I am having an issue communicating with the smtp server on my ISP network using thunderbird. Will nmap tell me if port 25 in being blocked internally? IF it will then I know to adjust my firewall accordingly

So you think the problem maybe your gateway blocking the requests to your isp? What are your outgoing rules and do you allowed ESTABLISHED, RELATED in through your INPUT or FORWARD rules? ( I think if you didnt then other stuff would not be working unless you did it port by port )

I think its probably your isp blocking outgoing mail ( like mine does ) to stop zombies from spamming. If you are sure your mail settings are correct and the mails dont go through then this is probably the case. You could google ....... <your isp here> "blocked ports"" ... and you should be able to find a list of ports your isp blocks.

Many ISPs do block traffic from their customers outbound to port 25 unless it's to their own SMTP server. If I'm reading your post properly, you're having problems connecting to your ISP's SMTP server - that shouldn't be a problem. Yes, nmap can be used. A simple connect scan of port 25 would be:
You could also do it with telnet:

I cannot figure out what it is. I am not having any problem on an other machine just this one so that rules out the firewall being the issue. What is SElinux and could that be the issue. I can ping the smtp server at my ISP?

I ran nmap and these are the results:

nmap -sT -P0 -p 25 SMTP.ISP.ADDRESS

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-08-07 16:37 EDT
Interesting ports on dnscache1.ashbva.adelphia.net (24.51.98.194):
PORT STATE SERVICE
25/tcp closed smtp

Nmap finished: 1 IP address (1 host up) scanned in 0.082 seconds



If that is the case then how are the other computer able to send e-mail?

If the Linux box can't connect out to your ISP's SMTP server, but your other boxes can connect through your Linux box to the same SMTP server, then it probably is your firewall. As tgo mentioned, there are several different paths packets can take - packets from your box travel on OUTPUT and packets through your box travel on FORWARD.

Can you post the output of iptables -L -v so that we can see what rules are in effect?

I have a correction. I ran nmap:

[root@localhost dabeast]# nmap -sT -P0 -p 25 mail.adelphia.net

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-08-07 19:42 EDT
Interesting ports on mail.adelphia.net (XXX.XXX.XXX.XXX):
PORT STATE SERVICE
25/tcp open smtp

Nmap finished: 1 IP address (1 host up) scanned in 8.335 seconds

It is not my firewall, I ran this test on the machine that cannot connect to my ISP smtp. This is strange. I can ping it, recieve e-mail but I cannot send out.

There are 2 things I'd try at this point. Firstly, confirm that the correct SMTP server information is stored in Thunderbird.

Secondly, use ethereal to packet sniff a connection attempt from Thunderbird to your ISP. That will allow you to see what is happening and hopefully identify where the connection is failing.

I now have ethereal. Do yo know of a simple how to somewhere?

You can start ethereal with sudo ethereal. Once it's running go to the Capture menu and select Options. Select the network interface from the dropdown box at the top, use port 25 as the string for the Capture Filter. I usually like to have "Update list of packets in real time" selected as well as "Enable network name resolution". Then click the Start button.

Once ethereal is running you can start Thunderbird and try to send an email. Ethereal should see the packets as they transfer. Click the Stop button on ethereal and right click on the displayed packets then select "Follow TCP Stream". Hopefully, the info there will show what has been happening.

Hope that helps.

killer,

ethereal is good stuff. A little dangerous. I analyized that thunderbird session and it diplayed my password in plain text. That is pretty scary. I am studying right now as I speak. I post in a bit.

After analizing the data, I didnt really get any good info out of it. It displays the handshake between the smtp session and my natted internal ip. I captured up until the e-mail failed to send. What should I be looking for. I now know the ip address of the smtp server and the dns server that I have as my forwarders under bind. Is there anything specific that I should post or any other advice?

this is the same as telnet any all other clear text protocols. if this really scares you then you can check if your isp runs ssl mail servers.

about your other post you said it gets through the three way handshake then the mail doesnt send. It still could be your iptables rules blocking it, are you sure you have accept for RELATED,ESTABLISH and that it is passing properly?

If my other computer on the same network can send and recieve e-mail than I would assume that it coudnt be my firewall. I beleive that I do have a ESTABLISHED, RELATED rule for port 25. I will check. Also about plain text passwords, that is crazy, why dont ISP standardly use ssl on their mail servers. What a true learning lesson.