0

I can't open port 25 and 587. Background information: I am running CentOS 7 with firewalld and httpd. Now I want to run a mailserver. I started with installing postfix. Then I added firewall rules for the ports 25 and 587. This is the output of iptables -nvL IN_public_allow:

Chain IN_public_allow (1 references)
pkts bytes target     prot opt in     out     source                   destination
1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW
3   180 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 ctstate NEW
2   112 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
1    52 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 ctstate NEW
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 ctstate NEW

But I can't use telnet to test postfix. I checked twice with this little tool: http://www.yougetsignal.com/tools/open-ports/ SSH, HTTP/HTTPS are open, 25 and 587 are not.

These are two lines of my log:

Mar 02 17:53:30 MyServer postfix/smtp[2099]: connect to mydomain.com[fdd6:7e90:ec71:be65:b3d]:25: Network is unreachable
Mar 02 17:53:30 MyServer postfix/smtp[2099]: connect to mydomain.com[4.2.67.123]:25: Connection refused

What is my problem? I thought of SELinux. How can I investigate this further?

LuMa
  • 247
  • 4
  • 13
  • open `/etc/sysconfig/iptables`, check order of your rules, make sure you're allowing before deny or reject. – alexus Mar 02 '16 at 17:27
  • 1
    Opening the firewall is not enough. You have to actually _start_ the mail server! – Michael Hampton Mar 02 '16 at 17:27
  • @alexus This file is empty. @MichaelHampton Postfix IS running. `systemctl status postfix` looks good – LuMa Mar 02 '16 at 17:33
  • @LuMa try `service iptables save` and then look into that file. – alexus Mar 02 '16 at 17:35
  • @LuMa also try `netstat -tan | grep '\:25.*LISTEN'` and see if your ports are actually listens for connection as well. – alexus Mar 02 '16 at 17:36
  • `service iptables save` doesn't work: "The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl." using `systemctl` doesn't work either. `netstat -tan | grep '\:25.*LISTEN'` outputs this: http://pastebin.com/Wukig0Vj – LuMa Mar 02 '16 at 17:39

1 Answers1

0

take a look at configuration portion of HowTos/postfix - CentOS Wiki, as per your pastebin your postfix isn't listening for outside connection..

service works for me, although I know they replaced it with systemctl

[root@wcmisdlin02 ~]# service iptables save
iptables: Nothing to save.                                 [WARNING]
[root@wcmisdlin02 ~]#
alexus
  • 12,342
  • 27
  • 115
  • 173