Well, unfortunately my IT dept is claiming their network is fine--and
therefore the problem lies
either with my system, or is not worth their time to debug. I am still
trying to gather more
evidence to prove that my system is operating correctly; but I am starting
to lose hope that I
will persevere in this effort. Although, I'm not willing to throw in the
towel just yet.
In any case, see below for additional comments.
On Sun, May 8, 2011 at 2:27 PM, Barry Brimer<lists brimer org> wrote:
1. Add an iptables logging rule that logs and connections to port 25 not
from localhost. Something like:
iptables -I INPUT -i ! lo -p tcp -m tcp --dport 25 -j LOG
I am going to wait on the change because I don't feel comfortable doing
just yet. Note
that we have established that systems on my subnet can successfully telnet
into port 25 of
my system; whereas systems on other subnets cannot. Would the logging
additional information regarding the failed connection attempts to port
You're not blocking/allowing anything .. just logging, before any ACCEPT
rules. If you try to telnet to port 25 from another subnet with this rule
in place and you don't see connections getting logged, they're not getting
to your server.
I went ahead and made the changes to the iptables logging as you suggested.
When I use swaks to
send my machine email from an offsite system, I _do_ see messages show up in
file showing some kind of interaction between the offsite system and my
system. I don't know what is
being discussed between the systems, but the offsite system does finally
timeout in it's attemt to connect.
Does this imply my system is not allowing the remote system to send it
email? And therefore it
_is_ my system that is at fault?
BTW, out of curiosity, how do I remove the iptables logging? (Assuming this
issue ever gets
resolved and I want to reduce the amount of logging.)
6. Verify other Internet communications work .. perhaps you've got a bad
route of some kind.
I seem to be able to do other internet activity without any problems.
What about connecting to other internal hosts that are on a different
subnet. I still think this could be routing related. Have you verified
your routing table with IT?
I can connect to systems via ssh on different subnets within the company.
I have not verified my routing table with IT. I would not know what to
I did send my IT dept a traceroute from a remote system that cannot send my
I don't know if that is of any value, but I'm just trying to keep nudging
them with data and
hoping something will trigger an "ah ha!" moment.
7. Run some tests with swaks<http://jetmore.org/john/code/swaks/>
I'm not familiar with swaks; but I'll look into it.
I usually manually telnet to port 25 and have an SMTP conversation with the
mail server. If you don't speak fluent SMTP, swaks can help.
swaks works great! Especially for someone like me. Thanks for that tip.
8. Use system-switch-mail to verify that your system is using sendmail.
My system is running sendmail. However, I'm not familiar with
system-switch-mail, nor could
I find that command on my system.
If you ever had postfix or qmail installed from RH it installs in a way
that allows you to switch between MTAs. system-switch-mail manages symlinks
to make sure everything lines up correctly. You can install the
system-switch-mail package if you like. Probably not needed.
Oh, I see. I have not installed any other MTA's onto my system. At one
point I was considering
that as another test of my system; but I don't think that test is needed
anymore. It seems we
have proven that sendmail is working properly, and that the problem is
outside of the MTA.
Many thanks to all that are trying so hard to help me out! I wish just one
of you worked my
company's IT dept ;)