The gizmore conspiracy
Global Rank: 253
Totalscore: 87267
Posts: 1636
Thanks: 1338
UpVotes: 886
Registered: 16y 64d
Last Seen: 11h 52m
The User is Offline
The gizmore conspiracy
May 22, 2015 - 04:14:03 (8y 335d)
May 22, 2015 - 04:14:03 (8y 335d)
Probably a few people figured something happened to myself and the servers i "maintain".
Indeed, a lot happened, and finally i checked one weird thing that puzzled me.
I was not able to send emails via this smtpd anymore.
My first thought, in my crazy times, was... that some evil "Man In The Middle" drops my packets when i send out the mails... and it looks like i was right!
I did not change any configs on client or server when it stopped working.
Some servers, like gmx or yahoo still work.
Today i checked mail logs and saw that no traffic passes through.
I disabled firewall => still no connect
Tried from a different box/vps => works!
Changed submission port from 587 to 588 => works also from home! WTF
It really looks like someone thinks i am not allowed to send mails from my own mailservers anymore
Also port 25 and 465 are blocked to my own vps.
The telnet just hangs waiting for connection.
When i now try the closed 587 => telnet still hangs
When i try a closed port like 12233 => telnet immediately quits
Am i missing something in my conspiracy theory?
Happy Challenging!
gizmore
Indeed, a lot happened, and finally i checked one weird thing that puzzled me.
I was not able to send emails via this smtpd anymore.
My first thought, in my crazy times, was... that some evil "Man In The Middle" drops my packets when i send out the mails... and it looks like i was right!
I did not change any configs on client or server when it stopped working.
Some servers, like gmx or yahoo still work.
Today i checked mail logs and saw that no traffic passes through.
I disabled firewall => still no connect
Tried from a different box/vps => works!
Changed submission port from 587 to 588 => works also from home! WTF
It really looks like someone thinks i am not allowed to send mails from my own mailservers anymore
Also port 25 and 465 are blocked to my own vps.
The telnet just hangs waiting for connection.
When i now try the closed 587 => telnet still hangs
When i try a closed port like 12233 => telnet immediately quits
Am i missing something in my conspiracy theory?
Happy Challenging!
gizmore
The geeks shall inherit the properties and methods of object earth.
Global Rank: 1
Totalscore: 759882
Posts: 431
Thanks: 491
UpVotes: 456
Registered: 14y 267d
The User is Offline
RE: The gizmore conspiracy
May 22, 2015 - 05:07:11 (8y 335d)
May 22, 2015 - 05:07:11 (8y 335d)
So what you are saying is that some ports are blocked when you try to connect from home to the server.
What do you mean with "Some servers, like gmx or yahoo still work."? This suggest that there are more servers that it doesn't work for.
"I disabled firewall" On PC? Router? Server?
Have you tried traceroute to compare 587 to 588? If everyone plays along, it should make clear where the packets are dropped.
What do you mean with "Some servers, like gmx or yahoo still work."? This suggest that there are more servers that it doesn't work for.
"I disabled firewall" On PC? Router? Server?
Have you tried traceroute to compare 587 to 588? If everyone plays along, it should make clear where the packets are dropped.
Global Rank: 253
Totalscore: 87267
Posts: 1636
Thanks: 1338
UpVotes: 886
Registered: 16y 64d
Last Seen: 11h 52m
The User is Offline
RE: The gizmore conspiracy
May 23, 2015 - 11:02:57 (8y 333d)
May 23, 2015 - 11:02:57 (8y 333d)
A traceroute works fine on both ports, so i suppose only tcp/ip is blocked.
Affected are only my own mailservers, so there seems to be a special rule for just these connections.
Affected are only my own mailservers, so there seems to be a special rule for just these connections.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 1
Totalscore: 759882
Posts: 431
Thanks: 491
UpVotes: 456
Registered: 14y 267d
The User is Offline
RE: The gizmore conspiracy
May 23, 2015 - 16:44:23 (8y 333d)
May 23, 2015 - 16:44:23 (8y 333d)
Make sure you use TCP for traceroute (default is probably UDP); if traceroute works fine, so should normal connections.
Global Rank: 253
Totalscore: 87267
Posts: 1636
Thanks: 1338
UpVotes: 886
Registered: 16y 64d
Last Seen: 11h 52m
The User is Offline
RE: The gizmore conspiracy
May 23, 2015 - 18:58:24 (8y 333d)
May 23, 2015 - 18:58:24 (8y 333d)
Thanks. Here is the output of 4 combinations
GeSHi`ed text code
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 18 19 2021 22 23 24 2526 27 28 29 3031 32 33 34 3536 37 38 39 4041 42 43 44 4546 47 48 49 5051 52 53 54 55 | giz gizmore # tcptraceroute wechall.net 588 Selected device eth0, address 192.168.0.4, port 33768 for outgoing packets Tracing the path to wechall.net (176.28.31.8) on TCP port 588, 30 hops max 1 192.168.0.1 0.288 ms 0.189 ms 0.232 ms 2 192.168.2.1 1.136 ms 1.115 ms 1.097 ms 3 217.0.119.43 9.181 ms 9.110 ms 8.821 ms 4 87.186.199.94 8.834 ms 8.715 ms 8.805 ms 5 217.239.50.89 14.015 ms 13.586 ms 13.620 ms 6 62.157.250.114 14.029 ms 13.914 ms 14.015 ms 7 xe-0-2-0.dr-master.r2.cgn3.he-core.de (176.28.4.50) 14.457 ms 13.860 ms 15.608 ms 8 s192.alfahosting-vps.de (176.28.5.72) 14.853 ms 14.325 ms 14.474 ms 9 wechall.net (176.28.31.8) [open] 14.836 ms 14.543 ms 15.709 ms giz gizmore # tcptraceroute wechall.net 587Selected device eth0, address 192.168.0.4, port 58850 for outgoing packets Tracing the path to wechall.net (176.28.31.8) on TCP port 587 (submission), 30 hops max 1 192.168.0.1 0.293 ms 0.157 ms 0.282 ms 2 192.168.2.1 1.265 ms 1.241 ms 1.235 ms 3 * *^C giz gizmore # traceroute wechall.net 587 traceroute to wechall.net (176.28.31.8), 30 hops max, 587 byte packets 1 192.168.0.1 (192.168.0.1) 0.333 ms 0.345 ms 0.462 ms 2 speedport.ip (192.168.2.1) 2.876 ms 2.887 ms 2.998 ms 3 217.0.119.43 (217.0.119.43) 11.204 ms 11.244 ms 11.501 ms 4 87.186.199.94 (87.186.199.94) 17.161 ms 17.197 ms 17.247 ms 5 217.239.50.94 (217.239.50.94) 18.714 ms 217.239.50.86 (217.239.50.86) 24.728 ms 24.770 ms 6 62.157.250.114 (62.157.250.114) 24.815 ms 14.946 ms 17.286 ms 7 xe-0-1-0.dr-master.r2.cgn3.he-core.de (176.28.4.46) 17.612 ms 17.656 ms 22.872 ms 8 s192.alfahosting-vps.de (176.28.5.72) 23.462 ms 23.593 ms 23.587 ms 9 wechall.net (176.28.31.8) 23.696 ms 23.851 ms 23.848 ms giz gizmore # traceroute wechall.net 588 traceroute to wechall.net (176.28.31.8), 30 hops max, 588 byte packets 1 192.168.0.1 (192.168.0.1) 0.323 ms 0.347 ms 0.463 ms 2 speedport.ip (192.168.2.1) 2.772 ms 2.772 ms 2.880 ms 3 217.0.119.43 (217.0.119.43) 10.716 ms 10.810 ms 12.611 ms 4 87.186.199.94 (87.186.199.94) 12.656 ms 12.949 ms 12.993 ms 5 217.239.50.86 (217.239.50.86) 17.395 ms 217.239.50.70 (217.239.50.70) 18.124 ms 18.511 ms 6 62.157.250.114 (62.157.250.114) 19.702 ms 14.805 ms 15.046 ms 7 xe-0-1-0.dr-master.r2.cgn3.he-core.de (176.28.4.46) 15.068 ms 15.780 ms 15.824 ms 8 s192.alfahosting-vps.de (176.28.5.72) 17.223 ms 15.367 ms 15.759 ms 9 wechall.net (176.28.31.8) 16.033 ms 17.353 ms 18.511 ms OH... and port 25, which should be open giz gizmore # tcptraceroute wechall.net 25 Selected device eth0, address 192.168.0.4, port 54618 for outgoing packets Tracing the path to wechall.net (176.28.31.8) on TCP port 25 (smtp), 30 hops max 1 192.168.0.1 0.282 ms 0.214 ms 0.377 ms 2 192.168.2.1 1.167 ms 1.139 ms 1.149 ms 3 * * * |
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - May 23, 2015 - 19:00:49
Global Rank: 1
Totalscore: 759882
Posts: 431
Thanks: 491
UpVotes: 456
Registered: 14y 267d
The User is Offline
RE: The gizmore conspiracy
May 23, 2015 - 19:35:25 (8y 333d)
May 23, 2015 - 19:35:25 (8y 333d)
Seems your ISP has decided to block SMTP then...
I've known about them blocking it for incoming connection or SMTP servers blocking users with dynamic IP addresses, but I've been told in IRC that some providers now also started blocking outgoing connections.
I've known about them blocking it for incoming connection or SMTP servers blocking users with dynamic IP addresses, but I've been told in IRC that some providers now also started blocking outgoing connections.
Global Rank: 253
Totalscore: 87267
Posts: 1636
Thanks: 1338
UpVotes: 886
Registered: 16y 64d
Last Seen: 11h 52m
The User is Offline
RE: The gizmore conspiracy
May 23, 2015 - 20:08:43 (8y 333d)
May 23, 2015 - 20:08:43 (8y 333d)
Funny is that i did not send mass emails and only two servers are affected...
thanks for confirmation
thanks for confirmation
The geeks shall inherit the properties and methods of object earth.
Global Rank: 253
Totalscore: 87267
Posts: 1636
Thanks: 1338
UpVotes: 886
Registered: 16y 64d
Last Seen: 11h 52m
The User is Offline
RE: The gizmore conspiracy
Jan 13, 2018 - 00:12:48 (6y 98d)
Jan 13, 2018 - 00:12:48 (6y 98d)
OK.... i was paranoid.
The reason was: many routers now block email sending until the smtp servers are whitelisted.
The reason was: many routers now block email sending until the smtp servers are whitelisted.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 34
Totalscore: 290941
Posts: 164
Thanks: 157
UpVotes: 171
Registered: 16y 47d
Last Seen: 9h 58m
The User is Offline
RE: The gizmore conspiracy
Feb 16, 2018 - 19:14:19 (6y 63d)
Feb 16, 2018 - 19:14:19 (6y 63d)
Fun fact: This works the other way round too.
AWS for example, blocks all outgoing traffic on port 25. This is apparently some kind of anti-spam protection, but leads to much fun trying to get a server to send emails...
AWS for example, blocks all outgoing traffic on port 25. This is apparently some kind of anti-spam protection, but leads to much fun trying to get a server to send emails...
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, JanLitwin17, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 7130 times.
1 people are watching the thread at the moment.
This thread has been viewed 7130 times.