Hi Robert, On Sun, May 8, 2011 at 4:09 AM, lists-redhat < replies-lists-b3z1-redhat@xxxxxxxxxxxxxxxxxxxxx> wrote: > I don't think that you explicitly responded to the status of > iptables. I use the "old-fashioned" way to control services .. > > /etc/rc.d/init.d/iptables status > ... stop (if it's running) > My apologies for missing that. Here is the output of the 'iptables status' command: Firewall is stopped. > > [this is done as root of course.] If you have iptables running > you'll want to only have it off for testing periods. > > If iptables was on, try telnetting to port 25 from off-host again. > > If that (still) failes, do you have access to another machine on the > same subnet? If so, try telnetting to port 25 on your machine from > there. If you get the sendmail herald, then the issue is definitely > off-host (and you just proved it). By being on the same subnet, with > no serious network hardware between the machines, you're avoiding > policy stuff they your networking types may have put in place in > routers. > Okay, so to do a checkpoint here: since my firewall is off, *and* because other Linux boxes on the same subnet as my box _can_ successfully telnet into port 25 of my box, that implies the issue is not with my box, right? > > If things fail to this point (e.g., you don't have access to another > machine on your subnet), there are still a few things to do. > > >From another machine try telnetting to ports on your machine where > you don't have a service running - e.g., 1025, 2025, 3080, etc., > until you get a "Connection refused" response. That will tell you > that your machine is reachable on that port, but you don't have > anything running there. If that's successful (i.e., they haven't > totally firewalled you off), you can start up sendmail on this other > port (this requires a one-line modification to your sendmail.cf so > make certain you have a copy of your current sendmail.cf. **this is > only to prove a point, and won't work for general mail delivery**. > > > Following up on a few points in other threads: > > An entry in hosts.deny (or a deny entry in hosts.allow) will still > get you a sendmail connection herald. You'll just get a rejection > when you try to submit a message (with a "550 5.0.0 Access denied" > error on it). Your issue is that the message delivery is timing out, > so this isn't related to the host.deny/allow settings. > Thanks for the explanation. > > You don't need to prove that your machine will deliver mail (yet), > as the issue is that connections to it are timing out. So, don't > worry about trying to have a chat with sendmail in order to submit a > message manually. Once you can reach sendmail/port 25 from a machine > off your subnet, if it still has issues with accepting/delivering > mail, then those issues can be addressed. > I see. So does the fact that I get a "Connection timed out." when I try to telnet into port 25 from a machine from a different subnet than my machine imply the company has something mis-configured somewhere? > > If you have SELinux enabled (and there were some updates on it > recently), that would effect sendmail's ability to start and run, > but you've proved that it's running (you're getting the herald from > on-host connections). > > The smarthost entry applies to how outbound mail is handled, not > inbound, so of no effect here. > Oh, okay. Thanks very much for all the help (everyone!). I'd be lost without you folks. Kind regards, -- Mun > > > - Richard > > > > ------------ Original Message ------------ > > Date: Saturday, May 07, 2011 09:51:53 PM -0700 > > From: Mun <mjelists@xxxxxxxxx> > > To: redhat-list@xxxxxxxxxx > > Subject: Re: Help Needed: My RHEL5 box suddenly stopped accepting > e-mails > > > > Hi Richard, > > > > On Sat, May 7, 2011 at 1:50 PM, lists-redhat < > > replies-lists-b3z1-redhat@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > >> if you're telnetting specifically to port 25, the smtp port (not > >> generically to the machine, which will get you to port 23) and > >> you're getting "connection lost" or "connection timed out", then > >> you most likely have some type of a firewall issue. > >> > > > > Yes, for the experiment I was telnetting specifically to port 25. > > Your assessment of the issue does appear to have merit: Note that > > when I sent > > an email from my gmail account to my workstation, gmail eventually > > sent me a warning > > stating that "The recipient server did not accept our requests to > > connect." Which > > seems to reinforce your theory. > > > > > >> from the machine itself, try telnetting to its port 25 *by > >> ipnumber* (not name). make certain that you see that it's not > >> trying to connect to 127.0.0.1 (which will probably happen if you > >> try by name). if you get a connect, then it's likely an off-host > >> firewall/routing issue. > >> > > > > I got a connection to sendmail. > > > > > >> > >> then, try telnetting to "127.0.0.1 25" -- you should get sendmail > >> connect. > >> > > > > I got a connection to sendmail. > > > > > >> if the telnetting to port 25 by the machine's ipnumber gets a hang > >> then you likely have an on-host firewall issue. iptables is the > >> most likely machine-specific firewall. you can look in > >> /etc/sysconfig to see if you have an iptables setup. if so, turn > >> iptables off and try telnetting in to port 25 (by ipnumber and > >> from off-host) and see what you get. > >> > >> if the issue appears to be an off-host firewall issue, then you > >> need to step back and see what's going on from the outside. > >> > > > > It would seem that I am here, right? > > > > > >> > >> [honestly, if you did nothing to your machine setup, i'd bet on > >> some external/network change to be causing your issue.] > >> > > > > I'm a little nervous that the updates that were installed did > > something to cause this > > side affect--but by reading their descriptions, that shouldn't of > > been the case. Furthermore, > > since I downgraded the respective patches I should be back to a > > working system. > > > > Thus, I am in agreement that it _does_ seem to be something > > external to my machine. > > Although, my IT dept does not agree; so I may be out of luck. > > > > > >> > >> [by the way, you don't need to reboot the machine to restart > >> sendmail, or other service starts/stops (rebooting to restart/fix > >> things is the windows approach to life, and not generally > >> necessary, or recommended, in the unix world.)] > >> > > > > Agreed. I did the reboots in response to downgrading packages. > > Strictly speaking, > > the downgrades did not require reboots. But because the downgrade > > had no affect on my problem, > > I thought I'd reboot--just in case. Plus, I was desperate. > > > > Kind regards, > > > > -- > > Mun > > > > > > > >> > >> - Richard > >> > >> > >> ------------ Original Message ------------ > >> > Date: Saturday, May 07, 2011 01:09:55 PM -0700 > >> > From: Mun <mjelists@xxxxxxxxx> > >> > To: redhat-list@xxxxxxxxxx > >> > Subject: Re: Help Needed: My RHEL5 box suddenly stopped > >> > accepting > >> e-mails > >> > > >> > Hi Richard, > >> > > >> > > >> > On Sat, May 7, 2011 at 3:38 AM, lists-redhat < > >> > replies-lists-b3z1-redhat@xxxxxxxxxxxxxxxxxxxxx> wrote: > >> > > >> >> in your .cf, what do you have as an active (not commented out) > >> >> option the under: > >> >> > >> >> # SMTP daemon options > >> >> > >> >> tag? > >> >> > >> >> is it: > >> >> > >> >> O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA > >> >> > >> >> or something more along the lines of one of the following: > >> >> > >> >> O DaemonPortOptions=Name=IPv4, Family=inet > >> >> > >> >> O DaemonPortOptions=Name=MTA > >> >> > >> > > >> > I have the choice immediately above in my sendmail.cf: > >> > DaemonPortOptions=Name=MTA > >> > > >> > > >> >> > >> >> The first, with the 127.0.0.1, is the default for RHEL and will > >> >> only accept localhost mail. The other two are forms will allow > >> >> it to accept mail from off localhost. > >> >> > >> >> If that looks ok, try telnetting to port 25 on this machine > >> >> from off-host - e.g., from the exchange server. Do you get a > >> >> "connection refused" response or a "hang". If "connection > >> >> refused", then it's most likely the sendmail daemon doing the > >> >> blocking. If you get a "hang", then it's likely a firewall of > >> >> some nature, e.g., iptables. > >> >> > >> > > >> > I get "connection lost" or "Connection timed out"; depending on > >> > the computer I use to run telnet. > >> > The "connection lost" is what my Windows XP box returned; and > >> > the "Connection timed out" is what > >> > another Linux box returned. > >> > > >> > > >> >> Have you looked at your machine's logs (maillog, messages, > >> >> secure being the most obvious) they may give some hints. > >> >> > >> > > >> > Yes. I have looked at those, as has the company's IT dept. But > >> > there were no messages that > >> > would help with this issue. > >> > > >> > > >> >> > >> >> Have you restarted sendmail? > >> >> > >> > > >> > Yes. I've also rebooted a coupled of times; nothing seems to > >> > help. > >> > > >> > It's just so weird that with no obvious changes made (except for > >> > the updates applied and then > >> > downgraded that I mentioned in my initial message) that my box > >> > would just all of the sudden > >> > stop accepting email. > >> > > >> > Thanks very much for the reply. I greatly appreciate the ideas. > >> > > >> > Regards, > >> > > >> > -- > >> > Mun > >> > > >> > > >> > > >> >> > >> >> - Richard > >> >> > >> >> > >> >> > >> >> ------------ Original Message ------------ > >> >> > Date: Friday, May 06, 2011 04:48:34 PM -0700 > >> >> > From: Mun.Johl@xxxxxxxxxx > >> >> > Subject: RE: Help Needed: My RHEL5 box suddenly stopped > >> >> > accepting > >> >> e-mails > >> >> > > >> >> > Hi Richard, > >> >> > > >> >> > Thanks for your reply. > >> >> > > >> >> > I had saved off /etc/mail when we first got email working > >> >> > properly on my system (a couple of years ago) and I compared > >> >> > the current sendmail.cf to the "known good" copy. The only > >> >> > difference I see is that IT has uncommented the following > >> >> > line: > >> >> > > >> >> > O Timeout.ident=0 > >> >> > > >> >> > With respect to sendmail.mc, the version currently used by > >> >> > the system had the following lines commented out: > >> >> > > >> >> > MASQUERADE_AS(`mydomain.com')dnl > >> >> > FEATURE(masquerade_envelope)dnl > >> >> > MASQUERADE_DOMAIN(localhost)dnl > >> >> > MASQUERADE_DOMAIN(localhost.localdomain)dnl > >> >> > > >> >> > I'm not too experienced with sendmail, but it doesn't appear > >> >> > to me as if the changes above would result in the problem I > >> >> > am having; does it? > >> >> > > >> >> > Regards, > >> >> > >> >> ------------ End Original Message ------------ > >> >> > >> >> > >> > >> ------------ End Original Message ------------ > >> > >> > > ------------ End Original Message ------------ > > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
