Sendmail Server's Port 25 is blocked on Ubuntu 8.04

[mfhyde]

Sendmail on Ubuntu 8.04 is supposed to open port 25, both locally and remotely. On my sendmail server, port 25 is open when viewed locally. But as seen from other Ubuntu 8.04 boxes connected to the LAN, the sendmail server's port 25 is closed.

Q1: Is there a way I could have configured Sendmail to produce this result?

Q2: If not through Sendmail configuration, how else could Ubuntu be blocking port 25 like this?

Other info:

On all hosts on the LAN except at the gateway, the firewalls are set to allow all traffic.

On all hosts on the LAN, TCPwrappers is set to allow connections from all members of the LAN.

On the Sendmail server, SASL is set up to authenticate connections to the ISP's smarthost. PAM uses the default configuration for SASL; there is no PAM module for Sendmail.

Sendmail does relay messages to the smarthost successfully.

When attempts are made to send email from a LAN box to the sendmail server, it gets bounced back saying that the service is unavailable.

Thanks in advance for your help.

[spiderbatdad]

can you telnet to local on the 8.04 machine? Try

Code:

telnet localhost 25
ehlo localhost
quit

If that all goes well...
Have you enabled ufw. check

Code:

man ufw for policies
or
sudo ufw allow 25

[mfhyde]

`telnet localhost 25` followed by `ehlo localhost` yields the same result:

$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 sendmail.server ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Mon, 19 Jan 2009 21:27:19 -0500; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1]
ehlo localhost
250-sendmail.server Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP

[mfhyde]

My previous post came was an addon to a previous post, which got lost. Her is the previous post:

When performed on the Sendmail server, this what I get, and I went
ahead with a ehlo command:

$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 sendmail.server ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Mon,
19 Jan 2009 20:43:37 -0500; (No UCE/UBE) logging access from:
localhost(OK)-localhost [127.0.0.1]

ehlo ubuntu.box
250-sendmail.server Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP

When `telnet sendmail.server 25` is performed on another box, the
connection is refused.

ufw updates the firewall polices. Since the firewall is set to accept
all traffic, I wouldn't expect any changes. In fact, here is the
output to `iptables -Ln after running `sudo ufw allow 25`:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

(No change.)

[spiderbatdad]

do you have a sendmail.conf file or sendmail.cf?
could you please post?

also what does netstat -tna show you?

[mfhyde]

See attachment.

If this doesn't work, I'll paste it in a reply window...

[spiderbatdad]

I believe this line needs to be commented out:

Code:

# DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl

Then,

Code:

# If you modify this file, you will have to regenerate /etc/mail/sendmail.cf
# by running this file through the m4 preprocessor via one of the following:
#	* make   (or make -C /etc/mail)
#	* sendmailconfig 
#	* m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# The first two options are preferred as they will also update other files
# that depend upon the contents of this file.

Then check the sendmail.cf to see that the option is commented out.
Restart.

I hope this helps. Admittedly, I use exim4.

[mfhyde]

# netstat -tna
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

[spiderbatdad]

mmm. maybe edit the line to look like:
dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl

then run:

Code:

m4 sendmail.mc > sendmail.cf

restart and check sendmail.cf

[mfhyde]

I commented out the line, but `netstat -tnr` now shows no listening on port 25.

Additionally, on the sendmail server, `nmap -p25 localhost` is now showing a closed port 25.

From another box, sendmail server's port 25 is still closed.