Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

The whole world is a tuxedo and you are a pair of brown shoes. -- George Gobel

comp / comp.unix.bsd.freebsd.misc / outgoing tcp port 25 blocked? how to prove it?

SubjectAuthor
* outgoing tcp port 25 blocked? how to prove it?Lesley Esen
`* Re: outgoing tcp port 25 blocked? how to prove it?Winston
 `* Re: outgoing tcp port 25 blocked? how to prove it?Lesley Esen
  +* Re: outgoing tcp port 25 blocked? how to prove it?John Levine
  |`- Re: outgoing tcp port 25 blocked? how to prove it?Lesley Esen
  `- Re: outgoing tcp port 25 blocked? how to prove it?Bob Eager

1
Subject: outgoing tcp port 25 blocked? how to prove it?
From: Lesley Esen
Newsgroups: comp.unix.bsd.freebsd.misc, comp.unix.programmer, comp.misc
Followup: comp.misc
Organization: A noiseless patient Spider
Date: Fri, 18 Oct 2024 14:03 UTC
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: lesen@wimezu.com (Lesley Esen)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.programmer,comp.misc
Subject: outgoing tcp port 25 blocked? how to prove it?
Followup-To: comp.misc
Date: Fri, 18 Oct 2024 11:03:40 -0300
Organization: A noiseless patient Spider
Lines: 118
Message-ID: <87o73h4if7.fsf@tudado.org>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Date: Fri, 18 Oct 2024 16:03:47 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="27f6b2294413db43560060f650c796e2";
logging-data="3513018"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+khR0xcp+QCCpK/ukT3gln2X+7RKXKiVE="
Cancel-Lock: sha1:qEySIrFQIksvQzl2qK4NiF0vKMU=
sha1:RZNwQo3OpsY3kblfMIrLrgSbuSI=
View all headers

I've got a FreeBSD running as a Lightsail instance at AWS. I asked AWS
to create a reverse dns for my host and also lift all restrictions on
port 25. They did so: the reverse dns has been created and I can get
mails from the outside, but I can't seem to go out on TCP port 25. That
still seems blocked at least as far as the hosts I've tried to reach.
This might not have anything to do with AWS. AWS said that "[e]mail
sending limitations have also been removed for any resources for the
region your EIP is located in." I believe them.

The host 69.164.210.174 can reach my host at mx.antartida.xyz just
fine. The host mx.antartida.xyz is also named a.antartida.xyz.

%telnet mx.antartida.xyz 25
Trying 34.197.192.71...
Connected to mx.antartida.xyz.
Escape character is '^]'.
220 a.antartida.xyz ESMTP Sendmail 8.17.1/8.17.1; Fri, 18 Oct 2024 10:24:01 -0300 (-03)
help
214-2.0.0 This is sendmail version 8.17.1
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0 http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
quit
221 2.0.0 a.antartida.xyz closing connection
Connection closed by foreign host.

The host 69.164.210.174 also runs an SMTP server, but someone seems to
block my path to it. It might not AWS as I also can't reach it from my
personal computer (with a dynamic IP address). Here's a tcpdump from
host mx.antartida.xyz while trying to telnet to 69.164.210.174 on port
25.

--8<-------------------------------------------------------->8---
# tcpdump -n port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ena0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:01:45.939473 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931741362 ecr 0], length 0
09:01:46.964516 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931742388 ecr 0], length 0
09:01:49.164532 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931744588 ecr 0], length 0
09:01:53.424248 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931748848 ecr 0], length 0
09:02:01.764542 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931757188 ecr 0], length 0
09:02:17.964527 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931773388 ecr 0], length 0
09:02:50.164521 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931805588 ecr 0], length 0
^C
7 packets captured
243 packets received by filter
0 packets dropped by kernel
--8<-------------------------------------------------------->8---

The view from host 69.164.210.174:

--8<-------------------------------------------------------->8---
# tcpdump -n host 34.197.192.71
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
--8<-------------------------------------------------------->8---

We can see TCP SYN packets being sent and none are acknowledged.

If I switch from port 25 to port 21, I can see my packets arrive (even
though there's no FTP server at 69.164.210.174).

From the Lightsail instance:

--8<-------------------------------------------------------->8---
%telnet 69.164.210.174 21
Trying 69.164.210.174...
telnet: connect to address 69.164.210.174: Connection refused
--8<-------------------------------------------------------->8---

The view from 69.164.210.174:

--8<-------------------------------------------------------->8---
# tcpdump -n port 21
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:31:04.679931 IP 34.197.192.71.43674 > 69.164.210.174.21: Flags [S], seq 2257976044, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 2164055307 ecr 0], length 0
13:31:04.679989 IP 69.164.210.174.21 > 34.197.192.71.43674: Flags [R.], seq 0, ack 2257976045, win 0, length 0
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
--8<-------------------------------------------------------->8---

I get a TCP RST back as expected. I get essentially the same output
from tcpdump at both hosts. In other words, there's no connectivity
problem between the two. It's really port 25 that's being filtered.
(Each host is also able to ping each other.)

In summary, I can get e-mails from the outside, but I can't deliver
e-mails or reach Google SMTP servers either from the host
mx.antartida.xyz. So it's not just the host 69.164.210.174 that I can't
reach.

If I try a random SMTP such as the ones for cnn.com, say, I can't reach
them from mx.antartida.xyz, but I can from host 69.164.210.174. Host
69.164.210.174 is a personal mail server running netqmail, so I'm
getting the idea that host 69.164.210.174 has good reputation enough to
talk to, say, CNN's email servers, but not mx.antartida.xyz (which is an
newly-born SMTP, just starting out in life).

So I must be blacklisted? I've looked around on the web and the queries
I've been able to issue say that I'm *not* blocked anywhere.

So I'm looking for advice on running my own mail server once again in
the complicated phase the Internet is going through. If you have any
recommendations on this, I'd appreciate hearing about it. Thank you.

Subject: Re: outgoing tcp port 25 blocked? how to prove it?
From: Winston
Newsgroups: comp.unix.bsd.freebsd.misc, comp.unix.programmer, comp.misc
Organization: A noiseless patient Spider
Date: Sat, 19 Oct 2024 00:18 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: wbe@UBEBLOCK.psr.com.invalid (Winston)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.programmer,comp.misc
Subject: Re: outgoing tcp port 25 blocked? how to prove it?
Date: Fri, 18 Oct 2024 20:18:36 -0400
Organization: A noiseless patient Spider
Lines: 23
Message-ID: <yded4dhrmr.fsf@UBEblock.psr.com>
References: <87o73h4if7.fsf@tudado.org>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Date: Sat, 19 Oct 2024 02:18:37 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="bfdef503d51b9d540957bb0df1bf0cd3";
logging-data="3713905"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/2oO4n4xjHB5dXYHX176O/"
User-Agent: Gnus/5.13 (Gnus v5.13)
Cancel-Lock: sha1:wUcOgkiHUj8LmmZ8NxEBC/UmL3Q=
sha1:FlPRClwxJ7chY4xEgtrLviQNtZ8=
Mail-Copies-To: never
View all headers

Lesley Esen <lesen@wimezu.com> writes:
> # tcpdump -n port 25
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on ena0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 09:01:45.939473 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535,

172.26.*.* is private, not public, IP address space. If that's the TCP
source address being sent to the remote hosts, it's not surprising
you're not getting an answer. If I'm reading your article right, the
public IP address 34.197.192.71.

If you can't solve the problem directly, you may need to relay outbound
mail via some AWS mail forwarder, if they have them.

> The host 69.164.210.174 also runs an SMTP server, but someone seems to
> block my path to it. It might not AWS as I also can't reach it from my
> personal computer (with a dynamic IP address).

Try "netstat -an4" on 69.164.210.174 to verify that the mail server is
indeed listening on port 25. Also, if that host is behind a NAT
firewall, you may also need to configure the firewall to enable port
forwarding for port 25.
-WBE

Subject: Re: outgoing tcp port 25 blocked? how to prove it?
From: Lesley Esen
Newsgroups: comp.unix.bsd.freebsd.misc, comp.unix.programmer, comp.misc
Organization: A noiseless patient Spider
Date: Sat, 19 Oct 2024 12:11 UTC
References: 1 2
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: lesen@wimezu.com (Lesley Esen)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.programmer,comp.misc
Subject: Re: outgoing tcp port 25 blocked? how to prove it?
Date: Sat, 19 Oct 2024 09:11:11 -0300
Organization: A noiseless patient Spider
Lines: 38
Message-ID: <87plnwz40w.fsf@wimezu.com>
References: <87o73h4if7.fsf@tudado.org> <yded4dhrmr.fsf@UBEblock.psr.com>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Date: Sat, 19 Oct 2024 14:11:13 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="88c2369b80ac65c8b1172aaad7318c5b";
logging-data="4051844"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+nj5ne8sZLyzEJgtPzlLJBWRgQ9kuX3K8="
Cancel-Lock: sha1:nh7EhqC9hQaD9xWatzQ8CvAsXrU=
sha1:UShK8dOc3aKhHoQ9EDfuVxObBl4=
View all headers

Winston <wbe@UBEBLOCK.psr.com.invalid> writes:

> Lesley Esen <lesen@wimezu.com> writes:
>> # tcpdump -n port 25
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on ena0, link-type EN10MB (Ethernet), capture size 262144 bytes
>> 09:01:45.939473 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags
>> [S], seq 1665376094, win 65535,
>
> 172.26.*.* is private, not public, IP address space. If that's the TCP
> source address being sent to the remote hosts, it's not surprising
> you're not getting an answer. If I'm reading your article right, the
> public IP address 34.197.192.71.

That's the public IP address, yes. This is typical on the AWS network.
Each instance gets a private and a public IP address. I never see the
public IP address in the instance, but the packets must be being
rewritten by the AWS network because I can communicate with the outside
world just fine.

> If you can't solve the problem directly, you may need to relay outbound
> mail via some AWS mail forwarder, if they have them.

I think that's also possible.

>> The host 69.164.210.174 also runs an SMTP server, but someone seems to
>> block my path to it. It might not AWS as I also can't reach it from my
>> personal computer (with a dynamic IP address).
>
> Try "netstat -an4" on 69.164.210.174 to verify that the mail server is
> indeed listening on port 25.

%netstat -an4 | grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 69.164.210.174:25 194.169.175.47:34740 TIME_WAIT
tcp 0 0 69.164.210.174:25 194.169.175.47:40116 TIME_WAIT

Thanks!

Subject: Re: outgoing tcp port 25 blocked? how to prove it?
From: John Levine
Newsgroups: comp.unix.bsd.freebsd.misc, comp.unix.programmer, comp.misc
Organization: Taughannock Networks
Date: Sat, 19 Oct 2024 18:40 UTC
References: 1 2 3
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!weretis.net!feeder9.news.weretis.net!news.misty.com!news.iecc.com!.POSTED.news.iecc.com!not-for-mail
From: johnl@taugh.com (John Levine)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.programmer,comp.misc
Subject: Re: outgoing tcp port 25 blocked? how to prove it?
Date: Sat, 19 Oct 2024 18:40:22 -0000 (UTC)
Organization: Taughannock Networks
Message-ID: <vf0uem$1vs$1@gal.iecc.com>
References: <87o73h4if7.fsf@tudado.org> <yded4dhrmr.fsf@UBEblock.psr.com> <87plnwz40w.fsf@wimezu.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 19 Oct 2024 18:40:22 -0000 (UTC)
Injection-Info: gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970";
logging-data="2044"; mail-complaints-to="abuse@iecc.com"
In-Reply-To: <87o73h4if7.fsf@tudado.org> <yded4dhrmr.fsf@UBEblock.psr.com> <87plnwz40w.fsf@wimezu.com>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
View all headers

>I think that's also possible.
>
>>> The host 69.164.210.174 also runs an SMTP server, but someone seems to
>>> block my path to it. It might not AWS as I also can't reach it from my
>>> personal computer (with a dynamic IP address).
>>
>> Try "netstat -an4" on 69.164.210.174 to verify that the mail server is
>> indeed listening on port 25.

I sent a message saying what the problem likely is, but since wimezu.com is
a fake address, it bounced. Too bad.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Subject: Re: outgoing tcp port 25 blocked? how to prove it?
From: Bob Eager
Newsgroups: comp.unix.bsd.freebsd.misc, comp.unix.programmer, comp.misc
Date: Sat, 19 Oct 2024 19:43 UTC
References: 1 2 3
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: news0009@eager.cx (Bob Eager)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.programmer,comp.misc
Subject: Re: outgoing tcp port 25 blocked? how to prove it?
Date: 19 Oct 2024 19:43:23 GMT
Lines: 22
Message-ID: <lnigerF24ckU6@mid.individual.net>
References: <87o73h4if7.fsf@tudado.org> <yded4dhrmr.fsf@UBEblock.psr.com>
<87plnwz40w.fsf@wimezu.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net 8UcNi5y5yxTCGKeEpXDxzwSvk5jF4WYN1gnKhk0Su70wt4ocFo
Cancel-Lock: sha1:ChDnA2v0W5NWp/dygs0EzDAZbaE= sha256:XycrPQa54mQ48MTLwg787/qU3Mef3CF/Wrgr+iwnSv0=
User-Agent: Pan/0.145 (Duplicitous mercenary valetism; d7e168a
git.gnome.org/pan2)
View all headers

On Sat, 19 Oct 2024 09:11:11 -0300, Lesley Esen wrote:

> That's the public IP address, yes. This is typical on the AWS network.
> Each instance gets a private and a public IP address. I never see the
> public IP address in the instance, but the packets must be being
> rewritten by the AWS network because I can communicate with the outside
> world just fine.

AS a data point ... I ran an outbound mail server on an AWS instance
(FreeBSD) for four years (I stopped because I now have fast access at
home).

It connected with a mail server run by me, though. So I wonder if it's
your ISO blocking an AWS IP range.

--
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
http://www.mirrorservice.org

Subject: Re: outgoing tcp port 25 blocked? how to prove it?
From: Lesley Esen
Newsgroups: comp.unix.bsd.freebsd.misc, comp.unix.programmer, comp.misc
Organization: A noiseless patient Spider
Date: Sat, 19 Oct 2024 22:13 UTC
References: 1 2 3 4
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: lesen@wimezu.com (Lesley Esen)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.programmer,comp.misc
Subject: Re: outgoing tcp port 25 blocked? how to prove it?
Date: Sat, 19 Oct 2024 19:13:38 -0300
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <87bjzfwxkd.fsf@wimezu.com>
References: <87o73h4if7.fsf@tudado.org> <yded4dhrmr.fsf@UBEblock.psr.com>
<87plnwz40w.fsf@wimezu.com> <vf0uem$1vs$1@gal.iecc.com>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Date: Sun, 20 Oct 2024 00:13:41 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="c10bab7994db92c3aa78cbb17fe1397e";
logging-data="75880"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/zFMZUM+o2cJo21FFJ/fHxXagC8prkQh8="
Cancel-Lock: sha1:lzveetmWPHW1rc5nQ8pS1aco0pg=
sha1:6e+25iQ55EndehEaXRZdBNjk1bA=
View all headers

John Levine <johnl@taugh.com> writes:

>>I think that's also possible.
>>
>>>> The host 69.164.210.174 also runs an SMTP server, but someone seems to
>>>> block my path to it. It might not AWS as I also can't reach it from my
>>>> personal computer (with a dynamic IP address).
>>>
>>> Try "netstat -an4" on 69.164.210.174 to verify that the mail server is
>>> indeed listening on port 25.
>
> I sent a message saying what the problem likely is, but since wimezu.com is
> a fake address, it bounced. Too bad.

Sorry about that. I'd appreciate if you can post it here. Thank you!

1

rocksolid light 0.9.8
clearnet tor