inbound connections blocked |
Post Reply 
|
| Author | |
gillonba 
Newbie 
Joined: 30 April 2008 Status: Offline Points: 33 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: inbound connections blockedPosted: 24 July 2009 at 12:45pm |
|
We have been troubleshooting an issue where a particular sender has been unable to send mail via our spam filters when their firewall is blocking port 25.
We have been working with this sender for a number of days now. They have been able to relay mail to us from one of their servers, but the other one cannot. Messages build up in queue but cannot be delivered. They can send mail to everyone else just fine, but according to their logs whenever they try to send to our server they get a connection refused message. We verified the IP and they are attempting to send to our spam servers, which is correct. We cannot find any connection attempts from their IP in our Spam Filter logs. When they try to telnet in to our servers from the affected server, they immediately receive a connection refused message. We can telnet in from other servers. We did come up with a breakthrough when they unblocked port 25 on their server. Suddenly the queue cleared out. Connections started appearing in our logs from their IP address. When they blocked the port again, suddenly delivery stopped. So the question is: is there some sort of blocking mechanism in the spam filter that verifies that we can reach the sender? Is it part of the greylist, perhaps? Is there a way to disable this check for this sender? |
|
 |
|
|
Desperado
Senior Member 
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 24 July 2009 at 2:43pm |
|
Port 25 is what the servers use to communicate back and forth on. If port 25 is blocked, the mail servers can't talk ... fairly simple.
|
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 24 July 2009 at 3:43pm |
|
gillonba,
As Desperado correctly pointed out, internet email traffic occurs on port 25. If the sender is blocking port 25 on on their firewall, then their firewall (not SpamFilter) will block all outgoing connections out to the internet. To confirm this, you saw that there are indeed no connection attempts in SpamFilter from their remote IP. This is again because their own firewall is preventing SMTP traffic to leave their network. In order to send outgoing emails, their administrators will need to allow outgoing connections on port 25. They can still leave incoming connections blocked, but the outgoing ones must be allowed.
|
|
|
|
|
gillonba
Newbie
Joined: 30 April 2008 Status: Offline Points: 33 |
Post Options
Thanks(0)
Quote Reply
Posted: 24 July 2009 at 4:21pm |
|
I'm sorry if I wasn't clear:
outbound connections are open, inbound connections are blocked.
The server in question sends mail to other servers just fine. According to them, the ONLY server they have trouble sending to is ours. I didn't think we would need to contact their server to receive from them, but I thought I'd ask
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 24 July 2009 at 7:53pm |
|
gillonba,
It's possible the administrator(s) of the sender's domain are not troubleshooting this correctly. SpamFilter accepts incoming SMTP traffic on TCP port 25, which is the RFC requirement to process internet emails. When a remote server establishes a TCP connection to port 25 on SpamFilter, the "return" TCP traffic from SpamFilter to the remote server will occur on a random TCP port established by the remote server (this can be any port except port 25). SpamFilter will never attempt to contact back the remote server when processing incoming emails. If the remote administrators are stating that unblocking "inbound" port 25 on their firewall solves the problem, I would have to doubt the accuracy of that statement, as there is absolutely no traffic from SpamFilter to the remote port 25. I checked the domain name for the email address you used to signup on this forum. If this is the domain to which these failed email attempts are being sent, we can see you have 3 MX records for the domain, and on each one of them you have SpamFilter running. You are running v4.1.2.812 on the first 2 MX records, and v4.0.1.786 on the 3rd MX record. The version mismatch on one server has absolutely no impact. I do see however that you have enabled greylisting on all 3 servers. While this will cause an initial delay of possibly a few hours for the very first email to be received from a remote server, after that first email is received there will never be any problems in the future. In addition, even with greylisting enabled you will see the IP address of the remote server's connection attempt being logged in SpamFilter's activity logfile. When you said
|
|
|
|
Topic Options
gillonba wrote:|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.188 seconds.