[ previous ] [ next ] [ threads ]
 
 From:  e+p <elgerb at hotmail dot com>
 To:  Anders Hagman <anders dot hagman at netplex dot se>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] port 25
 Date:  Tue, 2 Jan 2007 19:23:27 +0100
It's the syn,ack signal that's being blocked...
The syn from the external mailserver gets through (I guess it's the ack what is being sent back by
my server to let the delivering mailserver know that it can sent its message) and the ack gets
blocked...



> Date: Tue, 2 Jan 2007 17:19:26 +0100> From: anders dot hagman at netplex dot se> To: elgerb at hotmail dot com> CC:
m0n0wall at lists dot m0n0 dot ch> Subject: Re: [m0n0wall] port 25> > Hi> e+p skrev:> > >I think I didn't make
it quite clear what the issue is...> >Sending mail is no problem (so outgoing traffic on port 25 is
no issue).> >Incoming mail (incoming on port 25) is an issue, the signal comes in over port 25, gets
to my mailserver (port 25), my mailserver sends a reply (I guess something like EHLO) from port 25
to the mailsendig-server -> -that- message gets blocked by the firewall... :S> >> > > >> To start
from the beginning.> > Before any transation your client-server pair must start a TCP session.> <-
syn> syn, ack ->> <- ack> > After that, the EHLO and so on starts.> > Does the TCP "session start"
get though or is it the (syn,ack) packet > from your server you see in the firewall log?> > How fast
after the client request do you see the server respons packet > in the firewall log?> > If you have
a large time difference (>10 sec) you can have the same > problem as I.> Your provider does not
allow incomming mail on port 25. And what you see > in the> firewall log is the timed out TCP
session.> > >>Date: Mon, 1 Jan 2007 18:16:54 +0200> From: kimmo dot jaskari at gmail dot com> To:
m0n0wall at lists dot m0n0 dot ch> Subject: Re: [m0n0wall] port 25> > On 1/1/07, Christoph Hanle
<christoph dot hanle at leinpfad dot de> wrote:> > e+p wrote:> > > I can't figure out why external mailservers
can't reach my mailserver.I've forwarded port 25 to the internal ipaddress of my mailserver (the NAT
& rule).But when I look in the logging, port 25 seems to be natted to my mailserver but when my
mailserver replyes the reply is being blocked my the firewall.It doesn't make a difference if I add
a rule to allow traffic from internal mailserver port 25 to any ipaddress/any port. Can anyone help
me out?? TIA> > > Error, you have a misunderstanding of source- and destinationport.> > the
destinationport is always port 25. so you need an outgoing rule> > like: allow my mailserver TCP all
to port 25 TCP,address 0.0.0.0.> > In fact you need rules to allow traffic on port 25 both in and
out. In> addition, you might want to add port 587, the "submission" port.> > If you're on a (home)
DSL or cable, keep in mind that some ISP's do> block traffic on port 25 these days to keep down the
spam and virus> floods that propagate themselves via mail. You can always try the> tried-and-true
approach of using telnet to connect to an external> mailserver on port 25 to see if you get a
response. The block may not> be in your firewall, that is, it may be externally imposed by your>
ISP.> > -- > -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--> > "In the beginning the Universe was
created. This made a lot of people> very angry and has been widely regarded as a bad move."> -
"Hitchhikers Guide", Douglas Adams> >
---------------------------------------------------------------------> To unsubscribe, e-mail:
m0n0wall dash unsubscribe at lists dot m0n0 dot ch> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch> >
>> > >>> >_________________________________________________________________> >Probeer Live.com: jouw
leven online met nieuws, sport, weer en nog veel meer.> >http://www.live.com/getstarted> > > >> > 
_________________________________________________________________
Probeer Live.com: je eigen persoonlijke opstartpagina met alleen de dingen die jij belangrijk vindt

http://www.live.com/getstarted