System Status Checks: Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible

Chip · August 2, 2019, 9:20pm

The server is showing that POSTFIXSMTP port 587 is open but the system status check is still giving me the error:
System Status Checks: Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at port 587

List of open ports:
user@Domain:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From

22/tcp ALLOW IN Anywhere
53 ALLOW IN Anywhere
25/tcp ALLOW IN Anywhere
587/tcp ALLOW IN Anywhere
993/tcp ALLOW IN Anywhere
995/tcp ALLOW IN Anywhere
4190/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
53 (v6) ALLOW IN Anywhere (v6)
25/tcp (v6) ALLOW IN Anywhere (v6)
587/tcp (v6) ALLOW IN Anywhere (v6)
993/tcp (v6) ALLOW IN Anywhere (v6)
995/tcp (v6) ALLOW IN Anywhere (v6)
4190/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)

Any pointers are appreciated.

murgero · August 3, 2019, 1:32am

Is your ISP blocking the port?

murgero · August 3, 2019, 1:33am

PM your URL and IP please I’ll help troubleshoot

alento · August 3, 2019, 2:41am

Your system has ufw configured to only allow inbound connections … not outbound.
A sample from my box:

80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
587 ALLOW Anywhere

Note that there is no limitation imposed … whereas your ufw limits the connection to incoming only:

587/tcp ALLOW IN Anywhere

Chip · August 9, 2019, 1:45pm

Alento, Murgero
The ISP should not be blocking the port. The ubuntu is running on AWS, and has a reverse DNS set up, with email restrictions removed.

I have been trying to use: sudo ufw allow from 587/smtp to open the port but am not having success.

Suggestions

Wojtek · August 9, 2019, 2:06pm

How is the output from ufw status?

Cose as far as i know its just “ufw allow 587/tcp” or “ufw allow 587/udp” while i just used “ufw allow 587” to open it again

alento · August 9, 2019, 2:21pm

@Chip I’ll need a hostname at least to port scan … please PM if willing to share.

Is this still occurring?

Can you show the current status of sudo ufw status please?

Chip · August 9, 2019, 2:23pm

This is the response I get when inputting the port command.

user@xxxxxxxxx:~$ sudo ufw allow 587
Skipping adding existing rule
Skipping adding existing rule (v6)

Chip · August 9, 2019, 2:36pm

To Action From

22/tcp ALLOW Anywhere
53 ALLOW Anywhere
25/tcp ALLOW Anywhere
587/tcp ALLOW Anywhere
993/tcp ALLOW Anywhere
995/tcp ALLOW Anywhere
4190/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
587 ALLOW Anywhere
580:590/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
25/tcp (v6) ALLOW Anywhere (v6)
587/tcp (v6) ALLOW Anywhere (v6)
993/tcp (v6) ALLOW Anywhere (v6)
995/tcp (v6) ALLOW Anywhere (v6)
4190/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
587 (v6) ALLOW Anywhere (v6)
580:590/tcp (v6) ALLOW Anywhere (v6)

alento · August 9, 2019, 2:38pm

Looks good … all I can do now is port scan … but for that I’d need your hostname or IP.

alento · August 9, 2019, 5:01pm

I missed this earlier … ~~AWS does not open the ports.~~ Maybe I am thinking of Azure, or Google ???

Chip · August 9, 2019, 5:21pm

Thanks guys,
after editing the security group settings I was able to get the port open.
Thanks for your assistance

system · August 16, 2019, 5:21pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.