postfix - connection refused from behind NAT

Posted by manchine on Server Fault See other posts from Server Fault or by manchine
Published on 2014-06-08T04:00:27Z Indexed on 2014/06/08 15:30 UTC
Read the original article Hit count: 237

Filed under:

postfix

|

nat

|

lan

|

telnet

|

mta

When attempting to telnet postfix from a different host in the same LAN through the FQDN (and thus the LAN's public IP), the following error occurs:

root@mailer:/var/log# telnet mail.domain.com 25
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Connection refused

Other services can be reached from the exact same host, however:

root@mailer:/var/log# telnet mail.domain.com 22
Trying 1.2.3.4...
Connected to mail.domain.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u1

To make matters more intriguing, Postfix can be accessed from outside the LAN:

nunos-mbp:mailog nzimas$ telnet mail.domain.com 25
Trying 1.2.3.4...
Connected to mail.domain.com.
Escape character is '^]'.
220 mail.domain.com ESMTP Postfix (Ubuntu)

To sum thing up:

a) Postfix (running on 10.10.10.4 / mail.domiain.com) refuses connection from a host in the same LAN (10.10.10.2), but only when queried through the FQDN (mail.domain.com)

b) mail.domain.com accepts connections to other services (but Postfix) from 10.10.10.2

c) mail.domain.com accepts connections to all services, including Postfix, from the outside world

If it were a firewall issue, then I believe it would not be possible to connect to any service from 10.10.10.2 through the FQSN / public IP. It ought to be some missing parameter in Postfix, although I haven't found any clear pointers so far.

© Server Fault or respective owner

Related posts about postfix

postfix: Temporary lookup failure

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have followed the tutorials step by step for installing and configuring postfix https://help.ubuntu.com/community/Postfix https://help.ubuntu.com/community/PostfixBasicSetupHowto I am trying to test the services to whether Temporary lookup failure error telnet localhost 25 250 2.1.0 Ok rcpt to:… >>> More
postfix with mailman

as seen on Server Fault - Search for 'Server Fault'
What should happen is that [email protected] should be delivered to that users inbox on localhost, user@localhost. Thunderbird works fine at reading user@localhost. I'm just using a small portion of postfix-dovecot with Ubuntu mailman. How can I get postfix to recognize the FQDN and deliver… >>> More
saslauthd + PostFix producing password verification and authentication errors

as seen on Server Fault - Search for 'Server Fault'
So I'm trying to setup PostFix while using SASL (Cyrus variety preferred, I was using dovecot earlier but I'm switching from dovecot to courier so I want to use cyrus instead of dovecot) but I seem to be having issues. Here are the errors I'm receiving: ==> mail.log <== Aug 10 05:11:49 crazyinsanoman… >>> More
centos postfix send email problem

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a big problem with postfix. I can receive mail in webmin and outlook but I can't send (only on local I can - user to user). Dovecot is working just fine. Sendmail is disable. Please help me. postfix -n postfix: invalid option -- n postfix: fatal: usage: postfix [-c config_dir] [-Dv]… >>> More
Migrating users and mailboxes from postfix / Maildir to Postfix with Mysql backend

as seen on Server Fault - Search for 'Server Fault'
So I've got 60 or so users on a hand rolled postfix installation on openbsd and I'd like to move their mailboxes to our new mail server running iRedMail (postfix, vmail/mysql back end) Does anyone know of a good way to do this? Preferably a script I can run to keep syncing the users mailboxes as… >>> More

Related posts about nat

Cisco 881 losing NAT NVI translation config after reload

as seen on Server Fault - Search for 'Server Fault'
This is a weird one, so I'll try to explain in as much detail as I can so I'm giving the whole picture. As I've mentioned in my other questions, I'm in the process of setting up a new Cisco 881 as my WAN router and NAT firewall. I'm facing an issue where NAT NVI rules that I have configured are not… >>> More
IPtables AWS EC2 NAT/Reverse NAT - For Reverse Proxy style setup but with IPtables

as seen on Server Fault - Search for 'Server Fault'
I was thinking initially needing to do a reverse proxy or something so I could get some SSL/TLS traffic look like it is being terminated at a server and IP address in the AWS cloud, and then that traffic is forwarded onto our actual web servers that aren't in the cloud... I've not done much iptables… >>> More
asterisk/freeswitch in nat/no-nat setup

as seen on Server Fault - Search for 'Server Fault'
hi, my current setup - i use bunch of sip hard-phones around few offices. all devices have two sip accounts configured - one on internal sip proxy [for calls between the branches], another - at 3rd party voip providers [ since it's in different countries - those are different providers, but that's… >>> More
Problem with setup VPN in Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Problem with setup VPN on Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More