connection refused - can't send email, can't telnet to other port 25's (after primary IP address change)

i had postfix sending out a small volume (less than 100/day) emails but then ran into being blacklisted by google because i forgot to turn on spamassassin for one email that was forwarded to google. i don't recall if the spam forwarding happened with the old primary IP address or the new one.

now in the process of trying to whitelist the IP address or possibly with a change to a new primary IP address, it now seems to get blocked more often than not. it seems like i can't send emails out and successfully make a connection. on trying to email to another vps i have which doesn't run a firewall, nor iptables and has port 25 open, this IP address still gets a connection refused. from another vps, i can telnet into that vps.

receiving emails seem to work fine.

telnet from the problem IP/vps:

[root@server ~]# telnet server.seva108.com 25
Trying 172.106.75.80...
telnet: connect to address 172.106.75.80: Connection refused

yet, if i try telnet from another vps, that vps makes a connection:

[root@server ~]# telnet server.seva108.com 25
Trying 172.106.75.80...
Connected to server.seva108.com.
Escape character is '^]'.
220 server.seva108.com ESMTP Postfix

here's some /var/log/maillog for one attempted sending out of email to web-7rl9s@mail-tester.com --> connection refused

Feb  6 06:25:44 server dovecot: imap-login: Login: user=<judi.yoga-works>, method=PLAIN, rip=::1, lip=::1, mpid=18394, secured, session=<+fyIs9ZHDAAAAAAAAAAAAAAAAAAAAAAB>
Feb  6 06:25:44 server dovecot: imap(judi.yoga-works): Disconnected: Logged out in=90 out=876
Feb  6 06:25:57 server dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<info@harreson.com>, method=PLAIN, rip=94.102.56.181, lip=172.93.53.120, session=<WxcWtNZHJABeZji1>
Feb  6 06:26:30 server postfix/qmgr[1096]: 15BB721A39: from=<judi@yoga-works.ca>, size=677, nrcpt=1 (queue active)
Feb  6 06:26:31 server postfix/smtp[18401]: connect to mail-tester.com[94.23.206.89]:25: Connection refused
Feb  6 06:26:31 server postfix/smtp[18401]: 15BB721A39: to=<web-7rl9s@mail-tester.com>, relay=none, delay=1175, delays=1173/0.02/1.5/0, dsn=4.4.1, status=deferred (connect to mail-tester.com[94.23.206.89]:25: Connection refused)
Feb  6 06:26:44 server dovecot: imap-login: Login: user=<judi.yoga-works>, method=PLAIN, rip=::1, lip=::1, mpid=18404, secured, session=<q1kct9ZHzgAAAAAAAAAAAAAAAAAAAAAB>
Feb  6 06:26:44 server dovecot: imap(judi.yoga-works): Disconnected: Logged out in=90 out=876
Feb  6 06:27:14 server postfix/smtpd[18479]: warning: hostname dedic878.hidehost.net does not resolve to address 91.200.12.186: Name or service not known
Feb  6 06:27:14 server postfix/smtpd[18479]: connect from unknown[91.200.12.186]
Feb  6 06:27:17 server postfix/smtpd[18479]: warning: unknown[91.200.12.186]: SASL LOGIN authentication failed: authentication failure
Feb  6 06:27:17 server postfix/smtpd[18479]: lost connection after AUTH from unknown[91.200.12.186]
Feb  6 06:27:17 server postfix/smtpd[18479]: disconnect from unknown[91.200.12.186]
Feb  6 06:27:44 server dovecot: imap-login: Login: user=<judi.yoga-works>, method=PLAIN, rip=::1, lip=::1, mpid=18529, secured, session=<Rv2vutZHlgAAAAAAAAAAAAAAAAAAAAAB>
Feb  6 06:27:44 server dovecot: imap(judi.yoga-works): Disconnected: Logged out in=90 out=876

my postconf looks the same as a postconf that works:

[root@server ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost, server.server108.com
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sender_bcc_maps = hash:/etc/postfix/bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service unix:/var/spool/postfix/postgrey/socket
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
[root@server ~]#

any troubleshooting suggestions would be appreciated.

Status: 
Closed (fixed)

Comments

Hmm, just to verify, you're saying that telnet'ing to port 25 on other systems isn't working?

Are you able to telnet to other ports, such as port 80?

It wouldn't hurt to go into Webmin's Network Config screen, and just verify that all the details of your network settings are correct... gateway, netmask, broadcast, etc.

yes, the other vps is not running a firewall nor iptables and can't telnet to port 25. i tried port 80 and it can telnet into port 80.

[root@server ~]# telnet seva108.com 80
Trying 172.106.75.80...
Connected to seva108.com.
Escape character is '^]'.
quit
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>501 Not Implemented</title>
</head><body>
<h1>Not Implemented</h1>
<p>quit to / not supported.<br />
</p>
</body></html>
Connection closed by foreign host.
[root@server ~]#
[root@server ~]# telnet seva108.com 25
Trying 172.106.75.80...
telnet: connect to address 172.106.75.80: Connection refused
[root@server ~]#

this is the vps where it had a new primary ip address and i deleted venet0:1 and set up venet0:0 to the new primary ip address.

here's the network config. it seems to have some extra stuff compared to the other vps: http://communify.ca/wp-content/uploads/2017/02/server108_network_config.png

oh, this server108 vps has a ipv6 address also. i don't know if i configured the ipv6 address correctly

We wouldn't know what the right network settings are, only you or your provider would know that.

However, there's one thing I'm not following -- are you telnet'ing from the server with the IP that just changed? Or are you telnet'ing to that server?

telnet'ing from the server with the IP that just got changed. it's not connecting to any port 25. :-(

Hmm, what is the output of the command "iptables -L -n" on this particular server?

Also, do you see the same result when trying to telnet to "virtualmin.com 25"?

oh, it turned out that I forgot that this VPS provider defaults to having port 25 blocked. with the new primary IP address change, i needed to request unblocking of port 25.

i opened a ticket and they unblocked port 25.

thanks for your help.

Aha, that explains it! I'm glad you got it working, thanks for letting us know how you fixed it!

Status: Active » Closed (fixed)