2

I have a situation where only one PC on a network (network is behind a single public IP address) can connect to the mail server on port 25 (send out emails using Outlook, perform successful telnet test). Previously, all the systems could, all of a sudden, only one can. I suspect there is some limiting on the hosts side, but I have not been able to confirm.

I would like to know if this is possible - limiting emails this way. The network has one public IP from ISP coming into a consumer router, which shares private IPs by dhcp among the PCs in the office - over 10 PCs.

Thank you for your help.

voretaq7
  • 79,879
  • 17
  • 130
  • 214
Ugorji Nnanna
  • 43
  • 1
  • 5
  • so you have admin rights on the PCs, but not the e-mail server they are trying to send mail to/through? Is the mail server on a remote network or on your LAN? – August May 28 '13 at 13:39
  • totally possible. Most Hosted Mail servers, have limits on the number of connections from a single IP address. but that being said. It doesn't seem like a throttle since that would affect all hosts behind your NAT. How does the connection fail? IE doesn't connect to port 25 at all? Do you haven an inbound NAT/forward for 25 off the single IP. Does your mail server support submission (Port 587) or SSL (465) to try? Have you tried rebooting "consumer" router? – Doon May 28 '13 at 13:51
  • There is no description of the problem here. You tell us that one system can connect to the mail server and the others can't. But there's no description whatsoever of precisely how you're trying to connect and precisely what goes wrong when you try. – David Schwartz May 28 '13 at 14:21
  • If you do not have access to the server, then this may be better over at superuser? – jeffatrackaid May 28 '13 at 15:02
  • Thank you for all the comments. Thank you August, mail server is on a remote LAN. @Doon, yes, that is what I was thinking, that all hosts would be affected, but I'm having one PC alone working which means there is limiting to just one PC. This has happened twice. I got the ISP to change the public IP, and after the change everything got working, and then again, same thing - only one PC able to connect to the mail server on port 25. How the connection fails - yes, the computers do not connect to port 25 at all. I tried telnet on the various PCs to port 25 on the mail server. – Ugorji Nnanna May 28 '13 at 17:07
  • @Doon The telnet test was successful on the single system that was connecting (still able to send on Outlook) but the telnet test failed on other PCs. Odd. Yes, router was rebooted. I have not been able to verify about the other ports, having problems getting access to host. 25 is allowed on IP by ISP. I'm not exactly sure what you mean by the inbound NAT question so can't answer properly. Thank you a lot Doon for your helpful insights. – Ugorji Nnanna May 28 '13 at 17:15
  • Thank you @DavidSchwartz. I wrote two connection methods - sending out mail through Outlook (port 25 - outgoing port in the settings), and also connecting by telnet to the server on port 25. For the one PC that works, both work, for the others, telnet connection fails, sending out mails fail with message (Outlook cannot connect to your outgoing (SMTP) e-mail server. – Ugorji Nnanna May 28 '13 at 17:21
  • @jeffatrackaid. thanks for the recommendation. I'll apply subsequently. – Ugorji Nnanna May 28 '13 at 17:25

1 Answers1

1

There are many possible places where a limit like that could be placed, the router itself could put the limit, I've seen consumer grade routers that do per-ip and per-network connection limiting. It could also be further up the chain, anywhere between the router and the mail server. Does the ISP have limits on port 25 access, or do they make rules about the amount of users who can share a connection? Also, it could be the mailserver itself (unless it's yours) some mail servers can implement connection limiting, either on the firewall level, or even on the protocol level.

NickW
  • 10,263
  • 1
  • 20
  • 27
  • Thank you a lot @NickW. I eliminated the router and the ISP because I know the ISP allowed port 25 on the IP addresses, and there is no limit on amount of users on the IP. We tried another IP address from the ISP, and all the users were able to send out again using same consumer grade router. Thanks for confirming that some mail servers can implement connection limiting. This is most likely what is happening. Will check with the mail hosts. – Ugorji Nnanna May 28 '13 at 16:58
  • I'd like to ask for your help. Do you know any specific mail server which can carry out connection limiting this way - limit to one private IP behind a NAT, can you point me to any documentation. I'd like to check it out, see the possibilities as we're trying to confirm what the issue might be, and the host isn't being very helpful. Thank you. – Ugorji Nnanna May 30 '13 at 07:30
  • 1
    Yeah, with postfix you can install things like http://www.policyd.org/ which can stop multiple connections from a single IP (in the end, NAT looks like a single IP to the other side) and I can point to 100 firewalls which can do the same thing.. even iptables. – NickW May 30 '13 at 08:17
  • Thank you a lot for the informaiton. I am looking up policyd.org now. – Ugorji Nnanna May 30 '13 at 09:21