> Some things to consider:
>
> - Have you established whether the IPs configured inside your host are
> actually reachable from the outside? (And whether they reach your host and
> not something else?)
> You could check this using SSH which you say is working. Can you connect
> using both IPv4 and IPv6?
Thank you Mike:
The server works well with ipv4, both ssh and console.
What i sow, is that in hours, the ipv6 changed and became unavailable; but
now i can reach the server ipv4 ipv6. the old server.
At this point i decide to destroy this server and configure it since the
beginning, because my mail was rejected by the cause that mail was passing
for a different server, causing that every one were not able to do and get
rdns.
The other reason to destroy it, is that ssh connection was intermittent;
impossible to work on it!
>
> - Are you using pf(4) in any non-default setup?
No
>
> - According to their website Vultr has a firewall which you can configure.
> Have you allowed incoming traffic to your services?
No, i prefer pf
>
> - According to their website Vultr allows you to configure the reverse DNS
> entries for your host. Currently your cited IPs seem to have only default
> reverse entries.
What do you mean "default entries"? I configure it myself, adding dkim,
and dmarc entries.
>
> - According to their website Vultr blocks port 25 traffic. You will need
> to ask them to allow this for your mail server.
Yes, they open port 25 for me.
>
> - You seem to indicate that resolving DNS is not working correctly? You
> need to get that fixed.
Yes, i have not touched dns, i only reinstall the server; because, this is
a testing serve and i would like to know, if really there were MiM or
sometjing else.
Oh man, this is the new server, were i am going to have only: Opensmtp,
and Dovecot; to define why the web testers say that e-mail are coming from
a server with out rdns. For now, nothing is installed and configured.
Thanks so much to try nmap.
>
> - I did a a quick nmap scan of your host:
> $ nmap agroena.org
> Starting Nmap 7.91 ( https://nmap.org ) at 2022-01-31 13:13 CET
> Nmap scan report for agroena.org (8.9.36.198)
> Host is up (0.11s latency).
> Other addresses for agroena.org (not scanned):
> 2001:19f0:5:f8c:5400:3ff:fea5:c615
> rDNS record for 8.9.36.198: 198.36.9.8.in-addr.arpa
> Not shown: 995 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 135/tcp filtered msrpc
> 139/tcp filtered netbios-ssn
> 445/tcp filtered microsoft-ds
> 1688/tcp filtered nsjtp-data
>
> Nmap done: 1 IP address (1 host up) scanned in 16.34 seconds
> $ nmap -6 agroena.org
> Starting Nmap 7.91 ( https://nmap.org ) at 2022-01-31 13:13 CET
> Nmap scan report for agroena.org (2001:19f0:5:f8c:5400:3ff:fea5:c615)
> Host is up (0.100s latency).
> Other addresses for agroena.org (not scanned): 8.9.36.198
> rDNS record for 2001:19f0:5:f8c:5400:3ff:fea5:c615:
> c.8.f.0.5.0.0.0.0.f.9.1.1.0.0.2.ip6.arpa
> Not shown: 996 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 139/tcp filtered netbios-ssn
> 445/tcp filtered microsoft-ds
> 1688/tcp filtered nsjtp-data
>
> Nmap done: 1 IP address (1 host up) scanned in 17.26 seconds
> $
>
> That does not show a working mail server (or web/ftp server). In fact only
> SSH seems to be working. And it shows that reverse DNS is not set up other
> than a default entry.
>
>
> Things that may help others evaluate whether your host is configured
> correctly w.r.t. network settings:
> $ cat /etc/hostname.*
> $ cat /etc/resolv.conf
> $ ifconfig -a
> # netstat -an|grep LISTEN
> $ ping dns.google.com
> $ ping6 dns.google.com
> # rcctl ls started
> # cat /etc/pf.conf (if you have modified the pf(4) configuration)
>
> But: Even if your host is perfectly configured, if the Vultr setup
> prevents packets from moving to or from your host it will not work.
>
>
> HTH
> Mike
I really apreciete you recomendations and information Mike.
Thanks so much.
>
>
>> Am 30.01.2022 um 15:17 schrieb latincom@vcn.bc.ca:
>>
>> Openbsd 7.0 at Vultr:
>>
>> I have a new server at Vultr, everything was working correctly; except
>> mail rdns; e-mails were rejected by receiver.
>>
>> The problem began because the ipv6 assigned was wrong ifconfig gave me a
>> different ip at the beginning and they did the change.
>>
>> they changed the ipv6 to original and i configured the server with
>> httpd,
>> smtpd, dovecot, dkimsign, icecast and ftp correctly, all them were
>> working.
>>
>> They are insisting that the error is in the configuration system, and i
>> think that the error is because the IPs pass for another Vultr server
>> that
>> is not configured for rdns.
>>
>> Please, how might discover an error in the system or configuration? How
>> to
>> identify it? and of course, how to repair it if it is in my hands?
>>
>> # ifconfig vio0
>> vio0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> lladdr 56:00:03:a5:c6:15
>> index 1 priority 0 llprio 3
>> groups: egress
>> media: Ethernet autoselect
>> status: active
>> inet 8.9.36.198 netmask 0xffffff00 broadcast 8.9.36.255
>> inet6 fe80::5400:3ff:fea5:c615%vio0 prefixlen 64 scopeid 0x1
>> inet6 2001:19f0:5:f8c:5400:3ff:fea5:c615 prefixlen 64
>>
>> # host agroena.org
>> ;; connection timed out; no servers could be reached
>>
>>
>>
>> # ping6 2001:19f0:5:f8c:5400:3ff:fea5:c615
>> PING 2001:19f0:5:f8c:5400:3ff:fea5:c615
>> (2001:19f0:5:f8c:5400:3ff:fea5:c615): 56 data bytes
>> 64 bytes from 2001:19f0:5:f8c:5400:3ff:fea5:c615: icmp_seq=0 hlim=64
>> time=0.182 ms
>> 64 bytes from 2001:19f0:5:f8c:5400:3ff:fea5:c615: icmp_seq=1 hlim=64
>> time=0.082 ms
>>
>> # dig agroena.org
>>
>> ; <<>> dig 9.10.8-P1 <<>> agroena.org
>> ;; global options: +cmd
>> ;; connection timed out; no servers could be reached
>>
>> # ping agroena.org
>> PING agroena.org (8.9.36.198): 56 data bytes
>> 64 bytes from 8.9.36.198: icmp_seq=0 ttl=255 time=0.108 ms
>> 64 bytes from 8.9.36.198: icmp_seq=1 ttl=255 time=0.054 ms
>> 64 bytes from 8.9.36.198: icmp_seq=2 ttl=255 time=0.056 ms
>>
>> I do not have idea, what files should i show you.
>>
>> Thanks for your attention.
>>
>> PD:
>> Actually i can access the server using ssh and console.
>>
>>
>
No comments:
Post a Comment