port 25 not responding to outside

port 25 not responding to outside

Post by Blitze » Mon, 31 May 2004 17:09:13



Hello. I'm having a very strange error regarding sendmail and outside
connections. I have it running on a gateway, and normally it's been fine
accepting mail from the outside. However, just recently (somewhere around
the last time I switched IP addresses, a day or two ago) it stopped
accepting connections from the outside. It still accepts connections from
localhost, and from other hosts on the internal LAN. It also accepts
connections from the outside on other ports like 22 (SSH) fine. But when
an outside host on the internet tries to connect to port 25 of my host, it
simply hangs and times out. I've tried opening my firewall completely,
allowing everything to smtp in /etc/hosts.allow, shutting down and
restarting sendmail completely several times, and rebooting altogether. It
still persists, and is driving me bananas.

I'm on a Slackware 9.0.0 box. Here are outputs of relevant commands and
file contents:

$ ps -ef | grep sendmail
root       144     1  0 03:43 ?        00:00:00 sendmail: accepting connections
smmsp      147     1  0 03:43 ?        00:00:00 sendmail: Queue

$ netstat -an|grep 25
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN

/etc/hosts.allow:
sshd: ALL
smtp: ALL #I added this when the problem started, even though I know
          #sendmail isn't run from Inetd

I opened my iptables firewall completely to see if it would help:
$ iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere          
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp
ACCEPT     all  --  anywhere             anywhere           state
  RELATED,ESTABLISHED

----------------EOF------------
I also run Portsentry, which I tried shutting down, to no avail.

Anyway, help as to whatever (probably obvious and trivial) thing I'm
overlooking is appreciated.

Oh, and please don't reply by email until after it's fixed, as I obviously
can't receive your reply until then =o)

Thanks.

--
Blitzen

 
 
 

port 25 not responding to outside

Post by Bruno Wolff II » Mon, 31 May 2004 21:18:40



> Hello. I'm having a very strange error regarding sendmail and outside
> connections. I have it running on a gateway, and normally it's been fine
> accepting mail from the outside. However, just recently (somewhere around
> the last time I switched IP addresses, a day or two ago) it stopped
> accepting connections from the outside. It still accepts connections from
> localhost, and from other hosts on the internal LAN. It also accepts
> connections from the outside on other ports like 22 (SSH) fine. But when
> an outside host on the internet tries to connect to port 25 of my host, it
> simply hangs and times out. I've tried opening my firewall completely,
> allowing everything to smtp in /etc/hosts.allow, shutting down and
> restarting sendmail completely several times, and rebooting altogether. It
> still persists, and is driving me bananas.

Maybe your ISP is blocking the port. You might try running traceroute to
see how far the packets get.

 
 
 

port 25 not responding to outside

Post by Blitze » Mon, 31 May 2004 23:24:42



> Maybe your ISP is blocking the port. You might try running traceroute to
> see how far the packets get.

Yeah, I was afraid that might be the case. Here's a traceroute I did from
a remote machine on another ISP. Seems fine:

 traceroute to 141.157.x.y (141.157.x.y), 30 hops max, 38 byte packets
 1  * * *
 2  ag-financia-serial5-0-1-8-23.steva01.paetec.net (64.80.183.133)  3.461
      ms  4.021 ms  3.972 ms
 3  bb-steag-et3-0.steva01.paetec.net (64.80.254.77)  3.978 ms  4.062 ms
      4.008 ms
 4 500.POS2-1.GW2.IAD8.ALTER.NET (157.130.59.105)  4.956 ms 5.047 ms
      5.012 ms
 5  0.so-1-0-0.CL1.IAD8.ALTER.NET (152.63.41.14)  4.953 ms  5.105 ms
      4.995 ms
 6  0.so-7-0-0.XL1.DCA5.ALTER.NET (152.63.42.185)  6.971 ms 7.098
      ms  6.952 ms
 7  0.so-7-1-0.BR1.DCA5.ALTER.NET (152.63.43.181) 7.000 ms
      7.099 ms  6.999 ms
 8  204.255.168.18 (204.255.168.18)  8.002 ms
      8.078 ms  7.972 ms
 9  205.171.251.29 (205.171.251.29)  13.997 ms  14.062
      ms  13.981 ms
10  dca-core-03.inet.qwest.net (205.171.209.113)  13.998 ms  14.083 ms
      13.996 ms
11  dca-edge-03.inet.qwest.net (205.171.9.94)  13.965 ms
      14.066 ms  13.998 ms
12  65.118.218.46 (65.118.218.46)  17.003 ms  17.062 ms
      16.997 ms
13  so-0-1-0-0.BB-RTR1.PHIL.verizon-gni.net (130.81.7.225)
      16.967 ms  17.020 ms  16.955 ms
14  so-0-1-0-0.CORE-RTR2.BALT2.verizon-gni.net (130.81.10.114)  17.992 ms
      18.029 ms  17.951 ms
15  * so-0-0-0-0.CORE-RTR1.BALT2.verizon-gni.net (130.81.10.105)  19.387
      ms  17.947 ms
16 A3-0-0-1714.DSL-RTR3.BALT2.verizon-gni.net (130.81.10.142)  18.984 ms
      18.974 ms  18.012 ms
17 pool-141-157-x-y.balt.east.verizon.net (141.157.x.y) 39.981 ms
      45.091 ms 39.989 ms

It's Verizon DSL, and they would have to have suddenly blocked it starting
about 2 days ago, or they only block certain subnets. Before, whenever I
changed IP addresses, it was always on the 4.15 block. Now, my new IP
address starts with 141.157, so perhaps they only block those. Anyone hear
of such a thing, or have other ideas as to my own host?

--
Blitzen

 
 
 

port 25 not responding to outside

Post by Jim » Mon, 31 May 2004 23:41:37


[snip]

Quote:> It's Verizon DSL, and they would have to have suddenly blocked it starting
> about 2 days ago, or they only block certain subnets. Before, whenever I
> changed IP addresses, it was always on the 4.15 block. Now, my new IP
> address starts with 141.157, so perhaps they only block those. Anyone hear
> of such a thing, or have other ideas as to my own host?

Many ISPs have taken to blocking port 25 on their dynamically allocated
IS addresses. It could be that the 4.15.x.x range isn't blocked and the
141.157.x.x is. Query Verizon tech support.

--

Quidquid latine dictum sit, altum viditur.

 
 
 

port 25 not responding to outside

Post by David Efflan » Wed, 02 Jun 2004 04:43:42



> Hello. I'm having a very strange error regarding sendmail and outside
> connections. I have it running on a gateway, and normally it's been fine
> accepting mail from the outside. However, just recently (somewhere around
> the last time I switched IP addresses, a day or two ago) it stopped
> accepting connections from the outside. It still accepts connections from
> localhost, and from other hosts on the internal LAN. It also accepts
> connections from the outside on other ports like 22 (SSH) fine. But when
> an outside host on the internet tries to connect to port 25 of my host, it
> simply hangs and times out. I've tried opening my firewall completely,
> allowing everything to smtp in /etc/hosts.allow, shutting down and
> restarting sendmail completely several times, and rebooting altogether. It
> still persists, and is driving me bananas.

> I'm on a Slackware 9.0.0 box. Here are outputs of relevant commands and
> file contents:

> $ ps -ef | grep sendmail
> root       144     1  0 03:43 ?        00:00:00 sendmail: accepting connections
> smmsp      147     1  0 03:43 ?        00:00:00 sendmail: Queue

> $ netstat -an|grep 25
> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN

> /etc/hosts.allow:
> sshd: ALL
> smtp: ALL #I added this when the problem started, even though I know
>           #sendmail isn't run from Inetd

If sendmail was compiled with tcpwrappers, you may need sendmail: ALL
(using the daemon name, not protocol name) depending what is in your
hosts.deny.  But if nothing shows up in your sendmail logs,
/var/log/messages, or firewall logs (if enabled), maybe your ISP started
blocking port 25 other than to their own smtp relay(s).

--
David Efflandt - All spam ignored  http://www.de-srv.com/