Thank you Wietse.

I have already verified and reverified with our server host that port 465
is open on their main fw. However, when I do a port scan to 465 from the
outside it says it is closed. My server host did the same scan and said
that it's not them and it's a firewall on the server. I only have one
firewall on the server and it is completely disabled at this time. Since
the packets do get to the server we know it's not a firewall upstream.

tcpdump shows the syn packets coming in -- but nothing going out.

The firewall (iptables) is empty. (fully cleared and flushed -- even
rebooted with no rules)

Postfix answers fine on all other ports and so do other apps on the
machine, so not likely to be routing unless something specific to postfix
on this port.

Netstat shows the port bound by postfix or 0.0.0.0 and listening -- so no
idea what would be special there; and it does respond locally... just not
externally.

If something is blocking the response or the ingress it's not iptables. At
this point, I'm not sure what else it could be.

On Mon, Jun 14, 2021 at 1:10 PM Wietse Venema <wie...@porcupine.org> wrote:

> If packets for port 465 arrive on eth0 and nothing is sent in response
> then we know the following:
>
> 1) Your system replies to ARP requests. So there is two-way
> communication at the ethetnet layer.
>
> 2) Your system does not respond to TCP SYN requests. There is no
> two-way communication at the TCP layer.
>
> This suggests the TCP SYN is dropped (firewall problem), or that
> your system responds to TCP SYN on a different network interface
> (routing problem).
>
> It there any TCP connectivity between the client and the Postfix
> server on that specific IP address?
>
>         Wietse
>

Reply via email to