| Deutsch English Français Italiano |
|
<87o73h4if7.fsf@tudado.org> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!3.eu.feeder.erje.net!feeder.erje.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Lesley Esen <lesen@wimezu.com> Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.programmer,comp.misc Subject: outgoing tcp port 25 blocked? how to prove it? Followup-To: comp.misc Date: Fri, 18 Oct 2024 11:03:40 -0300 Organization: A noiseless patient Spider Lines: 118 Message-ID: <87o73h4if7.fsf@tudado.org> MIME-Version: 1.0 Content-Type: text/plain Injection-Date: Fri, 18 Oct 2024 16:03:47 +0200 (CEST) Injection-Info: dont-email.me; posting-host="27f6b2294413db43560060f650c796e2"; logging-data="3513018"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+khR0xcp+QCCpK/ukT3gln2X+7RKXKiVE=" Cancel-Lock: sha1:qEySIrFQIksvQzl2qK4NiF0vKMU= sha1:RZNwQo3OpsY3kblfMIrLrgSbuSI= Bytes: 7157 I've got a FreeBSD running as a Lightsail instance at AWS. I asked AWS to create a reverse dns for my host and also lift all restrictions on port 25. They did so: the reverse dns has been created and I can get mails from the outside, but I can't seem to go out on TCP port 25. That still seems blocked at least as far as the hosts I've tried to reach. This might not have anything to do with AWS. AWS said that "[e]mail sending limitations have also been removed for any resources for the region your EIP is located in." I believe them. The host 69.164.210.174 can reach my host at mx.antartida.xyz just fine. The host mx.antartida.xyz is also named a.antartida.xyz. %telnet mx.antartida.xyz 25 Trying 34.197.192.71... Connected to mx.antartida.xyz. Escape character is '^]'. 220 a.antartida.xyz ESMTP Sendmail 8.17.1/8.17.1; Fri, 18 Oct 2024 10:24:01 -0300 (-03) help 214-2.0.0 This is sendmail version 8.17.1 214-2.0.0 Topics: 214-2.0.0 HELO EHLO MAIL RCPT DATA 214-2.0.0 RSET NOOP QUIT HELP VRFY 214-2.0.0 EXPN VERB ETRN DSN AUTH 214-2.0.0 STARTTLS 214-2.0.0 For more info use "HELP <topic>". 214-2.0.0 To report bugs in the implementation see 214-2.0.0 http://www.sendmail.org/email-addresses.html 214-2.0.0 For local information send email to Postmaster at your site. 214 2.0.0 End of HELP info quit 221 2.0.0 a.antartida.xyz closing connection Connection closed by foreign host. The host 69.164.210.174 also runs an SMTP server, but someone seems to block my path to it. It might not AWS as I also can't reach it from my personal computer (with a dynamic IP address). Here's a tcpdump from host mx.antartida.xyz while trying to telnet to 69.164.210.174 on port 25. --8<-------------------------------------------------------->8--- # tcpdump -n port 25 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ena0, link-type EN10MB (Ethernet), capture size 262144 bytes 09:01:45.939473 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931741362 ecr 0], length 0 09:01:46.964516 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931742388 ecr 0], length 0 09:01:49.164532 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931744588 ecr 0], length 0 09:01:53.424248 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931748848 ecr 0], length 0 09:02:01.764542 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931757188 ecr 0], length 0 09:02:17.964527 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931773388 ecr 0], length 0 09:02:50.164521 IP 172.26.5.226.37963 > 69.164.210.174.25: Flags [S], seq 1665376094, win 65535, options [mss 8961,nop,wscale 6,sackOK,TS val 3931805588 ecr 0], length 0 ^C 7 packets captured 243 packets received by filter 0 packets dropped by kernel --8<-------------------------------------------------------->8--- The view from host 69.164.210.174: --8<-------------------------------------------------------->8--- # tcpdump -n host 34.197.192.71 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel --8<-------------------------------------------------------->8--- We can see TCP SYN packets being sent and none are acknowledged. If I switch from port 25 to port 21, I can see my packets arrive (even though there's no FTP server at 69.164.210.174). From the Lightsail instance: --8<-------------------------------------------------------->8--- %telnet 69.164.210.174 21 Trying 69.164.210.174... telnet: connect to address 69.164.210.174: Connection refused --8<-------------------------------------------------------->8--- The view from 69.164.210.174: --8<-------------------------------------------------------->8--- # tcpdump -n port 21 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 13:31:04.679931 IP 34.197.192.71.43674 > 69.164.210.174.21: Flags [S], seq 2257976044, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 2164055307 ecr 0], length 0 13:31:04.679989 IP 69.164.210.174.21 > 34.197.192.71.43674: Flags [R.], seq 0, ack 2257976045, win 0, length 0 ^C 2 packets captured 2 packets received by filter 0 packets dropped by kernel --8<-------------------------------------------------------->8--- I get a TCP RST back as expected. I get essentially the same output from tcpdump at both hosts. In other words, there's no connectivity problem between the two. It's really port 25 that's being filtered. (Each host is also able to ping each other.) In summary, I can get e-mails from the outside, but I can't deliver e-mails or reach Google SMTP servers either from the host mx.antartida.xyz. So it's not just the host 69.164.210.174 that I can't reach. If I try a random SMTP such as the ones for cnn.com, say, I can't reach them from mx.antartida.xyz, but I can from host 69.164.210.174. Host 69.164.210.174 is a personal mail server running netqmail, so I'm getting the idea that host 69.164.210.174 has good reputation enough to talk to, say, CNN's email servers, but not mx.antartida.xyz (which is an newly-born SMTP, just starting out in life). So I must be blacklisted? I've looked around on the web and the queries I've been able to issue say that I'm *not* blocked anywhere. So I'm looking for advice on running my own mail server once again in the complicated phase the Internet is going through. If you have any recommendations on this, I'd appreciate hearing about it. Thank you.