[afnog] mail problem

[Brian Candler]

On Wed, Apr 19, 2006 at 03:30:26PM +0300, Mike Barnard wrote:
>    hmmm, this is intresting. unless in one  way or another they are
>    blocking access from the address range i am using.  telnet sessions
>    shown below.
>    port 25...
>    mail# telnet [5]mail.avsi.org 25
>    Trying 81.208.64.123...
>    telnet: connect to address [6]81.208.64.123: Operation timed out
>    telnet: Unable to connect to remote host
...
>    the
>    output above is done from my mail server ( [17]mail.one2net.co.ug).
>    since Richard and I run the same backbone network, can i safely
>    conclude that they are blocking my address block from talking to them!

Maybe not intentially.

OK, next job:

On mail.one2net.co.ug, run

   # tcpdump -i eth0 -n -s1500 -v host 81.208.64.123

and in another console do 'telnet 81.208.64.123 110'. Check that the TCP
SYNs are seen going out, and no SYN ACKs seen coming back. (If they *are*
seen coming back, then you have firewalling problems on your own host)

Now, if you can get the cooperation of the sysadmin on mail.avsi.org, you
can get them to do

   # tcpdump -i eth0 -n -s1500 -v host 41.220.14.11

and see if they see the incoming SYNs. If not, the packets are being dropped
somewhere in between.

You can look for the packets on intervening routers, with care. For example,
on a Cisco router, if you create an access list 199 matching only packets
with source or destination 81.208.64.123, then do

    debug ip packet 199 detail
    term mon  (or if you have a syslog server, just read the logs there)

you should see the packet headers. It's risky, as you don't want to get your
router bogged down processing too many packets in CPU or sending vast
quantities of logs.

As for successful sending of mail: send another test mail, check your mail
logs to see which host the messages are being delivered to, and when the
deliveries take place.

Regards,

Brian.