[73313] in North American Network Operators' Group
Re: Blocked port 25?
daemon@ATHENA.MIT.EDU (Byron L.Hicks)
Thu Aug 19 08:59:28 2004
In-Reply-To: <MDEHLPKNGKAHNMBLJOLKMELDOAAA.davids@webmaster.com>
Cc: <nanog@merit.edu>
From: Byron L.Hicks <bhicks@nmsu.edu>
Date: Thu, 19 Aug 2004 06:58:44 -0600
To: davids@webmaster.com
Errors-To: owner-nanog-outgoing@merit.edu
--Apple-Mail-3-796491324
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed
> If I understand you correctly, you are saying that these sites are
> not able
> to send mail to you. Assuming that they are diverse sites that don't
> have
> significant similarities, this suggests that the problem is on your
> end.
In theory, I agree. But I'm running out of options in my
troubleshooting and I'm looking for some wisdom from some of the
experts.
>> From these sites, I
>> can't connect to our mail server, on other sites, I can.
>
> I don't understand what this is supposed to mean. It's their mail
> servers
> that are supposed to try to connect to your mail server.
I understand that. I have unix account access at one of the sites that
cannot connect to our mail servers. I have sent test email, and I have
tried to telnet to port 25 on the mail server, and the connection times
out. I have put a Finisar network analyzer on the ethernet port of our
border router, and I don't see the traffic even crossing the router.
We have no firewall, and the access-list is right on the router (we are
receiving mail from other sites). What else can I look at?
> When you say you can't connect to your server on port 25, where
> exactly are
> you trying from?
I have a unix account on a server at one of the remote sites that
cannot send email to NMSU.
> Did you try emailing (or calling) the administrators of
> those sites?
They just point to me and say "The problem is on your end, fix it."
Much like you are saying in this email.
> If you use SPF, are your records valid? Do the senders get any
> bounces?
>
We aren't getting bounces from our mail server. Their mail servers are
bouncing the messages because the connection to our mail server timed
out.
> Your statement of the problem is lack of specifics. We can't check
> your SPF
> records. We can't check if those domains have a common provider.
The domains in question do not have a common provider. We are not
using SPF.
> So all we
> can do is tell you to troubleshoot.
I understand that. Let me restate my request: If anyone on nanog
cannot send email to nmsu.edu, please send me a tcptraceroute on port
25 to our mail server. I need some forensics to help me diagnose this
problem. You will have to reply to me at byronhicks@byronhicks.com to
keep the noise level down on the list. Thanks in advance for any help
that I will receive.
--
Byron L. Hicks
Network Engineer
NMSU ICT
--Apple-Mail-3-796491324
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFBJKQHROB/wlNWTDYRArciAKCd0vlvGPFmjB5VTgU0P4Dd6fu5ngCgo8l1
SboMsWreUA1T6wNu+rQ+W+I=
=GLex
-----END PGP SIGNATURE-----
--Apple-Mail-3-796491324--
