Port 25 open / Postfix installed, but no mail being sent out - apache

I've installed Postfix, opened port 25 (as well as ports 110, 995, 143, and 993) on my local computer connected to the Internet, but none of the e-mails that I am attempting to send out using the localhost:25 definition are being properly routed to their destination. Basically, I am trying to set up a local SMTP server to send out e-mails from my production website's software (also hosted on the same local computer).
I am using Verizon FIOS Internet service, who reportedly blocks port 25 (but actually does not in my case, as I have enabled it and checked that is in fact accessible from my external IP address). I have attempted to send the e-mail using no Smart Host, then using Verizon's SMTP server as a Smart Host, and finally using Verizon/Yahoo's SMTP server as a Smart Host, but none of them have worked.
What could be causing this issue?
I really appreciate any help on this problem, because I've been working to no success on it for the past three hours. Thank you all in advance!

absolutely, it's very common for large ISPs to block outbound connections on port 25 ~ they do this specifically to prevent what you are attempting. You should give them a call and verify if this is the case.
OR
See if you can configure your postfix to authenticate on your verizon mail account and relay your mail through that. [actually I did exactly this ~ I'll see if I can dig up the config]
-sean
UPDATE
here we go:
relayhost = [smtp.gmail.com]:587
smtpd_sasl_auth_enable = no
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
Sorry, I'm a little crunched on time, you'll have to dig up the docs for postfix relaying and how to setup the password maps [cause I don't recall offhand]
Hope his helps...

Have you setup MX record in DNS (reverse DNS must work properly) and the respective domain name (FDQN) in the smpt demon ?

Related

LDAP Error: "Server is not operational" from our server

I'm having trouble connecting to an Active Directory server from my computer and server. I get "The server is not operational" error when trying to connect. The server I'm trying to connect to is in a different country than me.
LDAP Url is in the usual format:
LDAP://ip_address:389/CN=Users,DC=domain_name,DC=local
I've added the application that connects to the AD to the firewall (even disabled the firewall briefly to test) and added the IP to my hosts file but I can't seem to get past the error.
Now usually at this point, I would conclude that the issue is on the AD server side (or their server firewall) that is blocking requests from our server, however, the person in charge of the AD server has tested the same LDAP url using the same utility I'm using from an external network in their country and is able to authenticate without issues.
Any ideas on what we can try next?
Ok, it turns out the client's ISP was blocking international traffic over port 389. They had to write a letter to request the ISP to allow international traffic over that port. It is now working after they've done that.
Didn't know ISPs block traffic, but I suppose ISPs for corporate clients might as in this case.

Cloudflare with SSL & SagePay Server 5006 Error

We have been battling with an issue where I've been getting a 5006 error using "SagePay Server" for 24 hours after moving a nopcommerce site to a new server with a different IP address.
We use a free cloudflare service with SSL enabled on Cloudflare in Full SSL mode and then a self signed certificate on our server so the connection is always secured end to end. This was also the same on the old server.
When moving servers we simply updated the IP address in couldflare to point at the new IP address but we started getting 5006 errors during the checkout process...
SagePay support told us they could not connect to our notification URL which was using SSL. Our server showed no attempt from their server to connect to ours yet SapePays log files show an "internal_error" with no more useful information.
However it is possible to the call the notification URL passed to SagePay from a browser and it works without issue.
After talking with SagePay on several occasions it would seem the SagePay system does not support websites / traffic using SSL with SNI which means they can not connect to the notification URL over SSL.
In a time when IPv4 addresses are fast running out I would imagine more and more people will start to use SNI for SSL so they can run multiple sites using SSL from one IPv4 address - a massive oversight on SagePay's part me thinks.
Contrary to JaxUK, I can confirm SagePay does support SSL/TLS with SNI. Hope this helps someone

Mimic client request

I have a server running on my machine. I want to send a request to the server using different IP address to test a web application. I only have the machine on which the server is installed. I have been testing as a single user but now I would like to let the server think that the request is coming from a different ip address even though it is from the same machine. How can I do that?
Here are the 2 solutions that might be possible in your situation
1- To change the ip address :
Pick an ip from the free proxies here: http://www.freeproxylists.net/
And enter the info in firefox just like this page says:
http://www.wikihow.com/Enter-Proxy-Settings-in-Firefox
Note: You may pick a proxy with port 80.
Then you are good to go...
2- Or you might use a Virtual Machine installed on the same computer as the server and access the website right from it but beware not to use bridged connection.

How to check if DynDNS is working

Newbie programmer here. I'm building an app for an API that requires an IP address for authentication. Basically, users have to send the API management their IPs and then each time a computer makes a request to their server, it verifies whether it's coming from a registered IP.
Since I work in a number of different places and thus end up with different IPs, I thought it would be easiest to use DynDNS to establish a URL that points to whatever my current IP is and then send that URL to the API management. So my first question is if this approach would in fact work?
Secondly, assuming this would work, I set up ben.dynalias.com and downloaded the DynDNS Updater client. It appears to be working: the updater says status: OK and displays my current IP. However, when I navigate to the URL (ben.dynalias.com) there's no response. Should this be the case? How can I tell if it's working?
I don't see any reason it shouldn't work as long as your updaters aren't overwriting each other by running at the same time automatically from different locations.
You can ping ben.dynalias.com and see if your current ip matches.
I just hosted ben.dynalias.com and it gave me your IP.
Since there is no web server running on that IP, then your browser will not be able to show you a page result.
You can use http://www.kloth.net/services/nslookup.php
to check and see if you get the correct IP from a host lookup.
Depending on how often your IP changes this might not be a great solution as the DNS will cache your hostname and will not try and resolve it again until the TTL expires normally minimum 1 hour.
whether the API management accepts a hostname instead of an IP address is a question only they can answer. Some will, many won't as it's "easier" to hijack a domain name than to hijack an ip address.
trying to browse to you-address.dynalias.com that points to your own public address rarely works, even if you opened up the right ports because your router will be highly confused. The best way to test such a setup is by using a phone or tablet with 3g/GPRS internet - of course after you set up port forwarding in the router to point the appropriate port to your computer.

Fiddler: Can I redirect outgoing traffic from foreign console app to Fiddler instance (localhost:8888)?

I am looking for a way to forward traffic from an application which goes to the web over port 443 to an instance of Fiddler running on my computer. Fiddler does not see this traffic while a packet trace application verified that the traffic is going out.
The application is foreign and I am not able to modify how it requests and it is not going through Internet Explorer (or apparently any other browser). If this app is going to an ip address (ie. 66.xxx.xx.xx port 443) or to a named host (ie. https://www.anysite.com), is there a way to tell my computer to forward this traffic to Fiddler, ie. to localhost port 8888?
I am not sure I am using the right terminology to describe this but and ideas would be appreciated!
Thanks,
David
If you can't get the application itself to send traffic to localhost on a specified port, then you need something lower level than Fiddler. Try WireShark.
http://www.wireshark.com/
#David: What's the application in question? Virtually all applications can be proxied, because those that can't aren't usable from most corporate networks. In some cases, you have to make minor changes to the environment (e.g. setting the proxy for the JVM). Some details are here: http://www.fiddler2.com/fiddler/help/hookup.asp
Using Netmon or Wireshark, you should be able to determine whether or not the application in question is making a request directly to a fixed IP address, or more likely, doing a DNS lookup first. If it's doing a DNS lookup first, you could edit your Windows Hosts file so that whateverthehostis.com points at 127.0.0.1. Because the hosts file only maps host to IP and not port to port, you'll need to adjust Fiddler to run on the target port that the application is looking for (use Tools > Fiddler Options for that).
Now, if the traffic is HTTPS (and I'm guessing it is) you're going to have a problem at that point, because Fiddler currently can only act as a HTTPS endpoint when it "knows" that the traffic is HTTPS by virtue of the client having opened a CONNECT tunnel first. This is something that could be adjusted in a future version of Fiddler, but it's not a common request.