Help Needed: My RHEL5 box suddenly stopped accepting e-mails

Mun mjelists at gmail.com
Tue May 10 18:34:43 UTC 2011


Hi Jacky,


On Tue, May 10, 2011 at 12:38 AM, Jacky Li <zli at phys.hawaii.edu> wrote:

> Hi,
>
> Is there a firewall in your company?  Your computers on the same subnet
> able to telnet to 25.  Your gmail doesn't work.  Maybe you should ask your
> IT department if there is a firewall and if it is blocking 25 to your
> computer.
>

My IT dept said there is no firewall between the exchange server and my
system.
Computers at my site (various subnets) can successfully telnet to port 25 of
my machine.

Regards,

-- 
Mun



>
> Jacky
>
>
> On 2011-5-9 19:41, Mun wrote:
>
>> Hi all,
>>
>> Well, unfortunately my IT dept is claiming their network is fine--and
>> therefore the problem lies
>> either with my system, or is not worth their time to debug.  I am still
>> trying to gather more
>> evidence to prove that my system is operating correctly; but I am starting
>> to lose hope that I
>> will persevere in this effort.  Although, I'm not willing to throw in the
>> towel just yet.
>>
>> In any case, see below for additional comments.
>>
>> On Sun, May 8, 2011 at 2:27 PM, Barry Brimer<lists at brimer.org>  wrote:
>>
>>  1.  Add an iptables logging rule that logs and connections to port 25 not
>>>
>>>> from localhost.  Something like:
>>>>> iptables -I INPUT -i ! lo -p tcp -m tcp --dport 25 -j LOG
>>>>>
>>>>>
>>>>>  I am going to wait on the change because I don't feel comfortable
>>>> doing
>>>> this
>>>> just yet.  Note
>>>> that we have established that systems on my subnet can successfully
>>>> telnet
>>>> into port 25 of
>>>> my system; whereas systems on other subnets cannot.  Would the logging
>>>> rule
>>>> above provide
>>>> additional information regarding the failed connection attempts to port
>>>> 25?
>>>>
>>>>  You're not blocking/allowing anything .. just logging, before any
>>> ACCEPT
>>> rules.  If you try to telnet to port 25 from another subnet with this
>>> rule
>>> in place and you don't see connections getting logged, they're not
>>> getting
>>> to your server.
>>>
>>
>> I went ahead and made the changes to the iptables logging as you
>> suggested.
>>  When I use swaks to
>> send my machine email from an offsite system, I _do_ see messages show up
>> in
>> my /var/log/messages
>> file showing some kind of interaction between the offsite system and my
>> system.  I don't know what is
>> being discussed between the systems, but the offsite system does finally
>> timeout in it's attemt to connect.
>>
>> Does this imply my system is not allowing the remote system to send it
>> email?  And therefore it
>> _is_ my system that is at fault?
>>
>> BTW, out of curiosity, how do I remove the iptables logging?  (Assuming
>> this
>> issue ever gets
>> resolved and I want to reduce the amount of logging.)
>>
>>
>>
>>
>>>  6.  Verify other Internet communications work .. perhaps you've got a
>>> bad
>>>
>>>> route of some kind.
>>>>>
>>>>>
>>>>>  I seem to be able to do other internet activity without any problems.
>>>>
>>>>  What about connecting to other internal hosts that are on a different
>>> subnet.  I still think this could be routing related.  Have you verified
>>> your routing table with IT?
>>>
>>
>> I can connect to systems via ssh on different subnets within the company.
>> I have not verified my routing table with IT.  I would not know what to
>> verify.
>>
>> I did send my IT dept a traceroute from a remote system that cannot send
>> my
>> system email.
>> I don't know if that is of any value, but I'm just trying to keep nudging
>> them with data and
>> hoping something will trigger an "ah ha!" moment.
>>
>>
>>   7.  Run some tests with swaks<http://jetmore.org/john/code/swaks/>
>>>
>>>> I'm not familiar with swaks; but I'll look into it.
>>>>
>>>>  I usually manually telnet to port 25 and have an SMTP conversation with
>>> the
>>> mail server.  If you don't speak fluent SMTP, swaks can help.
>>>
>>
>> swaks works great!  Especially for someone like me.  Thanks for that tip.
>>
>>
>>
>>
>>>  8.  Use system-switch-mail to verify that your system is using sendmail.
>>>  My system is running sendmail.  However, I'm not familiar with
>>>
>>>> system-switch-mail, nor could
>>>> I find that command on my system.
>>>>
>>>>  If you ever had postfix or qmail installed from RH it installs in a way
>>> that allows you to switch between MTAs.  system-switch-mail manages
>>> symlinks
>>> to make sure everything lines up correctly.  You can install the
>>> system-switch-mail package if you like.  Probably not needed.
>>>
>>>  Oh, I see.  I have not installed any other MTA's onto my system.  At one
>> point I was considering
>> that as another test of my system; but I don't think that test is needed
>> anymore.  It seems we
>> have proven that sendmail is working properly, and that the problem is
>> outside of the MTA.
>>
>> Many thanks to all that are trying so hard to help me out!  I wish just
>> one
>> of you worked my
>> company's IT dept ;)
>>
>> Best regards,
>>
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



More information about the redhat-list mailing list