Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am having an issue communicating with the smtp server on my ISP network using thunderbird. Will nmap tell me if port 25 in being blocked internally? IF it will then I know to adjust my firewall accordingly
Last edited by metallica1973; 08-07-2006 at 01:21 PM.
So you think the problem maybe your gateway blocking the requests to your isp? What are your outgoing rules and do you allowed ESTABLISHED, RELATED in through your INPUT or FORWARD rules? ( I think if you didnt then other stuff would not be working unless you did it port by port )
I think its probably your isp blocking outgoing mail ( like mine does ) to stop zombies from spamming. If you are sure your mail settings are correct and the mails dont go through then this is probably the case. You could google ....... <your isp here> "blocked ports"" ... and you should be able to find a list of ports your isp blocks.
Many ISPs do block traffic from their customers outbound to port 25 unless it's to their own SMTP server. If I'm reading your post properly, you're having problems connecting to your ISP's SMTP server - that shouldn't be a problem. Yes, nmap can be used. A simple connect scan of port 25 would be:
I cannot figure out what it is. I am not having any problem on an other machine just this one so that rules out the firewall being the issue. What is SElinux and could that be the issue. I can ping the smtp server at my ISP?
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-08-07 16:37 EDT
Interesting ports on dnscache1.ashbva.adelphia.net (24.51.98.194):
PORT STATE SERVICE
25/tcp closed smtp
Nmap finished: 1 IP address (1 host up) scanned in 0.082 seconds
If that is the case then how are the other computer able to send e-mail?
Last edited by metallica1973; 08-07-2006 at 04:11 PM.
If the Linux box can't connect out to your ISP's SMTP server, but your other boxes can connect through your Linux box to the same SMTP server, then it probably is your firewall. As tgo mentioned, there are several different paths packets can take - packets from your box travel on OUTPUT and packets through your box travel on FORWARD.
Can you post the output of iptables -L -v so that we can see what rules are in effect?
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-08-07 19:42 EDT
Interesting ports on mail.adelphia.net (XXX.XXX.XXX.XXX):
PORT STATE SERVICE
25/tcp open smtp
Nmap finished: 1 IP address (1 host up) scanned in 8.335 seconds
It is not my firewall, I ran this test on the machine that cannot connect to my ISP smtp. This is strange. I can ping it, recieve e-mail but I cannot send out.
Last edited by metallica1973; 08-07-2006 at 08:49 PM.
There are 2 things I'd try at this point. Firstly, confirm that the correct SMTP server information is stored in Thunderbird.
Secondly, use ethereal to packet sniff a connection attempt from Thunderbird to your ISP. That will allow you to see what is happening and hopefully identify where the connection is failing.
You can start ethereal with sudo ethereal. Once it's running go to the Capture menu and select Options. Select the network interface from the dropdown box at the top, use port 25 as the string for the Capture Filter. I usually like to have "Update list of packets in real time" selected as well as "Enable network name resolution". Then click the Start button.
Once ethereal is running you can start Thunderbird and try to send an email. Ethereal should see the packets as they transfer. Click the Stop button on ethereal and right click on the displayed packets then select "Follow TCP Stream". Hopefully, the info there will show what has been happening.
ethereal is good stuff. A little dangerous. I analyized that thunderbird session and it diplayed my password in plain text. That is pretty scary. I am studying right now as I speak. I post in a bit.
After analizing the data, I didnt really get any good info out of it. It displays the handshake between the smtp session and my natted internal ip. I captured up until the e-mail failed to send. What should I be looking for. I now know the ip address of the smtp server and the dns server that I have as my forwarders under bind. Is there anything specific that I should post or any other advice?
ethereal is good stuff. A little dangerous. I analyized that thunderbird session and it diplayed my password in plain text. That is pretty scary. I am studying right now as I speak. I post in a bit.
this is the same as telnet any all other clear text protocols. if this really scares you then you can check if your isp runs ssl mail servers.
about your other post you said it gets through the three way handshake then the mail doesnt send. It still could be your iptables rules blocking it, are you sure you have accept for RELATED,ESTABLISH and that it is passing properly?
If my other computer on the same network can send and recieve e-mail than I would assume that it coudnt be my firewall. I beleive that I do have a ESTABLISHED, RELATED rule for port 25. I will check. Also about plain text passwords, that is crazy, why dont ISP standardly use ssl on their mail servers. What a true learning lesson.
Last edited by metallica1973; 08-08-2006 at 08:57 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.