So I have my ISP confirm port 25 is open I have my server on DMZ and also to be extra sure port 25 open specifically to it and yes it works fine but why on earth does my mac server tell me that it cannot access port 25 when there is no firewall blocking it its prevcenting the sending and recieving of mail because there my mac just isnt listening on it.
There is also MX records so these are fine too.
Mac mini (Late 2012), OS X Mavericks (10.9), Mavericks Server
What exactly is the error message?
There isnt one the external services say that they cant comms with the server and if i try a terminal from the machine itself it also says port is not open so cannot test mail.
There is because port 25 works for everything else just not the mac mail server, any ideas ?
It's increasingly considered to be best-practices networking to block outbound TCP port 25 connections, so remote testing of that particular port from another network can be problematic. Not because of inbound blocks or outbound blocks involving your mail server IP address, but because of blocks on other networks.
But if the port isn't working from your LAN, then your mail server apparently isn't starting, or is failing to start, or is getting tangled up with the server firewall. Launch Console.app from Applications > Utilities and see if there's anything relevent being logged in the mail server logs.
If you're configuring the mail server in a DMZ, you'll have to ensure inbound TCP port 25 traffic goes in the proper direction, too; into the DMZ, and not into the LAN. That's in addition to TCP 993 or TCP 995, and TCP 587, too.
To verify your DMZ-local DNS, launch Terminal.app on the server and issue the following diagnostic command:
sudo changeip -checkhostname
That'll tell you if no changes are required, or if network or DNS issues were detected.
Since its public information and since the spammers will spot an open SMTP port within minutes and an MX record in not very much time, consider posting your public DNS and we verify at least your public DNS is correct and working.
Thanks for the info there here is what I get running the terminal command
Primary address = 192.168.0.2
Current HostName = bwnetwork.net
DNS HostName = bwnetwork.net
The names match. There is nothing to change.
dirserv:success = "success"
Here is what I get testing the mail server and yes its switched on and appears to be working.
Name: bwnetwork.net
Address: 192.168.0.2
> set q=mx
> bwnetwork.net
Server: 127.0.0.1
Address: 127.0.0.1#53
bwnetwork.net mail exchanger = 0 bwnetwork.net.
bwnetwork:~ mattblackwood$ telnet bwnetwork.net 25
Trying 192.168.0.2...
telnet: connect to address 192.168.0.2: Connection refused
telnet: Unable to connect to remote host
But the mac firewall is off and the router firewall is also off and there is no issues since this very same config worked for a Windows Exchange Server without a hitch,
My DNS is the image attached but I also get PTR errors when testing remotely I have them defined ?
Also these are set in firewall and they all work aside mail ports 😟
Try the telnet command to localhost on the server.
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Trying fe80::1...
telnet: connect to address fe80::1: Connection refused
telnet: Unable to connect to remote host
You didn't specify the port number.
It does the same thing because in OSX Server Telnet I believe to not be enabled by default I did just read this that it wont work anyway without using a different command line tool set
Please try the right command, with the port number.
bwnetwork:~ mattblackwood$ telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Trying fe80::1...
telnet: connect to address fe80::1: Connection refused
telnet: Unable to connect to remote host
bwnetwork:~ mattblackwood$ telnet bwnetwork.net 25
Trying 192.168.0.2...
telnet: connect to address 192.168.0.2: Connection refused
telnet: Unable to connect to remote host
Please post the output:
sudo lsof -i4:25
Can you verify that other computer in the DMZ subnet can access port 25 on the server?
When I run this there is no output generated ? or am I looking in the wrong place
Nobody can accesss it inside or out
The DNS configuration will get your server flagged as a spam engine.
$ dig +short MX bwnetwork.net
0 bwnetwork.net.
$ dig +short bwnetwork.net
92.236.101.231
$ dig +short -x 92.236.101.231
cpc3-stav18-2-0-cust486.17-3.cable.virginm.net.
$
The forward (name to address) and reverse (address to name) translations should match. I also can't tell if you're on a dynamic IP or not, but that'll be a problem if you are. You'll want static IP. Also with your ISP, you'll want the reverse translation of your IP address configured to bwnetwork.net,
If you can't get onto static IP or if your ISP won't set up reverse DNS for you, then you'll likely need to move to a mail relay service.
Your IP is also included in the Policy Block List at Spamhaus, which implies that you're going to have serious problems getting mail to work; this usually means your IP address is in a dynamic IP address block and your ISP has added the dynamic block to the blacklists.
There is nothing you can do on your server to fix these problems, either. What I've listed here is within the public DNS configuration, and within the local ISP configuration, and with how other mail servers will determine whether or not your mail server is legitimate or is flagged as a spam engine. Mismatched DNS gets you flagged as a spam engine. Given the policy black list entry in use here, I also wouldn't be surprised to see the IP address have a TCP port 25 block within the ISP network, too.
Port 25 issue
