5

I have trouble connecting to an SMTP server from my PC. I use Debian sid.

telnet mail.example.com 25
Trying 12.23.34.45...
telnet: Unable to connect to remote host: Connection timed out

While from another Debian PC from outside my network:

telnet mail.example.com 25
Trying 12.23.34.45...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Exim 4.63 Mon, 02 Apr 2012 22:14:09 +0200

ping hangs forever as well, and when I hit Ctrl+C it says "100% packet loss". Finally, traceroute is full of asterisks:

traceroute mail.example.com
traceroute to mail.example.com (12.23.34.45), 30 hops max, 60 byte packets
1  * * *
2  * * *
3  * * *
...
27  * * *
28  * * *
29  * * *
30  * * *

When I run nmap against the server port 25:

nmap mail.example.com -p25

Starting Nmap 5.21 ( http://nmap.org ) at 2012-04-02 23:08 EEST
Nmap scan report for mail.example.com (12.23.34.45)
Host is up (0.090s latency).
PORT   STATE    SERVICE
25/tcp filtered smtp

Nmap done: 1 IP address (1 host up) scanned in 0.88 seconds

And finally my iptables:

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Any ideas? Thanks a lot for any help.

ctype.h
  • 205
  • 1
  • 3
  • 11
Root Null
  • 53
  • 1
  • 4
  • 3
    If your Debian computer can access the Internet generally, I would venture a guess that your ISP is blocking outgoing port 25 connections. Also assuming you're on a Residential connection there's no reason you should be making outgoing connections on Port 25. For normal outgoing e-mail you should contact your mail server on port 587 (the Mail Submission Agent port). Your ISP may have a procedure for removing the filtering if this is the case. – Chris S Apr 03 '12 at 02:09
  • thanks Chris.Too bad though that the server doesn't listen 587.I will contact my ISP – Root Null Apr 03 '12 at 16:04

2 Answers2

1

I think you have a netmask mismatch. Check the routing tables of your computer, router and mailserver.

Mircea Vutcovici
  • 17,619
  • 4
  • 56
  • 83
  • i dont have access to mailserver.could you please explain netmask mismatch?i googled it but found no docs:/ thanks for your time – Root Null Apr 02 '12 at 21:02
  • I think he'd be seeing a lot more problems than this one mail server if that was the case. – Chris S Apr 03 '12 at 02:13
  • For example on the router is 192.168.1.1/25 and 192.168.1.129/25, on the mail server it is 192.168.1.2/25 and on the PC it is 192.168.1.130/24. The PC will not be able to send packets to the mail server because the prefix length is /24 and should be /25. – Mircea Vutcovici Apr 03 '12 at 14:13
1

For a sanity check, I'd run a couple quick port checking services like:

Once you're confident that ONLY your Debian PC is having trouble, try connecting to some other well known mail providers (like gmail, yahoo, etc). That will help narrow down the scope of the issue. If you can't connect to any of them but still have end-to-end connectivity, then it would seem likely that there's a blocked port/service in the mix.

If you CAN connect to some of them, then I'd consider collecting a packet capture (from both sides) to confirm that certain packets aren't making it all the way.

Mike B
  • 11,871
  • 42
  • 107
  • 168
  • Yes, seems my ISP blocks port 25.i cant connect to google mail as well (port 25).the ssl port 465 works, but not 25 – Root Null Apr 03 '12 at 16:03