I am running a EC2 large.t3 instance with CentOs.
My server Region is Ohio.
I have installed WHM and it is working fine.
When I created a server PORT 25 working fine. But after few hours port 25 gets blocked. Due to this I'm not ablw to send any email from my webmails.
Here is the snippet..
Just after server setup:
[root#ip-172-31-43-92 ~]# telnet
aspmx.l.google.com 25
Trying 172.217.214.26...
Connected to aspmx.l.google.com .
Escape character is '^]'.
220 mx.google.com ESMTP
n18si6406443jao.103 - gsmtp
quit
221 2.0.0 closing connection
n18si6406443jao.103 - gsmtp
Connection closed by foreign host.
[root#ip-172-31-43-92 ~]#`
After few hours and restart:
[root#ip-172-31-43-92 home]# telnet
aspmx.l.google.com 25
Trying 172.217.212.26...
Amazon EC2 throttles traffic on port 25 of all EC2 instances by default, but you can request for this throttle to be removed.
This may help you from the AWS website:
Remove The Port 25 Throttle From Your EC2 Instance
Related
May I know how to open port 11211 for EC2 instance memcached server?
I'm trying to connect from Rails server to memcached server. However something is wrong with my security group setting.
What I did so far is
To launch 2 instances. One is Rails server, the other is memcached server.
To set up security groups
Rails server : Outbound => All traffic , All protocol, All port
memcached server : Inbound =>
ssh TCP, port 22, All source
Custom TCP Rule port, 11211, Rails server IP address
When I login to Rails server and execute below command, it looks working for port 22
$ telnet <memcached private IP address> 22
Trying <IP address>...
Connected to <IP address>.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4```
But when I check port 11211, it doesn't work.
$ telnet <memcached private IP address> 11211
The first question is why only port 22 is working? Even if I've set almost the same thing into security group???
When I login to memcached server and check the status, it looks working.
$ sudo /etc/init.d/memcached status
● memcached.service - memcached daemon
Loaded: loaded (/lib/systemd/system/memcached.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-02-14 14:23:40 UTC; 19h ago
Main PID: 7569 (memcached)
Tasks: 6
Memory: 628.0K
CPU: 2.093s
CGroup: /system.slice/memcached.service
└─7569 /usr/bin/memcached -m 64 -p 11211 -u memcache
$ sudo netstat -ltup4
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:11211 *:* LISTEN 6486/memcached
udp 0 0 *:11211 *:* 6486/memcached
Could you let me know what should I do?
you need to add the security group of you rail server in the memcached server inbound rule.
Add a new rule, select your protocol and port range. For "Source", type or select your security group.
I'm trying to log into an EC2 instance I created on AWS with the following command:
sh -v -i MyEc2KeyPair2.pem ec2-user#54.146.40.216
After a while, I get a connection timed-out message:
# ssh -v -i MyEc2KeyPair2.pem ec2-user#54.146.40.216
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Connecting to 54.146.40.216 [54.146.40.216] port 22.
debug1: connect to address 54.146.40.216 port 22: Connection timed out
ssh: connect to host 54.146.40.216 port 22: Connection timed out
I've allowed all incoming for http, https, ssh and icmp. Although I allowed incoming pings on the server instance (icmp), a ping to the address just gets timeouts. A traceroute goes as far as the New York Comcast backbone, then starts showing asterisks. tcpdump with a grep on the address when I run the ssh shows only outgoing messages, with no incoming.
I also to ssh from a different server (a virtual host on bluehost), but got the same results. Obviously, I did a chmod 400 on the .pem as per Amazon instructions.
In case there was an error in the setup, I deleted and recreated the server, and am still having similar issues.
Any idea how to solve this? I'm stumped.
Edit: shown below are the input and outputs allowed per the security group:
The solution was to delete the instance and create another one.
I'm in the middle of installing and configuring an XMPP server, using ejabberd on Windows server 2012, running on an EC2 box.
I have opened port 5222 within windows firewall, and added to the security group for the EC2 instance
Custom TCP Rule
TCP
5222
0.0.0.0/0
ejabberd_c2s
Custom TCP Rule
TCP
5222
::/0
ejabberd_c2s
My XMPP logins are not working, and so I've turned to telnet to try and debug - it sees that port 5222 is reporting as closed:
PS C:\WINDOWS\system32> telnet hostname.com 5222
Connecting To hostname.com...Could not open connection to the host, on port 5222: Connect failed
Any guidance or steps towards debugging would be appreciated!
The issue here was in ejabberd's default configuration of "::" as an IP to listen, which forced it to listen only to IPv6.
By updating the ejabbed config to
port: 5222
ip: "0.0.0.0"
module: ejabberd_c2s
I was able to connect via telnet, and able to access the server using XMPP.
I have an EC2 instance which is running with the following security groups:
HTTP - TCP - 80 - 0.0.0.0/0
Custom UDP Rule - UDP - 1194 - 0.0.0.0/0
SSH - TCP - 22 - 0.0.0.0/0
Custom TCP Rule - TCP - 943 - 0.0.0.0/0
HTTPS - TCP - 443 - 0.0.0.0/0
However, when I try to access http://{PUBLIC_IP} or https://{PUBLIC_IP} in the browser, I get a "{IP} refused to connect" error. I'm new to AWS. Am I missing something here? What should I do to debug?
One way to debug this particular class of problem is to use netcat in order to determine where the problem lies.
If you run netcat against port 80 on the public IP address of your instance and just get a hang (no output at all), then most likely your security group isn't allowing traffic through. Here is an example from an EC2 instance that is in a security group that doesn't allow port 80 traffic inbound:
% nc -v 55.35.300.45 80
<just hangs>
Whereas if the security group is changed to allow port 80, but the EC2 instance doesn't have any process listening on port 80, you'll get the following:
% nc -v 55.35.300.45 80
nc: connectx to 52.38.300.43 port 80 (tcp) failed: Connection refused
Given that your browser gave you a similar "connection refused", most likely the problem is that there is no web server running on your instance. You can verify this by ssh'ing into the instance and seeing if you can connect to port 80 there:
ssh ec2-user#55.35.300.45
% nc -v localhost 80
nc: connect to localhost port 80 (tcp) failed: Connection refused
If you get something like the above, you're definitely not running a webserver.
I'm not sure if it's too late to help but I was stuck with a similar issue with my test server
SG Inbound: ssh -> 22
HTTP -> 80
NACL: default allow/deny settings
but still couldn't ping to the server from my browser, then I realize there's nothing running on the server that can serve the request, and I started httpd server (webserver) and it worked.
sudo yum -y install httpd
sudo service httpd start
this way you can test the connectivity if you are playing with SGs and NACLs and of course it's not the only way, just an example if you're figuring your System N/W out.
Have you installed webserver(ngingx/apache) to serve your requests. If so please share your the config files. (So that it will help to troubleshoot)
I think the reason is probably that you did not set up a web server for your EC2 instance, because if you try to access http://{PUBLIC_IP} or https://{PUBLIC_IP}, you need to have a background server to serve the http request as #Niranj Rajasekaran said.
By the way, by simply pinging the {PUBLIC_IP}, you could see if your connection to your EC2 instance is normal or not.
In command prompt or terminal, type
ping {PUBLIC_IP}
In my case, the server was running but available on just 127.0.0.1 so it refused connections from external hosts. To see if this is your situation, you can run
netstat -an | grep <port number>
If it says 127.0.0.1:<port number> instead of 0.0.0.0:<port number>, you have this problem.
Usually there's a flag or an argument in your server code somewhere to set the host to 0.0.0.0:
app.run(host='0.0.0.0') # flask example
However, in my case, I had already set this so I thought that couldn't possibly be the issue, which is how I ended up on this thread, which asks more generally about the problem. Unfortunately, I was using docker, and had set 0.0.0.0 on the container but was mapping that explicitly to 127.0.0.1 on the host in the docker-compose port-mapping:
ports:
- "127.0.0.1:<port number>:<port number>"
Changing that line to remove the host IP specification fixed the problem upon re-deploy:
ports:
- "<port number>:<port number>"
I am trying to send an email using the postfix server on amazon EC2 instance.
The command is: sendmail xxxxxx#gmail.com
FROM:localhost
SUBJECT:Welcome
this is a test email....
.
However I am getting the following error in the /var/log/maillog file.
the error is:
Jan 13 09:00:37 ip-172-31-32-76 postfix/pickup[26635]: C43AE62D00: uid=222
from=
Jan 13 09:00:37 ip-172-31-32-76 postfix/cleanup[26727]: C43AE62D00:
message-id=<20140113090037.C43AE62D00#"HOSTNAME">
Jan 13 09:00:37 ip-172-31-32-76 postfix/qmgr[26636]: C43AE62D00:
from=<"MYHOSTNAME">, size=435, nrcpt=1 (queue active)
Jan 13 09:00:37 ip-172-31-32-76 postfix/smtp[26729]:
connect to 127.0.0.1[127.0.0.1]:2525: Connection refused
Jan 13 09:00:37 ip-172-31-32-76 postfix/smtp[26729]: C43AE62D00:
to=, relay=none, delay=22, delays=22/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:2525: Connection refused)
I have hidden the details for hostname and the email ID to which I want to send.
please help me out in thus regard.
I have also added the port 25 in the outbound and inbound port in the security groups for my instance.
Regards,
Anurag
I think the other service is running in the same port,
"netstat -tap" run the command and check whether the same port is using for something.
connect to 127.0.0.1[127.0.0.1]:2525: Connection refused
Something is preventing Postfix from using this port. (Port 2525 is sometimes being used instead of 587 as an alternative smtp port. )
Verify which ports are listening:
netstat -tanp | grep LISTEN
If you see sendmail (or any other MTA except for Postfix):
tcp 0 0 127.0.0.1:2525 0.0.0.0:* LISTEN 1014/sendmail
get rid of it:
service sendmail stop
yum remove sendmail
Verify settings on the first table row in:
/etc/postfix/master.cf
If it says:
smtp inet n - n - - smtpd
postfix listens on port 25 and your security group settings make sense. IF the line says
2525 inet n - n - - smtpd
you are telling postfix to listen on port 2525 for incoming smtpd connections.
The line that says:
submission inet n - n - - smtpd
does not begin with a comment.
Verify iptables rules, adjust if necessary:
iptables -L -n
This could be unrelated but I'm going to post it here because I had a hard time finding the answer to my question. I was able to get outbound email working from a vagrant virtual box by editing my /etc/resolv.conf to use Google's nameserver rather than the 10.0.x.x IP it was set to:
sudo nano /etc/resolv.conf
Change the nameserver IP:
nameserver 8.8.8.8
Then you'll need to restart postfix:
sudo /etc/init.d/postfix restart