Today I had to work on a network which had lost connection to the mail server of their ISP.
It was not possible to connect to the mail server using telnet:
Code:
telnet mail.myisp.com 25
However, by disconnecting all clients from the network and leaving only my laptop connected to the firewall, I could get a connection:
Code:
jlinkels@aserv:~$ telnet mail.myisp.com 25
Trying 113.114.1.4...
Connected to mail.myisp.com.
Escape character is '^]'.
220 mail.myisp.com ESMTP Sendmail 8.14.4/8.14.4/Debian-2ubuntu2.1 Tue, 30 Sep 2014 13:52:10 -0400; NO SPAM / NO UCE / NO JUNK MAIL
^]
telnet> close
However, after I tried this 4 times in a row the connection timed out again:
Code:
jlinkels@aserv:~$ telnet mail.myisp.com 25
Trying 113.114.1.4...
telnet: Unable to connect to remote host: Connection refused
And after 15 minutes I could get 4 connections again and then a timeout. Not only on port 25, but on all mail related ports, like 110, 143, 587 etc.
Now according to my mail host, this is what happens. When users attempt to send mail without proper SMTP authentication. After 4 invalid attempts, the
connection is blocked.
I noticed that this does not only happen after 4 invalid attempts, but also after 4 connections without even trying to authenticate or trying to send mail.
I think it is stupid to deny an
IP connection based on
authentication failure in an application. Or worse yet, an IP connection is denied even without attempting to do anything. Imagine you can't make an SSH connection because [someone else on the network] performed 3 unsuccesful login attempts.
Basically it means that every device on the network which knows the name of the SMTP server can completely block mail traffic on the network by just doing nothing but connecting.
According to my mail host this rule has greatly reduced spam attempts. Sure, my a**. If he switches off the SMTP server completely it will reduce spam even more.
Is my mail host now smart by implementing this rule or stupid because errors are almost impossible to locate?
jlinkels
