Hi Jacky, On Tue, May 10, 2011 at 12:38 AM, Jacky Li <zli@xxxxxxxxxxxxxxx> wrote: > Hi, > > Is there a firewall in your company? Your computers on the same subnet > able to telnet to 25. Your gmail doesn't work. Maybe you should ask your > IT department if there is a firewall and if it is blocking 25 to your > computer. > My IT dept said there is no firewall between the exchange server and my system. Computers at my site (various subnets) can successfully telnet to port 25 of my machine. Regards, -- Mun > > Jacky > > > On 2011-5-9 19:41, Mun wrote: > >> Hi all, >> >> Well, unfortunately my IT dept is claiming their network is fine--and >> therefore the problem lies >> either with my system, or is not worth their time to debug. I am still >> trying to gather more >> evidence to prove that my system is operating correctly; but I am starting >> to lose hope that I >> will persevere in this effort. Although, I'm not willing to throw in the >> towel just yet. >> >> In any case, see below for additional comments. >> >> On Sun, May 8, 2011 at 2:27 PM, Barry Brimer<lists@xxxxxxxxxx> wrote: >> >> 1. Add an iptables logging rule that logs and connections to port 25 not >>> >>>> from localhost. Something like: >>>>> iptables -I INPUT -i ! lo -p tcp -m tcp --dport 25 -j LOG >>>>> >>>>> >>>>> I am going to wait on the change because I don't feel comfortable >>>> doing >>>> this >>>> just yet. Note >>>> that we have established that systems on my subnet can successfully >>>> telnet >>>> into port 25 of >>>> my system; whereas systems on other subnets cannot. Would the logging >>>> rule >>>> above provide >>>> additional information regarding the failed connection attempts to port >>>> 25? >>>> >>>> You're not blocking/allowing anything .. just logging, before any >>> ACCEPT >>> rules. If you try to telnet to port 25 from another subnet with this >>> rule >>> in place and you don't see connections getting logged, they're not >>> getting >>> to your server. >>> >> >> I went ahead and made the changes to the iptables logging as you >> suggested. >> When I use swaks to >> send my machine email from an offsite system, I _do_ see messages show up >> in >> my /var/log/messages >> file showing some kind of interaction between the offsite system and my >> system. I don't know what is >> being discussed between the systems, but the offsite system does finally >> timeout in it's attemt to connect. >> >> Does this imply my system is not allowing the remote system to send it >> email? And therefore it >> _is_ my system that is at fault? >> >> BTW, out of curiosity, how do I remove the iptables logging? (Assuming >> this >> issue ever gets >> resolved and I want to reduce the amount of logging.) >> >> >> >> >>> 6. Verify other Internet communications work .. perhaps you've got a >>> bad >>> >>>> route of some kind. >>>>> >>>>> >>>>> I seem to be able to do other internet activity without any problems. >>>> >>>> What about connecting to other internal hosts that are on a different >>> subnet. I still think this could be routing related. Have you verified >>> your routing table with IT? >>> >> >> I can connect to systems via ssh on different subnets within the company. >> I have not verified my routing table with IT. I would not know what to >> verify. >> >> I did send my IT dept a traceroute from a remote system that cannot send >> my >> system email. >> I don't know if that is of any value, but I'm just trying to keep nudging >> them with data and >> hoping something will trigger an "ah ha!" moment. >> >> >> 7. Run some tests with swaks<http://jetmore.org/john/code/swaks/> >>> >>>> I'm not familiar with swaks; but I'll look into it. >>>> >>>> I usually manually telnet to port 25 and have an SMTP conversation with >>> the >>> mail server. If you don't speak fluent SMTP, swaks can help. >>> >> >> swaks works great! Especially for someone like me. Thanks for that tip. >> >> >> >> >>> 8. Use system-switch-mail to verify that your system is using sendmail. >>> My system is running sendmail. However, I'm not familiar with >>> >>>> system-switch-mail, nor could >>>> I find that command on my system. >>>> >>>> If you ever had postfix or qmail installed from RH it installs in a way >>> that allows you to switch between MTAs. system-switch-mail manages >>> symlinks >>> to make sure everything lines up correctly. You can install the >>> system-switch-mail package if you like. Probably not needed. >>> >>> Oh, I see. I have not installed any other MTA's onto my system. At one >> point I was considering >> that as another test of my system; but I don't think that test is needed >> anymore. It seems we >> have proven that sendmail is working properly, and that the problem is >> outside of the MTA. >> >> Many thanks to all that are trying so hard to help me out! I wish just >> one >> of you worked my >> company's IT dept ;) >> >> Best regards, >> >> > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
