Re: Can't connect to port 25 from another system

On Fri, 2006-04-21 at 18:50 -0700, Filippos Klironomos wrote:
Only thing I can think of is /etc/hosts.allow and /etc/hosts.deny file
that the tcpd daemon uses for
additional security. Maybe there is a strict definition on which
connections should go through.

Also why don't you use tcpdump to see what is going on in the incoming
traffic on the machine. Maybe
increase the log level of the kernel by

/sbin/sysctl -w net.ipv4.netfilter.ip_conntrack_log_invalid=1

to see what is dropped and why.

Filippos


Is there a reason you are sending what appears to be encoded binary to
the mailing list? The below is only a part of your message.

Jeff

--===============1981184131==
Content-Type: multipart/alternative;
boundary="----=_Part_31304_3263355.1145670621599"


------=_Part_31304_3263355.1145670621599
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
Content-Disposition: inline

T25seSB0aGluZyBJIGNhbiB0aGluayBvZiBpcyAvZXRjL2hvc3RzLmFsbG93IGFuZCAvZXRjL2hv
c3RzLmRlbnkgZmlsZSB0aGF0CnRoZSB0Y3BkIGRhZW1vbiB1c2VzIGZvcgphZGRpdGlvbmFsIHNl
Y3VyaXR5LiBNYXliZSB0aGVyZSBpcyBhIHN0cmljdCBkZWZpbml0aW9uIG9uIHdoaWNoIGNvbm5l
Y3Rpb25zCnNob3VsZCBnbyB0aHJvdWdoLgoKQWxzbyB3aHkgZG9uJ3QgeW91IHVzZSB0Y3BkdW1w
IHRvIHNlZSB3aGF0IGlzIGdvaW5nIG9uIGluIHRoZSBpbmNvbWluZwp0cmFmZmljIG9uIHRoZSBt
YWNoaW5lLiBNYXliZQppbmNyZWFzZSB0aGUgbG9nIGxldmVsIG9mIHRoZSBrZXJuZWwgYnkKCi9z
YmluL3N5c2N0bCAtdyBuZXQuaXB2NC5uZXRmaWx0ZXIuaXBfY29ubnRyYWNrX2xvZ19pbnZhbGlk
PTEKCnRvIHNlZSB3aGF0IGlzIGRyb3BwZWQgYW5kIHdoeS4KCkZpbGlwcG9zCgpPbiA0LzIxLzA2
LCBEZWJiaWUgRGV1dHNjaCA8ZmVkb3JhbGlzdEBkZGV1dHNjaC5vcmc+IHdyb3RlOgo
+Cj4gUGVy

Jeff


On 4/21/06, Debbie Deutsch <fedoralist@xxxxxxxxxxxx> wrote:
Perhaps someone can help me with this problem. I have
sendmail running
on an FC5 system.* It works to the extent that I can send
email from
that system to other systems in other domains. The problem is
that
other systems cannot initiate a connection to it. Here are
the key
facts that I have been able to confirm:


- I previously edited the sendmail.mc file to be sure it is
listening on
port 25 and did a make to update sendmail.cf. Then I stopped
and
restarted sendmail.

- Sendmail is definitely running.

- Both netstat and nmap confirm that the system *is* listening
on port
25, as it should be.

- When I attempt to telnet to port 25 the connection fails.
However,
telnet definitely is running. I can telnet to the host
without
specifying a port and successfully communicate with the telnet
server.
On the other hand, when I try to telnet to port 23 (where
netstat and
nmap confirm that the telnet server is listening), I get the
same error
as when I try to telnet to port 25. I have tried this from
multiple
hosts on my LAN, all with the same results.

- In an effort to rule out firewalls as a possible source of
the
problem, I disabled selinux completely and stopped
iptables. (I did not
see anything in iptables that should block port 25 but I
wanted to be
sure it was not the source of the problem.)

- All of the above testing was done on my LAN. The traffic
did not
traverse my hardware router/firewall. In any case, the
firewall is
configured to not block port 25. (I had sendmail running
successfully
before, on an old system that finally went belly-up.)

- As noted above, I can successfully send mail that requires
sendmail to
connect to another smtp server that is outside my LAN.

All of this makes me think that there is some firewall-like
thing going
on where outbound smtp connections are okay but smtp sessions
that are
initiated by another host are not. The behavior with telnet
connections
only working if the port is not specified baffles me. With
selinux and
iptables turned off, I am out of ideas. Any suggestions?

TIA,

Debbie

*32-bit FC5 running on a 64-bit system because 54-bit FC5
installs but
won't boot completely. You may remember the recent thread...

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-list

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Telnet port 25
    ... Subject: Telnet port 25 ... is the sole responsibility of the customer and depends on the customer's ... Configuring sendmail 8.11.0 for Anti-Relay ...
    (AIX-L)
  • Re: Cant connect to port 25 from another system
    ... The default sendmail config in RH/Fedora has been to only listen on the ... I previously edited the sendmail.mc file to be sure it is listening on ... Both netstat and nmap confirm that the system *is* listening on port ... When I attempt to telnet to port 25 the connection fails. ...
    (Fedora)
  • Re: Cant connect to port 25 from another system
    ... Maybe there is a strict definition on which connections ... I have sendmail running ... Both netstat and nmap confirm that the system *is* listening on port ... When I attempt to telnet to port 25 the connection fails. ...
    (Fedora)
  • Re: Reasons behind defaulting atd and sendmail
    ... The port on the local machine for the outgoing ... firewall to allow incoming port 25 connections, ... the stock setup of Sendmail will send mail to the Internet. ... No regular desktop Fedora user will even thinkg about su'ing, vi'ing, or even consider needing an MTA. ...
    (Fedora)
  • Cant connect to port 25 from another system
    ... I have sendmail running ... Both netstat and nmap confirm that the system *is* listening on port ... When I attempt to telnet to port 25 the connection fails. ...
    (Fedora)