View Full Version : postfix smtp fedora and firewall

17th February 2008, 08:23 PM

I'm haveing trouble getting my postfix set up with fedora (ah the joys of 2 drives going down at once - one with my backup on it! )


I think this is ip tables related or MTA related issue

I've applied this which made some sense

/sbin/service sendmail stop
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
chkconfig sendmail off
chkconfig --list sendmail
sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off
alternatives --config mta

There are 2 programs which provide 'mta'.

Selection Command
*+ 1 /usr/sbin/sendmail.sendmail
2 /usr/sbin/sendmail.postfix

Enter to keep the current selection[+], or type selection number: 2

/sbin/chkconfig postfix on
/sbin/chkconfig --list postfix
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Which was from

It makes sense but what ever I do I can't open up port 25

Anyone had a similar prob?



17th February 2008, 08:26 PM
Okay we can see postfix is being used and enabled for each run level. Where is the error you get relating to TCP/25

Sure your ISP isn't blocking TCP/25 inbound?

17th February 2008, 08:31 PM
Sure your ISP isn't blocking TCP/25 inbound?

That shouldnt be an issue at this level because I have my own ip and I'm running this at the back of NAT (and it was working on Friday!)

I can for example run a local nmap scan on it and various ports are open - just not 25!

I also have port 25 open on my router

17th February 2008, 08:37 PM
Okay, so explain to me what you think is the problem. I am guessing from the host running the MTA that you cannot connect to the postfix smtp server on 25 and get a response?


telnet localhost 25

Further more, what does netstat -a output show? a service listening on *:25

17th February 2008, 08:45 PM
that you cannot connect to the postfix smtp server on 25 and get a response?

This is correct!

- but!

telnet localhost 25 gives me access to postfix!

if I try and access the private ip address I get this

telnet 25
telnet: connect to address Connection refused
telnet: Unable to connect to remote host

netstat -a | grep 25

gives me

unix 2 [ ACC ] STREAM LISTENING 5325 private/proxymap
unix 3 [ ] STREAM CONNECTED 8025
unix 3 [ ] STREAM CONNECTED 7925 /tmp/orbit-root/linc-ad4-0-ea5d5d73d2d
unix 3 [ ] STREAM CONNECTED 7725
unix 3 [ ] STREAM CONNECTED 5825 @/var/run/hald/dbus-KfvHAodvQP

17th February 2008, 08:47 PM
This is correct!

- but!

telnet localhost 25 gives me access to postfix!

if I try and access the private ip address I get this

Have you tried to test this from somewhere externally, ie. have a friend on the internet try? If you PM me some details I'll do a SMTP test against the IP you suggest.

Typically you cannot test your port forwarding from your internal network. It just don't work. Only limited number of routers will actually allow this.

It's handy to have access to a shell account somewhere externally to test (or as above have someone else telnet for you to test it).

EDIT: you pasted the wrong output from netstat -a (I want the first half of it as an example below)

root@auth1:~# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:mysql *:* LISTEN

In your case I want to know do you see something like the above (of course localhost:mysql) should show as *:smtp or *:25

EDIT2: As per PM looks to be blocked, see output below. Stripped your IP address of course.

purana@creep:~$ telnet w.x.y.z 25
Trying w.x.y.z...
telnet: Unable to connect to remote host: Connection refused

As per PM, problem is ISP, router or host running the SMTP. flush the iptables rules and we can try again. If it still fails then you have narrowed it down the other 2.

17th February 2008, 09:57 PM
Ah! I Seemed to have fixed it


inet_interfaces = localhost,

Just needed to assign the interface

This is now running well -

Big Thanks to purana - who's brain was a great thing to borrow while I was running out of ideas on this one



18th February 2008, 01:38 AM
That's alright, it's ALWAYS something you overlook. And I just checked it again, it now responds perfectly fine. I see the SMTP server spit out its response.