I once did this configuration and it worked, but now on other machine is not working. I followed the instruction from sendgrid:
https://sendgrid.com/docs/for-developers/sending-email/sendmail/
But when i want to send an email it says:
sm-msp-queue[4439]: 07QAbRM1009651: to=smmsp, delay=01:20:57, xdelay=00:04:22, mailer=relay, pri=301852, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection timed out with [127.0.0.1]
I think that it should not be 127.0.0.1 but the smtp.sendgrid.net.
netstat -ntlp shows:
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN -
I also can telnet to smtp.sendgrid.net on port 587
I found the problem. There was an iptable rule that drops all loopback connection.
-A OUTPUT -o lo -j DROP
removed with
-D OUTPUT -o lo -j DROP
Make sure to save the new rules:
iptables-save > /etc/iptables/rules.v4
Related
I'm trying to configure Sendmail to listen on on 110 POP3 on a ec2 server. I need it for a newsletter app so that it can check for bounces. When I try to telnet in on port 110 I get a connection error.
root:/# telnet sub.domain.com 110
Trying 5?.??.?.?0...
telnet: Unable to connect to remote host: Connection refused
root:/# telnet sub.domain.com 25
Trying 5?.??.?.?0...
Connected to sub.domain.com.
Escape character is '^]'.
220 ip-172-31-54-114.ec2.internal ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Wed, 30 Nov 2016 10:24:50 GMT; (No UCE/UBE) logging access from: [5?.??.?.?0](FORGED)-ec2-5?-??-?-?0.compute-1.amazonaws.com [5?.??.?.?0] (may be forged)
^]
telnet> quit
Connection closed.
When I lsof on port 25 I can see that it's working but not on 110.
root:/# lsof -n -i :25
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sendmail- 4279 root 4u IPv4 2349285 0t0 TCP *:smtp (LISTEN)
root:/# lsof -n -i :110
root:/#
Do I need to edit the sendmail.mc file, previously I commented out the below lines so that smtp would listen to all IPs.
dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl
I've searched the sendmail.cf & sendmail.mc for any references to pop3/port110 configuration but can't see anything.
Sendmail MTA acts like SMTP server. You need separate program/server to service POP3 protocol e.g. dovecot IMAP/POP server.
Sendmail-FAQ-4.19 : How do I configure sendmail for POP/IMAP/...?
When running: telnet localhost 25 on a box with postfix running (verified listening on port 25) the expected behavior is:
[user#box ~]$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 fqdn ESMTP
When I telnet to my box I get the following: (postfix 2.6.6)
[root#host postfix]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
Postfix seems to be running
x]# netstat -plnt |grep :25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 44950/master
tfix]# ps -ef | grep post
root 44950 1 0 16:24 ? 00:00:00 /usr/libexec/postfix/master
I am trying to verify my postfix config and it does not even seem to be running on port 25 correctly. Any assistance/suggestions greatly appreciated. Thank you.
i hope you have set your
inet_interfaces = all in postifx/main.cf file.
I installed mongodb on remote server via vagrant. I can access postgres from my local system but mongo is not available. When I login via ssh and check mongo status it says that mongo running, I can make queries too. When I try to connect from my local system using this command:
mongo 192.168.192.168:27017
I get an error
MongoDB shell version: 2.6.5
connecting to: 192.168.192.168:27017/test
2014-12-27T22:19:19.417+0100 warning: Failed to connect to 192.168.192.168:27017, reason: errno:111 Connection refused
2014-12-27T22:19:19.418+0100 Error: couldn't connect to server 192.168.192.168:27017 (192.168.192.168), connection attempt failed at src/mongo/shell/mongo.js:148
exception: connect failed
looks like mongo not listen to connection from other ips? I commented bind_ip in mongo settings but it doesn't help.
services for 192.168.192.168 via nmap command:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
5432/tcp open postgresql
9000/tcp open cslistener
Looks like mongd listen
sudo lsof -iTCP -sTCP:LISTEN | grep mongo
mongod 1988 mongodb 6u IPv4 5407 0t0 TCP *:27017 (LISTEN)
mongod 1988 mongodb 8u IPv4 5411 0t0 TCP *:28017 (LISTEN)
Firewall rules
sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Update
My mongo config
dbpath=/var/lib/mongodb
#where to log
logpath=/var/log/mongodb/mongodb.log
logappend=true
#bind_ip = 127.0.0.1
#port = 27017
# Enable journaling, http://www.mongodb.org/display/DOCS/Journaling
journal=true
# Enables periodic logging of CPU utilization and I/O wait
#cpu = true
# Turn on/off security. Off is currently the default
#noauth = true
#auth = true
Solution is to change mongo configuration
bind_ip = 0.0.0.0
Here is my testcase :
[root#192.168.121.130 ~$]slapd -d 1 -h ldaps://127.0.0.1:636
#(#) $OpenLDAP: slapd 2.4.23 (Apr 29 2013 07:47:08) $
mockbuild#c6b7.bsys.dev.centos.org:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
ldap_pvt_gethostbyname_a: host=centos-6.3, r=0
daemon_init: listen on ldaps://127.0.0.1:636
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldaps://127.0.0.1:636)
daemon: bind(7) failed errno=98 (Address already in use)
slap_open_listener: failed on ldaps://127.0.0.1:636
slapd stopped.
connections_destroy: nothing to destroy.
But if I change another port , such as 6361, it works.
My environment:
OS: centos 6.4 x86_64
OpenLDAP: 2.4.23 installed by yum
Any suggestion?
it seems that another service is already running on port 636:
daemon: bind(7) failed errno=98 (Address already in use)
you can try the following command to identify this service:
netstat -tulpn | grep ':636 ' | grep 'LISTEN'
Old post, but still ...
This error is also displayed when SELinux prevents slapd from starting. Personally I experienced this after manually copying data (/var/lib/ldap/) from another server, to this one. I had to restore the imported files to default SELinux security contexts:
restorecon -R /var/lib/ldap
And I see this doesn't apply to you, but this might also happen if you're attempting to bind slapd to a port out of the ordinary. Default on CentOS7, these are the allowed ports:
#semanage port -l | grep ldap
ldap_port_t tcp 389, 636, 3268, 7389
ldap_port_t udp 389, 636
Adding another one to the legal port range, could be done with semanage. (You might need to install the package policycoreutils-python.):
semanage port -a -t ldap_port_t -p tcp 10389
... if you wish to allow slapd to bind on TCP port 10389 in addition to the four listed above. After this, the previous result would look like:
# semanage port -l | grep ldap
ldap_port_t tcp 10389, 389, 636, 3268, 7389
ldap_port_t udp 389, 636
I have a micro free tier RHEL 6 instance running and have postgresql 9.2 installed using the yum instructions here:
http://yum.pgrpms.org/howtoyum.php
And I am able connect to the PG server locally using this on server:
03:46:20 root#xxx[~]$ psql -hlocalhost -p5432 -Upostgres
However i've never successfully connected to it outside of box. The error message looks like:
12:11:56 saladinxu#GoodOldMBP[~]$ psql -h ec2-xxx.ap-southeast-1.compute.amazonaws.com -p5432 -Upostgres
psql: could not connect to server: Connection refused
Is the server running on host "ec2-54-251-188-3.ap-southeast-1.compute.amazonaws.com" (54.251.188.3) and accepting TCP/IP connections on port 5432?
I've tried a bunch of different ways. Here's how my configure files look now:
/var/lib/pgsql/9.2/data/postgresql.conf:
...
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
...
/var/lib/pgsql/9.2/data/pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
host all pgadmin 0.0.0.0/24 trust
host all all [my ip]/24 md5
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
I've tried to make the above address to 0.0.0.0/0 but id didn't work.
And every time i made a change i restarted by running this
service postgresql-9.2 restart
In the Security Group of this EC2 instance i can see this rule already:
TCP
Port (Service) Source Action
22 (SSH) 0.0.0.0/0 Delete
80 (HTTP) 0.0.0.0/0 Delete
5432 0.0.0.0/0 Delete
The netstat command shows that the port is already open:
04:07:46 root#ip-172-31-26-139[~]$ netstat -na|grep 5432
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp 0 0 :::5432 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 14365 /tmp/.s.PGSQL.5432
To answer bma's question:
If I run the nmap command on the server locally it seems to suggest that thru internal DNS it's going to another host where 5432 is open:
10:16:05 root#ip-172-31-26-139[~]$ nmap -Pnv -p 5432 ec2-54-251-188-3.ap-southeast-1.compute.amazonaws.com
Starting Nmap 5.51 ( http://nmap.org ) at 2013-07-22 10:16 EDT
Nmap scan report for ec2-54-251-188-3.ap-southeast-1.compute.amazonaws.com (172.31.26.139)
Host is up (0.00012s latency).
rDNS record for 172.31.26.139: ip-172-31-26-139.ap-southeast-1.compute.internal
PORT STATE SERVICE
5432/tcp open postgresql
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
And the iptables command gives the following output
10:16:14 root#ip-172-31-26-139[~]$ iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
25776 14M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
45 1801 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
251 15008 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
35 2016 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 21695 packets, 5138K bytes)
pkts bytes target prot opt in out source destination
[Edited after adding according to bma's suggestion]
iptables looks like this after the new addition:
11:57:20 root#ip-172-31-26-139[~]$ iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
26516 14M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
47 1885 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
255 15236 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
38 2208 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
0 0 ACCEPT tcp -- * * [my ip] 54.251.188.3 tcp spts:1024:65535 dpt:5432 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.251.188.3 tcp spt:5432 dpts:1024:65535 state ESTABLISHED
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 5 packets, 1124 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 54.251.188.3 [my ip] tcp spt:5432 dpts:1024:65535 state ESTABLISHED
0 0 ACCEPT tcp -- * * 54.251.188.3 0.0.0.0/0 tcp spts:1024:65535 dpt:5432 state NEW,ESTABLISHED
But i'm still not able to connect (same error). What could be the missing piece here?
I Found the resolution to this problem.
Two things are required.
Use a text editor to modify pg_hba.conf. Locate the line:
host all all 127.0.0.1/0 md5.
Immediately below it, add this new line:
host all all 0.0.0.0/0 md5
Editing the PostgreSQL postgresql.conf file:
Use a text editor to modify postgresql.conf.
Locate the line that starts with #listen_addresses = 'localhost'.
Uncomment the line by deleting the #, and change 'localhost' to '*'.
The line should now look like this:
listen_addresses = '*' # what IP address(es) to listen on;.
Now Just restart your postgres service and it will be able to connect
Do you have a firewall blocking port 5432? A quick nmap shows that it is being filtered.
nmap -Pnv -p 5432 ec2-54-251-188-3.ap-southeast-1.compute.amazonaws.com
Starting Nmap 6.00 ( http://nmap.org ) at 2013-07-21 11:05 PDT
Nmap scan report for ec2-54-251-188-3.ap-southeast-1.compute.amazonaws.com (54.251.188.3)
Host is up (0.19s latency).
PORT STATE SERVICE
5432/tcp filtered postgresql
What does the iptables on your EC2 show for port 5432?
iptables -nvL
[after OP added more details]
Netstat shows that it is listening, but the firewall output doesn't look like the 5432 port is open (I confess to not being much of a network guy). Referring to some of my notes from previous installs, you might need to open up EC2 port 5432 to your IP.
To allow input firewall access, replace YOUR-REMOTE-IP with the IP you are connecting from:
iptables -A INPUT -p tcp -s YOUR-REMOTE-IP --sport 1024:65535 -d 54.251.188.3 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 54.251.188.3 --sport 5432 -d YOUR-REMOTE-IP --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
--outbound access
iptables -A OUTPUT -p tcp -s 54.251.188.3 --sport 1024:65535 -d 0/0 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 5432 -d 54.251.188.3 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
What does iptables -nvL list after that. Can you connect?
Looks your pg_hba.conf misses the "+" after the group name. try
# TYPE DATABASE USER ADDRESS METHOD
host all pgadmin+ 0.0.0.0/24 trust
host all all [my ip]/24 md5
The pg_hba.conf explains about user:
The value all specifies that it matches all users. Otherwise, this is either the name of a specific database user, or a group name preceded by +. (Recall that there is no real distinction between users and groups in PostgreSQL; a + mark really means "match any of the roles that are directly or indirectly members of this role", while a name without a + mark matches only that specific role.)