Username: 
Password: 
Restrict session to IP 

The gizmore conspiracy

Global Rank: 227
Totalscore: 84664
Posts: 1305
Thanks: 1144
UpVotes: 656
Registered: 10y 186d




Last Seen: 11m 11s
The User is Offline
The gizmore conspiracy
Google/translate0Thank You!0Good Post!0Bad Post! link
Probably a few people figured something happened to myself and the servers i "maintain".

Indeed, a lot happened, and finally i checked one weird thing that puzzled me.

I was not able to send emails via this smtpd anymore.

My first thought, in my crazy times, was... that some evil "Man In The Middle" drops my packets when i send out the mails... and it looks like i was right! Euh

I did not change any configs on client or server when it stopped working.
Some servers, like gmx or yahoo still work.

Today i checked mail logs and saw that no traffic passes through.
I disabled firewall => still no connect
Tried from a different box/vps => works!
Changed submission port from 587 to 588 => works also from home! WTF

It really looks like someone thinks i am not allowed to send mails from my own mailservers anymore Drool
Also port 25 and 465 are blocked to my own vps.
The telnet just hangs waiting for connection.
When i now try the closed 587 => telnet still hangs
When i try a closed port like 12233 => telnet immediately quits

Am i missing something in my conspiracy theory?

Happy Challenging!
gizmore
The geeks shall inherit the properties and methods of object earth.
Global Rank: 1
Totalscore: 719478
Posts: 344
Thanks: 338
UpVotes: 286
Registered: 9y 25d











The User is Offline
RE: The gizmore conspiracy
Google/translate1Thank You!1Good Post!0Bad Post! link
So what you are saying is that some ports are blocked when you try to connect from home to the server.

What do you mean with "Some servers, like gmx or yahoo still work."? This suggest that there are more servers that it doesn't work for.

"I disabled firewall" On PC? Router? Server?

Have you tried traceroute to compare 587 to 588? If everyone plays along, it should make clear where the packets are dropped.
Global Rank: 227
Totalscore: 84664
Posts: 1305
Thanks: 1144
UpVotes: 656
Registered: 10y 186d




Last Seen: 11m 11s
The User is Offline
RE: The gizmore conspiracy
Google/translate0Thank You!0Good Post!0Bad Post! link
A traceroute works fine on both ports, so i suppose only tcp/ip is blocked.
Affected are only my own mailservers, so there seems to be a special rule for just these connections.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 1
Totalscore: 719478
Posts: 344
Thanks: 338
UpVotes: 286
Registered: 9y 25d











The User is Offline
RE: The gizmore conspiracy
Google/translate1Thank You!1Good Post!0Bad Post! link
Make sure you use TCP for traceroute (default is probably UDP); if traceroute works fine, so should normal connections.
Global Rank: 227
Totalscore: 84664
Posts: 1305
Thanks: 1144
UpVotes: 656
Registered: 10y 186d




Last Seen: 11m 11s
The User is Offline
RE: The gizmore conspiracy
Google/translate0Thank You!0Good Post!0Bad Post! link
Thanks. Here is the output of 4 combinations

GeSHi`ed text code
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
29
3031
32
33
34
3536
37
38
39
4041
42
43
44
4546
47
48
49
5051
52
53
54
55
 
giz gizmore # tcptraceroute wechall.net 588
Selected device eth0, address 192.168.0.4, port 33768 for outgoing packets
Tracing the path to wechall.net (176.28.31.8) on TCP port 588, 30 hops max
 1  192.168.0.1  0.288 ms  0.189 ms  0.232 ms 2  192.168.2.1  1.136 ms  1.115 ms  1.097 ms
 3  217.0.119.43  9.181 ms  9.110 ms  8.821 ms
 4  87.186.199.94  8.834 ms  8.715 ms  8.805 ms
 5  217.239.50.89  14.015 ms  13.586 ms  13.620 ms
 6  62.157.250.114  14.029 ms  13.914 ms  14.015 ms 7  xe-0-2-0.dr-master.r2.cgn3.he-core.de (176.28.4.50)  14.457 ms  13.860 ms  15.608 ms
 8  s192.alfahosting-vps.de (176.28.5.72)  14.853 ms  14.325 ms  14.474 ms
 9  wechall.net (176.28.31.8) [open]  14.836 ms  14.543 ms  15.709 ms
 
giz gizmore # tcptraceroute wechall.net 587Selected device eth0, address 192.168.0.4, port 58850 for outgoing packets
Tracing the path to wechall.net (176.28.31.8) on TCP port 587 (submission), 30 hops max
 1  192.168.0.1  0.293 ms  0.157 ms  0.282 ms
 2  192.168.2.1  1.265 ms  1.241 ms  1.235 ms
 3  * *^C 
giz gizmore # traceroute wechall.net 587
traceroute to wechall.net (176.28.31.8), 30 hops max, 587 byte packets
 1  192.168.0.1 (192.168.0.1)  0.333 ms  0.345 ms  0.462 ms
 2  speedport.ip (192.168.2.1)  2.876 ms  2.887 ms  2.998 ms 3  217.0.119.43 (217.0.119.43)  11.204 ms  11.244 ms  11.501 ms
 4  87.186.199.94 (87.186.199.94)  17.161 ms  17.197 ms  17.247 ms
 5  217.239.50.94 (217.239.50.94)  18.714 ms 217.239.50.86 (217.239.50.86)  24.728 ms  24.770 ms
 6  62.157.250.114 (62.157.250.114)  24.815 ms  14.946 ms  17.286 ms
 7  xe-0-1-0.dr-master.r2.cgn3.he-core.de (176.28.4.46)  17.612 ms  17.656 ms  22.872 ms 8  s192.alfahosting-vps.de (176.28.5.72)  23.462 ms  23.593 ms  23.587 ms
 9  wechall.net (176.28.31.8)  23.696 ms  23.851 ms  23.848 ms
 
giz gizmore # traceroute wechall.net 588
traceroute to wechall.net (176.28.31.8), 30 hops max, 588 byte packets 1  192.168.0.1 (192.168.0.1)  0.323 ms  0.347 ms  0.463 ms
 2  speedport.ip (192.168.2.1)  2.772 ms  2.772 ms  2.880 ms
 3  217.0.119.43 (217.0.119.43)  10.716 ms  10.810 ms  12.611 ms
 4  87.186.199.94 (87.186.199.94)  12.656 ms  12.949 ms  12.993 ms
 5  217.239.50.86 (217.239.50.86)  17.395 ms 217.239.50.70 (217.239.50.70)  18.124 ms  18.511 ms 6  62.157.250.114 (62.157.250.114)  19.702 ms  14.805 ms  15.046 ms
 7  xe-0-1-0.dr-master.r2.cgn3.he-core.de (176.28.4.46)  15.068 ms  15.780 ms  15.824 ms
 8  s192.alfahosting-vps.de (176.28.5.72)  17.223 ms  15.367 ms  15.759 ms
 9  wechall.net (176.28.31.8)  16.033 ms  17.353 ms  18.511 ms
 OH... and port 25, which should be open
 
giz gizmore # tcptraceroute wechall.net 25
Selected device eth0, address 192.168.0.4, port 54618 for outgoing packets
Tracing the path to wechall.net (176.28.31.8) on TCP port 25 (smtp), 30 hops max 1  192.168.0.1  0.282 ms  0.214 ms  0.377 ms
 2  192.168.2.1  1.167 ms  1.139 ms  1.149 ms
 3  * * *
 
 
The geeks shall inherit the properties and methods of object earth.
Last edited by Gizmore - May 23, 2015 - 19:00:49
Global Rank: 1
Totalscore: 719478
Posts: 344
Thanks: 338
UpVotes: 286
Registered: 9y 25d











The User is Offline
RE: The gizmore conspiracy
Google/translate1Thank You!1Good Post!0Bad Post! link
Seems your ISP has decided to block SMTP then...

I've known about them blocking it for incoming connection or SMTP servers blocking users with dynamic IP addresses, but I've been told in IRC that some providers now also started blocking outgoing connections.
Global Rank: 227
Totalscore: 84664
Posts: 1305
Thanks: 1144
UpVotes: 656
Registered: 10y 186d




Last Seen: 11m 11s
The User is Offline
RE: The gizmore conspiracy
Google/translate0Thank You!0Good Post!0Bad Post! link
Funny is that i did not send mass emails and only two servers are affected...
thanks for confirmation
The geeks shall inherit the properties and methods of object earth.
Global Rank: 227
Totalscore: 84664
Posts: 1305
Thanks: 1144
UpVotes: 656
Registered: 10y 186d




Last Seen: 11m 11s
The User is Offline
RE: The gizmore conspiracy
Google/translate0Thank You!1Good Post!0Bad Post! link
OK.... i was paranoid.

The reason was: many routers now block email sending until the smtp servers are whitelisted.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 45
Totalscore: 236553
Posts: 109
Thanks: 98
UpVotes: 90
Registered: 10y 169d
livinskull`s Avatar




Last Seen: 16s
The User is Online
RE: The gizmore conspiracy
Google/translate1Thank You!1Good Post!0Bad Post! link
Fun fact: This works the other way round too.

AWS for example, blocks all outgoing traffic on port 25. This is apparently some kind of anti-spam protection, but leads to much fun trying to get a server to send emails...
tunelko, TheHiveMind, Z, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4087 times.