When I use “ping 173.194.70.27” it start running following code
64 bytes from 173.194.70.27: icmp_seq=1 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=2 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=3 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=4 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=5 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=6 ttl=45 time=109 ms
64 bytes from 173.194.70.27: icmp_seq=7 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=8 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=9 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=10 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=11 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=12 ttl=45 time=109 ms
64 bytes from 173.194.70.27: icmp_seq=13 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=14 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=15 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=16 ttl=45 time=109 ms
64 bytes from 173.194.70.27: icmp_seq=17 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=18 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=19 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=20 ttl=45 time=109 ms
.
.
.
64 bytes from 173.194.70.27: icmp_seq=172 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=173 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=174 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=175 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=176 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=177 ttl=45 time=109 ms
64 bytes from 173.194.70.27: icmp_seq=178 ttl=45 time=109 ms
64 bytes from 173.194.70.27: icmp_seq=179 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=180 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=181 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=182 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=183 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=184 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=185 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=186 ttl=45 time=108 ms
64 bytes from 173.194.70.27: icmp_seq=187 ttl=45 time=108 ms
and running still now (near about 10 mins)
do I force fully cutout SSH net connect ??
or force fully off SSH ?? or WAIT …
sigh please answer ALL my questions! This is getting nowhere.
I repeat (last time): What server did U telnet to on port 25 when it worked? Giving placeholder IPs is not helpful when debugging stuff.
To abort the ping, U of course just press CTRL-C, like U do 4 all shell commands that need to be aborted.
I forcefully close SSH for ‘ping 173.194.70.27’
as it is not stopping after 15mins
install mtr and use ‘mtr 173.194.70.27’ and
show following result (continuously changing values)
My traceroute [v0.75]
myhost.abcd.com (0.0.0.0) Mon Feb 10 08:56:38 2014
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
- 212.1.209.115 0.0% 235 0.1 0.1 0.0 3.8 0.3
- 208.69.231.9 0.0% 234 9.8 6.7 0.3 217.4 27.4
- 67.23.161.128 0.0% 234 7.5 3.4 0.3 165.5 17.5
- 67.23.161.142 0.0% 234 6.7 9.6 6.5 116.9 15.2
- aix.pr1.atl.google.com 0.0% 234 6.9 7.2 6.5 31.9 2.3
- 72.14.233.54 0.0% 234 6.8 12.7 6.8 45.7 9.1
- 66.249.94.22 0.0% 234 8.0 9.8 7.1 38.9 6.2
- 216.239.48.5 0.0% 234 13.9 15.8 13.7 52.0 4.9
- 72.14.235.13 0.0% 234 25.6 22.8 21.5 34.7 2.4
- 209.85.251.51 0.4% 234 100.8 100.6 99.4 117.2 2.9
- 72.14.235.14 0.0% 234 109.2 113.0 108.7 130.4 5.4
- 209.85.254.114 0.0% 234 108.7 110.8 108.6 157.8 6.5
- ???
-
fa-in-f27.1e100.net 0.0% 234 109.5 110.2 109.4 123.4 1.8
and when I try ‘telnet 173.194.70.27 25’ show
[root@myhost ~]# telnet 173.194.70.27 25
Trying 173.194.70.27…
telnet: connect to address 173.194.70.27: Connection timed out
"Namely, which server did you telnet to port 25 to previously, when it worked? "
—>>> Unfortunately, I used my own server (VPS)
‘telnet abcd.com 25’ (abcd.com is my own domain name)
Sorry for the idiotic, I did …
“Giving placeholder IPs is not helpful when trying to debug stuff.”
—>>> I didn’t understand what U mean to say …
I forcefully aborted SSH for ‘ping 173.194.70.27’
as it is not stopping after 15mins
install mtr and use ‘mtr 173.194.70.27’ and
show following result (continuously changing values)
My traceroute [v0.75]
myhost.abcd.com (0.0.0.0) Mon Feb 10 08:56:38 2014
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
- 212.1.209.115 0.0% 235 0.1 0.1 0.0 3.8 0.3
- 208.69.231.9 0.0% 234 9.8 6.7 0.3 217.4 27.4
- 67.23.161.128 0.0% 234 7.5 3.4 0.3 165.5 17.5
- 67.23.161.142 0.0% 234 6.7 9.6 6.5 116.9 15.2
- aix.pr1.atl.google.com 0.0% 234 6.9 7.2 6.5 31.9 2.3
- 72.14.233.54 0.0% 234 6.8 12.7 6.8 45.7 9.1
- 66.249.94.22 0.0% 234 8.0 9.8 7.1 38.9 6.2
- 216.239.48.5 0.0% 234 13.9 15.8 13.7 52.0 4.9
- 72.14.235.13 0.0% 234 25.6 22.8 21.5 34.7 2.4
- 209.85.251.51 0.4% 234 100.8 100.6 99.4 117.2 2.9
- 72.14.235.14 0.0% 234 109.2 113.0 108.7 130.4 5.4
- 209.85.254.114 0.0% 234 108.7 110.8 108.6 157.8 6.5
- ???
-
fa-in-f27.1e100.net 0.0% 234 109.5 110.2 109.4 123.4 1.8
and when I try ‘telnet 173.194.70.27 25’ show
[root@myhost ~]# telnet 173.194.70.27 25
Trying 173.194.70.27…
telnet: connect to address 173.194.70.27: Connection timed out
"Namely, which server did you telnet to port 25 to previously, when it worked? "
—>>> Unfortunately, I used my own server (VPS)
‘telnet abcd.com 25’ (abcd.com is my own domain name)
Sorry for the idiotic, I did …
“Giving placeholder IPs is not helpful when trying to debug stuff.”
—>>> I didn’t understand what U mean to say …
Okay, so the Google mailserver is reachable via ping, but port 25 connect fails. My assumption is, if you don’t have a hardware firewall before your server, that your hoster is blocking port 25 outgoing for security reasons. You might want to ask them about this.
To make sure it’s not a local firewall issue, do this: iptables -L -n
With “placeholder IPs” I meant writing “111.222.333.444” instead of the real IP. That’s not helpful when trying to debug problems.
With “placeholder IPs” I meant writing “111.222.333.444” instead of the real IP. That’s not helpful when trying to debug problems.
—>>> ‘YES’ m assumption so but your guideline confirm me. THANKS
To make sure it’s not a local firewall issue, do this: iptables -L -n
—>>> As per your direction, I did “iptables -L -n” and get following result
[root@myhost ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SSH tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all – 0.0.0.0/0 0.0.0.0/0
** I would like to inform U that I install ‘fail2ban’ as per security instruction
of a Virtualmin / Webmin and VPS installation process description guideline
Dose it effect something ??
What I will do now, Sir ?? … please help
I put the result of “iptables -L -n” …
What I will do now, Sir ?? … please help
Don’t be impatient please. I do this in my spare time, and am thus not sitting here waiting for forum posts all day.
So your iptables is not blocking anything. It’s unlikely that fail2ban causes a problem – since when it blocks something due to excessive login failures, it does so via iptables, and your iptables is “clean”.
I suggest you ask your hoster if they block outgoing port 25, since that’s my assumption at this time.
When I post your reply, it show
“What I will do now new”
but when I refresh the page it only show
"What I will do now "
So I thought, my post may not displacing in the forum as new
SORRY for that …
As m using VPS - they (VPS providers) first clearly surrender that they have nothing to do
Is there anything I can do as alternative - like add / alter port 25 to another port
If “YES” how can I do so … PLEASE guide ? ?
Did you already ask your hoster? If they claim they don’t block port 25, and your VPS also doesn’t do so, then it must get blocked somewhere along the routing path. There’s nothing really I can suggest at this point aside from asking your hoster for help. Something definitely is blocking port 25, but I can’t do much remotely via the forum here.
You do need access to outgoing port 25 if you want to deliver email to any external mail server. SMTP always connects to port 25 when talking to other mail servers, there’s nothing you can do about that.
I suggest you contact your hoster again and ask for advice. If nothing helps, you might want to switch to a different hoster.
Howdy,
I agree with Locutus – port 25 is definitely being blocked.
Usually, when seeing the symptoms you’ve shared above – that is something the hosting provider (ie, your VPS provider) is doing.
I don’t see a configuration problem on your server though.
If your VPS provider isn’t blocking port 25, that means someone else is – though it’s difficult to determine who that might be.
However, my suspicion is that it really is your hosting provider.
-Eric
Thanks Eric. 
Thanks to both of U for replying and guideline ( specially to “Locutus” )
I have already post in my hosting provider’s forum and rise a ticket …
as soon as they reply, I must inform U . . . . . .
Sir,
They clearly inform that port 25 is block by them, they said “port 25 is currently blocked due to security reason, you can use an alternative port for your server.”
Is there really not any alternative way
(because I don’t have option for switch hoster as trial period already complete and they will not refund my money)
There isn’t a way to use an alternative port, unfortunately.
Email runs on port 25.
So in order to deliver email to another server, you would need to be able to access port 25 on the remote mail server.
You may want to ask your provider how they would recommend you send emails to other servers, they may have a way for you to do that.
However, if they also block incoming email, there’s not really going to be a way around that – if your provider blocks incoming email, that means you will not be able to receive email from other servers on the Internet.
-Eric
“You may want to ask your provider how they would recommend you send emails to other servers, they may have a way for you to do that.”
–>> They suggest me to use another port for that.
Is there any parallel port that we can for email ??
(Sorry for the stupid question I ask, as U already said “Email runs on port 25”)
"However, if they also block incoming email, . . . . . . "
–>> No, however they did not block incoming email as I received emails for external public mail server like yahoo or gmail to my Virtualmin / Webmin mail server
Sorry, but there isn’t an alternate port you can use. Email runs on port 25.
In order for your server to send email, your provider can’t block port 25, or would need to provide you with some sort of alternate way of sending email via port 25 (such as allowing you to relay it through them).
You really may want to consider a provider that does not block port 25, if you want your server to be able to send email to other servers on the Internet.
-Eric
@matuog: Yes, like Eric said, if you want your Postfix to deliver outgoing emails directly to their destination, it is imperative that you have your hoster unblock port 25 for you. If they refuse to do that, there’s two options:
- Switch to another hoster that’s not as retarded as your present one
- Get an account on an external email service that allows you to pipe your mail through them on port 576 (“submission”), that’s called a “smarthost”. You can configure Postfix to use that.
I’d prefer option 1. Using a smarthost has some implications, i.e. you’d maybe be responsible for all emails going through it, since it’s being authenticated with your account at the smarthost.
Sir,
Can U please give me a little more describe of “external email service”.
How or where do I can configure or get it ??
Is “external email service” means do I have to purchase it from
another service provider like I purchase the hosting or domain ?
If I can use Virtualmin / Webmin ‘port 25’ then m also responsible for all emails
going through it, then what is the special problem with “external email service”.
Because if I purchase or configure “external email service” it will be mine only —
m I right, what I said above ?? (may be I ask a stupid question . . . . . SORRY)
I try to communicate with my hosting provider for open port 25 for emails
but they can’t take hosting and refund me, if they don’t open port 25.
(May be m going to ask U another stupid question, as m not good at
web configure) Like Virtualmin / Webmin all other web controllers like
cPanel WHM, Pleask, ISP Config all use port 25 and port 110 for
outgoing and incoming emails or different ports for emails??
“External mail service”: Yes, you’d google for providers that offer “smarthost” services, i.e. that will let you send outgoing email not only for yourself but also for customers through them. I can’t recommend any here, it’s been ages since I last used a smarthost.
“Responsible”: Well, it might be a legal thing and depend on the terms and conditions of the smarthost provider. If you operate a server which sends email directly, things might look different in terms of who’s responsible for emails than when you authenticate with your credentials to a smarthost. Just a guess though.
In general, you should very much prefer the option to switch to a different hoster. Seriously, a hoster who offers you to run a server, and who then says “we don’t allow outgoing port 25, use a different port” is not something you want as your service provider. That’s as stupid as a car dealer who say “we don’t allow a driver’s door, you need to get in and out of your car through the co-driver’s door”.
“Port 25”: Yes, all across the Internet, port 25 is used for SMTP, no matter what server software or control panel an admin chooses to use. Official port numbers are regulated by Internet authorities, not by the software someone uses.