4 Replies Latest reply: Feb 10, 2013 2:08 AM by Camelot
Thin&Hungry Level 1 (0 points)

I've been running OS X Lion Server for about a year or more now on a mac mini. Mail service has been chugging away just fine until this morning when it stopped delivering emails from outside our domain to the users' inboxes. Email sent internally, from within the same domain, gets delivered just fine. And users can send emails both internally and externally.  But users can receive mail only from within the same domain.


I have checked as many logs as I could think of and see nothing out of the ordinary. IMAP is running fine, postfix appears to be running without notable incident (though if I should be checking that more thoroughly, I'd take advice on how to do so - I've only checked the Mail log).


Senders do not get any notification of failure. And I do not see any errors in Server Admin.app (nor in Server.app). Perhaps I am not looking in the right places?


I even checked DNS, and the log there shows a ton of errors (connection refused), so I added a couple of new forwarded IP's just in case that might help. This may be a sign of my desperation, especially because the DNS should have little to do with email finding its way to my server. But I'm getting desperate.


Any advice and assistance is gratefully accepted.

  • Camelot Level 8 (46,655 points)

    Well, for one, this statement is completely wrong:


    DNS should have little to do with email finding its way to my server


    Mail is as dependent on DNS as anything else - maybe more so with the dependence on MX records. If your DNS isn't working, remote servers might not know where to send the mail.


    What's missing from your post, though, is what you DO see in the logs. Do you see connections from the outside world? Does your server accept those messages? does it reject them? why?


    If the server isn't getting connections from the outside world then either your DNS is broken (see my point above), or there's some network-level issue such as a firewall policy, a NAT port mapping or some such that's preventing external servers from connecting.


    It would help if you posted the domain name since that would at least let others here test the server and report back what we see. As it is we're working blind and can only offer WAGs as to what the problem might be.

  • Thin&Hungry Level 1 (0 points)

    Good points, and thanks for the clarification about the DNS. The domain is wasmer.us. The mail logs are devoid of anything at this point. Despite my attempts to send email to an internal address from an external (gmail, and a corporate email) address, there are no entries in the mail.log since I last forgot to use sudo while checking to see if postfix was running and this appears in the log:

    Feb  6 14:39:31 wasmer postfix[16123]: fatal: the postfix command is reserved for the superuser


    There is no signe of life from outside coming in. I just used an online tool called mxtoolbox.com (or something similar) it was unable to establish an SMTP connection, saying it timed out due to inactivity.


    The DNS logs are replete with the following types of entries:

    06-Feb-2013 23:19:11.580 error (connection refused) resolving 'e4478.b.akamaiedge.net/A/IN':


    [That IP address,, is the router.]


    Thanks for the suggestions on improving my question, and thanks for any further help.

  • Thin&Hungry Level 1 (0 points)

    Just a thought - it would appear that port 25 is suddenly being blocked, both incoming and outgoing, by the ISP. I will have to check with them in the morning to confirm and sort that out. Port scan offers support for this - other ports are still accessible, like 80 for the website, etc. But 25 is "aborted," according to the port scan by mxtoolbox.com.


    So, assuming it is CenturyLink blocking port 25, I'll take suggestions on how to convince them to change their ways and revert to the set up we had two days ago.

  • Camelot Level 8 (46,655 points)

    Port blocking by your ISP seems like a likely issue.


    You'll clearly need to talk to them to find out the change. You might need to check the terms of your service with them - some ISPs prohibit running your own mail server on their network due to spam origination issues... and they might have blocked you because you hit some threshold and popped up on their radar. It might also be an error.


    Even if they do unblock port 25 you're doing to need to talk to them about reverse DNS. Right now your reverse DNS does not map back to your domain (it maps to a generic hostname in your ISP's domain), and that's going to cause you a world of hurt as far as email is concerned. You may need them to setup reverse DNS, or act as a mail proxy/gateway for you to avoid such issues.