Topic: Port 25 blocked - Email dead in the water.

[electroman00]

I don't mean to suggest that there aren't ISPs which block SMTP traffic into or out of their networks.

Well if there are ISP's that block SMTP traffic then they can't provide user email accounts and that's
not much of a service selling point.
At this point no one has ever shown a ISP that doesn't provide at least 5 email accounts.
I'm sure there out there and I'm sure their client base is very small, I'm sure I won't use their service.

I was specifically responding to ksg's suggestion that you can't run a mail server on a dynamic IP because other mail server's won't accept mail from such dynamic IPs. The ISPs mail server can be/should be used as outbound SmartHost in those circumstances.

An email server doesn't care if the IP is static or dynamic, there's nothing in the data gram that would allow that to be disseminated as far as I know.

Although I understand it can be disseminated at the network level via the network config.

i.e. the provider knows via network config that the IP is dynamic and delegates that to the email server.

can't run a mail server on a dynamic IP because other mail server's won't accept mail from such dynamic IPs

I've never seen any evidence to that effect.

I would think if the ISP mail server won't accept mail from such dynamic IPs of a server
how can it disseminate from such dynamic IPs as client email.

Again I would think that would need to be in the data gram for it to work universally over the internet.

As you can see Charlie I'm having a bit of a problem with this, so feel free to smack me my friend.

[arne]

Some yesrs ago it was quite much discussions about mail server black lists and in this discussion the option of excluding all mail servers on dynamic ip adresses were mentioned. In this period my mail server with dynamic ip were actually blocked by a few mail servers.  (But it was quite few, so it was not really a problem.)

Excample of blacklisting: http://www.mxtoolbox.com/blacklists.aspx

To discriminate or block traffic from mail servers on dynamic ip's is very easy, Dynamic ip's is running on ip series that is reserved for this use, so any firewall in front of or as a part of the mail server can easily filter out traffic from dynmaic ip mailservers, if they or we want to.

[arne]

To find out if port 25 is blocked for inbound and outbound traffic, and if there is some alternative ports to use, that should be only a 2 minutes job, and a few basic commands. It is mentioned somewhere above what theses commands are. Doing those cammand on this particular server and posting the output here will give a 100 % conclusion, about the situation for this particular server.

I wonder if Ted will remeber to do these tests, and do the posting, so he will get his final result for what is actually open and what is actually closed, the situation for his data connection and his server.

When the data communication part of the storry has an end, (as it can have after two minutes tests) then the next step will be to look into the server related problems of how to use the ports that is actually open, for inbound and outbound traffic.

Step one: Doing basic commands for checking for open ports for inbound and outbound traffic (and posting result here), will it be done ?

(Or for the outgoing connection the most easy first step might be just to set up the server, post a mail to a gmail account and eventually post the output of the mail server log here, if it dies not come trougn.)

[janet]

I have been running a mail and web server using sme and using a dynamic IP connection with my ISP for  a couple of years without any problem.

Of course in this situtation I configure the sme server to send mail via my ISP's smtp server.

If I did not do that then all mail from me to other domains cannot be delivered as it gets blocked/filtered due to my dynamic IP block/range being included on RBL's as a potential spam source.

By using my ISP's smtp server, the sending IP has the "good" reputation of my ISP and hopefully/usually is not blocked/listed by spam filters/RBL's.

[arne]

Tried one other funny way to check if port 25 (and other tcp ports) is open in the direction for outbound traffic:

I downloaded and installed Slax (Linux) on a USB memory stick.  http://www.slax.org/

Then added two extra modules, telnet and nmap, rebooted PC and tested connection from this wireless spot:

root@slax:~#
root@slax:~# nmap -PN -p 25 contribs.org

Starting Nmap 4.60 ( http://nmap.org ) at 2008-08-09 18:06 GMT
Interesting ports on contribs.org (75.146.90.141):
PORT   STATE SERVICE
25/tcp open  smtp

Nmap done: 1 IP address (1 host up) scanned in 0.539 seconds
root@slax:~#
root@slax:~# telnet contribs.org 25
Trying 75.146.90.141...
Connected to contribs.org.
Escape character is '^]'.
220 mail.contribs.org ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@slax:~#   

Clearly shows that it is open from here.

Also worked and shows I am behind a router with an internal and an external ip address:

root@slax:~# traceroute contribs.org
traceroute to contribs.org (75.146.90.141), 30 hops max, 38 byte packets
 1  192.168.1.1 (192.168.1.1)  2.267 ms  2.601 ms  2.376 ms
 2  119.42.x.x (119.42.x.x)  49.092 ms  51.223 ms  49.350 ms
 3  61.7.x.x (61.7.x.x)  65.560 ms  49.588 ms  49.007 ms
 4  202.47.x.x (202.47.x.x)  50.425 ms  58.601 ms  49.485 ms

And my Slax laptop has only one ethernet adapter that has an internal ip:
(So it can not be running in gateway mode, and obviosly there is an other nat router that will work like an inbound "firewall" and that will eventually need forwarding.)

root@slax:~# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr 00:13:04:11:d6:0a
          inet addr:192.168.1.122  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10500 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8843 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:8068025 (7.6 MiB)  TX bytes:1481701 (1.4 MiB)

By just adding nmap via Yum, the same commends should work on the sme server as well.
(And this should also be the required info about the outbound port 25 connection.)

[arne]

.. And how to see if the line is open on port x in inbound traffic direction:

if command ifconfig and tracert telles you that you are behind a nat router, you will have to set up a port forwarding trough that router. (Eventually to localhost if the sme server is the gateway.)

Then you can run some server with a sshd or a web server. These two protocols/servers is quite easy and good to use for testing connections.

You must have some remote machine to perform the testing from to see your own server from the internet side.

The remote machine can be for instance a Linux machine, a sme server or something else or it can be a Windows machine located somewhere running logmein or some other remote control software. (VNC etc).

Example, it is a remote Linux machine:

Forward the port you like to test, lets say port 2525 to your local servers port 80.

Then log in via ssh and use the text based web browser lynx, on the remote Linux machine, to access your external ip adress on port 2525. If lynx has connection the port is open. (Yes lynx is a standard part of the sme distro.)

To forward port 2525 to port 22 and do a remote ssh login on external ip port 2525 is also an option.

If the temote machine used for testing from the outside is a windows machine, you can just forward port 2525 to server port 80 and go in from the remote windows web browser like this: http://<your external ip>:2525. If you can see your web server, the connection is open on port 2525 in inbound traffic direction.

There is actually no need to discuss at all if if a internet conection is open on some certain port, inbound or outbound direction, it is just to do some simple tests, and then you will know it for sure.

[electroman00]

Arne

Here's a good place to start to understand things better http://en.wikipedia.org/wiki/Smtp
 

.. So for reasonable and proper use, port 25 is actually "open" (in the meaning "can be used"), on most internet connection lines, when it comes to the situation for the outbound traffic. For the inbound traffick the situation might be a bit more "variated".

Your outbound (send) Port 25 SMTP may be blocked or filtered by your ISP, your inbound (recieve) port 25 will not be blocked or filtered by your ISP.

Your ISP may AV scan or spam whitelist blacklist inbound (recieve) emails.

And because of this a program like Microsoft Outlook would stop working when conected to an other mail server than your isp's, if port 25 were "blocked" (in the meaning the internet connection line will not transport datas for the customer). I believe that it is not likely to belive that most ISP's will prevent MS Outlook to do it's standard job.

Outlook will work fine once you have your email server working.

Because of this the SME home server will normally also have an open connection out, as long as the internet connection is used in a proper and reasonable way.

Correct....

(No, I does not have all the answers, and I just try to learn something new, and to understand things bether all the time.)

A smart guy are you, well then here's a Question >> Why is the night sky dark.
Just so you know...nobody has answered it correctly yet. Clue >> five word answer.

By the way these MX records these will have to do something with this situation "to redirect the mail traffic to an external mail server that can resend the traffic to your server on an alternative port". This last step I have actually never tried, but I guess it should work like this.

This will help you to understand MX Records >> http://en.wikipedia.org/wiki/MX_Record

[electroman00]

But many providers filters/block the port 25 connection in traffic direction inbound.

Your question is not qualified, so a qualified answer can not be given.

This is one of the reasons why there is so much disinformation within the IT universe.

As an IT tech it is important to always maintain a perspective from where you are looking.

To complicate the perspective further, one must maintain both a logical and a physical perspective.

Here's an example.

When I look over the fence I see the horizon.

From that unqualified statement no one can give a qualified answer as to what horizon is being seen.

To qualify the statement further....

The fence runs North to South and When I look over the fence I see the horizon.

Still a qualified answer cannot be given because we don't know which side of the fence one is standing
and thus the perspective.

To again qualify further

The fence runs North to South and I am standing on the west side of the fence looking east and When I look over the fence I see the horizon.

That is a fully qualified statement and one can now disseminate a qualified answer as to what horizon is seen.

The sunrise horizon is the qualified answer.

To qualify the statement to enable a qualified answer, the statement would need to be...

But many providers filters/block the port 25 connection in traffic direction inbound to my server.

or

But many providers filters/block the port 25 connection in traffic direction inbound to my ISP's server.

Both statements will yield a distinctly different qualified response statement.

Data flow within a network is direction dependent.

Although you did qualify the direction you did not qualify your perspective, thus a qualified answer cannot be given.

Any answer statement at this point has a 50/50 chance of being misleading/incorrect.

So it is very important to maintain an awareness of perspective and be accurate in any descriptive statement and/or query statement.

HTH enjoy...

[arne]

Well - "Email dead in the water." - Why is it like that ?

To check for open ports and connection, and to set up a basic mail server that is something that anyone can do.

At least I can not remeber one time it did not work for the last five years.

This will be like the theory about riding a bicycle. If you try to analyse it using vectors and mathematical tools, bicycling is allmost imposible. If you just do it,it works. After ten years of bicycling you just don't vorry to much about the theory.

But - I have not tried to set up a working mail server behind a firewall or a dataconnection that is comfimed to be blocked on port 25. This would be intersting to try to do or to participate in. First it should be tested out what ports is open and which is not. if log show traffic from a to b, then the connection is open.


 

[arne]

To check out which ports that is open for inbound and outbound traffic, should be something very basic and it should not be any problems in that at all. I have used the same simple Linux commands for approx ten years, and I can not remember any case that the methods did not work or gave incorrect ressults.

So then when it is stated which ports that is available, it should be just a question of how to use the ports that is available. There will allmost be some that can be used. I can see that there is some commersial vendors that does the resending on an alternative port for a small fee. (Don't know if there is free services that can do the same.)

http://www.rollernet.us/services.php (Have not tried this at all.)

"Email dead in the water." - But it should not be any good reasons for that. This tread should have an easy answer, if just the ownet of the tread are willing to do what should be done to solve this problem..

[electroman00]

Super-Scan 3

Super-Scan4 is SS3 with a lot of features stripped out for good reason.

SS3 is very reliable scanner, it has never given a faulty scan.

SS3 is very difficult to find on the net and I cannot post a download link to it...sorry.

Be aware most SS3 d/l links will d/l SS4.

Warning: If you find it, use it very wisely.

[zatnikatel]

it was easy to find first thing that came up in goggle Super-Scan 3 not a bad little program at all

http://www.foundstone.com/us/resources/proddesc/superscan3.htm

[arne]

Superscan has been one of my basic Windows tools since it were released from Foundstone.

It use to be included on the CD included with the Foundstone book "Hacking Exposed".

I have used to buy all revisions of this book, over the years, as it have been reviced.

Some of the methods I have described above (if not actually all) to check if ports is open for traffic etc is described in this book "Hacking Exposed".

I agree that Superscan 3 is very easy and quick to use. On the other hand I think that nmap of Linux has more advanced tools and is more flexible. But it is more difficult to use and it require a bit more training and understanding than Superscan 3.

By the way, I think I have found the simplest of all simple methods to find out if the port 25 is open in the traffic direction for outbound traffic. (I did not know it, but I found it when googling.)

From the dos shell in Windows XP (!!), type the following command:

" telnet contribs.org 25 "

If the port 25 is open for traffic out, the mail server of contribs org will answer:

220 mail.contribs.org ESMTP Postfix

If one go to the Chapter about mailservers in the book "Hacking Exposed", I think this method of checking for an open connection and to probe a mailserver is described there. (But I can not rember they mentioned that it could be done in Windows/dos also, I think they only mentioned Linux)

To check if ports is open for traffic out or in should be something very simple and basic, and something one should do quite early and easy.

But if they are closed, I have to admit I don't know what to do. That's another discussion. In the real cases I have had, I have until now just called the ISP and explained the situation, and they have opened for port 25.

I just also tested Superscan 3 at contribs.org port 25, and it just showed the same responce:

220 mail.contribs.org ESMTP Postfix

By the way, Superscan 3 is a much more primitive tool than nmap. They can hardly be compared at all. But it is quite easy to use. Is Superscan 4 a stripped down version of Superscan 3 ? It is some years seence I tested Superscan 4 but it was not my impression at that time. I still use Superscan 3 as a tool when I want a portscanner of the type "one click and no thinking". One thing it is very good at is actually questions of the type: "give me all mail servers in ip range .."

[byte]

This topic has gone off topic (a while ago during thread) as it's now general talk about port 25. Locking thread.