Can get email through

wprauchholz · #1 2nd January 2011, 08:25 PM

I am setting up an email server. postfix is configured, firewall is up an running, as well as dns. Also users for the emails are setup on the server When sending an email from gmail, I get the following message:
Delivery to the following recipient failed permanently:

wp.rauchholz@theraugafamily.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 #5.1.0 Address rejected wp.rauchholz@theraugafamily.com (state 14).

From googling I understand the the email gets to my server, but then it is rejected. But I can't find a solution for the problem despite reading a lot on the web. Somebody can through me a lifeline here?
Here some more info:
DNS; an extract from my zone definition:
...
IN NS master ; Name Server for domain
IN MX 10 master ; Mail Exchange
theraugafamily.com. IN MX 10 master.theraugafamily.com.
...

extract from iptables

Chain INPUT (policy DROP 27 packets, 1621 bytes)
pkts bytes target prot opt in out source destination
1934 330K ACCEPT all -- lo * 127.0.0.0/8 127.0.0.0/8
2 122 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
1775 135K ACCEPT all -- eth2 * 192.168.20.0/24 192.168.20.0/24
4102 435K ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20 flags:0x17/0x02
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 flags:0x17/0x02
318 19080 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 flags:0x17/0x02
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 flags:0x17/0x02
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:465 flags:0x17/0x02
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 flags:0x17/0x02
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 flags:0x17/0x02
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:636 flags:0x17/0x02
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993 flags:0x17/0x02
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143 flags:0x17/0x02

Any ideas?

hmmsjan · #2 2nd January 2011, 08:52 PM

Dear wprauchholz,

From my location, your MX servers in DNS are
mailstore1.secureserver.net and smtp.secureserver.net,
which might imply that your address
wp.rauchholz@theraugafamily.com must be known there.
How do you transfer the e-mail to your box?

Good luck!

rmbrady · #3 2nd January 2011, 09:00 PM

Hi,
Google will be trying to deliver the email to smtp.secureserver.net.

Code:

[robert@pluto ~]$ dig theraugafamily.com MX

; <<>> DiG 9.7.2-P3-RedHat-9.7.2-4.P3.fc14 <<>> theraugafamily.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47999
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;theraugafamily.com.		IN	MX

;; ANSWER SECTION:
theraugafamily.com.	3494	IN	MX	10 mailstore1.secureserver.net.
theraugafamily.com.	3494	IN	MX	0 smtp.secureserver.net.

;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan  3 06:50:42 2011
;; MSG SIZE  rcvd: 100

Which has an address of

Code:

; <<>> DiG 9.7.2-P3-RedHat-9.7.2-4.P3.fc14 <<>> smtp.secureserver.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58818
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;smtp.secureserver.net.		IN	A

;; ANSWER SECTION:
smtp.secureserver.net.	300	IN	A	216.69.186.201

;; Query time: 392 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan  3 06:54:31 2011
;; MSG SIZE  rcvd: 55

I think you want the mail delivered to a machine called "master"

Code:

[robert@pluto ~]$ dig master.theraugafamily.com 

; <<>> DiG 9.7.2-P3-RedHat-9.7.2-4.P3.fc14 <<>> master.theraugafamily.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58643
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;master.theraugafamily.com.	IN	A

;; ANSWER SECTION:
master.theraugafamily.com. 3600	IN	A	68.178.232.99

;; Query time: 180 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan  3 06:50:58 2011
;; MSG SIZE  rcvd: 59

I think you need to modify the MX record on the domaincontrol.com nameservers that your domain is using.

Code:

[robert@pluto ~]$ dig theraugafamily.com NS

; <<>> DiG 9.7.2-P3-RedHat-9.7.2-4.P3.fc14 <<>> theraugafamily.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19089
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;theraugafamily.com.		IN	NS

;; ANSWER SECTION:
theraugafamily.com.	3600	IN	NS	ns58.domaincontrol.com.
theraugafamily.com.	3600	IN	NS	ns57.domaincontrol.com.

;; ADDITIONAL SECTION:
ns57.domaincontrol.com.	1424	IN	A	216.69.185.29
ns58.domaincontrol.com.	3160	IN	A	208.109.255.29

;; Query time: 178 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan  3 06:57:51 2011
;; MSG SIZE  rcvd: 120

wprauchholz · #4 2nd January 2011, 09:02 PM

Shoulnd't I be able to telent my server?

Jan 2 22:00:35 master postfix/postfix-script[8018]: stopping the Postfix mail system
Jan 2 22:00:35 master postfix/master[7942]: terminating on signal 15
Jan 2 22:00:35 master postfix/postfix-script[8093]: starting the Postfix mail system
Jan 2 22:00:35 master postfix/master[8094]: daemon started -- version 2.7.1, configuration /etc/postfix
[root@master postfix]# netstat -na | grep 25
tcp 0 0 192.168.20.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

But I am not able to

jpollard · #5 2nd January 2011, 09:02 PM

I don't know about from other places, but I cannot reach your mail server.

It looks like a routing error that causes a connection timeout.

One thing that could help is getting the full mail header from a rejected
or bounced message.

hmmsjan · #6 2nd January 2011, 09:15 PM

Quote:

Originally Posted by wprauchholz

Shoulnd't I be able to telent my server?

Jan 2 22:00:35 master postfix/postfix-script[8018]: stopping the Postfix mail system
Jan 2 22:00:35 master postfix/master[7942]: terminating on signal 15
Jan 2 22:00:35 master postfix/postfix-script[8093]: starting the Postfix mail system
Jan 2 22:00:35 master postfix/master[8094]: daemon started -- version 2.7.1, configuration /etc/postfix
[root@master postfix]# netstat -na | grep 25
tcp 0 0 192.168.20.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

But I am not able to

Should work. Are you using the command "telnet 192.168.20.1 25" or "telnet 127.0.0.1 25" ?
Unless the postfix configuration includes access restrictions.

wprauchholz · #7 2nd January 2011, 09:21 PM

Hmmm I don't understand.
I acquired a domain name through godaddy.com and added a dynamic dns service through zoneedit.com.

How do my names get WWDomains.com??

---------- Post added at 10:21 PM ---------- Previous post was at 10:17 PM ----------

Quote:

Originally Posted by hmmsjan

Should work. Are you using the command "telnet 192.168.20.1 25" or "telnet 127.0.0.1 25" ?
Unless the postfix configuration includes access restrictions.

Yes, here it gets stuck
[root@master postfix]# telnet 192.168.20.1 25
Trying 192.168.20.1...

But look at this
[root@master postfix]# telnet master 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to master.
Escape character is '^]'.
220 master.theraugafamily.com ESMTP Postfix

With the domain it does not work either
[root@master postfix]# telnet theraugafamily.com 25
Trying 192.168.20.1...

rmbrady · #8 2nd January 2011, 09:23 PM

Here is a bounced header - the mail is being delivered to smtp.secureserver.net, and rejected.
You need to fix your MX record to point to your mailserver

Code:

Reporting-MTA: dns; nskntmtas06p.mx.bigpond.com
Arrival-Date: Sun, 2 Jan 2011 21:13:48 +0000
Received-From-MTA: dns; nskntotgx01p.mx.bigpond.com (58.173.169.9)

Final-Recipient: RFC822; <wp.rauchholz@theraugafamily.com>
Action: failed
Status: 5.1.1
Remote-MTA: dns; smtp.secureserver.net (72.167.238.201)
Diagnostic-Code: smtp; 550 #5.1.0 Address rejected wp.rauchholz@theraugafamily.com

You will also need to allow port 25 through any routers / firewalls you have, as I cannot connect to it.

Code:

[robert@pluto ~]$ telnet master.theraugafamily.com 25 
Trying 68.178.232.99...

telnet: connect to address 68.178.232.99: Connection timed out

hmmsjan · #9 2nd January 2011, 09:34 PM

Could it be that somehow access from everything except 127.0.0.1
is blocked? With sendmail, this is the case in the standard Fedora config in order
to prevent mis-use.
But it's in contradiction with postfix listening on 192.168.20.1

wprauchholz · #10 2nd January 2011, 09:59 PM

Internally postfix works. I connected now from the client instead of the server with telnet
Result looks okay.
Or should I bne able to o the same excercise form the server itself?

[wp.rauchholz@theraugafamily01 ~]$ telnet theraugafamily.com 25
Trying 192.168.20.1...
Connected to theraugafamily.com.
Escape character is '^]'.
220 master.theraugafamily.com ESMTP Postfix
HELO master
250 master.theraugafamily.com
mail from:wp.rauchholz@theraugafamily.com
250 2.1.0 Ok
rcpt to:wp.rauchholz@theraugafamily.com
250 2.1.5 Ok
rcpt to:m.gainza@theraugafamily.com
250 2.1.5 Ok
Data
354 End data with <CR><LF>.<CR><LF>
From: Wolfgang
This is the body of the email here.
Thanks, Wolfgang
.
250 2.0.0 Ok: queued as 29072260A65
bye
502 5.5.2 Error: command not recognized
quit
221 2.0.0 Bye
Connection closed by foreign host.

---------- Post added at 10:37 PM ---------- Previous post was at 10:34 PM ----------

[QUOTE=rmbrady;1431555]Here is a bounced header - the mail is being delivered to smtp.secureserver.net, and rejected.
You need to fix your MX record to point to your mailserver

Code:

Reporting-MTA: dns; nskntmtas06p.mx.bigpond.com
Arrival-Date: Sun, 2 Jan 2011 21:13:48 +0000
Received-From-MTA: dns; nskntotgx01p.mx.bigpond.com (58.173.169.9)

Final-Recipient: RFC822; <wp.rauchholz@theraugafamily.com>
Action: failed
Status: 5.1.1
Remote-MTA: dns; smtp.secureserver.net (72.167.238.201)
Diagnostic-Code: smtp; 550 #5.1.0 Address rejected wp.rauchholz@theraugafamily.com

You will also need to allow port 25 through any routers / firewalls you have, as I cannot connect to it.

Code:

[robert@pluto ~]$ telnet master.theraugafamily.com 25 
Trying 68.178.232.99...

telnet: connect to address 68.178.232.99: Connection timed out

[/QUOTEI am not an expert at all. I therefore don't know where really to start.
I get a doamin with godaddy.com. Having a dynamic IP from my ISP, I added a dynamic DNS service with zoneedit.com. Is the problem more likely to be searched there? I never touched the domains you see as a result of your dig command

---------- Post added at 10:38 PM ---------- Previous post was at 10:37 PM ----------

I am not an expert at all. I therefore don't know where really to start.
I get a domain with godaddy.com. Having a dynamic IP from my ISP, I added a dynamic DNS service with zoneedit.com. Is the problem more likely to be searched there? I never touched the domains you see as a result of your dig command

---------- Post added at 10:59 PM ---------- Previous post was at 10:38 PM ----------

This is my zone file. I am pointing with the MX record to my server

;
; Zone File for "theraugafamily.com.com"
;
$TTL 1D
@ IN SOA master.theraugafamily.com. sysadmin.theraugafamily.com. (
10 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ) ; Minimum
;
IN NS master ; Name Server for domain
IN MX 10 master ; Mail Exchange
theraugafamily.com. IN MX 10 master.theraugafamily.com.
;
theraugafamily.com. IN A 192.168.20.1 ; IP address theraugafamily.com
master IN A 192.168.20.1 ; IP address for theraugafamiy.com
www IN CNAME master ; 'master' is also known as www
ftp IN CNAME master ; 'master' is also known as ftp

Do I need to add a MX record also to zoneedit.com? There is no explanation how this works.

rmbrady · #11 2nd January 2011, 10:29 PM

Hi,
You will need to tell godaddy.com that your domains nameservers are the zoneedit.com servers.
There should be a tool under your godaddy account to set the nameservers.

On the zoneedit .com server, you need to add the MX record.

On zoneedit, read the FAQ, http://www.zoneedit.com/faq.html

hmmsjan · #12 2nd January 2011, 10:35 PM

I think, the currently defined servers are related to godaddy.
What you do in house with the name server will not reach the internet.

The changing IP address makes it necessary to use a DDNS service,
so the nameserver for your domain should be one of the zoneedit nameservers.

These nameserver addresses have to be set, if possible, at godaddy.

Then, at zonedit, you have to enter your hosts and your MX records.

Good luck!

jpollard · #13 3rd January 2011, 01:23 AM

Something a little odd with:

Code:

tcp 0 0 192.168.20.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

Normally there would only be one entry (0.0.0.0), not two...

What does "fuser -n tcp 25" show? There should be one process id
reported (the mail daemon), if there are two, both should be the
same mail daemon.

hmmsjan · #14 3rd January 2011, 06:24 AM

Quote:

Originally Posted by jpollard

Something a little odd with:

Code:

tcp 0 0 192.168.20.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

Normally there would only be one entry (0.0.0.0), not two...

What does "fuser -n tcp 25" show? There should be one process id
reported (the mail daemon), if there are two, both should be the
same mail daemon.

Same here with Postfix,
tcp 0 0 192.168.1.70:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

but only after modification of /etc/postfix/main.cf:
inet_interfaces = localhost,$myhostname

With inet_interfaces = all:
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3065/master
tcp 0 0 :::25 :::* LISTEN 3065/master

the behaviour you describe is shown, including also the IPV6 socket.

And the other problem: look into the iptables rules:

1934 330K ACCEPT all -- lo * 127.0.0.0/8 127.0.0.0/8
1775 135K ACCEPT all -- eth2 * 192.168.20.0/24 192.168.20.0/24

This means: accept traffic from localhost to localhost and accept traffic within the
192.168.196.0 subnet.
However, telnet 192.168.196.20 25 is a connection from localhost into the 192.168.20.0
subnet, and there is no rule which accepts this, the only rule for port 25 is on the ppp interface.
Normally, I see rules for INPUT accepting some subnet or port without restrictions to the
destination.

The next steps have to be done at the providers side, and may be the router...

Good luck!

wprauchholz · #15 3rd January 2011, 03:29 PM

[root@master /]# fuser -n tcp 25
25/tcp: 8094

---------- Post added at 04:29 PM ---------- Previous post was at 03:57 PM ----------

I started again from scratch ad changed my domain to 'theragafamily.com'
It is all booked in dyndns. Would you please be so kind and dig theragafamily. Thanks