Can't connect to port 25 from another system
Jeff Vian
jvian10 at charter.net
Sat Apr 22 02:28:01 UTC 2006
On Fri, 2006-04-21 at 18:50 -0700, Filippos Klironomos wrote:
> Only thing I can think of is /etc/hosts.allow and /etc/hosts.deny file
> that the tcpd daemon uses for
> additional security. Maybe there is a strict definition on which
> connections should go through.
>
> Also why don't you use tcpdump to see what is going on in the incoming
> traffic on the machine. Maybe
> increase the log level of the kernel by
>
> /sbin/sysctl -w net.ipv4.netfilter.ip_conntrack_log_invalid=1
>
> to see what is dropped and why.
>
> Filippos
>
Is there a reason you are sending what appears to be encoded binary to
the mailing list? The below is only a part of your message.
Jeff
--===============1981184131==
Content-Type: multipart/alternative;
boundary="----=_Part_31304_3263355.1145670621599"
------=_Part_31304_3263355.1145670621599
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
Content-Disposition: inline
T25seSB0aGluZyBJIGNhbiB0aGluayBvZiBpcyAvZXRjL2hvc3RzLmFsbG93IGFuZCAvZXRjL2hv
c3RzLmRlbnkgZmlsZSB0aGF0CnRoZSB0Y3BkIGRhZW1vbiB1c2VzIGZvcgphZGRpdGlvbmFsIHNl
Y3VyaXR5LiBNYXliZSB0aGVyZSBpcyBhIHN0cmljdCBkZWZpbml0aW9uIG9uIHdoaWNoIGNvbm5l
Y3Rpb25zCnNob3VsZCBnbyB0aHJvdWdoLgoKQWxzbyB3aHkgZG9uJ3QgeW91IHVzZSB0Y3BkdW1w
IHRvIHNlZSB3aGF0IGlzIGdvaW5nIG9uIGluIHRoZSBpbmNvbWluZwp0cmFmZmljIG9uIHRoZSBt
YWNoaW5lLiBNYXliZQppbmNyZWFzZSB0aGUgbG9nIGxldmVsIG9mIHRoZSBrZXJuZWwgYnkKCi9z
YmluL3N5c2N0bCAtdyBuZXQuaXB2NC5uZXRmaWx0ZXIuaXBfY29ubnRyYWNrX2xvZ19pbnZhbGlk
PTEKCnRvIHNlZSB3aGF0IGlzIGRyb3BwZWQgYW5kIHdoeS4KCkZpbGlwcG9zCgpPbiA0LzIxLzA2
LCBEZWJiaWUgRGV1dHNjaCA8ZmVkb3JhbGlzdEBkZGV1dHNjaC5vcmc+IHdyb3RlOgo
+Cj4gUGVy
Jeff
> On 4/21/06, Debbie Deutsch <fedoralist at ddeutsch.org> wrote:
> Perhaps someone can help me with this problem. I have
> sendmail running
> on an FC5 system.* It works to the extent that I can send
> email from
> that system to other systems in other domains. The problem is
> that
> other systems cannot initiate a connection to it. Here are
> the key
> facts that I have been able to confirm:
>
>
> - I previously edited the sendmail.mc file to be sure it is
> listening on
> port 25 and did a make to update sendmail.cf. Then I stopped
> and
> restarted sendmail.
>
> - Sendmail is definitely running.
>
> - Both netstat and nmap confirm that the system *is* listening
> on port
> 25, as it should be.
>
> - When I attempt to telnet to port 25 the connection fails.
> However,
> telnet definitely is running. I can telnet to the host
> without
> specifying a port and successfully communicate with the telnet
> server.
> On the other hand, when I try to telnet to port 23 (where
> netstat and
> nmap confirm that the telnet server is listening), I get the
> same error
> as when I try to telnet to port 25. I have tried this from
> multiple
> hosts on my LAN, all with the same results.
>
> - In an effort to rule out firewalls as a possible source of
> the
> problem, I disabled selinux completely and stopped
> iptables. (I did not
> see anything in iptables that should block port 25 but I
> wanted to be
> sure it was not the source of the problem.)
>
> - All of the above testing was done on my LAN. The traffic
> did not
> traverse my hardware router/firewall. In any case, the
> firewall is
> configured to not block port 25. (I had sendmail running
> successfully
> before, on an old system that finally went belly-up.)
>
> - As noted above, I can successfully send mail that requires
> sendmail to
> connect to another smtp server that is outside my LAN.
>
> All of this makes me think that there is some firewall-like
> thing going
> on where outbound smtp connections are okay but smtp sessions
> that are
> initiated by another host are not. The behavior with telnet
> connections
> only working if the port is not specified baffles me. With
> selinux and
> iptables turned off, I am out of ideas. Any suggestions?
>
> TIA,
>
> Debbie
>
> *32-bit FC5 running on a 64-bit system because 54-bit FC5
> installs but
> won't boot completely. You may remember the recent thread...
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe:
> https://www.redhat.com/mailman/listinfo/fedora-list
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
More information about the fedora-list
mailing list