mail server problem on postfix-dovecot

[nike]

Sir,
I have one centos 7 mail server which is configured with POSTFIX-DOVECOT. I can send mail within my mail server's user using internet or localhost but not send or received from other mail server i.e out-side internet . when i checked maillog file it it showing connection time out moreover i have configured smtp port as 2525. below my test result and main.cf /master.cf I cannot understand the problem ..


From other pc
[root@BACKUP-SRV]# telnet hostname.mydomain.in 2525
Trying xx.xx.xx.xx
Connected to hostname.mydomain.in.
Escape character is '^]'.
220 mail ESMTP Postfix
ehlo hostname.mydomain.in
250-mail
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
===============================
main.cf files
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces = localhost
inet_protocols = all
mydestination = $myhostname, mail.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
myhostname = mail
mydomain = mydomain.in
myorigin = $mydomain
home_mailbox = mail/
mynetworks = 127.0.0.0/8 192.168.0.0/24 xx.xx.xx/24
inet_interfaces = all
mydestination = $myhostname, mail.$mydomain, localhost, $mydomain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 0
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

=========================
master.cf file
#smtp inet n - n - - smtpd

2525 inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated
-o milter_macro_daemon_name=ORIGINATING

#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache


====================
please sir help

[TrevorH]

moreover i have configured smtp port as 2525

The standard SMTP port is 25. You would have to tell everyone and anyone that you wanted to use 2525 so that they can put special rules into their SMTP server to connect to port 2525 and most will tell you to go away.

Use 25.

[nike]

moreover i have configured smtp port as 2525

The standard SMTP port is 25. You would have to tell everyone and anyone that you wanted to use 2525 so that they can put special rules into their SMTP server to connect to port 2525 and most will tell you to go away.

Use 25.

Sir,
when i checked my LIVE IP using nmap it is showing below result

root@sys-srv Desktop]# nmap XX.XX.XX.XX
Starting Nmap 7.70 ( https://nmap.org ) at 2023-06-17 11:24 IST
Nmap scan report for XX.XX.XX.XX
Host is up (0.059s latency).
Not shown: 990 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
465/tcp open smtps
587/tcp filtered submission
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql

but i didn't set any filter or firewall on my mail-server , that's why i have to choose 2525 . If i set 25 or 587 as smtp port i cann't connect the my mail server.. result is below
[root@sys-srv Desktop]# telnet hostname.mydomain.in 25
Trying XX.XX.XX.XX...
telnet: connect to address XX.XX.XX.XX: Connection timed out

please help ..

[TrevorH]

Are you checking that from _outside_ your own host?

I would suspect that your ISP has blocked port 25. You would need to ask them. It's done for anti-virus and anti-SPAM purposes by many ISPs. Some will unblock it on request, others will tell you that you are not allowed to run servers full stop.

[nike]

Are you checking that from _outside_ your own host?

I would suspect that your ISP has blocked port 25. You would need to ask them. It's done for anti-virus and anti-SPAM purposes by many ISPs. Some will unblock it on request, others will tell you that you are not allowed to run servers full stop.

Yes, outside my host but my LAN network' pc . I checked also nmap to my host's local ip 192.168.0.29 it is showing no filter or bloxk on port 25 and 587. I asked ISP about port but they told me that they didn't block or filter any port from their end . On otherhand there is none who block or allow me to run mail server in my office. So i cann't understand what's wrong with my configuration...
Could you check it sir?

[Whoever]

I asked ISP about port but they told me that they didn't block or filter any port from their end .

Unlikely. It's very common for residential ISPs to block incoming port 25.

Try using tcptraceroute to see where the packets are filtered.