Re: [leaf-user] SMTP port fwd OK, but connection reset or timeout by Mercury Server

Thu, 18 Dec 2003 16:13:23 -0800

I'm not sure what is going on with your system, but when I tried here to check on your mail server, I found an odd DNS entry associated with your SMTP server:

        [EMAIL PROTECTED]:~$ host -t MX oakcitynet.com
        oakcitynet.com          MX      10 oakcitysrv.oakcitynet.com
        [EMAIL PROTECTED]:~$ host oakcitysrv.oakcitynet.com
        oakcitysrv.oakcitynet.com       A       192.168.1.2
        [EMAIL PROTECTED]:~$ host oakcitynet.com
        oakcitynet.com A record currently not present

From this, I'm somewhat surprised that any traffic is reaching your mail server from the Internet. (If I "ping oakcitysrv.oakcitynet.com", I get responses that are clearly from the 192.168.1.2 host on my LAN.)

Since you elected in your reporting to conceal your external IP address, there is no further testing I can do.

At 05:30 PM 12/18/2003 -0500, Dr. Richard W. Tibbs wrote:
Dear list.
This may be a touch off-thread.
My Dachstien firewall successfully port-forwards SMTP connections to my Mercury Mail sever running on a Windows2003 server box. But connections either timeout or are reset by the server, according to the outgoing SMTP server at work
(see below).
Furthermore, I have the Mercury SMTP relay client configured.
My questions:
Is there an additional port that needs to be opend up on the firewall for an SMTP relay client?
Can anyone suggest a tutorial on SMTP and Relay clients?
Port 25 is already working, as the byte/pkt counts from weblet show.
Thanks in advance to anyone, including any Mercury config wizards.
Symptoms and configs listed below.
Rick.


The Mercury mail SMTP server gets connections right away and after a timeout period (which is up to 600 seconds now)
the connection log shows "Job Aborted"

This is the response from work mail server upon sending test msg to a mail user on the Mercury server:
**********************************************
** THIS IS A WARNING MESSAGE ONLY **
** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
**********************************************

The original message was received at Thu, 18 Dec 2003 10:34:02 -0500 (EST)
from exchange.radford.edu [137.45.126.2]

   ----- The following addresses had transient non-fatal errors -----
<[EMAIL PROTECTED]>

----- Transcript of session follows -----
... while talking to oakcitysrv.oakcitynet.com.:
>>> MAIL From:<[EMAIL PROTECTED]>
<<< 421 service not available, closing channel.
<[EMAIL PROTECTED]>... Deferred: Connection reset by oakcitysrv.oakcitynet.com.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old



This is segment of firewall rules from weblet:
======================================snip =================
Input Chain:
0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 216.12.x.y * -> 143
3390 226K ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 216.12.x.y * -> 80
3669 176K ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 216.12.x.y * -> 25
0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 216.12.x.y * -> 53
2 120 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 113
16434 9750K ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
1764 123K ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 68
0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 216.12.x.8y * -> 53
0 0 DENY udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 67
2360 559K ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
10308 945K ACCEPT icmp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> *
0 0 ACCEPT ospf ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a
159 8060 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a
39694 5415K ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a

Port Forwarding
prot localaddr            rediraddr               lport    rport  pcnt  pref
UDP  216.12.x.y         192.168.a.b                53       53     9    10
TCP  216.12.x.y         192.168.a.b               143      143    10    10
TCP  216.12.x.y         192.168.a.b                53       53    10    10
TCP  216.12.x.y         192.168.a.b                80       80     1    10
TCP  216.12.x.y         192.168.a.b                25       25     2    10

===================== snip ============================

And finally, the essential config from Dachstein is:

...
EXTERN_UDP_PORT0 "0/0 domain"
...
EXTERN_TCP_PORT0 "0/0 www"
EXTERN_TCP_PORT1 "0/0 smtp"
EXTERN_TCP_PORT2 "0/0 imap"
EXTERN_TCP_PORT3 "0/0 domain"
...

INTERN_SERVERS="tcp_216.12.w.z_domain_192.168.x.y_domain udp_216.12.w.z_domain_192.168.x.y_domain tcp_216.12.w.z_www_192.168.x.y_www tcp_216.12.w.z_smtp_192.168.x.y_smtp tcp_216.12.w.z_imap_192.168.x.y_imap" 







-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to