Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

test internet connection failed to mail server

Status
Not open for further replies.

ahm1985

Programmer
Dec 6, 2012
138
EG
what i need only to solve the problem
MAIN PROBLEM :
NO INTERNET ACCESS TO MAIL SERVER SO THAT CANNOT SEND OR RECIEVE
ONLY NEED SOLVE THIS PROBLEM

i don't need now to change my work to server and gateway mode

my data as following

I have mail server 7.5

Primary domain name altawi.com.sa

name of server mserver

Local ip 192.168.1.4

Subnetmask:255.255.255.0

operation mode server only

gateway ip 192.168.1.254(cisco 800 series firewall)

DHCP SERVER dont provide dhcp

corporate dns server 212.93.192.5

No port forwarding for mail server CREATED

Primary corporate dns 212.93.192.5

Secondary corporate dns 84.22.224.11

email retrival mode multidrop

smtp authuntication allow ssmtp(secure)

smtp for internet provider disabled
-----------------
email settings
POP3 server access Allow private and public (secure POP3S)
IMAP server access Allow private and public (secure IMAPS)
Webmail access Allow HTTPS (secure)
---------------
Virus scanning Disabled
Spam filtering Disabled
Executable content blocking Disabled
---------------
E-mail retrieval mode multi-drop
SMTP authentication Allow SSMTP (secure)
---------------
E-mail to unknown users Reject
Address of internal mail server
Address of Internet provider's mail server
----------------
diagram for my network
----------
I have 40 computeres connected to switch panel1
this switch panel connected to main switch panel
you can consider switch panel2
----------
switch panel2 have the following
1- cable for mail server 192.168.1.4
2- cable come from switch panel1(include 40 computer)
3- cisco router 800 series firewall
4- linksys router wag 200g anntena A(gateway 192.168.1.1 to all local network)
5- domain controller 192.168.1.2
6- computer for antivirus eset end point 192.168.1.10 related to domain and all
computer in network updated antivirus from this computer
7- Server for ERP SOLUTION dynamic nav 192.168.1.3 workgroup not related to domain
------------
when we ping to public ip 78.93.244.61 from network or outside network
it is ok working
when i make ping to public ip 78.93.244.61 from mail server
it give me hosted unreachable
when ping from mail server to 8.8.8.8 it give us
hosted unreachable
when ping from local network to mail server 192.168.1.4
it ping and give reply without any problem
-----------
test internet access to mail server failed
---------
settings for computers in network(40 computer)
ip 192.168.1.no from 1 to 254
subnet mask 255.255.255.0
gateway 192.168.1.1 linksys router gateway
prefered dns : 192.168.1.2 domain controller
alternative dns:192.168.1.1 linksys router gateway
i have linksys router only for internet to local networks
and cisco firewall have another internet line dsl
take from awal net company with speed 2mg
TELEPHONE LINE CONNECTED TO CISCO FIREWALL ROUTER WORKING GOOD WITHOUT PROBLEM
----------------
cisco firewall router 800 series
ppp light is green stable
cd light is greeen stable
adsl light green flushing
---------
when connect any computer direct to cisco firewall router
it can get internet from cisco router as following
ip 192.168.1.105
subnetmask 255.255.255.0
gateway 192.168.1.254
it work and can access internet but why not access mail server
this is my question
-----------
and tell us this is problem in your network
not from other side check your network firewall
i check every thing cables and nothing done
i make port scanner for public ip 78.93.244.61 by nmap
it give me as following
[root@e-smith ~]# nmap -O 78.93.244.61

Starting Nmap 6.25 ( ) at 2015-11-18 09:07 EST
Nmap scan report for mserver.altawi.com.sa (78.93.244.61)
Host is up (0.27s latency).
Not shown: 990 closed ports
PORT STATE SERVICE
23/tcp filtered telnet
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
4444/tcp filtered krb524
6667/tcp filtered irc
6881/tcp filtered bittorrent-tracker
12345/tcp filtered netbus
Device type: router|switch
Running: Cisco IOS 12.X
OS CPE: cpe:/h:cisco:2500_router cpe:/o:cisco:ios:12.1 cpe:/h:cisco:catalyst_2950 cpe:/h:cisco:catalyst_2960 cpe:/h:cisco:catalyst_3550 cpe:/h:cisco:catalyst_3560 cpe:/h:cisco:catalyst_3750 cpe:/o:cisco:ios:12
Too many fingerprints match this host to give specific OS details

OS detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 158.45 seconds
------------
WHEN I WRITE TO GET LOG FILE SME :
----------
when i try to send from my domain ahmedb@ltawi.com.sa
to outside email yahoo ahmed_elbarbary.2010@yahoo.com write this command in sme mail server
and write the following tail -f /var/log/qmail/current | tai64nlocal

Last login: Mon Nov 23 01:35:17 2015 from 192.168.1.105
[root@mserver ~]# tail -f /var/log/qmail/current | tai64nlocal
2015-11-23 10:38:07.003125500 new msg 4576081
2015-11-23 10:38:07.003131500 info msg 4576081: bytes 2598 from <ahmedb@altawi.com.sa> qp 15156 uid 453
2015-11-23 10:38:07.014118500 starting delivery 332: msg 4576081 to remote ahmed_elbarbary.2010@yahoo.com
2015-11-23 10:38:07.014125500 status: local 0/10 remote 1/20
2015-11-23 10:38:07.014129500 new msg 4575033
2015-11-23 10:38:07.014133500 warning: unknown record type in todo/4575033
2015-11-23 10:38:07.014136500 new msg 4575033
2015-11-23 10:38:07.014140500 warning: unknown record type in todo/4575033
2015-11-23 10:38:27.016877500 delivery 332: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/
2015-11-23 10:38:27.016882500 status: local 0/10 remote 0/20
in above i try to send from my altawi domain to outside as yahoo
it give me delivery 332: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/
what this problem
----------
as above firewall close port 25
i send this message for awal net company
it reply for me as following:
from awal net it access cisco outer and tell me
--------
I call awal net company told him please check port 25 and 110 is working
it answer to me as following:

By default all ports are opened from outside except port 162, 22, 23.

In customer case; He’s NAtting local IP 192.168.1.4 to public 78.93.244.62


ip nat inside source static 192.168.1.4 78.93.244.62

telnet 192.168.1.4 25
Trying 192.168.1.4, 25 ...
% Connection timed out; remote host not responding

telnet 192.168.1.4 110
Trying 192.168.1.4, 110 ...
% Connection timed out; remote host not responding

telnet 78.93.244.61 25
Trying 78.93.244.61, 25 ...
% Connection refused by remote host

telnet 78.93.244.61 110
Trying 78.93.244.61, 110 ...
% Connection refused by remote host
------
from my network
PING 192.168.1.4
GIVE REPLY WITHOUT PROBLEM
telnet 192.168.1.4 25
220 mserver.altawi.com.sa ESMTP
TELNET 192.168.1.4 110
OK <6721.1448292168@MSERVER.ALTAWI.COM.SA>
TELNET 78.93.244.61 25
CANNOT OPEN CONNECTION TO HOST
TELNET 78.93.244.61 110
GIVE ME BLANK SCREEN
PING 78.93.244.61
GIVE ME REPLY WITHOUT PROBLEM
PING 192.168.1.254 FROM MAIL SERVER
64 bytes from 192.168.1.254: icmp_seq=2168 ttl=64 time=0.735 ms
64 bytes from 192.168.1.254: icmp_seq=2169 ttl=64 time=0.765 ms
64 bytes from 192.168.1.254: icmp_seq=2170 ttl=64 time=0.796 ms

[root@mserver ~]# telnet 192.168.1.254 23
Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.
root@mserver ~]# telnet 192.168.1.254 25
Trying 192.168.1.254...
telnet: connect to address 192.168.1.254: Connection timed out
-----------
After that awal net company TELL ME OUR job only to connect internet
to cisco router check your side
i check every thing in my network nothing wrong and no internet access to mail server
--------------
After that i check mx record
it can as following
Pref Hostname IP Address TTL
0 mserver.altawi.com.sa 78.93.244.61 4 hrs
1 altawi.com.sa 212.93.222.10 4 hrs
i call company of hosting my site it is awal net company
this company awal net company for hosting because service finished for hosting and no technical support good
i changed to company top line for hosting from 2 days because i doubt may be hosting problem and remove mx record
mx record now nothing registered in mx record
what i do now to send and recieve email
----------------
This is all data about my network
 
This is Cisco 800 series config file
Thank you for reply
config file as following
xxxx#sh run
Building configuration...

Current configuration : 4660 bytes
!

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!

hostname xxxxx
!

boot-start-marker
boot-end-marker
!

!
aaa new-model
!

!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!

!
aaa session-id common
clock timezone KSA 3
!

crypto pki trustpoint TP-self-signed-xxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-164429193
revocation-check none
rsakeypair TP-self-signed-xxxx
!

!
dot11 syslog
!

dot11 ssid xxxx
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxx
!

ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.11.1
!

ip dhcp pool wireless
import all
network 10.10.11.0 255.255.255.0
default-router 10.10.11.1
dns-server 212.93.192.4 212.93.192.5
lease 0 2
!

!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name awalnet.net.sa
ip name-server 84.22.224.11
ip name-server 84.22.224.12
!

!
!

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!

crypto isakmp client configuration group xxx
key xxx
dns 212.93.192.4 212.93.192.5
include-local-lan
dhcp server 10.10.10.1
max-users 10
netmask 255.255.255.0
crypto xxx profile sdm-ike-profile-1223
match identity group xxx
client authentication list sdm_vpn_xauth_ml_2
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!

!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!

crypto ipsec profile SDM_Profile1
set security-association idle-time 60
set transform-set xxxxx
set isakmp-profile sdm-ike-profile-1
!

!
archive
log config
hidekeys
!

!
!

bridge irb
!

!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!

interface ATM0.1 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
!
!

interface FastEthernet0
!

interface FastEthernet1
!

interface FastEthernet2
!

interface FastEthernet3
!

interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!

interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid xxxx
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!

interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!

interface Vlan1
description $xxxxxx$
ip address 78.93.244.61 255.255.255.252 secondary
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!

interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password xxxx
ppp pap sent-username xxxx.xx password xxxxx
!

interface BVI1
ip address 10.10.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!

ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.4 25 78.93.244.61 25 extendable
!

access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 23 permit 212.93.196.0 0.0.0.255
access-list 23 permit 212.93.192.0 0.0.0.255
access-list 23 permit 212.93.193.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 212.93.208.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community private RW
snmp-server community public RO
!

!
!

control-plane
!

bridge 1 protocol ieee
bridge 1 route ip
!

line con 0
no modem enable
line aux 0
line vty 0 4
!

scheduler max-task-time 5000
end
 
I show config file
are there are any problem in config file of my router cisco 800
it make as gateway
 
from config file above there are vlan on cisco rotrer
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top