Hi fellas, I've been pulling my hair out for the better part of three days trying to figure out why I am getting these (timeout after CONNECT from...) errors from PostFix. I've poured through literally dozens of posts on here and abroad on the www but have yet to be able to find a fix.
The scenario is this: 1. Installed a clean Centos 5 OS, then VirtualMin Pro using PostFix/SpamAssassin/DoveCot/Clamd. 2. DNS MX records etc do resolve to the host IP of the server running PostFix. 3. PostFix can send emails out to anywhere just fine (local and external). 4. Problem is that the majority of servers connecting to Postfix to deliver inbound email get these timeout errors. This happens with Gmail and others but for some reason Yahoo Mail seems to be the only email that makes it through. I have tried Telnet to port 25 and I never see the PostFix Banner yet I see the connection in the maillog. Trying the usual manual email commands renders nothing. Eventually the timeout occurs when PostFix hits it's default 300s timeout.......which I have not changed.
Feb 15 16:11:46 localhost postfix/smtpd[20301]: connect from mail-vx0-f176.google.com[209.85.220.176] Feb 15 16:16:46 localhost postfix/smtpd[20301]: timeout after CONNECT from mail-vx0-f176.google.com[209.85.220.176] Feb 15 16:16:46 localhost postfix/smtpd[20301]: disconnect from mail-vx0-f176.google.com[209.85.220.176]
The log is full of these retries due to timeout. Again, why some mailservers connect fine and others don't, I do not understand. I have no blacklist, ip/domain restrictions/etc in place. This is a vanilla install. It's actually the 2nd full clean install. I wiped the drive the first time thinking something got whacked and after the re-install, I am left with the same thing.
Any help or pointers you have can only help and would be much appreciated.
Thanks
Howdy,
That's quite unusual!
The first thing that comes to mind when you describe that is that you may be seeing some sort of network issue.
Are you by chance running your server behind a NAT router? ISP's that provide connections via NAT are more likely to block (or otherwise interfere with) port 25... could you ISP be doing something? Or maybe the router is acting up?
How about other protocols -- do web pages load up okay, when accessing it from an outside network?
-Eric
Hi Eric, thanks for the reply.
You and I share the same thoughts as some of what you stated is partially part of the bigger picture but I have tried and believe I have ruled most of it out...I'll explain.
I know the ISP is not blocking any ports etc. as I am on a business class fiber and static IP(s).
I am behind a commerical firewall (Check Point, whish is on premise and I control) and the Server resides in the DMZ. However, the server has private IPs that are static nat to the private....essentially anything that hits the public IP is forwarded/translated to the private ip for the respective services such as HTTP/SMTP/FTP/POP.
I'm pretty confident that the nat'ing is fine as I have successfully tested all the services listed above and verified in each services log as well as the firewall that connections from the outside are making it to the inside and back. Web pages are fine, FTP is fine, Pop is fine, and SMTP is the only one that is sporadic and it's just on this server with VirtualMin. As I explained in the original post, Yahoo mail servers can connect w/o problem and deliver inbound mail while others like Gmail get a time out as do I if I telnet to port 25 on the server. I also have another SMTP server behind the firewall setup in the same fashion with Nat (just not on a Virtualmin installation) and it works perfect.
I did read a post or two on here and elsewhere where some fella was having a very similar issue and it was resolved by making changes to the MTU settings for the NIC and his router. I ensured both places are the same and even changed them around but that changed nothing.
So that leaves me where I am now........I am clueless as to what could be the issue. Having completely rebuilt from the OS up twice and to only get the same reults has been frustrating. I've been running Centos/cPanel/Exim/SpamAssassin for nearly a decade and never had an issue like this. I even tried setting VirtualMin to use Exim then creating a new domain after switching to Exim and still got the same result.
I'm going to play around some more with it and if I can't get it resolved, I'm either just not going to use SMTP on this server or stick with cPanel (which I don't want to do).
Thanks again, tom
Howdy,
Well, the control panel running on top of your server isn't likely to be the cause of the email timeout problem you're seeing :-)
One thing you may want to look into is DNS... DNS settings can cause problems with how long it takes Postfix or Exim to respond.
What do you see in /etc/resolv.conf -- and are those your correct nameservers?
You may want to verify that there's no problem in communicating with any of the nameservers listed in that file.
-Eric