Postfix-Server behind a DSL-Router

Rick Stevens ricks at alldigital.com
Thu Apr 9 17:05:10 UTC 2015 

On 04/09/2015 07:22 AM, Peter Ulrich Kruppa wrote:
> Am 09.04.2015 um 15:32 schrieb Robert Nichols:
>> On 04/09/2015 05:07 AM, Peter Ulrich Kruppa wrote:
>>>
>>> I set up a Postfix-Server on my Fedora 21 box, which is connected to
>>> the internet via
>>> some Netgear Router. My private LAN is 192.168.10.0/24 with the Fedora
>>> box fixed on
>>> 192.168.10.1 . My Netgear thing has got a fixed IP and hostname, let's
>>> say for
>>> mydomain.com .
>>>
>>> Now I can
>>>    - send myself mails from my Fedora box
>>>    - send mails from my Fedora box to the outside p. ex. my googlemail
>>> account
>>>
>>> but I can't receive mails from outside.
>>
>> The default postfix configuration has it listening only on the localhost
>> interface.  You will have to change that.  Look for "inet_interfaces ="
>> in /etc/postfix/main.cf .
> I have got
>      inet_interfaces = all
> in there.

Many ISPs block SMTP traffic TO their end users. Most also block
outgoing SMTP traffic FROM their end users _unless_ it's going to the
ISP's mail servers (this is to prevent end users from becoming spam
farms). Assuming your ISP permits bi-directional SMTP traffic, here
are things to look at:

1. The outside world must send mail to the PUBLIC IP of your firewall
(not the 192.168.x.y address, but the one that's on the public
Internet). Make sure your MX DNS records reflect that public IP address.
If your MX records contain "192.168.x.y" or "10.x.y.z", then your record
is wrong (192.168.0.0/16 and 10.0.0.0/8 are non-routable, private
networks).

2. You must configure your external firewall to forward incoming port
25 traffic to port 25 on your postfix machine's PRIVATE IP address.

3. Make sure firewalld on your postfix machine permits incoming port 25
traffic.

4. You must make sure postfix is listening on the private IP address (at
least). "netstat -lpnt | grep 25" will tell you what IPs postfix is
listening on.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks at alldigital.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-   Errors have occurred. We won't tell you where or why.  We have   -
-                         lazy programmers.                          -
----------------------------------------------------------------------

More information about the users mailing list