Outbound port 25 server issue

I recently attempted to install iRedMail on a container running Ubuntu 20.04 on my Proxmox server in my home lab. Everything apart the port 25 is working perfectly (updates, remote connection, remote access…). The installation was successful, but I noticed that outbound port 25 was timing out. Here’s the output of my attempt to connect to gmail-smtp-in.l.google.com on port 25 using Telnet:

$ telnet gmail-smtp-in.l.google.com 25
Trying 172.217.218.27...
Connection failed: Connection timed out
Trying 2a00:1450:4013:c14::1a...
telnet: Unable to connect to remote host: Network is unreachable

I suspected that it might be an issue with my ISP, so I contacted them, and they confirmed that they had unblocked outbound port 25. I also tried to run the same Telnet command on another server within the same network, and it worked, so it looks like a Proxmox problem:

$ telnet gmail-smtp-in.l.google.com 25
Trying 2a00:1450:400c:c06::1b...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP q15-20020adff78f000000b0031421b48312si60007wrp.637 - gsmtp

To further investigate, I checked if any firewall rules were enabled, but both the GUI and the iptables command showed that no firewall rules were set up (both on the host and the container):

$ iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

I also verified the DNS configuration, and it appears to be functioning correctly:


$ nslookup gmail-smtp-in.l.google.com
Server:         192.168.1.254
Address:        192.168.1.254#53

Non-authoritative answer:
Name:   gmail-smtp-in.l.google.com
Address: 172.217.218.27
Name:   gmail-smtp-in.l.google.com
Address: 2a00:1450:4013:c08::1b

Here is an additional network capture of port 25 if it could be useful.

If you require any additional information, please let me know. Thank you for your assistance!

Asked By: Alex

||

If all the information you’ve provided is correct then it is unlikely to be an issue with the PVE host.

I also tried to run the same Telnet command on another server within the same network, and it worked

I think you mean you tried from another host. If this is using the same uplink as Proxmox then it suffices to rule out any issue at the ISP. Did you try from a shell running on the Proxmox host? Or from another VM?

Everything apart the port 25 is working perfectly

Did you compare the routing tables on the impacted VM vs the control host (i.e. the one which connected)?

Did you also test these using telnet from the impacted VMs shell? HTTP access, for example, might be routed via a proxy.

In the absence of additional information my guess would be a firewall at your end which has rules permitting access from the control host but not the VM.

The issue seemed to have fixed itself, it looks like Proxmox had to wait some time before realizing that port 25 was open

Very unlikely.

Answered By: symcbean
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.