[afnog] mail problem

Ayitey Bulley abulley at ghana.com
Wed Apr 19 19:23:09 EAT 2006 

Hi

You could also use tcptraceroute or tracetcp (for windows) and do traceroutes 
on ports 110 and 25, it may point you to where your packets are being 
dropped.

tcptraceroute <ip address or hostname> <port>
tracetcp <ip address or hostname>:<port>

root at noc# tcptraceroute mail.avsi.org 25
Selected device fxp0, address 80.87.64.56, port 57357 for outgoing packets
Tracing the path to mail.avsi.org (81.208.64.123) on TCP port 25, 30 hops max
 1  gt-fw-64-254.ghanatel.com.gh (80.87.64.254)  10.203 ms  9.337 ms  9.951 ms
 2  rlchq901.ghanatel.com.gh (80.87.65.83)  9.976 ms  9.907 ms  9.963 ms
 3  rgwdsl01.ghanatel.com.gh (80.87.65.89)  9.942 ms  11.619 ms  9.962 ms
 4  hs-m10i-br-ge-0-1-0-vlan2.4u.com.gh (80.87.78.1)  9.863 ms  9.298 ms  
9.948 ms
 5  pos2-0.cr01.nyc02.pccwbtn.net (63.216.4.157)  183.392 ms  183.775 ms  
184.636 ms
 6  glbx.ge11-5.br02.ash01.pccwbtn.net (63.218.94.138)  184.191 ms  184.272 ms  
183.959 ms
 7  glbx.ge11-5.br02.ash01.pccwbtn.net (63.218.94.138)  184.848 ms  185.308 ms  
183.800 ms
 8  195.166.31.130 (195.166.31.130)  276.408 ms  275.979 ms  277.904 ms
 9  81-208-50-62.ip.fastwebnet.it (81.208.50.62)  434.454 ms  205.568 ms  
205.512 ms
10  62-101-93-10.ip.fastwebnet.it (62.101.93.10)  205.948 ms  205.537 ms  
205.730 ms
11  81-208-64-123.ip.fastwebnet.it (81.208.64.123) [open]  205.532 ms  206.170 
ms  205.778 ms


regards
Ayitey


On Wednesday 19 April 2006 13:05, Brian Candler wrote:
> On Wed, Apr 19, 2006 at 03:30:26PM +0300, Mike Barnard wrote:
> >    hmmm, this is intresting. unless in one  way or another they are
> >    blocking access from the address range i am using.  telnet sessions
> >    shown below.
> >    port 25...
> >    mail# telnet [5]mail.avsi.org 25
> >    Trying 81.208.64.123...
> >    telnet: connect to address [6]81.208.64.123: Operation timed out
> >    telnet: Unable to connect to remote host
>
> ...
>
> >    the
> >    output above is done from my mail server ( [17]mail.one2net.co.ug).
> >    since Richard and I run the same backbone network, can i safely
> >    conclude that they are blocking my address block from talking to them!
>
> Maybe not intentially.
>
> OK, next job:
>
> On mail.one2net.co.ug, run
>
>    # tcpdump -i eth0 -n -s1500 -v host 81.208.64.123
>
> and in another console do 'telnet 81.208.64.123 110'. Check that the TCP
> SYNs are seen going out, and no SYN ACKs seen coming back. (If they *are*
> seen coming back, then you have firewalling problems on your own host)
>
> Now, if you can get the cooperation of the sysadmin on mail.avsi.org, you
> can get them to do
>
>    # tcpdump -i eth0 -n -s1500 -v host 41.220.14.11
>
> and see if they see the incoming SYNs. If not, the packets are being
> dropped somewhere in between.
>
> You can look for the packets on intervening routers, with care. For
> example, on a Cisco router, if you create an access list 199 matching only
> packets with source or destination 81.208.64.123, then do
>
>     debug ip packet 199 detail
>     term mon  (or if you have a syslog server, just read the logs there)
>
> you should see the packet headers. It's risky, as you don't want to get
> your router bogged down processing too many packets in CPU or sending vast
> quantities of logs.
>
> As for successful sending of mail: send another test mail, check your mail
> logs to see which host the messages are being delivered to, and when the
> deliveries take place.
>
> Regards,
>
> Brian.
>
> _______________________________________________
> afnog mailing list

More information about the afnog mailing list