On Mon, Jun 14, 2021 at 04:07:06PM +0100, Dominic Raferd wrote:
> > Thanks everyone. I'm still at a loss here. I have tried everything you
> > guys have suggested and it's also not a firewall issue so at this
> > point I have no idea why I can't get this to work. Currently I have
> > the following in my master.cf <http://master.cf> for port 465...
> >
> >
> If you have not already done so, try getting your server working with
> STARTTLS on port 587, something like:
This is clearly barking up the wrong tree. The OP reports not even
getting a SYN-ACK back in response to the incoming TCP connection.
The problem is at the network layer, and tweaking Postfix will make no
difference. At this point, looks like iptables or similar is dropping
the packets. On many Linux systems there are host firewall policy
settings for the allowed service ports. For example, on a Fedora
system:
# firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: enp9s0
sources:
services: dhcpv6-client http https mdns smtp ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
So on that server only port 25 is enabled, and submission is filtered.
--
Viktor.
