This a different server behind NAT in a different place, not the same as the other NAT question I recently asked. But I suspect it is still a NAT issue
It is a Raspberry Pi 5 running Sympl 12 on Debian 12, a recent ‘vanilla’ install, though the /srv/ directory is from a while ago.
Everything seems to work OK, except email (not tried ftp - don’t need it)
For some reason, even with all ports forwarding to the Pi: 25 80 110 143 443 465 587 993 995, email isn’t working.
H=redacted.uk [12.34.56.78]: redacted.uk [12.34.56.78]: No route to host
== name@address.co.uk R=dnslookup T=remote_smtp defer (113): No route to host H=mail.redacted.uk [12.34.56.78]: redacted.uk [12.34.56.78]
the messages just sit in mailq
If I try to send mail from the command line it is just the same. Logwatch fails to send mail using
mailer = “/usr/sbin/sendmail -t”
whether to a local address or a remote one
Any suggestions?
Not sure if this is connected, but the logs have
auth: Error: client doesn’t have lookup permissions for this user: userdb uid (1000) doesn’t match peer uid (1001) (to bypass this check, set: service auth { unix_listener /run/dovecot/auth-userdb { mode=0777 } }): 10 Time(s)
Unfortunately, I have no idea what that means, or how (or whether) to do what it suggests.
Check the ownership of the files in /srv and /etc - they should be owned by the sympl user, which will usually be uid/gid 1000 as it’s the first user with most root-enabled images, but things like RPiOS will create a user for you, which will bump sympl to 1001 and potentially mess up the ownership.
Magic!
Yup, the user still was of the place where the srv directory had been stored, and it was the ‘not pi’ user that RpiOS had created. I did wonder if the image should be set to make the default non-root user ‘sympl’ instead of something other than pi, but I wasn’t sure if that would mess with sympl’s installer.
sudo sympl-filesystem-security
didn’t sort it out, (predictable, as it must have run automatically a few times before) but
sudo chown -R sympl:sympl /srv
followed by another
sudo sympl-filesystem-security
for good measure, and email is working at least in part.
Thank you for the prompt and useful suggestion.
Although email is working now, it can’t seem to send or receive email over the internet. For now, that’s not a problem, but something isn’t right. I suspect it is something to do with wan/lan IPs
If you’re on an home or non-commercial internet connection, there’s a good chance that port 25 will be blocked inbound and outbound by default…
Seems that it isn’t that.
I switched off the port 25 forward on the router, and canyouseeme.org said the port wasn’t responding.
Switched the port forward on again, and canyouseeme.org said the port was open.
Thinking about it, another pi on the lan is able to send out emails, so it seems to be a problem in the sympl pi
I tried this:
telnet mail.google.com 25
and got this
telnet mail.google.com 25
Trying 216.58.204.69…
Connection failed: No route to host
Trying 2a00:1450:4009:827::2005…
telnet: Unable to connect to remote host: Network is unreachable
It’s the same for other addresses: IP4 are no route to host, IP6 are all Unable to connect to remote host.
This Pi got its IP by DHCP, with the router set to give it the same IP each time.
I have done more tests over the weekend. Mail is working inwards now.
Mail sent to it arrives, but outgoing mail does not. Hardly surprising if it thinks there’s ‘no route to host’.
I’ve been doing some more digging, and I think it may well be a port block on the broadband connection after all. Every port (that should be open) I tried using
nc -zvw2 12.34.56.78 nn
has worked, except port 25. Even 587 is open.
I’ve contacted the ISP to ask. I expect they’ll say it is blocked. The question is whether they’ll unblock it. If not, I’ll cancel the fixed IP contract and use a VPN instead.