Username: 
Password: 
Restrict session to IP 

The gizmore conspiracy

Global Rank: 226
Totalscore: 84702
Posts: 1295
Thanks: 1132
UpVotes: 625
Registered: 10y 99d




Last Seen: 3d 13h
The User is Offline
The gizmore conspiracy
Google/translate0Thank You!0Good Post!0Bad Post! link
Probably a few people figured something happened to myself and the servers i "maintain".

Indeed, a lot happened, and finally i checked one weird thing that puzzled me.

I was not able to send emails via this smtpd anymore.

My first thought, in my crazy times, was... that some evil "Man In The Middle" drops my packets when i send out the mails... and it looks like i was right! Euh

I did not change any configs on client or server when it stopped working.
Some servers, like gmx or yahoo still work.

Today i checked mail logs and saw that no traffic passes through.
I disabled firewall => still no connect
Tried from a different box/vps => works!
Changed submission port from 587 to 588 => works also from home! WTF

It really looks like someone thinks i am not allowed to send mails from my own mailservers anymore Drool
Also port 25 and 465 are blocked to my own vps.
The telnet just hangs waiting for connection.
When i now try the closed 587 => telnet still hangs
When i try a closed port like 12233 => telnet immediately quits

Am i missing something in my conspiracy theory?

Happy Challenging!
gizmore
The geeks shall inherit the properties and methods of object earth.
Global Rank: 1
Totalscore: 720870
Posts: 327
Thanks: 305
UpVotes: 265
Registered: 8y 303d











The User is Offline
RE: The gizmore conspiracy
Google/translate1Thank You!1Good Post!0Bad Post! link
So what you are saying is that some ports are blocked when you try to connect from home to the server.

What do you mean with "Some servers, like gmx or yahoo still work."? This suggest that there are more servers that it doesn't work for.

"I disabled firewall" On PC? Router? Server?

Have you tried traceroute to compare 587 to 588? If everyone plays along, it should make clear where the packets are dropped.
Global Rank: 226
Totalscore: 84702
Posts: 1295
Thanks: 1132
UpVotes: 625
Registered: 10y 99d




Last Seen: 3d 13h
The User is Offline
RE: The gizmore conspiracy
Google/translate0Thank You!0Good Post!0Bad Post! link
A traceroute works fine on both ports, so i suppose only tcp/ip is blocked.
Affected are only my own mailservers, so there seems to be a special rule for just these connections.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 1
Totalscore: 720870
Posts: 327
Thanks: 305
UpVotes: 265
Registered: 8y 303d











The User is Offline
RE: The gizmore conspiracy
Google/translate1Thank You!1Good Post!0Bad Post! link
Make sure you use TCP for traceroute (default is probably UDP); if traceroute works fine, so should normal connections.
Global Rank: 226
Totalscore: 84702
Posts: 1295
Thanks: 1132
UpVotes: 625
Registered: 10y 99d




Last Seen: 3d 13h
The User is Offline
RE: The gizmore conspiracy
Google/translate0Thank You!0Good Post!0Bad Post! link
Thanks. Here is the output of 4 combinations

text code

giz gizmore # tcptraceroute wechall.net 588
Selected device eth0, address 192.168.0.4, port 33768 for outgoing packets
Tracing the path to wechall.net (176.28.31.8) on TCP port 588, 30 hops max
1 192.168.0.1 0.288 ms 0.189 ms 0.232 ms
2 192.168.2.1 1.136 ms 1.115 ms 1.097 ms
3 217.0.119.43 9.181 ms 9.110 ms 8.821 ms
4 87.186.199.94 8.834 ms 8.715 ms 8.805 ms
5 217.239.50.89 14.015 ms 13.586 ms 13.620 ms
6 62.157.250.114 14.029 ms 13.914 ms 14.015 ms
7 xe-0-2-0.dr-master.r2.cgn3.he-core.de (176.28.4.50) 14.457 ms 13.860 ms 15.608 ms
8 s192.alfahosting-vps.de (176.28.5.72) 14.853 ms 14.325 ms 14.474 ms
9 wechall.net (176.28.31.8) [open] 14.836 ms 14.543 ms 15.709 ms

giz gizmore # tcptraceroute wechall.net 587
Selected device eth0, address 192.168.0.4, port 58850 for outgoing packets
Tracing the path to wechall.net (176.28.31.8) on TCP port 587 (submission), 30 hops max
1 192.168.0.1 0.293 ms 0.157 ms 0.282 ms
2 192.168.2.1 1.265 ms 1.241 ms 1.235 ms
3 * *^C

giz gizmore # traceroute wechall.net 587
traceroute to wechall.net (176.28.31.8), 30 hops max, 587 byte packets
1 192.168.0.1 (192.168.0.1) 0.333 ms 0.345 ms 0.462 ms
2 speedport.ip (192.168.2.1) 2.876 ms 2.887 ms 2.998 ms
3 217.0.119.43 (217.0.119.43) 11.204 ms 11.244 ms 11.501 ms
4 87.186.199.94 (87.186.199.94) 17.161 ms 17.197 ms 17.247 ms
5 217.239.50.94 (217.239.50.94) 18.714 ms 217.239.50.86 (217.239.50.86) 24.728 ms 24.770 ms
6 62.157.250.114 (62.157.250.114) 24.815 ms 14.946 ms 17.286 ms
7 xe-0-1-0.dr-master.r2.cgn3.he-core.de (176.28.4.46) 17.612 ms 17.656 ms 22.872 ms
8 s192.alfahosting-vps.de (176.28.5.72) 23.462 ms 23.593 ms 23.587 ms
9 wechall.net (176.28.31.8) 23.696 ms 23.851 ms 23.848 ms

giz gizmore # traceroute wechall.net 588
traceroute to wechall.net (176.28.31.8), 30 hops max, 588 byte packets
1 192.168.0.1 (192.168.0.1) 0.323 ms 0.347 ms 0.463 ms
2 speedport.ip (192.168.2.1) 2.772 ms 2.772 ms 2.880 ms
3 217.0.119.43 (217.0.119.43) 10.716 ms 10.810 ms 12.611 ms
4 87.186.199.94 (87.186.199.94) 12.656 ms 12.949 ms 12.993 ms
5 217.239.50.86 (217.239.50.86) 17.395 ms 217.239.50.70 (217.239.50.70) 18.124 ms 18.511 ms
6 62.157.250.114 (62.157.250.114) 19.702 ms 14.805 ms 15.046 ms
7 xe-0-1-0.dr-master.r2.cgn3.he-core.de (176.28.4.46) 15.068 ms 15.780 ms 15.824 ms
8 s192.alfahosting-vps.de (176.28.5.72) 17.223 ms 15.367 ms 15.759 ms
9 wechall.net (176.28.31.8) 16.033 ms 17.353 ms 18.511 ms

OH... and port 25, which should be open

giz gizmore # tcptraceroute wechall.net 25
Selected device eth0, address 192.168.0.4, port 54618 for outgoing packets
Tracing the path to wechall.net (176.28.31.8) on TCP port 25 (smtp), 30 hops max
1 192.168.0.1 0.282 ms 0.214 ms 0.377 ms
2 192.168.2.1 1.167 ms 1.139 ms 1.149 ms
3 * * *

The geeks shall inherit the properties and methods of object earth.
Last edited by Gizmore - May 23, 2015 - 19:00:49
Global Rank: 1
Totalscore: 720870
Posts: 327
Thanks: 305
UpVotes: 265
Registered: 8y 303d











The User is Offline
RE: The gizmore conspiracy
Google/translate1Thank You!1Good Post!0Bad Post! link
Seems your ISP has decided to block SMTP then...

I've known about them blocking it for incoming connection or SMTP servers blocking users with dynamic IP addresses, but I've been told in IRC that some providers now also started blocking outgoing connections.
Global Rank: 226
Totalscore: 84702
Posts: 1295
Thanks: 1132
UpVotes: 625
Registered: 10y 99d




Last Seen: 3d 13h
The User is Offline
RE: The gizmore conspiracy
Google/translate0Thank You!0Good Post!0Bad Post! link
Funny is that i did not send mass emails and only two servers are affected...
thanks for confirmation
The geeks shall inherit the properties and methods of object earth.
Global Rank: 226
Totalscore: 84702
Posts: 1295
Thanks: 1132
UpVotes: 625
Registered: 10y 99d




Last Seen: 3d 13h
The User is Offline
RE: The gizmore conspiracy
Google/translate0Thank You!1Good Post!0Bad Post! link
OK.... i was paranoid.

The reason was: many routers now block email sending until the smtp servers are whitelisted.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 53
Totalscore: 221063
Posts: 108
Thanks: 97
UpVotes: 85
Registered: 10y 82d
livinskull`s Avatar




Last Seen: 14h 10m
The User is Offline
RE: The gizmore conspiracy
Google/translate1Thank You!1Good Post!0Bad Post! link
Fun fact: This works the other way round too.

AWS for example, blocks all outgoing traffic on port 25. This is apparently some kind of anti-spam protection, but leads to much fun trying to get a server to send emails...
tunelko, TheHiveMind, Z, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4030 times.