[ previous ] [ next ] [ threads ]
 
 From:  Anders Hagman <anders dot hagman at netplex dot se>
 To:  e+p <elgerb at hotmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] port 25
 Date:  Tue, 02 Jan 2007 17:19:26 +0100
Hi
e+p skrev:

>I think I didn't make it quite clear what the issue is...
>Sending mail is no problem (so outgoing traffic on port 25 is no issue).
>Incoming mail (incoming on port 25) is an issue, the signal comes in over port 25, gets to my
mailserver (port 25), my mailserver sends a reply (I guess something like EHLO) from port 25 to the
mailsendig-server -> -that- message gets blocked by the firewall... :S
>
>  
>
To start from the beginning.

Before any transation  your  client-server pair must start a TCP session.
<- syn
syn, ack ->
<- ack

After that, the  EHLO and so on starts.

Does the TCP "session start" get though or  is it the (syn,ack) packet 
from your server you see in the firewall log?

How fast after the client request do you see the server respons packet 
in the firewall log?

If you have a large time difference (>10 sec) you can have the same 
problem as I.
Your provider does not allow incomming mail on port 25. And what you see 
in the
firewall log is the timed out TCP session.

>>Date: Mon, 1 Jan 2007 18:16:54 +0200> From: kimmo dot jaskari at gmail dot com> To: m0n0wall at lists dot m0n0 dot ch>
Subject: Re: [m0n0wall] port 25> > On 1/1/07, Christoph Hanle <christoph dot hanle at leinpfad dot de> wrote:>
> e+p wrote:> > > I can't figure out why external mailservers can't reach my mailserver.I've
forwarded port 25 to the internal ipaddress of my mailserver (the NAT & rule).But when I look in the
logging, port 25 seems to be natted to my mailserver but when my mailserver replyes the reply is
being blocked my the firewall.It doesn't make a difference if I add a rule to allow traffic from
internal mailserver port 25 to any ipaddress/any port. Can anyone help me out?? TIA> > > Error, you
have a misunderstanding of source- and destinationport.> > the destinationport is always port 25. so
you need an outgoing rule> > like: allow my mailserver TCP all to port 25 TCP,address 0.0.0.0.> > In
fact you need rules to allow traffic on port 25 both in and out. In> addition, you might want to add
port 587, the "submission" port.> > If you're on a (home) DSL or cable, keep in mind that some ISP's
do> block traffic on port 25 these days to keep down the spam and virus> floods that propagate
themselves via mail. You can always try the> tried-and-true approach of using telnet to connect to
an external> mailserver on port 25 to see if you get a response. The block may not> be in your
firewall, that is, it may be externally imposed by your> ISP.> > -- > -{ Kimmo Jaskari }--{
kimmo dot jaskari at gmail dot com }--> > "In the beginning the Universe was created. This made a lot of
people> very angry and has been widely regarded as a bad move."> - "Hitchhikers Guide", Douglas
Adams> > ---------------------------------------------------------------------> To unsubscribe,
e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch> For additional commands, e-mail:
m0n0wall dash help at lists dot m0n0 dot ch> 
>>    
>>
>_________________________________________________________________
>Probeer Live.com: jouw leven online met nieuws, sport, weer en nog veel meer.
>http://www.live.com/getstarted
>  
>