Troubleshooting SMTP/TELNET
This is a discussion on Troubleshooting SMTP/TELNET within the Linux Networking forums, part of the Linux Forums category; Ok, My SMTP is unable to accept connections from non-local subnets. Is this an SMTP thing or something else... ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-31-2005
|
|||
|
|||
Troubleshooting SMTP/TELNET
Ok, My SMTP is unable to accept connections from non-local subnets. Is
this an SMTP thing or something else... my inetd.conf file has TELNET remarked out. So, I can actually NOT TELNET in to this box from anywhere,but I CAN telnet in on port 25 from the local subnet. What can block port 25 telnet sessions? Carl 
|
|
01-31-2005
|
|||
|
|||
|
Re: Troubleshooting SMTP/TELNET
Carl Hilton wrote: > Ok, My SMTP is unable to accept connections from non-local subnets. Is > this an SMTP thing or something else... my inetd.conf file has TELNET > remarked out. So, I can actually NOT TELNET in to this box from > anywhere,but I CAN telnet in on port 25 from the local subnet. What can > block port 25 telnet sessions? So, you are not running the telnetd, but you are running a SMTP (sendmail?) daemon that is set to listen for _all_ incoming connections? Double check what it is prepared to accept. I have to assume you're running sendmail till you say otherwise ;-) What do you mean by "non-local" subnets? From the internet or LAN based subnets different from the subnet of your SMTP server/daemon? I presume you mean the internet -- this is good that connections are blocked. Are the SYN packets (to port 25?) blocked by a firewall rule? Or is this (additionally?) a sendmail configuration? Hopefully, _both_ are in effect but your config is allowing other _LAN_ hosts to use your sendmail as a GW MTA. Check that your firewall rules are not allowing outside traffic through port 25. Most host based firewalls and GWs allow outgoing SYN packets (including mail on port 25) and their replies to pass through, which is OK for now. RH/FC come with sendmail configured to _only_ accept connections from localhost -- no other hosts can connect, neither local LAN nor internet. I'm not sure of other distros. The other day someone posted that their experience was that other distros _allow_ LAN host connections to the listening sendmail daemon. Do you have/use a gui tool to configure sendmail or do you use a text editor? If the former, check for an option that allows sendmail to accept (or reject) local LAN connections. This (accept local LAN connections) is usually only done if you are running a sendmail gateway for the LAN. Check your sendmail.mc file for DAEMON_OPTIONS. Mine (on a RH box) reads: DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl Do NOT make any changes to sendmail.cf or sendmail.mc before making backups! Repeat: do NOT make any changes without backups. Do not trust your gui tool to make backups for you (if you are using one). Read the /usr/share/sendmail-cf/README for some background and check your distro docs for any info they provide about the MTA setup. I'm reluctant to go further for fear I'll break your mail. Probably not what you want. Check your MTA config and any docs with your distro, then post back if you have questions on how to set things up the way you want. Be sure to mention your distro and what mailer you are using for your MTA. Perhaps a copy of your /etc/mail/sendmail.mc with _all_ the comments stripped out. If you attempt to make changes to the sendmail configuration via a text editor, be sure you understand the use of sendmail.mc and the m4 processor to generate the sendmail.cf file. Directly editing sendmail.cf is not for mere mortals. If you're using another mailer the setup details will vary significantly but the options (in this case) will be "conceptually" similar. I'm just assuming you're using sendmail as that is the most commonly used MTA. .. hth, prg email above disabled
|
|
01-31-2005
|
|||
|
|||
|
Re: Troubleshooting SMTP/TELNET
Carl Hilton <carlvh@gmail.com> wrote:
> Ok, My SMTP is unable to accept connections from non-local subnets. Is > this an SMTP thing or something else... my inetd.conf file has TELNET > remarked out. So, I can actually NOT TELNET in to this box from > anywhere,but I CAN telnet in on port 25 from the local subnet. What can > block port 25 telnet sessions? What's your actual question? I see several possible candidates here... * You want to accept SMTP connections from elsewhere * You want to accept TELNET conections from the local network * You want to accept TELNET connections from elsewhere Why are you even considering telnet? Please look at using ssh instead! Chris
|
|
01-31-2005
|
|||
|
|||
|
Re: Troubleshooting SMTP/TELNET
Carl Hilton wrote:
> Ok, My SMTP is unable to accept connections from non-local subnets. Is > this an SMTP thing or something else... my inetd.conf file has TELNET > remarked out. So, I can actually NOT TELNET in to this box from > anywhere,but I CAN telnet in on port 25 from the local subnet. What can > block port 25 telnet sessions? > > Carl You can have your SMTP only configured to accept mails from your local box or you have a firewall that is blocking port 25. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@bgsec.com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAŅA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
|
|
01-31-2005
|
|||
|
|||
|
Re: Troubleshooting SMTP/TELNET
In article <1107176767.826799.279080@f14g2000cwb.googlegroups .com>,
Carl Hilton <carlvh@gmail.com> wrote: > Ok, My SMTP is unable to accept connections from non-local subnets. Is > this an SMTP thing or something else... my inetd.conf file has TELNET > remarked out. So, I can actually NOT TELNET in to this box from > anywhere,but I CAN telnet in on port 25 from the local subnet. What can > block port 25 telnet sessions? > > Carl Carl, I assume you are using a default configuration. First, your immediate question: We have to distinguish telnet as a tool vs. TELNET as a protocol. When your inetd.conf has TELNET marked out, this means your box will not accept connections over the usual TELNET port. On the otherhand, we use the telnet program as a tool to test connections to port 25, the SMTP port. You say you can do this from your LAN but not from outside. You'll have to find out what's blocking these connections... Might the firewall on your box, might be that outbound port 25 connections are blocked by the ISP where you did your outside test (Verizon does this to reduce spam), or etc. My first guess is you did a test from someone's cable connection and that ISP is blocking port 25. Try from several different types of outside connections. Once you can telnet your.domain 25 from outside IPs, then you'll have to configure sendmail or postfix to accept connections from certain locations but not be an "open relay" that will be abused. Also, if you do have an open relay, you'll quickly become a pariah on the internet. In my setup, - port 25 connections are accepted - sendmail is configured to accept any mail for valid addresses in the local domain (user accounts, aliases in /etc/mail/aliases, and domains specified in /etc/sendmail.cf) - sendmail is configured to accept mail for outside addresses ONLY from certain specific ips from which my users connect... (do this in /etc/mail/access) - I prefer to create an ssh tunnel for ports 25 and 110 so my remote users can send mail with me having to edit /etc/mail/access. SMTP Auth or STMP-after-POP would also help here. - Note: run newaliases after editing /etc/mail/aliases and rebuild access.db after editing /etc/mail/access (Hope I have all of this right... I don't fiddle these things every day and it's easy to forget things.) Hope this helps. -- Sally -- Sally Shears (a.k.a. "Molly") SallyShears@gmail.com -or- Sally@Shears.org http://theWorld.com/~sshears
|
|
02-01-2005
|
|||
|
|||
|
Re: Troubleshooting SMTP/TELNET
I AM using SENDMAIL. downloaded from SENDMAIL.ORG, running on a
SLACKWARE LINUX box. I am using TELNET for troubleshooting SMTP purporses ONLY. I have ALL my subnets listed by IP in my /etc/mail/access and I HAVE refreshed/rebuilt the access.db. my sendmail.mc: divert(0)dnl VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $') OSTYPE(linux)dnl DOMAIN(generic)dnl FEATURE(`access_db') MAILER(local)dnl MAILER(smtp)dnl define(`confPRIVACY_FLAGS',`authwarnings,needmailh elo,needexpnhelo,needvrfyhelo,noexpn,restrictmailq ,restrictqrun') Thanks for everybody's replies.
|
|
02-03-2005
|
|||
|
|||
|
Re: Troubleshooting SMTP/TELNET
On 1 Feb 2005 03:57:57 -0800, Carl Hilton <carlvh@gmail.com> wrote:
> I AM using SENDMAIL. downloaded from SENDMAIL.ORG, running on a > SLACKWARE LINUX box. I am using TELNET for troubleshooting SMTP > purporses ONLY. I have ALL my subnets listed by IP in my > /etc/mail/access and I HAVE refreshed/rebuilt the access.db. > > my sendmail.mc: > > divert(0)dnl > VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp > $') > OSTYPE(linux)dnl > DOMAIN(generic)dnl > FEATURE(`access_db') > MAILER(local)dnl > MAILER(smtp)dnl > define(`confPRIVACY_FLAGS',`authwarnings,needmailh elo,needexpnhelo,needvrfyhelo,noexpn,restrictmailq ,restrictqrun') > Thanks for everybody's replies. What do your mail logs say when you attempt to telent to smtp server port 25 from other local subnets? Do you have proper routing to other local subnets (can you ping/traceroute from the server to those client IPs)?
|
Linear Mode
