Currently Being ModeratedOct 22, 2013 9:36 AM (in response to phxJeff)
Do you have public static IP for your site, as well as correct public DNS services? Having static IP is necessary for mail servers that are directly connected to the network, and particularly for whether other mail servers will see your mail server as a legitimate server or — with the usual sorts of mismatched DNS that arise — as a spam engine.
Dynamic IP and dynamic DNS does not work for mail servers. Not for direct communications. You must either have static IP, or you will have to use a mail relay service for both outbound and inbound mail.
It also happens that some ISPs will blacklist their dynamic IP ranges, as computers in those ranges should not be running servers.
If you do not have static IP, it's also common for ISPs to block various ports. Try forwarding an "innocuous" IP port, and see if that gets through to your server. (Set up a web server to listen on some random high-numbered TCP 10000+ port, for instance, and set that port to forward, and test with an external web browser.)
As for the local firewall, test that access with a port scan from another host on the same (presumably) NAT'd LAN. Network Utility can do that, if you prefer the GUI.
To test local IP networking, launch Terminal.app and issue the following diagnostic command:
sudo changeip -checkhostname
I think that was on 10.5. That'll tell you if no changes are required, or if local DNS is correct.
To check your public DNS, I've posted the dig commands around various threads (here, or here, or in various other postings) or post your domain — it's public, and the spammers will find the open mail server port or the DNS MX entry seemingly within minutes in any case — and I or somebody else here will check the translations for you.
Getting web services going also requires that the ISP allow access, and various ISPs do block TCP 80 and TCP 443 on dynamic connections, too. Test locally, then check with your ISP to see if your ISP uses these blocks. (In addition to blocking HTTP/80 and HTTPS/443, blocking TCP 25 outbound SMTP traffic — and variously both inbound and outbound — is increasingly considered best-practices, as it keeps the spam engine network traffic down, too.)
FWIW, I'd encourage use of SSL/TLS POP (TCP 995) or SSL/TLS IMAP (TCP 993), and not the cleartext traffic. I don't know for certain that 10.5.8 supported that, but I'd suspect it did. You'll also need to ensure the submission path is open to the server, that's usually TCP 587, and it's also typical to run that SSL/TLS as well. Various ISPs will block outbound TCP 25, so you'll want to configure your clients to avoid that port for submissions.
Currently Being ModeratedOct 22, 2013 11:48 AM (in response to MrHoffman)
I have static IPs. I have an older G3 server that is working fine, but want to start using the new server. I can control the old erver ports withno problem. If I disable the old server and assign it's IP to the new one, I still have the problem. It seems I cannot control the ports on the new server. I checked my router and there is no firewall there. I have also tried using DoorStop when I turn ff the server firewall. It cannot control the prots either. I turnoff DoorStop when using the server firewall. There is something strange going on that will not allow the ports to be changed.
I use the Network Utility from my MacBook to scan the ports of the Mini. They just seem to be stuck. Restarting the computer does not help. You try scanning IP 220.127.116.11
Currently Being ModeratedOct 22, 2013 2:02 PM (in response to phxJeff)
What do the following commands report for the status of the firewall, and for the configuration:
$ sudo serveradmin status ipfilter
$ sudo serveradmin fullstatus ipfilter
Those two should provide the status of the built-in firewall from the former, as well as full details from the latter.
There is more detail on the firewall management here.
I am not familiar with DoorStop and do not know if it's compatable with OS X Server; check with the vendor.
For testing, I'd remove DoorStop as well as any other similar add-ons, any haxies, and other related tweaks or tools or malware scanners or network monitors or related. Some of those caused problems. Some were incompatible with OS X Server. Best to try a test with a baseline configuration.
Check for errors in the system logs via Console.app, too.
Apologies here, but 10.5 was a long time ago, and I don't immediately recall the details of the idiosyncracies of Server Admin.app and its firewall management from back then. I'm also not in a position to port-scan that IP address. (That written, there is no DNS associated with that IP address.)
Currently Being ModeratedOct 22, 2013 7:04 PM (in response to MrHoffman)
I trashed DoorStop and enter the terminal commands suggested. The list says port 110 is enabled. THe system profiler says all ports are open, but when I scan the ports there are only a few open and not the ones I set with the server firewall. I restted the computer, but no change. When configuring the mail server all looks good, SMTP is enabled. POP and IMAP show starting up and then stopped. I used a utility to repair all permission, but that did not help.
Is there any new server software I could load onto the mini? It's a Macmini 2.1. The Apple site is not clear on this. I purchase Snow Leopard, but then notice it is not the server. I know for $1000 I can get a new Mac Mini with the server loaded, but that is a lot of money since I already have a Mac Mini and server software.
ANy suggestions? Thanks.