Thank you Wietse. I have already verified and reverified with our server host that port 465 is open on their main fw. However, when I do a port scan to 465 from the outside it says it is closed. My server host did the same scan and said that it's not them and it's a firewall on the server. I only have one firewall on the server and it is completely disabled at this time. Since the packets do get to the server we know it's not a firewall upstream.
tcpdump shows the syn packets coming in -- but nothing going out. The firewall (iptables) is empty. (fully cleared and flushed -- even rebooted with no rules) Postfix answers fine on all other ports and so do other apps on the machine, so not likely to be routing unless something specific to postfix on this port. Netstat shows the port bound by postfix or 0.0.0.0 and listening -- so no idea what would be special there; and it does respond locally... just not externally. If something is blocking the response or the ingress it's not iptables. At this point, I'm not sure what else it could be. On Mon, Jun 14, 2021 at 1:10 PM Wietse Venema <wie...@porcupine.org> wrote: > If packets for port 465 arrive on eth0 and nothing is sent in response > then we know the following: > > 1) Your system replies to ARP requests. So there is two-way > communication at the ethetnet layer. > > 2) Your system does not respond to TCP SYN requests. There is no > two-way communication at the TCP layer. > > This suggests the TCP SYN is dropped (firewall problem), or that > your system responds to TCP SYN on a different network interface > (routing problem). > > It there any TCP connectivity between the client and the Postfix > server on that specific IP address? > > Wietse >