27 May
2004
27 May
'04
2:50 p.m.
Hi Serge,
For the past 4 weeks there have been increasing
problems, first my mails
seemed to be rejected by Sendar for some obscure "IP forwarding" question
and Thierry helped me with that. I had to fix my parameters in Ximian
Evolution and Kmail (I'm using both, yes, different e-mail adresses,
different "identities", different repositories etc...)
?? Sounds strange. -v please (maybe at the meeting tonight)
The last time I was able to send myil from my normal
account was on Sunday
night, since then all I get is some error message saying "unable to
connect to sendar port 25".
Try this:
(as root), run tcpdump
(as anyone), telnet sendar.prophecy.lu 25
Check the tcpdump - you'll see the outgoing packets from your machine
to sendar, you should also see the replies coming. If nothing comes
back (not even ACKs), chances are your traffic is being dropped on
the way - question is where.
Oh yes, if the telnet works, you'll see this:
bash-2.05b$ telnet sendar.prophecy.lu 25
Trying 213.166.63.242...
Connected to sendar.prophecy.lu.
Escape character is '^]'.
220-sendar.prophecy.lu ESMTP Sendmail 8.12.10 ready at Thu, 27 May 2004
16:50:02 +0200
220 No Spam please!
(close via "quit")
Also try this (as root):
nmap -p 25 sendar.prophecy.lu
You should get:
root # nmap -p 25 sendar.prophecy.lu
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-05-27 16:32 CEST
Interesting ports on sendar.prophecy.lu (213.166.63.242):
PORT STATE SERVICE
25/tcp open smtp
If it says filtered instead of open, again, we'll know packets are
being dropped on the way. If it says closed, the packets are not
dropped but rejected.
I _am_ able to retrieve my mails from Sendar though
and I do receive
e-mails on each of my e-mail adresses.
Different port...
I called Thierry and we checked a few things and it
doesn't seem to come
from Sendar, so I called the Coditel (un)help-line to inquire. As usual
they at first considered I might have problems with Outlook or perhaps a
trojan on my system, I explained that neither Kmail, nor Evolution, nor
Linux are all that suscpetible to windows virii (they were actually
understanding about that) and said there have been "several" reports of
users having trouble sending e-mail, they were surprised though that I
_am_ able to send e-mail with my Coditel account (surprise, this works)
... which I assume you're sending via the Coditel mailserver?
Note: whatever mail you're sending out, you're _always_ supposed
to go through your ISP's mailserver. If you're trying to deliver
mail directly, chances are that the recipient's mailserver will
see your IP as belonging to a DUL (dial-up list), and thus refuse
to talk to you (as much spam comes from dialups, be that analog,
ISDN, dsl or cable).
A From: (or envelope Mail From:) is easily forged, so if the
server allows you to send mail based on that only, it's to be
considered an open relay. If it uses pop-before-smtp or smtp-auth,
things look better.
Now, when trying the above - get Thierry to have a tcpdump
running on his firewall (I bet there must be one ;-)) to see
whether the packet arrives there. Give him your IP address
first, so he can filter directly for your traffic. A short
phone call will make sure it's no problem on TC's end.
3) Sendar responds to ping, but I can't ssh to
Sendar either, might be
similar filtering from Coditel, how can I investigate this?
IMHO that would fit the bill.
4) any other suggestions
Ask Coditel whether they are filtering traffic. Ask them whether
they block outbound SMTP traffic (unless going through their
mailserver - this makes a lot of sense, considering all the mail
resp. Outlook viruses as well as spam), ask them whether they
filter anything else, whether they force your HTTP traffic
through a proxy etc.
I can very much symphathize with them if they are filtering
outbound SMTP traffic (I'm seriously considering this measure
@work), I can understand if they use a web proxy, I very much
understand if they drop ports 137-139 traffic (SMB), but they
certainly should bloody leave alone an SSH port (22).
Note, I can symphatize/understand this, but if they do it, they
should inform their customers, and offer their clued customers (tm)
[not that there are many] a way around this. Personally, I wouldn't
accept such a castrated internet connection (and lord, do I sometimes
hate the one at work, where I'm in charge of the filtering myself ;-)).
Greetings, Eric