[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Problem with port 25
 Date:  Sat, 22 Mar 2008 16:29:59 +0000
Hi,

>I have recently had to change my external IPs, and I have at the same
>time installed version 1.233. I experience now the following problem.
>
>I have a NAT configuration that sends port 25 on the WAN to a host on my
>internal network. On the internal network I can telnet to port 25 and
>everything is fine. From the external network, this is what I get:
>
>telnet mysmtp 25
>Trying xxx.xxx.xxx.xxx...
>Connected to mysmtp.
>Escape character is '^]'.
>220 ***************
>ehlo sample.com
>250-mysmtp
>250-PIPELINING
>250-SIZE 31000000
>250-ETRN
>250-XXXXXXXA
>250-ENHANCEDSTATUSCODES
>250-8BITMIME
>250 DSN
>
>The response is somewhat garbled. Delivery of email works, but because
>the ehlo does not return STARTTLS the communication is never encrypted.
>
>What puzzles me no end, is that if I NAT another port (I have tried 2525
>and 23), the response is ok
>
>telnet mysmtp 2525
>Trying xxx.xxx.xxx.xxx...
>Connected to mysmtp.
>Escape character is '^]'.
>220 mysmtp ESMTP
>ehlo sample.com
>250-mysmtp
>250-PIPELINING
>250-SIZE 31000000
>250-ETRN
>250-STARTTLS
>250-ENHANCEDSTATUSCODES
>250-8BITMIME
>250 DSN
>
>Does this ring a bell with anybody?

I've not seen this before but one thing you can do is to run a tcpdump
(or wireshark) against port 25 on your mail server and then attempt an
SMTP connection from outside your network.

At least you will see if your mail server is answering appropriately.  A
packet capture from m0n0wall's WAN interface would also be good
(assuming you have the capability).

This couldn't be your ISP proxying the request and forcibly disabling
encryption so they can scan your traffic?

HTH,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk