Can a ISP block partially the traffic over the port 25 ??

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Can a ISP block partially the traffic over the port 25 ??

kazabe
Hi,

I'm have a very strange issue with a mail server, locate in the main
company office.  Until the last five weeks we are experimenting
problems to deliver emails to some domains stored on outlook.com and
other servers.  We message stay on our queue with the status 442 like
this:

"dsn=4.4.2, status=deferred (lost connection with
mail.server.com[XX.XX.X.XX] while receiving the initial server
greeting)."

We discard from our side any issue related with rbl, wrong ehlo
config, spf, dkim and firewall but the issue continue.

I connect my own laptop directly to the ISP router (to discard our
mail server or firewall completly), and do some connection test with
this results:

Check ports 25,587,465 on the remote mail server (mail.server.com)

Host is up (0.019s latency).
PORT    STATE SERVICE
25/tcp  open  smtp
465/tcp open  smtps
587/tcp open  submission

telnet to the port 25

=================
telnet mail.server.com 25
Trying XX.XX.XX.XX...
Connected to mail.server.com.
Escape character is '^]'.
ehlo localhost
452 syntax error (connecting)

452 syntax error (connecting)

452 syntax error (connecting)

452 syntax error (connecting)

421 too many errors
Connection closed by foreign host.
==================

This connection was not completly stabilshed.

Now, telnet to the same server on port 587

==================
telnet mail.server.com 587
Trying XX.XX.XX.XX...
Connected to mail.server.com.
Escape character is '^]'.
220 mail.server.com ESMTP Postfix
ehlo localhost
250-mail.server.com
250-PIPELINING
250-SIZE 51200000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
======================

Connection stablished correctly.

This dont happen with all the servers, but i see to is a common issue
when the destination server have other isp.

So, this is the question: why if both ports are "open", just the 587
permit to complete the connection?

Is possible to the ISP have some internal rules to "block" the traffic
related with some connections related with the port 25 of others ISP?
(i do the same test with 10 email servers where i know to use our same
ISP without problems)?

Im confused because this issue dont happen with all the port 25
connections;  just with some email servers, specially outlook.com, but
microsoft answer us to they dont have problems related with our IP.

Thanks a lot.
Reply | Threaded
Open this post in threaded view
|

Re: Can a ISP block partially the traffic over the port 25 ??

Philip Paeps
On 2018-06-28 07:25:43 (-0500), kazabe wrote:
>I'm have a very strange issue with a mail server, locate in the main
>company office.  Until the last five weeks we are experimenting
>problems to deliver emails to some domains stored on outlook.com and
>other servers.  We message stay on our queue with the status 442 like
>this:
>
>"dsn=4.4.2, status=deferred (lost connection with
>mail.server.com[XX.XX.X.XX] while receiving the initial server
>greeting)."

This means you're not getting the 220 greeting from the server you're
connecting to.

>telnet to the port 25
>
>=================
>telnet mail.server.com 25
>Trying XX.XX.XX.XX...
>Connected to mail.server.com.
>Escape character is '^]'.
>ehlo localhost
>452 syntax error (connecting)

You cannot send your EHLO until you receive the 220 greeting from the
server.

>So, this is the question: why if both ports are "open", just the 587
>permit to complete the connection?

Maybe your ISP or some other middlebox is redirecting traffic to port 25
to a proxy that does not send a 220 greeting for certain reasons.

>Is possible to the ISP have some internal rules to "block" the traffic
>related with some connections related with the port 25 of others ISP?  
>(i do the same test with 10 email servers where i know to use our same
>ISP without problems)?

Yes.  This is possible.  And this is what seems to be happening.

>Im confused because this issue dont happen with all the port 25
>connections;  just with some email servers, specially outlook.com, but
>microsoft answer us to they dont have problems related with our IP.

Whoever is running the middlebox may only be selectively interfering
with connections.

Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information
Reply | Threaded
Open this post in threaded view
|

Re: Can a ISP block partially the traffic over the port 25 ??

Dominic Raferd
In reply to this post by kazabe


On Thu, 28 Jun 2018 at 13:27, kazabe <[hidden email]> wrote:
Hi,

I'm have a very strange issue with a mail server, locate in the main
company office.  Until the last five weeks we are experimenting
problems to deliver emails to some domains stored on outlook.com and
other servers.  We message stay on our queue with the status 442 like
this:

"dsn=4.4.2, status=deferred (lost connection with
mail.server.com[XX.XX.X.XX] while receiving the initial server
greeting)."

We discard from our side any issue related with rbl, wrong ehlo
config, spf, dkim and firewall but the issue continue.

I connect my own laptop directly to the ISP router (to discard our
mail server or firewall completly), and do some connection test 
​...​

 
This dont happen with all the servers, but i see to is a common issue
when the destination server have other isp.

So, this is the question: why if both ports are "open", just the 587
permit to complete the connection?

Is possible to the ISP have some internal rules to "block" the traffic
related with some connections related with the port 25 of others ISP?
(i do the same test with 10 email servers where i know to use our same
ISP without problems)?

Im confused because this issue dont happen with all the port 25
connections;  just with some email servers, specially outlook.com, but
microsoft answer us to they dont have problems related with our IP.

Some ISPs may do this, I have seen something like it in Turkey. Could it also be that you are sending from dynamic ip and it is being rejected for this reason?
In any case the solution is to relay emails through another server (which doesn't have the same problem) using STARTTLS on port 587.
Reply | Threaded
Open this post in threaded view
|

Re: Can a ISP block partially the traffic over the port 25 ??

Matus UHLAR - fantomas
In reply to this post by kazabe
On 28.06.18 07:25, kazabe wrote:
>I'm have a very strange issue with a mail server, locate in the main
>company office.  Until the last five weeks we are experimenting
>problems to deliver emails to some domains stored on outlook.com and
>other servers.  We message stay on our queue with the status 442 like
>this:
>
>"dsn=4.4.2, status=deferred (lost connection with
>mail.server.com[XX.XX.X.XX] while receiving the initial server
>greeting)."

>telnet to the port 25
>
>=================
>telnet mail.server.com 25
>Trying XX.XX.XX.XX...
>Connected to mail.server.com.
>Escape character is '^]'.
>ehlo localhost
>452 syntax error (connecting)

>Now, telnet to the same server on port 587
>
>==================
>telnet mail.server.com 587
>Trying XX.XX.XX.XX...
>Connected to mail.server.com.
>Escape character is '^]'.
>220 mail.server.com ESMTP Postfix
>ehlo localhost
>250-mail.server.com
>250-PIPELINING


>This dont happen with all the servers, but i see to is a common issue
>when the destination server have other isp.
>
>So, this is the question: why if both ports are "open", just the 587
>permit to complete the connection?
>
>Is possible to the ISP have some internal rules to "block" the traffic
>related with some connections related with the port 25 of others ISP?

It's quite common that ISPs don't allow end-users to connect to port 25 to
prevent spam - end-users should use their mail providers' servers to send
mail, not send mail directly to mail - that's what spammers to.

If you have static address and mail server, you can ask your ISP to allow
connection to port 25.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...