Connection Refused on Port 25

Prev: postfix architectural diagram
Next: Postfix.org SPF

From: Asai on 2 Jul 2010 16:41

---

Greetings,

For some reason, which I don't know how to figure out, our emails to
this one specific email domain are being refused. Can anyone point me
in the right direction? Here's an example of the log:

Jul 2 09:33:10 triata amavis[1162]: (01162-09) Passed CLEAN,
[xx.xx.xx.xx] [xx.xx.xx.xx] <me(a)mydomain.org> -> <info(a)theirdomain.com>,
Message-ID: <4C2E14B4.4040208(a)mydomain.org>, mail_id: 2RkcE-mZfBX1,
Hits: -1.896, size: 2351, queued_as: 0F609FD8066, 761 ms
Jul 2 16:33:10 triata postfix/smtp[1479]: 2FE2AFD8028:
to=<info(a)theirdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.98,
delays=0.22/0/0/0.76, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
0F609FD8066)
Jul 2 09:33:40 triata postfix/smtp[1485]: connect to
mail.theirdomain.com[xx.xx.xx.xx]: Connection timed out (port 25)
Jul 2 09:33:40 triata postfix/smtp[1485]: connect to
mail2.theirdomain.com[xx.xx.xx.xx]: Connection refused (port 25)
Jul 2 09:33:40 triata postfix/smtp[1485]: 0F609FD8066:
to=<info(a)theirdomain.com>, relay=none, delay=30, delays=0.05/0/30/0,
dsn=4.4.1, status=deferred (connect to
mail2.theirdomain.com[xx.xx.xx.xx]: Connection refused)

Postconf -n output:


alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 600s
maximal_queue_lifetime = 1d
message_size_limit = 0
milter_default_action = accept
milter_macro_daemon_name = ORIGINATING
milter_protocol = 2
minimal_backoff_time = 300s
mydestination = $myhostname, localhost.$mydomain, localhost,
mydomain = mydomain.net
myhostname = triata.mydomain.net
mynetworks = xx.xx.xx.xx.......
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:127.0.0.1:20209
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
show_user_unknown_table_name = no
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
hash:/etc/postfix/helo_access,
reject_invalid_hostname,reject_non_fqdn_hostname, permit
smtpd_milters = inet:127.0.0.1:20209
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unauth_destination, check_policy_service inet:127.0.0.1:2501, permit
smtpd_restriction_classes = webdev_only, unrestricted
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access
mysql:/etc/postfix/mysql_restricted_senders.cf,
permit_sasl_authenticated, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit_mynetworks, permit
smtpd_tls_cert_file = /etc/ssl/mailserver/smtpd.pem
smtpd_tls_key_file = /etc/ssl/mailserver/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/spool/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual_aliases,
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = dovecot
virtual_uid_maps = static:1001

--
asai

From: Stan Hoeppner on 2 Jul 2010 16:52

---

Asai put forth on 7/2/2010 3:41 PM:
> Greetings,
>
> For some reason, which I don't know how to figure out, our emails to
> this one specific email domain are being refused. Can anyone point me
> in the right direction? Here's an example of the log:
>
> Jul 2 09:33:10 triata amavis[1162]: (01162-09) Passed CLEAN,
> [xx.xx.xx.xx] [xx.xx.xx.xx] <me(a)mydomain.org> -> <info(a)theirdomain.com>,
> Message-ID: <4C2E14B4.4040208(a)mydomain.org>, mail_id: 2RkcE-mZfBX1,
> Hits: -1.896, size: 2351, queued_as: 0F609FD8066, 761 ms
> Jul 2 16:33:10 triata postfix/smtp[1479]: 2FE2AFD8028:
> to=<info(a)theirdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.98,
> delays=0.22/0/0/0.76, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
> 0F609FD8066)
> Jul 2 09:33:40 triata postfix/smtp[1485]: connect to
> mail.theirdomain.com[xx.xx.xx.xx]: Connection timed out (port 25)
> Jul 2 09:33:40 triata postfix/smtp[1485]: connect to
> mail2.theirdomain.com[xx.xx.xx.xx]: Connection refused (port 25)
> Jul 2 09:33:40 triata postfix/smtp[1485]: 0F609FD8066:
> to=<info(a)theirdomain.com>, relay=none, delay=30, delays=0.05/0/30/0,
> dsn=4.4.1, status=deferred (connect to
> mail2.theirdomain.com[xx.xx.xx.xx]: Connection refused)

You probably won't get any help due to your obfuscation. That pretty much
makes it impossible for me to assist, likely everyone else as well. With what
you've given us, all we can do is guess. And you can do that effectively
yourself. Thus I'm left wondering why you even posted here for help...

--
Stan

From: Eero Volotinen on 2 Jul 2010 16:57

---

2010/7/2 Asai <asai(a)globalchangemusic.org>:
> Greetings,
>
> For some reason, which I don't know how to figure out, our emails to this
> one specific email domain are being refused.  Can anyone point me in the
> right direction?  Here's an example of the log:
>
> Jul  2 09:33:10 triata amavis[1162]: (01162-09) Passed CLEAN, [xx.xx.xx..xx]
> [xx.xx.xx.xx] <me(a)mydomain.org> -> <info(a)theirdomain.com>, Message-ID:
> <4C2E14B4.4040208(a)mydomain.org>, mail_id: 2RkcE-mZfBX1, Hits: -1.896, size:
> 2351, queued_as: 0F609FD8066, 761 ms
> Jul  2 16:33:10 triata postfix/smtp[1479]: 2FE2AFD8028:
> to=<info(a)theirdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.98,
> delays=0.22/0/0/0.76, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
> 0F609FD8066)
> Jul  2 09:33:40 triata postfix/smtp[1485]: connect to
> mail.theirdomain.com[xx.xx.xx.xx]: Connection timed out (port 25)
> Jul  2 09:33:40 triata postfix/smtp[1485]: connect to
> mail2.theirdomain.com[xx.xx.xx.xx]: Connection refused (port 25)
> Jul  2 09:33:40 triata postfix/smtp[1485]: 0F609FD8066:
> to=<info(a)theirdomain.com>, relay=none, delay=30, delays=0.05/0/30/0,
> dsn=4.4.1, status=deferred (connect to mail2.theirdomain.com[xx.xx.xx..xx]:
> Connection refused)

Your network is broken or servers at mail{1,2}.theirdomain.com are unavailable?
--
Eero

From: Asai on 2 Jul 2010 17:11

---

Eero Volotinen wrote:
> 2010/7/2 Asai <asai(a)globalchangemusic.org>:
>
>> Greetings,
>>
>> For some reason, which I don't know how to figure out, our emails to this
>> one specific email domain are being refused. Can anyone point me in the
>> right direction? Here's an example of the log:
>>
>> Jul 2 09:33:10 triata amavis[1162]: (01162-09) Passed CLEAN, [xx.xx.xx.xx]
>> [xx.xx.xx.xx] <me(a)mydomain.org> -> <info(a)theirdomain.com>, Message-ID:
>> <4C2E14B4.4040208(a)mydomain.org>, mail_id: 2RkcE-mZfBX1, Hits: -1.896, size:
>> 2351, queued_as: 0F609FD8066, 761 ms
>> Jul 2 16:33:10 triata postfix/smtp[1479]: 2FE2AFD8028:
>> to=<info(a)theirdomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.98,
>> delays=0.22/0/0/0.76, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
>> 0F609FD8066)
>> Jul 2 09:33:40 triata postfix/smtp[1485]: connect to
>> mail.theirdomain.com[xx.xx.xx.xx]: Connection timed out (port 25)
>> Jul 2 09:33:40 triata postfix/smtp[1485]: connect to
>> mail2.theirdomain.com[xx.xx.xx.xx]: Connection refused (port 25)
>> Jul 2 09:33:40 triata postfix/smtp[1485]: 0F609FD8066:
>> to=<info(a)theirdomain.com>, relay=none, delay=30, delays=0.05/0/30/0,
>> dsn=4.4.1, status=deferred (connect to mail2.theirdomain.com[xx.xx.xx.xx]:
>> Connection refused)
>>
>
> Your network is broken or servers at mail{1,2}.theirdomain.com are unavailable?
> --
> Eero
>
Thank you for responding, Eero.

The servers there are available when sending through another MTA like
Gmail. This is the only server out of the thousands of emails which go
out daily which reports this connection refused.

I will repost logs and postconf without obfuscation:

Jul 2 09:33:10 triata amavis[1162]: (01162-09) Passed CLEAN,
[63.227.91.242] [63.227.91.242] <asai(a)globalchangemusic.org> ->
<info(a)draxlerinsurance.com>, Message-ID:
<4C2E14B4.4040208(a)globalchangemusic.org>, mail_id: 2RkcE-mZfBX1, Hits:
-1.896, size: 2351, queued_as: 0F609FD8066, 761 ms
Jul 2 16:33:10 triata postfix/smtp[1479]: 2FE2AFD8028:
to=<info(a)draxlerinsurance.com>, relay=127.0.0.1[127.0.0.1]:10024,
delay=0.98, delays=0.22/0/0/0.76, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 0F609FD8066)
Jul 2 09:33:40 triata postfix/smtp[1485]: connect to
mail.draxlerinsurance.com[67.227.17.37]: Connection timed out (port 25)
Jul 2 09:33:40 triata postfix/smtp[1485]: connect to
mail2.draxlerinsurance.com[67.227.17.36]: Connection refused (port 25)


Postconf -n

alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 600s
maximal_queue_lifetime = 1d
message_size_limit = 0
milter_default_action = accept
milter_macro_daemon_name = ORIGINATING
milter_protocol = 2
minimal_backoff_time = 300s
mydestination = $myhostname, localhost.$mydomain, localhost,
mydomain = globalchangemultimedia.net
myhostname = triata.globalchangemultimedia.net
mynetworks = 127.0.0.1, 140.99.55.54,
140.99.55.50,140.99.55.51,140.99.55.53,63.227.91.246, 63.227.91.245,
63.227.91.244, 63.227.91.243, 63.227.91.242, 63.227.91.241
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:127.0.0.1:20209
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
show_user_unknown_table_name = no
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
hash:/etc/postfix/helo_access,
reject_invalid_hostname,reject_non_fqdn_hostname, permit
smtpd_milters = inet:127.0.0.1:20209
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_invalid_hostname,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain,
reject_unauth_destination, check_policy_service inet:127.0.0.1:2501, permit
smtpd_restriction_classes = webdev_only, unrestricted
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access
mysql:/etc/postfix/mysql_restricted_senders.cf,
permit_sasl_authenticated, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit_mynetworks, permit
smtpd_tls_cert_file =
/etc/ssl/triata.globalchangemultimedia.net/mailserver/smtpd.pem
smtpd_tls_key_file =
/etc/ssl/triata.globalchangemultimedia.net/mailserver/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/spool/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual_aliases,
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = dovecot
virtual_uid_maps = static:1001

--
asai

From: Sahil Tandon on 2 Jul 2010 17:13

---

On Fri, 2010-07-02 at 13:41:06 -0700, Asai wrote:

> For some reason, which I don't know how to figure out, our emails to
> this one specific email domain are being refused. Can anyone point
> me in the right direction? Here's an example of the log:
>
> Jul 2 09:33:40 triata postfix/smtp[1485]: connect to
> mail.theirdomain.com[xx.xx.xx.xx]: Connection timed out (port 25)

Are you able to telnet to mail.theirdomain.com on port 25? If that also
times out, then try from another location. If that too times out, then
it's a problem with the mail servers at theirdomain.com.

--
Sahil Tandon <sahil(a)FreeBSD.org>

 |  Next  |  Last
Pages: 1 2 3 4 5
Prev: postfix architectural diagram
Next: Postfix.org SPF