any other remote hosts we already know that it fails. But do you



refer to the MTA by address or by name? Check the DNS entries for the
MTA:

host -t mx yourDomainName



This returned a name (not an address). Let say "xyz1.domain"



host -t a theResultNameFromPreviousCmd

Is it the same IP as assigned to the server?



Yes, the IP does match that of "xyz1.domain"

But this piqued my interest, and when I look in sendmail.cf I see the
following lines:
# "Smart" relay host (may be null)
DSabc1.domain

Should this entry be "xyz1.domain" (to match the the 'host -t mx'
command's
output)?
Or is it okay that the line in sendmail.cf refers to a different server?

Best regards,

--
Mun






--
regards

Bohdan Sydor
www.sydor.net

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--

redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list






--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

!DSPAM:4dc6e200283104427513918!




--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 05-10-2011, 05:41 AM
Mun
 
Default Help Needed: My RHEL5 box suddenly stopped accepting e-mails

Hi all,

Well, unfortunately my IT dept is claiming their network is fine--and
therefore the problem lies
either with my system, or is not worth their time to debug. I am still
trying to gather more
evidence to prove that my system is operating correctly; but I am starting
to lose hope that I
will persevere in this effort. Although, I'm not willing to throw in the
towel just yet.

In any case, see below for additional comments.

On Sun, May 8, 2011 at 2:27 PM, Barry Brimer <lists@brimer.org> wrote:

> 1. Add an iptables logging rule that logs and connections to port 25 not
>>> from localhost. Something like:
>>> iptables -I INPUT -i ! lo -p tcp -m tcp --dport 25 -j LOG
>>>
>>>
>> I am going to wait on the change because I don't feel comfortable doing
>> this
>> just yet. Note
>> that we have established that systems on my subnet can successfully telnet
>> into port 25 of
>> my system; whereas systems on other subnets cannot. Would the logging
>> rule
>> above provide
>> additional information regarding the failed connection attempts to port
>> 25?
>>
>
> You're not blocking/allowing anything .. just logging, before any ACCEPT
> rules. If you try to telnet to port 25 from another subnet with this rule
> in place and you don't see connections getting logged, they're not getting
> to your server.


I went ahead and made the changes to the iptables logging as you suggested.
When I use swaks to
send my machine email from an offsite system, I _do_ see messages show up in
my /var/log/messages
file showing some kind of interaction between the offsite system and my
system. I don't know what is
being discussed between the systems, but the offsite system does finally
timeout in it's attemt to connect.

Does this imply my system is not allowing the remote system to send it
email? And therefore it
_is_ my system that is at fault?

BTW, out of curiosity, how do I remove the iptables logging? (Assuming this
issue ever gets
resolved and I want to reduce the amount of logging.)



>
>
> 6. Verify other Internet communications work .. perhaps you've got a bad
>>> route of some kind.
>>>
>>>
>> I seem to be able to do other internet activity without any problems.
>>
>
> What about connecting to other internal hosts that are on a different
> subnet. I still think this could be routing related. Have you verified
> your routing table with IT?


I can connect to systems via ssh on different subnets within the company.
I have not verified my routing table with IT. I would not know what to
verify.

I did send my IT dept a traceroute from a remote system that cannot send my
system email.
I don't know if that is of any value, but I'm just trying to keep nudging
them with data and
hoping something will trigger an "ah ha!" moment.


>
> 7. Run some tests with swaks <http://jetmore.org/john/code/swaks/>
>>>
>>
>> I'm not familiar with swaks; but I'll look into it.
>>
>
> I usually manually telnet to port 25 and have an SMTP conversation with the
> mail server. If you don't speak fluent SMTP, swaks can help.


swaks works great! Especially for someone like me. Thanks for that tip.



>
>
> 8. Use system-switch-mail to verify that your system is using sendmail.
>>>
>>
> My system is running sendmail. However, I'm not familiar with
>> system-switch-mail, nor could
>> I find that command on my system.
>>
>
> If you ever had postfix or qmail installed from RH it installs in a way
> that allows you to switch between MTAs. system-switch-mail manages symlinks
> to make sure everything lines up correctly. You can install the
> system-switch-mail package if you like. Probably not needed.
>

Oh, I see. I have not installed any other MTA's onto my system. At one
point I was considering
that as another test of my system; but I don't think that test is needed
anymore. It seems we
have proven that sendmail is working properly, and that the problem is
outside of the MTA.

Many thanks to all that are trying so hard to help me out! I wish just one
of you worked my
company's IT dept

Best regards,

--
Mun



>
> Barry
>
> On Sat, 7 May 2011, Mun wrote:
>>>
>>> Hi Bohdan,
>>>
>>>>
>>>>
>>>> On Sat, May 7, 2011 at 10:21 PM, Bohdan Sydor <bohdan@harazd.net>
>>>> wrote:
>>>>
>>>> On 05/08/2011 06:30 AM, Mun wrote:
>>>>
>>>>>
>>>>> Does everything above look okay?
>>>>>
>>>>>>
>>>>>>
>>>>> Yes, they all seem to be alright.
>>>>>
>>>>> Next, let's try to telnet to the smtp port:
>>>>>
>>>>> - from the localhost. Simply telnet localhost 25 and try to submit a
>>>>> sample msg.
>>>>>
>>>>>
>>>>> You are now beyond my understanding of sendmail. After telnetting,
>>>> what is the command I should enter?
>>>>
>>>>
>>>> - from any other machine that is in the same subnet as the mail server
>>>>
>>>>>
>>>>>
>>>>> From any other remote hosts we already know that it fails. But do you
>>>>>
>>>>>>
>>>>>> refer to the MTA by address or by name? Check the DNS entries for the
>>>>> MTA:
>>>>>
>>>>> host -t mx yourDomainName
>>>>>
>>>>>
>>>>> This returned a name (not an address). Let say "xyz1.domain"
>>>>
>>>>
>>>>
>>>> host -t a theResultNameFromPreviousCmd
>>>>
>>>>> Is it the same IP as assigned to the server?
>>>>>
>>>>>
>>>>> Yes, the IP does match that of "xyz1.domain"
>>>>
>>>> But this piqued my interest, and when I look in sendmail.cf I see the
>>>> following lines:
>>>> # "Smart" relay host (may be null)
>>>> DSabc1.domain
>>>>
>>>> Should this entry be "xyz1.domain" (to match the the 'host -t mx'
>>>> command's
>>>> output)?
>>>> Or is it okay that the line in sendmail.cf refers to a different
>>>> server?
>>>>
>>>> Best regards,
>>>>
>>>> --
>>>> Mun
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>> regards
>>>>>
>>>>> Bohdan Sydor
>>>>> www.sydor.net
>>>>>
>>>>> --
>>>>> redhat-list mailing list
>>>>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>>
>>>>> --
>>>>>
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> !DSPAM:4dc6e200283104427513918!
>>
>>
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 05-10-2011, 07:08 AM
Bohdan Sydor
 
Default Help Needed: My RHEL5 box suddenly stopped accepting e-mails

On 05/10/2011 07:41 AM, Mun wrote:

> Well, unfortunately my IT dept is claiming their network is fine--and
> therefore the problem lies
> either with my system, or is not worth their time to debug. I am still
> I went ahead and made the changes to the iptables logging as you suggested.
> When I use swaks to
> send my machine email from an offsite system, I _do_ see messages show up in
> my /var/log/messages
> file showing some kind of interaction between the offsite system and my
> system. I don't know what is
> being discussed between the systems, but the offsite system does finally
> timeout in it's attemt to connect.


Additionally, you can run from a linux box that is in any external
network the following command:

nmap -p 22,25 yourMachineNameOrIP

The output should be similar to the this:

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp

OR rather to that:

PORT STATE SERVICE
22/tcp open ssh
25/tcp closed smtp


In the report you would see if ports tcp 22 and tcp 25 are remotely
accessible on the mail system.

>From the other side, run on your mail server that command:

netstat -ntlp | egrep ':2(2|5)'

If the output is like this below

tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 1105/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
1735/sendmail

you've got a kind of evidence for your IT dept.

--
regards

Bohdan Sydor
www.sydor.net

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 05-10-2011, 07:38 AM
Jacky Li
 
Default Help Needed: My RHEL5 box suddenly stopped accepting e-mails

Hi,

Is there a firewall in your company? Your computers on the same subnet
able to telnet to 25. Your gmail doesn't work. Maybe you should ask
your IT department if there is a firewall and if it is blocking 25 to
your computer.


Jacky

On 2011-5-9 19:41, Mun wrote:

Hi all,

Well, unfortunately my IT dept is claiming their network is fine--and
therefore the problem lies
either with my system, or is not worth their time to debug. I am still
trying to gather more
evidence to prove that my system is operating correctly; but I am starting
to lose hope that I
will persevere in this effort. Although, I'm not willing to throw in the
towel just yet.

In any case, see below for additional comments.

On Sun, May 8, 2011 at 2:27 PM, Barry Brimer<lists@brimer.org> wrote:


1. Add an iptables logging rule that logs and connections to port 25 not

from localhost. Something like:
iptables -I INPUT -i ! lo -p tcp -m tcp --dport 25 -j LOG



I am going to wait on the change because I don't feel comfortable doing
this
just yet. Note
that we have established that systems on my subnet can successfully telnet
into port 25 of
my system; whereas systems on other subnets cannot. Would the logging
rule
above provide
additional information regarding the failed connection attempts to port
25?


You're not blocking/allowing anything .. just logging, before any ACCEPT
rules. If you try to telnet to port 25 from another subnet with this rule
in place and you don't see connections getting logged, they're not getting
to your server.


I went ahead and made the changes to the iptables logging as you suggested.
When I use swaks to
send my machine email from an offsite system, I _do_ see messages show up in
my /var/log/messages
file showing some kind of interaction between the offsite system and my
system. I don't know what is
being discussed between the systems, but the offsite system does finally
timeout in it's attemt to connect.

Does this imply my system is not allowing the remote system to send it
email? And therefore it
_is_ my system that is at fault?

BTW, out of curiosity, how do I remove the iptables logging? (Assuming this
issue ever gets
resolved and I want to reduce the amount of logging.)





6. Verify other Internet communications work .. perhaps you've got a bad

route of some kind.



I seem to be able to do other internet activity without any problems.


What about connecting to other internal hosts that are on a different
subnet. I still think this could be routing related. Have you verified
your routing table with IT?


I can connect to systems via ssh on different subnets within the company.
I have not verified my routing table with IT. I would not know what to
verify.

I did send my IT dept a traceroute from a remote system that cannot send my
system email.
I don't know if that is of any value, but I'm just trying to keep nudging
them with data and
hoping something will trigger an "ah ha!" moment.



7. Run some tests with swaks<http://jetmore.org/john/code/swaks/>

I'm not familiar with swaks; but I'll look into it.


I usually manually telnet to port 25 and have an SMTP conversation with the
mail server. If you don't speak fluent SMTP, swaks can help.


swaks works great! Especially for someone like me. Thanks for that tip.





8. Use system-switch-mail to verify that your system is using sendmail.
My system is running sendmail. However, I'm not familiar with

system-switch-mail, nor could
I find that command on my system.


If you ever had postfix or qmail installed from RH it installs in a way
that allows you to switch between MTAs. system-switch-mail manages symlinks
to make sure everything lines up correctly. You can install the
system-switch-mail package if you like. Probably not needed.


Oh, I see. I have not installed any other MTA's onto my system. At one
point I was considering
that as another test of my system; but I don't think that test is needed
anymore. It seems we
have proven that sendmail is working properly, and that the problem is
outside of the MTA.

Many thanks to all that are trying so hard to help me out! I wish just one
of you worked my
company's IT dept

Best regards,



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 05-10-2011, 06:32 PM
Mun
 
Default Help Needed: My RHEL5 box suddenly stopped accepting e-mails

Hi Bohdan,


On Tue, May 10, 2011 at 12:08 AM, Bohdan Sydor <bohdan@harazd.net> wrote:

> On 05/10/2011 07:41 AM, Mun wrote:
>
> > Well, unfortunately my IT dept is claiming their network is fine--and
> > therefore the problem lies
> > either with my system, or is not worth their time to debug. I am still
> > I went ahead and made the changes to the iptables logging as you
> suggested.
> > When I use swaks to
> > send my machine email from an offsite system, I _do_ see messages show up
> in
> > my /var/log/messages
> > file showing some kind of interaction between the offsite system and my
> > system. I don't know what is
> > being discussed between the systems, but the offsite system does finally
> > timeout in it's attemt to connect.
>
>
> Additionally, you can run from a linux box that is in any external
> network the following command:
>
> nmap -p 22,25 yourMachineNameOrIP
>
> The output should be similar to the this:
>
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp open smtp
>
> OR rather to that:
>
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp closed smtp
>
>
> In the report you would see if ports tcp 22 and tcp 25 are remotely
> accessible on the mail system.
>

Here's what I get from the remote side:

PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp

I don't know what filters are in place; is there any way to get more
information
about the filters?



>
> >From the other side, run on your mail server that command:
>
> netstat -ntlp | egrep ':2(2|5)'
>
> If the output is like this below
>
> tcp 0 0 0.0.0.0:22 0.0.0.0:*
> LISTEN 1105/sshd
> tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
> 1735/sendmail
>
> you've got a kind of evidence for your IT dept.
>

Here is what I get on my system:

tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN -
tcp 0 0 :::22 :::* LISTEN -

Thanks very much for the continued assistance!

Regards,

--
Mun



>
> --
> regards
>
> Bohdan Sydor
> www.sydor.net
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 05-10-2011, 06:34 PM
Mun
 
Default Help Needed: My RHEL5 box suddenly stopped accepting e-mails

Hi Jacky,


On Tue, May 10, 2011 at 12:38 AM, Jacky Li <zli@phys.hawaii.edu> wrote:

> Hi,
>
> Is there a firewall in your company? Your computers on the same subnet
> able to telnet to 25. Your gmail doesn't work. Maybe you should ask your
> IT department if there is a firewall and if it is blocking 25 to your
> computer.
>

My IT dept said there is no firewall between the exchange server and my
system.
Computers at my site (various subnets) can successfully telnet to port 25 of
my machine.

Regards,

--
Mun



>
> Jacky
>
>
> On 2011-5-9 19:41, Mun wrote:
>
>> Hi all,
>>
>> Well, unfortunately my IT dept is claiming their network is fine--and
>> therefore the problem lies
>> either with my system, or is not worth their time to debug. I am still
>> trying to gather more
>> evidence to prove that my system is operating correctly; but I am starting
>> to lose hope that I
>> will persevere in this effort. Although, I'm not willing to throw in the
>> towel just yet.
>>
>> In any case, see below for additional comments.
>>
>> On Sun, May 8, 2011 at 2:27 PM, Barry Brimer<lists@brimer.org> wrote:
>>
>> 1. Add an iptables logging rule that logs and connections to port 25 not
>>>
>>>> from localhost. Something like:
>>>>> iptables -I INPUT -i ! lo -p tcp -m tcp --dport 25 -j LOG
>>>>>
>>>>>
>>>>> I am going to wait on the change because I don't feel comfortable
>>>> doing
>>>> this
>>>> just yet. Note
>>>> that we have established that systems on my subnet can successfully
>>>> telnet
>>>> into port 25 of
>>>> my system; whereas systems on other subnets cannot. Would the logging
>>>> rule
>>>> above provide
>>>> additional information regarding the failed connection attempts to port
>>>> 25?
>>>>
>>>> You're not blocking/allowing anything .. just logging, before any
>>> ACCEPT
>>> rules. If you try to telnet to port 25 from another subnet with this
>>> rule
>>> in place and you don't see connections getting logged, they're not
>>> getting
>>> to your server.
>>>
>>
>> I went ahead and made the changes to the iptables logging as you
>> suggested.
>> When I use swaks to
>> send my machine email from an offsite system, I _do_ see messages show up
>> in
>> my /var/log/messages
>> file showing some kind of interaction between the offsite system and my
>> system. I don't know what is
>> being discussed between the systems, but the offsite system does finally
>> timeout in it's attemt to connect.
>>
>> Does this imply my system is not allowing the remote system to send it
>> email? And therefore it
>> _is_ my system that is at fault?
>>
>> BTW, out of curiosity, how do I remove the iptables logging? (Assuming
>> this
>> issue ever gets
>> resolved and I want to reduce the amount of logging.)
>>
>>
>>
>>
>>> 6. Verify other Internet communications work .. perhaps you've got a
>>> bad
>>>
>>>> route of some kind.
>>>>>
>>>>>
>>>>> I seem to be able to do other internet activity without any problems.
>>>>
>>>> What about connecting to other internal hosts that are on a different
>>> subnet. I still think this could be routing related. Have you verified
>>> your routing table with IT?
>>>
>>
>> I can connect to systems via ssh on different subnets within the company.
>> I have not verified my routing table with IT. I would not know what to
>> verify.
>>
>> I did send my IT dept a traceroute from a remote system that cannot send
>> my
>> system email.
>> I don't know if that is of any value, but I'm just trying to keep nudging
>> them with data and
>> hoping something will trigger an "ah ha!" moment.
>>
>>
>> 7. Run some tests with swaks<http://jetmore.org/john/code/swaks/>
>>>
>>>> I'm not familiar with swaks; but I'll look into it.
>>>>
>>>> I usually manually telnet to port 25 and have an SMTP conversation with
>>> the
>>> mail server. If you don't speak fluent SMTP, swaks can help.
>>>
>>
>> swaks works great! Especially for someone like me. Thanks for that tip.
>>
>>
>>
>>
>>> 8. Use system-switch-mail to verify that your system is using sendmail.
>>> My system is running sendmail. However, I'm not familiar with
>>>
>>>> system-switch-mail, nor could
>>>> I find that command on my system.
>>>>
>>>> If you ever had postfix or qmail installed from RH it installs in a way
>>> that allows you to switch between MTAs. system-switch-mail manages
>>> symlinks
>>> to make sure everything lines up correctly. You can install the
>>> system-switch-mail package if you like. Probably not needed.
>>>
>>> Oh, I see. I have not installed any other MTA's onto my system. At one
>> point I was considering
>> that as another test of my system; but I don't think that test is needed
>> anymore. It seems we
>> have proven that sendmail is working properly, and that the problem is
>> outside of the MTA.
>>
>> Many thanks to all that are trying so hard to help me out! I wish just
>> one
>> of you worked my
>> company's IT dept
>>
>> Best regards,
>>
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 05:56 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org