Postfix connect timing out remotely, working fine locally

Question

Running Postfix on Debian I cannot connect to send mail any more. It worked until approximately a week ago. I do not recall touching the configuration of the server during that time, which makes it difficult for me to find out what the problem is.

When connecting from the server to itself it works fine:

root@xxxx:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
ehlo localhost
220 mail.xxxx.de ESMTP Postfix (Debian/GNU)
250-mail.xxxx.de
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

Trying to do the same remotely times out:

laptop:~ $ telnet mail.xxxx.de 25
Trying 93.xx.xx.xx...
telnet: connect to address 93.xx.xx.xx: Operation timed out
telnet: Unable to connect to remote host

Configuration is as follows:

root@xxxx:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = 
mailbox_size_limit = 0
mydestination = localhost.localdomain, localhost.localdomain, localhost
myhostname = mail.xxxx.de
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = 
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = 
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:8
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 150
virtual_transport = dovecot

Receiving mails is no problem, as is retrieving them remotely. Do you have an idea what I could check next?

Answer 1

The fact that you are getting 'connection timed out' errors strongly indicates this is a firewall issue. Please run

/sbin/iptables -nvL

to check your existing firewall rules on the server. I suspect you will find a rule blocking inbound port 25 connections.

To check connectivity from an outside machine, first use traceroute:

traceroute server.example.com

then another nice tool to try is mtr which combines ping and traceroute into one tool.

Finally you should use nmap to scan your machine from an outside system:

sudo nmap -sS -V -O server.example.com

and see if port 25 is open or blocked.

If you haven't changed anything on your machine, my suspicion would be that your isp has started blocking incoming port 25 connections. nmap will help reveal that.

Here's some info on how to confirm that postfix is set up to receive incoming mail. In particular double check your master.cf config file.

Here's a possibly relevant serverfault question about postfix rejecting incoming messages.