SMTP Port 25

[slander]

My host does not block port 25. Via root terminal, trying to telnet to localhost using port 25 fails, as well as externally.

Email is not working because of this.

root@gator:~# cat /etc/exim.conf|grep -i smtp_ports
daemon_smtp_ports = 25 : 587 : 465
# see also daemon_smtp_ports above
root@gator:~#

(from server side)

root@gator:~# telnet localhost 25
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
root@gator:~#

root@gator:~# netstat -l|grep 25
tcp 0 0 *:2571 *:* LISTEN
tcp6 0 0 [::]:2571 [::]:* LISTEN
root@gator:~#


Suggestions?

 

[unihostbrasil]

Have you checked if your exim is up and running?

$ service exim status

If it's up, check the use

$ lsof -i -P | grep exim

 

[slander]

I've got it working to a point. However, still not able to receive email.

root@gator:~# lsof -i -P|grep exim
exim 5558 mail 3u IPv6 275270 0t0 TCP *:25 (LISTEN)
exim 5558 mail 4u IPv4 275271 0t0 TCP *:25 (LISTEN)
exim 5558 mail 5u IPv6 275272 0t0 TCP *:587 (LISTEN)
exim 5558 mail 6u IPv4 275273 0t0 TCP *:587 (LISTEN)
exim 5558 mail 7u IPv6 275274 0t0 TCP *:465 (LISTEN)
exim 5558 mail 8u IPv4 275275 0t0 TCP *:465 (LISTEN)
exim 7414 mail 9u IPv4 285491 0t0 TCP 198.167.139.136:25->mta164.mailmime.com:56451 (ESTABLISHED)
exim 7414 mail 10u IPv4 285491 0t0 TCP 198.167.139.136:25->mta164.mailmime.com:56451 (ESTABLISHED)
exim 7481 mail 9u IPv4 285784 0t0 TCP 198.167.139.136:25->mx39.linkmime.com:56289 (ESTABLISHED)
exim 7481 mail 10u IPv4 285784 0t0 TCP 198.167.139.136:25->mx39.linkmime.com:56289 (ESTABLISHED)
exim 7482 mail 9u IPv4 285790 0t0 TCP gator:25->cdptpa-omtalb.mail.rr.com:56821 (ESTABLISHED)
exim 7482 mail 10u IPv4 285790 0t0 TCP gator:25->cdptpa-omtalb.mail.rr.com:56821 (ESTABLISHED)
root@gator:~#

Gmail shows a "Delayed" status email when sending email to [email protected] with this message:


Delivery to the following recipient has been delayed:

[email protected]

Message will be retried for 2 more day(s)

Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at http://support.google.com/mail/bin/answer.py?answer=7720
[(10) mail.nondisclose.tld. [myipgoeshere]:25: Connection refused]

 

[unihostbrasil]

Try to debug your EXIM...

Runs an daemon with debug enabled:
$ /usr/sbin/exim -bd -d+all

Simulate an incoming connection from IP "1.1.1.1":
$ /usr/sbin/exim -bh 1.1.1.1

Also check your EXIM logs at:
/var/log/exim/mainlog
/var/log/exim/paniclog
/var/log/exim/processlog
/var/log/exim/rejectlog

 

[slander]

The mainlog is full of this.

2013-08-17 13:29:55 TLS error on connection from mail-pb0-f51.google.com [209.85.160.51] (SSL_accept): timed out
2013-08-17 13:29:55 TLS client disconnected cleanly (rejected our certificate?

Incoming test:

root@gator:/var/log/exim# /usr/sbin/exim -bh 1.1.1.1

**** SMTP testing session as if from host 1.1.1.1
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 1.1.1.1
>>> IP address lookup using gethostbyaddr()
>>> IP address lookup failed: h_errno=1
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 MYHOST ESMTP Exim 4.73 Sat, 17 Aug 2013 14:02:56 +0000
^Z
[1]+ Stopped /usr/sbin/exim -bh 1.1.1.1
root@gator:/var/log/exim#

However, in the debug terminal...

14:00:00 20405 Connection request from 75.180.132.120 port 40081
14:00:00 20405 interface address=198.167.139.130 port=25
14:00:00 20405 search_tidyup called
14:00:00 20405 2 SMTP accept processes running
14:00:00 20405 Listening...
14:00:00 20500 sender_fullhost = [75.180.132.120]
14:00:00 20500 sender_rcvhost = [75.180.132.120]
14:00:00 20500 Process 20500 is handling incoming connection from [75.180.132.120]
14:00:00 20500 host in host_lookup? yes (matched "*")
14:00:00 20500 looking up host name for 75.180.132.120
14:00:00 20500 DNS lookup of 120.132.180.75.in-addr.arpa (PTR) succeeded
14:00:00 20500 IP address lookup yielded cdptpa-omtalb.mail.rr.com
14:00:00 20500 gethostbyname2(af=inet6) returned 4 (NO_DATA)
14:00:00 20500 gethostbyname2 looked up these IP addresses:
14:00:00 20500 name=cdptpa-omtalb.mail.rr.com address=75.180.132.121
14:00:00 20500 name=cdptpa-omtalb.mail.rr.com address=75.180.132.122
14:00:00 20500 name=cdptpa-omtalb.mail.rr.com address=75.180.132.123
14:00:00 20500 name=cdptpa-omtalb.mail.rr.com address=75.180.132.124
14:00:00 20500 name=cdptpa-omtalb.mail.rr.com address=75.180.132.125
14:00:00 20500 name=cdptpa-omtalb.mail.rr.com address=75.180.132.126
14:00:00 20500 name=cdptpa-omtalb.mail.rr.com address=75.180.132.127
14:00:00 20500 name=cdptpa-omtalb.mail.rr.com address=75.180.132.33
14:00:00 20500 name=cdptpa-omtalb.mail.rr.com address=75.180.132.120
14:00:00 20500 checking addresses for cdptpa-omtalb.mail.rr.com
14:00:00 20500 75.180.132.121
14:00:00 20500 75.180.132.122
14:00:00 20500 75.180.132.123
14:00:00 20500 75.180.132.124
14:00:00 20500 75.180.132.125
14:00:00 20500 75.180.132.126
14:00:00 20500 75.180.132.127
14:00:00 20500 75.180.132.33
14:00:00 20500 75.180.132.120 OK
14:00:00 20500 sender_fullhost = cdptpa-omtalb.mail.rr.com [75.180.132.120]
14:00:00 20500 sender_rcvhost = cdptpa-omtalb.mail.rr.com ([75.180.132.120])
14:00:00 20500 set_process_info: 20500 handling incoming connection from cdptpa-omtalb.mail.rr.com [75.180.132.120]
14:00:00 20500 setting SSL CTX options: 0x800
14:00:00 20500 tls_certificate file /etc/exim.cert
14:00:00 20500 tls_privatekey file /etc/exim.key
14:00:00 20500 Initialized TLS
14:00:00 20500 required ciphers: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
14:00:00 20500 host in tls_verify_hosts? no (option unset)
14:00:00 20500 host in tls_try_verify_hosts? no (option unset)
14:00:00 20500 Calling SSL_accept
14:00:00 20500 SSL info: before/accept initialization
14:00:00 20500 SSL info: before/accept initialization
^[[B^[[B^[[B^[[B^[[B^[[B14:03:06 20476 SSL info: SSLv2/v3 read client hello A
14:03:06 20476 LOG: MAIN
14:03:06 20476 TLS error on connection from mx34.linkmime.com [38.103.22.34] (SSL_accept): timed out
14:03:06 20476 LOG: MAIN
14:03:06 20476 TLS client disconnected cleanly (rejected our certificate?)
14:03:06 20476 search_tidyup called
14:03:06 20405 child 20476 ended: status=0x0
14:03:06 20405 1 SMTP accept process now running
14:03:06 20405 Listening..

 

[unihostbrasil]

On the incoming connection emulation, you should simulate an SMTP dialogue and preferably use a real IP.

At my example, <- is for incoming data, and -> is for what you should send.

Example using Google IP/hostname and starting a TLS session:

$ /usr/sbin/exim -bh 209.85.160.51

<- **** SMTP testing session as if from host
<- ... 
<- 220 MYHOST ESMTP Exim 4.73 Sat, 17 Aug 2013 14:02:56 +0000
[B]-> EHLO mail-pb0-f51.google.com[/B]
<- >>> test.com in helo_lookup_domains? no (end of list)
<- ...
<- 250 HELP
[B]-> STARTTLS[/B]
<- ...

If you cannot start an encrypted session, check your EXIM certificate:

$ cat /etc/exim.conf |grep 'tls_privatekey'  
(probably /etc/exim.key)
$ cat /etc/exim.conf |grep 'tls_certificate'
(probably /etc/exim.cert)

If you want to regenerate it:

$ /usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /etc/exim.key -out /etc/exim.cert -days 9000 -nodes
$ chown mail:mail /etc/exim.key
$ chmod 644 /etc/exim.key
$ chmod 644 /etc/exim.cert
$ /etc/init.d/exim restart

 

[slander]

Tested as such:

root@gator:/etc# /usr/sbin/exim -bh 209.85.160.51

**** SMTP testing session as if from host 209.85.160.51
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 209.85.160.51
>>> IP address lookup yielded mail-pb0-f51.google.com
>>> gethostbyname2 looked up these IP addresses:
>>> name=mail-pb0-f51.google.com address=209.85.160.51
>>> checking addresses for mail-pb0-f51.google.com
>>> 209.85.160.51 OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 MYHOST ESMTP Exim 4.73 Sat, 17 Aug 2013 16:34:02 +0000
EHLO mail-pb0-f51.google.com
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
>>> host in tls_advertise_hosts? yes (matched "*")
250-MYHOST Hello mail-pb0-f51.google.com [209.85.160.51]
250-SIZE 20971520
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
STARTTLS
>>> host in tls_verify_hosts? no (option unset)
>>> host in tls_try_verify_hosts? no (option unset)
220 TLS go ahead
LOG: TLS error on connection from mail-pb0-f51.google.com [209.85.160.51] (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
LOG: TLS client disconnected cleanly (rejected our certificate?)
^Z
[6]+ Stopped /usr/sbin/exim -bh 209.85.160.51
root@gator:/etc#


Regenerated certificate, same result.

 

[unihostbrasil]

Don't worry about the issued TLS error, it's because you are under an unencrypted session.

Apparently your EXIM is not properly routing the connections on port 25:

$ [B]telnet 198.167.139.130 25[/B]

Trying 198.167.139.130...
Connected to 198.167.139.130.
Escape character is '^]'.
EHLO test.com
Connection closed by foreign host.

$ [B]telnet 198.167.139.130 587[/B]

Trying 198.167.139.130...
Connected to 198.167.139.130.
Escape character is '^]'.
220 gator.rkserv.co ESMTP Exim 4.73 Sat, 17 Aug 2013 17:00:50 +0000
EHLO test.com
250-gator.rkserv.co Hello srv12hv.unihostbrasil.com.br [96.31.65.178]
250-SIZE 20971520
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
quit
221 gator.rkserv.co closing connection
Connection closed by foreign host.

I don't know what do you have changed in your EXIM configurations, maybe
something is wrong. If it's ok for you, update your EXIM configs with the
latest versions:

http://help.directadmin.com/item.php?id=51

 

[slander]

The exim.conf file should have been unchanged. However, updating it has worked. Thanks very much.