Date: Mon, 20 Jun 2011 13:05:03 -0400 From: Mark Moellering <mark@msen.com> To: FreeBSD <freebsd-questions@freebsd.org>, "Michael W. Lucas" <mwlucas@blackhelicopters.org> Subject: (email) server connection problem : Help Message-ID: <4DFF7DBF.4030504@msen.com>
next in thread | raw e-mail | index | archive | help
I am Running a mail server (postfix / dovecot) on FreeBSD 8.1
I have 6 different domain names configured with 6 different ip addresses.
I cannot log into the server via either ssl for email or ssh on the two
domains that are .org and .info
The connection is refused. Here is an example copied from a console;
shell$ ssh -l LoginName mail.anadarkohs60.com
The authenticity of host 'mail.domain_4.com(xx.yy.zzb.174)' can't be
established.
DSA key fingerprint is {snip}
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
shell$ ssh -l LoginName mail.domain_3.org
ssh: connect to host mail.domain_3.org port 22: Connection refused
shell$
My guess is that it might be sshguard but I see nothing in the logfiles.
I can ping to the TLD, mx records, etc check out. Everything works
except for my .org and .info domain
Any help is greatly appreciated. I hope it is one of those simple
things I missed.
Thanks in advance
Mark Moellering
734.644.4757
Here is my hosts file;
<<<<<<< current version
::1 localhost
127.0.0.1 localhost mail.main_domain.net
xx.yy.zza.69 mail.main_domain.net mail
xx.yy.zzb.100 mail.domain_1.com
xx.yy.zzb.249 mail.domain_2.com
xx.yy.zzb.62 mail.domain_3.org
xx.yy.zzb.174 mail.domain_4.com
xx.yy.zzb.180 mail.domain_5.info
=======
# $FreeBSD: src/etc/hosts,v 1.16.34.1.4.1 2010/06/14 02:09:06 kensmith Exp $
#
# Host Database
Here is my pf.conf
#PF Firewall Configuration File
#Definitions
interface="rl0"
table <attacks> persist file "/etc/attackers"
table <sshguard> persist
scrub in all
#lock all traffic out of the server
block in on $interface
#block ssh and other attacks using sshguard
block in quick on $interface from <sshguard> to any label "ssh attack"
#allow ping, et al
pass in on $interface proto icmp from any to $interface
#allow in ssh , syslogd , ntp, http and https
pass in on $interface proto tcp from any to $interface port 22
pass in on $interface proto udp from any to $interface port 514
pass in on $interface proto udp from any to $interface port 123
#pass in on $interface proto tcp from any to $interface port 80
#pass in on $interface proto tcp from any to $interface port 443
# allow outgoing connections
pass out on $interface proto { tcp, udp, icmp } all keep state
# allow e-mail / smtp (port 25)
pass in on $interface proto tcp from any to $interface port 25
pass in on $interface proto tcp from any to $interface port 110
pass in on $interface proto tcp from any to $interface port 995
pass in on $interface proto tcp from any to $interface port 587
pass in on $interface proto tcp from any to $interface port 465
#Block addresses trying to break in
block drop in on $interface from <attacks> to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DFF7DBF.4030504>