We are running Linux version 2.2.19-3-LEAF with the default firewalling. The LAN is using NAT. We are able to send mail to the server by adding the server name to the hosts file on the network machines. We are able to send mail out to external mailers (Yahoo, AOL), We can send mail from user to user inside the network. However, when sending TO the internal network the mail gets to the sendmail mail queue then gets deferred due to the mailserver's inability to contact the sending MTA. The openings in the firewall for smtp are: EXTERN_SMTP_PORTS = "0/0_ntp 0/0_smtp" and INTERN_SMTP_SERVER = 10.0.0.XXX
As far as the ISP, that is not the case for us. We can run anything on our pipe. However, we are still only testing the server so the mail will come from [EMAIL PROTECTED] until we are ready to go live. The only thing could be some strange name service rule that picks up on that unknown private.network. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ray Olszewski Sent: Friday, August 09, 2002 5:02 PM To: Craig Heil; [EMAIL PROTECTED] Subject: Re: SMTP problem (was: [leaf-user] (no subject)) At 03:18 PM 8/9/02 -0400, Craig Heil wrote: >The firewall has been in place for some time working great. We recently >began testing an internal mail server. >It has been tested internally fine. It can also send mail externally fine. >However, even though we have opened up the SMTP port everywhere in the >firewall, when you send mail outside to the machine, sendmail gets it into >the mail queue but then the message is deferred since it cannot talk back >through the firewall. The error message reads "(Deferred: Connection timed >out with XXX.XXX.XXX.XXX.)" where the XXX's are the firewall real-world IP >address. The port forwarding is also set up on the SMTP port. We have >checked through the config and found nothing that helps. Please advise. We need a bit more detail to be able to help. First, what version of LEAF are you using? Second, are you using its default firewalling or one of the drop-in firewall options? And am I correct in assuming that your LAN is NAT'd? Third, you say you "have opened up the SMTP port everywhere in the firewall" but that your internal SMTP server is failing because "it cannot talk back through the firewall". Given the error message you quote, the reasonable inference is that the second of your two statements is correct, which suggests that the first is wrong. So ... *how* did you open the SMTP port? Fourth, might your ISP be the actual culprit here? I've heard of (but not actually seen) ISPs that block incoming traffic to port 25 at their customers' IP addresses, in order to force the customers to use the ISP's mail servers as (POP3 or IMAP) relays. Finally, could you take another shot at explaining the circumstances under which the SMTP server fails to deliver? I read what you wrote to mean that if somebody tries to send an email to [EMAIL PROTECTED], where yourdomaim.com resolves to the IP address of your firewall, then the message gets stuck in the MTA (e.g., sendmail) queue of the sending machine (or whatever it uses as a relay for outgoing mail). That is, the "sendmail" you refer to is -NOT- the MTA you are running on your mail server. But that interpretation involves a lot of reading between the lines, so your confirming or correcting it would be worth while. -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ---------------------------------------------------------------------------- --- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
