A non-SMTP service answered on port 25 on IPv4

Server hardware architecture is lxc amd64
Server is running Linux kernel 5.3.13-1-pve
Server is running Debian 9.12
Server is running YunoHost 3.8.4.8 (stable)

yunohost version: 3.8.4.8 (stable)
yunohost-admin version: 3.8.3.4 (stable)
moulinette version: 3.8.1.2 (stable)
ssowat version: 3.8.0.1 (stable)

Since about a week I can not receive email anymore. A week ago the power was cut, perhaps not all systems liked that.

Diagnosis says: A non-SMTP service answered on port 25 on IPv4

Is the diagnosis helping me here, or can I ignore it?

When I try to connect from my local network, all seems fine:

$ telnet akashaduocyen.nl 25
Trying 2001:985:b79a:1:853f:c9a7:90bd:c923...
Connected to akashaduocyen.nl.
Escape character is '^]'.
220 akashaduocyen.nl Service ready
ehlo
501 Syntax: EHLO hostname
ehlo akashaduocyen.nl
250-akashaduocyen.nl
250-PIPELINING
250-SIZE 31457280
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
Connection closed by foreign host.
$ telnet 80.127.182.179 25
Trying 80.127.182.179...
Connected to 80.127.182.179.
Escape character is '^]'.
220 akashaduocyen.nl Service ready
ehlo akashaduocyen.nl
250-akashaduocyen.nl
250-PIPELINING
250-SIZE 31457280
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Portforwarding on the router seems OK. The email section of diagnosis shows:

Email

1 issues
Last time ran: 14 seconds ago

• The SMTP mail server is able to send emails (outgoing port 25 is not blocked).
• A non-SMTP service answered on port 25 on IPv4
• • It could be due to an other machine answering instead of your server.
• Your reverse DNS is correctly configured!
• The IPs and domains used by this server do not appear to be blacklisted
• 0 pending emails in the mail queues

Hi all,

I am trying to figure out what the problem is, but I can’t figure out why the diagnosis says another service is listening.

The Python code I found at https://github.com/YunoHost/yunohost/blob/852cd14c4bf1301e197fe2b37d077bbed386420f/data/hooks/diagnosis/24-mail.py says:

 def check_outgoing_port_25(self):
    """
    Check outgoing port 25 is open and not blocked by router
    This check is ran on IPs we could used to send mail.
    """

    for ipversion in self.ipversions:
        cmd = '/bin/nc -{ipversion} -z -w2 yunohost.org 25'.format(ipversion=ipversion)
        if os.system(cmd) != 0:
            yield dict(meta={"test": "outgoing_port_25", "ipversion": ipversion},
                       data={},
                       status="ERROR",
                       summary="diagnosis_mail_outgoing_port_25_blocked",
                       details=["diagnosis_mail_outgoing_port_25_blocked_details",
                                "diagnosis_mail_outgoing_port_25_blocked_relay_vpn"])


def check_ehlo(self):
    """
    Check the server is reachable from outside and it's the good one
    This check is ran on IPs we could used to send mail.
    """

    for ipversion in self.ipversions:
        try:
            r = Diagnoser.remote_diagnosis('check-smtp',
                                           data={},
                                           ipversion=ipversion)
        except Exception as e:
            yield dict(meta={"test": "mail_ehlo", "reason": "remote_server_failed",
                             "ipversion": ipversion},
                       data={"error": str(e)},
                       status="WARNING",
                       summary="diagnosis_mail_ehlo_could_not_diagnose",
                       details=["diagnosis_mail_ehlo_could_not_diagnose_details"])
            continue

        if r["status"] != "ok":
            summary = r["status"].replace("error_smtp_", "diagnosis_mail_ehlo_")
            yield dict(meta={"test": "mail_ehlo", "ipversion": ipversion},
                       data={},
                       status="ERROR",
                       summary=summary,
                       details=[summary + "_details"])
        elif r["helo"] != self.ehlo_domain:
            yield dict(meta={"test": "mail_ehlo", "ipversion": ipversion},
                       data={"wrong_ehlo": r["helo"], "right_ehlo": self.ehlo_domain},
                       status="ERROR",
                       summary="diagnosis_mail_ehlo_wrong",
                       details=["diagnosis_mail_ehlo_wrong_details"])

Is nc the command to run by hand to do the same test as diagnosis runs?

Mail seeems to work (and I am very happy with all the other things that turn green on diagnosis), so if a pointer in the right direction takes a lot of time I am sure there is a better way for you all to spend that time

No … what you should run is (from another machine than your server) :

telnet yourdomain.tld 25

And you should see showing up : 220 maindomain.tld Service ready

(You can then exit telnet using the super weird key combination : Ctrl+AltGr+], then Ctrl+D …)

But apparently you won’t see that “220 maindomain.tld” … which is why the diagnosis thinks it’s not a mail server answering the request … So I’d be interested knowing what you get

Hi Aleks,

Thanks for the quick reply as always!

The reply I got is in the first post:

$ telnet 80.127.182.179 25
Trying 80.127.182.179...
Connected to 80.127.182.179.
Escape character is '^]'.
220 akashaduocyen.nl Service ready

Edit: it does take close to 15 seconds for 220 akashaduocyen.nl to show up, could it be a timeout-issue?

Yes, could be that … any idea why it would do that ?

For this host I still have to figure out why there is no default IPv6 route. I have to add it manually after reboot.

So I thought it could be a routing issue, but when connecting there is no delay, only after being connected it takes long to show 220 domain Service ready.

There is no custom configuration (only the nginx-header from my other post).
I tried logging in once more, and comparing logs.

A single error is recorded in May, a single line mentioning time-out, but nothing more.

/var/log/info for the last hour says:

Jun 30 03:57:39 akashaduocyen postfix/smtpd[3548]: connect from unknown[37.49.224.189]
Jun 30 03:57:39 akashaduocyen postfix/smtpd[3548]: disconnect from unknown[37.49.224.189] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jun 30 04:00:59 akashaduocyen postfix/anvil[3550]: statistics: max connection rate 1/60s for (smtp:37.49.224.189) at Jun 30 03:57:39
Jun 30 04:00:59 akashaduocyen postfix/anvil[3550]: statistics: max connection count 1 for (smtp:37.49.224.189) at Jun 30 03:57:39
Jun 30 04:00:59 akashaduocyen postfix/anvil[3550]: statistics: max cache size 1 at Jun 30 03:57:39
Jun 30 04:29:48 akashaduocyen postfix/smtpd[3845]: connect from unknown[2001:888:0:1::9]

the last line is me logging in.

There is a repeating list of messages in /var/log/warn, about hosts of blacklist-services not being found:

Jun 30 03:27:16 akashaduocyen postfix/smtpd[3237]: warning: 72.149.210.149.cbl.abuseat.org: RBL lookup error: Host or domain name not found. Name service error for name=72.149.210.149.cbl.abuseat.org type=A: Host not found, try again
Jun 30 03:27:26 akashaduocyen postfix/smtpd[3237]: warning: 72.149.210.149.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=72.149.210.149.zen.spamhaus.org type=A: Host not found, try again
Jun 30 04:35:55 akashaduocyen postfix/smtpd[3845]: warning: 2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.c.7.0.8.c.7.0.1.0.a.2.bl.spamcop.net: RBL lookup error: Host or domain name not found. Name service error for name=2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.c.7.0.8.c.7.0.1.0.a.2.bl.spamcop.net type=A: Host not found, try again
Jun 30 04:36:05 akashaduocyen postfix/smtpd[3845]: warning: 2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.c.7.0.8.c.7.0.1.0.a.2.cbl.abuseat.org: RBL lookup error: Host or domain name not found. Name service error for name=2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.c.7.0.8.c.7.0.1.0.a.2.cbl.abuseat.org type=A: Host not found, try again
Jun 30 04:36:15 akashaduocyen postfix/smtpd[3845]: warning: 2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.c.7.0.8.c.7.0.1.0.a.2.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.c.7.0.8.c.7.0.1.0.a.2.zen.spamhaus.org type=A: Host not found, try again
Jun 30 04:37:05 akashaduocyen postfix/smtpd[3845]: warning: 72.149.210.149.bl.spamcop.net: RBL lookup error: Host or domain name not found. Name service error for name=72.149.210.149.bl.spamcop.net type=A: Host not found, try again
Jun 30 04:37:15 akashaduocyen postfix/smtpd[3845]: warning: 72.149.210.149.cbl.abuseat.org: RBL lookup error: Host or domain name not found. Name service error for name=72.149.210.149.cbl.abuseat.org type=A: Host not found, try again
Jun 30 04:37:25 akashaduocyen postfix/smtpd[3845]: warning: 72.149.210.149.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=72.149.210.149.zen.spamhaus.org type=A: Host not found, try again

DNS resolving works OK for eg. spamhaus.org, but the concatenation of the IP and domain does not give a result.

/etc/resolv.conf points at the dnsmasq list via the run-file:

admin@akashaduocyen:/etc$ cat resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

20% of memory (200M of 1G) is allocated to journald, the next heaviest process is synapse with 10%. No swap is used.

Journalctl mentions me logging into SMTP, but no complaints there (apart from ongoing barrage of failed logins on SSH) :

Jun 30 04:28:46 akashaduocyen sshd[3839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.15.2.178 user=root
Jun 30 04:28:48 akashaduocyen sshd[3839]: Failed password for root from 121.15.2.178 port 43620 ssh2
Jun 30 04:28:48 akashaduocyen sshd[3839]: Received disconnect from 121.15.2.178 port 43620:11: Bye Bye [preauth]
Jun 30 04:28:48 akashaduocyen sshd[3839]: Disconnected from 121.15.2.178 port 43620 [preauth]
> Jun 30 04:29:48 akashaduocyen postfix/smtpd[3845]: connect from unknown[2001:888:0:1::9]
Jun 30 04:30:01 akashaduocyen CRON[3855]: pam_unix(cron:session): session opened for user nextcloud by (uid=0)
Jun 30 04:30:01 akashaduocyen CRON[3857]: (nextcloud) CMD (/usr/bin/php7.3 -f /var/www/nextcloud/cron.php)
Jun 30 04:30:09 akashaduocyen CRON[3855]: pam_unix(cron:session): session closed for user nextcloud
Jun 30 04:30:35 akashaduocyen sshd[3866]: Connection from 13.68.222.199 port 37063 on 80.127.182.179 port 22
Jun 30 04:30:36 akashaduocyen sshd[3866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.68.222.199 user=root
Jun 30 04:30:38 akashaduocyen sshd[3866]: Failed password for root from 13.68.222.199 port 37063 ssh2

Would you have a suggestion how to troubleshoot the issue?

Wow thanks for the amount of detail and investigation

To me that sounds like the most related thing that could explain ?

The log indicates that each time it takes 3 x 5 seconds to (fail to) lookup the RBL … Can you confirm that for example running dig +short 72.149.210.149.zen.spamhaus.org returns almost immediately ? (It’s expected that it displays nothing but it’s only a DNS request so that should be fast)

It (and another I tested) returns almost immediately on Yunohost.

On my desktop, it takes a while to time out, then displays that no servers could be reached.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.