Help Needed: My RHEL5 box suddenly stopped accepting e-mails
zli at phys.hawaii.edu
Tue May 10 07:38:48 UTC 2011
Is there a firewall in your company? Your computers on the same subnet
able to telnet to 25. Your gmail doesn't work. Maybe you should ask
your IT department if there is a firewall and if it is blocking 25 to
On 2011-5-9 19:41, Mun wrote:
> Hi all,
> Well, unfortunately my IT dept is claiming their network is fine--and
> therefore the problem lies
> either with my system, or is not worth their time to debug. I am still
> trying to gather more
> evidence to prove that my system is operating correctly; but I am starting
> to lose hope that I
> will persevere in this effort. Although, I'm not willing to throw in the
> towel just yet.
> In any case, see below for additional comments.
> On Sun, May 8, 2011 at 2:27 PM, Barry Brimer<lists at brimer.org> wrote:
>> 1. Add an iptables logging rule that logs and connections to port 25 not
>>>> from localhost. Something like:
>>>> iptables -I INPUT -i ! lo -p tcp -m tcp --dport 25 -j LOG
>>> I am going to wait on the change because I don't feel comfortable doing
>>> just yet. Note
>>> that we have established that systems on my subnet can successfully telnet
>>> into port 25 of
>>> my system; whereas systems on other subnets cannot. Would the logging
>>> above provide
>>> additional information regarding the failed connection attempts to port
>> You're not blocking/allowing anything .. just logging, before any ACCEPT
>> rules. If you try to telnet to port 25 from another subnet with this rule
>> in place and you don't see connections getting logged, they're not getting
>> to your server.
> I went ahead and made the changes to the iptables logging as you suggested.
> When I use swaks to
> send my machine email from an offsite system, I _do_ see messages show up in
> my /var/log/messages
> file showing some kind of interaction between the offsite system and my
> system. I don't know what is
> being discussed between the systems, but the offsite system does finally
> timeout in it's attemt to connect.
> Does this imply my system is not allowing the remote system to send it
> email? And therefore it
> _is_ my system that is at fault?
> BTW, out of curiosity, how do I remove the iptables logging? (Assuming this
> issue ever gets
> resolved and I want to reduce the amount of logging.)
>> 6. Verify other Internet communications work .. perhaps you've got a bad
>>>> route of some kind.
>>> I seem to be able to do other internet activity without any problems.
>> What about connecting to other internal hosts that are on a different
>> subnet. I still think this could be routing related. Have you verified
>> your routing table with IT?
> I can connect to systems via ssh on different subnets within the company.
> I have not verified my routing table with IT. I would not know what to
> I did send my IT dept a traceroute from a remote system that cannot send my
> system email.
> I don't know if that is of any value, but I'm just trying to keep nudging
> them with data and
> hoping something will trigger an "ah ha!" moment.
>> 7. Run some tests with swaks<http://jetmore.org/john/code/swaks/>
>>> I'm not familiar with swaks; but I'll look into it.
>> I usually manually telnet to port 25 and have an SMTP conversation with the
>> mail server. If you don't speak fluent SMTP, swaks can help.
> swaks works great! Especially for someone like me. Thanks for that tip.
>> 8. Use system-switch-mail to verify that your system is using sendmail.
>> My system is running sendmail. However, I'm not familiar with
>>> system-switch-mail, nor could
>>> I find that command on my system.
>> If you ever had postfix or qmail installed from RH it installs in a way
>> that allows you to switch between MTAs. system-switch-mail manages symlinks
>> to make sure everything lines up correctly. You can install the
>> system-switch-mail package if you like. Probably not needed.
> Oh, I see. I have not installed any other MTA's onto my system. At one
> point I was considering
> that as another test of my system; but I don't think that test is needed
> anymore. It seems we
> have proven that sendmail is working properly, and that the problem is
> outside of the MTA.
> Many thanks to all that are trying so hard to help me out! I wish just one
> of you worked my
> company's IT dept ;)
> Best regards,
More information about the redhat-list