guys, some things just have their way of working themselvs out sometimes. it's a dumb thing to say when dealing with system administration, but in this case, this is what happened. i gave up on trying last night after almost 7 hours of attempts and RTFMing, got up this morning, logged into my workstation at work, and everything simply worked ! don't ask me how. i wish i could paste some of the log's here (if there were any) to tell you all what was the problem, but as you know syslogd got screwed up as well, and logged nothing. anyway, we decided to give up on the exchange machine and install Linux on the machine it was running on instead (damm powerful one). so i will start building a new mail server from scratch next weekend, and pray that the old one will make it through this week. thank you all for the time you took to help me out ;)
tal. On Fri, 18 Jan 2002, Tzafrir Cohen wrote: > Date: Fri, 18 Jan 2002 02:48:56 +0200 (IST) > From: Tzafrir Cohen <[EMAIL PROTECTED]> > To: Tal Amir <[EMAIL PROTECTED]> > Cc: guy keren <[EMAIL PROTECTED]>, > the linux-il mailing list <[EMAIL PROTECTED]> > Subject: Re: access problem > > On Thu, 17 Jan 2002, Tal Amir wrote: > > > On Fri, 18 Jan 2002, guy keren wrote: > > > > > Date: Fri, 18 Jan 2002 02:07:46 +0200 (EET) > > > From: guy keren <[EMAIL PROTECTED]> > > > To: Tal Amir <[EMAIL PROTECTED]> > > > Cc: Tzafrir Cohen <[EMAIL PROTECTED]>, > > > the linux-il mailing list <[EMAIL PROTECTED]> > > > Subject: Re: access problem > > > > > > On Thu, 17 Jan 2002, Tal Amir wrote: > > > > > > > > telnet your-server 110 > > > > > > > > > > If and when a (tcp) connection is established, try writing the following: > > > > > > > > > > USER username > > > > > PASS topsecretpasswordinplaintext > > > > > QUIT > > > > > > > > telnet to port's 110 and 25 works. only mail clients cant get to > > > > authonticate. this is the most wierd part (?!) > > > > > > telnet - ok. but did you try doing the rest of what tzafrir suggested - > > > i.e. actually emulating an email client over this connection? please > > > answer with 'yes, and it worked, and i managed to login to port 110 after > > > supplying a valid user and password', or say 'yes, i tried, but it failed > > > with this and that error message', or say 'no, i didn't try, i will try > > > now'. > > > > thanks for the options..what would i do without you ? ;) > > telnet to port 110 works and authonticates (25 as well) > > with a client - nothing. > > so this is not a closed port\service problem. > > > > > > > > > > > there ARE NO internal interfaces. > > > > 1 interface (eth0) with 1 real ip. this machine is in a dmz, and the > > > > firewall translates everything to it. this is why its accesible from both > > > > internal and external locations, and vice versa (it can access NAT > > > > addresses). > > How exactly can it access NAT addresses if it is outside the NAT? How are > packets from the server to NAT clients routed? > > > right, but there is a minimal sence of logic in what you try. > > and yes - netstat shows the connection ONLY if i try to connect directly > > to the port via telnet. > > it shows nothing when accessing with a client. > > Note that a sniffer (like tcpdump) may be able to give you more > information. Is it possible that the connections of the mail clients are > started, but don't get passed the hand-shaking? > > Netstat won't show you this (it only shows established connections and > outgoin connections) but tcpdump will show you the packets of this failed > attempt. > > > > > > > > > > > Use netstat -ln --tcp and see if any service listens on an address that is > > > > > not 0.0.0.0 (=all interfaces). > > > > > > that's what tzafrir said - i keep the quote in case you lost the former > > > message. > > > > > > > > * Do packets from the clients get to the server? > > > > > Use tcpdump or any other sniffer. This could be a DNS problem or a routing > > > > > problem. > > > > > > > > no routing problem. as i said, i can ping it from the internal LAN. > > > > also from outside. > > > > this is not the problem. > > > > > > > correct, but it tells you if there is some kind of a block (route, > > firewall or whatever) between you and that machine. > > if you cant ping it, there is not much change that anything else will get > > there. > > > > Please re-read the following: > > > > > > did you check what tzafrir suggested? he didn't say its a routing problem, > > > or anything else. pings does not tell you much, other then the fact that > > > ping works. it doesn't tell you if other protocols have any problems. > > Have you totally eliminated DNS issues? Do Is the mail client configured > with an IP address? > > > > > > > > > > > * Have you looked at the logs? Any connection attempts logged? > > > > > > > > > another thing i forgot to mention : syslogd is running but not logging > > > > anything. the last log entry is at the same date when the hard reset > > > > acourd. i dont think that there is a connection, but go figure.. > > > > > > i would suggest you try to solve this problem - having working logs is a > > > good start to finding what's wrong, in case the imap server or pop server > > > or any other server is trying to log anything. > > > > > > chekc that you havea /etc/syslogd.conf file, and that it is properly > > > configured (i know "i haven't changed anything" - but when nothing realy > > > changes, things keep on working. if they don't - something was changed, > > > regardless of how it was changed - by manual editing, by file (system) > > > corruption, or anything else. > > And if this fails, stop sysklogd, and run 'syslogd -d' (see syslogd (8)) > > -- ----------------------------------- _|_|_ Best Regard's , ( ) * Amir Tal, /v\ / System Administrator /( )X (m_m) | | ICQ : 15748705 | (_)_ __ | | | '_ \| | | \ \/ / | | | | | | |_| |> < |_)_|_|_| |_|__,_/_/\ http://whatsup.homelinux.com ----------------------------------- ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
