Do I have to care about hosts.allow or hosts.deny when I can't reach postfix?

2

I am using postfix for outgoing mails (collection from machines on 192.168.1.0/24 and forwarding to my ISP's mail machine) and I have trouble accessing postfix for sending mails. The machine I use for postfix is a debian system, kernel 2.6.32, squeeze (it's also my squid proxy).

There are probably many reasons why postfix might not work as desired, but I'd like to rule out settings in hosts.allow or hosts.deny. Thus, my question:

Does postfix have its own way to listen for mails (in the same way, for example, squid has for listening on 192.168.1.0/24, port 3128 or 8080 as configured in squid's own config files), or do I have to enable something system-wide, e.g. by modifying hosts.allow or hosts.deny?

Some more details along my main question:

  • hosts.allow contains
    ALL: 192.168.1.0/255.255.255.0

  • hosts.deny contains
    ALL: PARANOID

  • ping or ssh to the postfix machine run just fine.

  • Squid, on the same machine, listens as it should; telnet to the http ports 3128 or 8080 is o.k.:
    $ telnet 192.168.1.1 3128
    Trying 192.168.1.1...
    Connected to 192.168.1.1.
    Also, squid runs just fine as a proxy.

  • Telnet to port 25 is not successful:
    $ telnet 192.168.1.1 25
    Trying 192.168.1.1...
    telnet: Unable to connect to remote host: Connection refused

  • DNS lookup seems to be o.k., too: For instance, both squid and apt-get find everything they need.

Am I correct when I assume that postfix itself will start listening on port 25 once its main.cf is set up correctly and hosts.allow/.deny have nothing to do with it?

zebonaut

Posted 2011-12-17T19:53:09.597

Reputation: 273

Answers

2

using hosts.allow or host.deny means white- and blacklisting of hosts. You should try empty files if your other roles are fine.

Check your config:

  • What is the output of the command postconf -n?
  • Can you access your machine via ssh and ping? (is your network connection fine?)
  • Can you telnet your machine on port 25? (postfix listens usually on port 25)
  • Does your DNS-lookup work (on the postfix machine)?

ppuschmann

Posted 2011-12-17T19:53:09.597

Reputation: 291

Thanks. I am still looking into postfix' main.cf, but I have put more info into the original question to address the issues you listed. – zebonaut – 2011-12-18T11:43:37.313

an output of postconf -n should help contributers very well. – ppuschmann – 2011-12-21T16:36:01.137

For some reason, the command postconf does not exist with my installation of postfix (debian 2.6.32). Anyhow, thanks for answering the particular question; indeed, no changes to hosts.allow/.deny were necessary; what fixed the problem was making sure that in main.cf, the home subnet is mentioned along "mynetworks", and the network interface connected to the home subnet is mentioned along "inet_interfaces". – zebonaut – 2011-12-23T17:01:49.033

Asked: 2011-12-17T19:53:09.597

Viewed: 1 464 times

Active: 2011-12-18T20:30:16.237