Problem with one website
 

Here's the situation I'm in:

We are trying to send and receive email from someone but neither of our servers can connect to one another. I can not get a connection with ping, http, or SMTP from our EV1 Server.

From my office computer here, I can connect with all three mentioned services, everything works fine.

Comparing traceroutes, the last jump to their domain's IP will not connect from our server.

What makes this bizarre is that after talking to their system admin, they do not run any blacklist/blackhole services and their computer has been up for over 300 days without significant change. Our server had also been up for around 200 days, untouched, and without a blacklist service. Email WAS working about a month ago between us. All other email is working from our server; this is the only domain that is suddenly giving us trouble.

I have even tried pinging from a secondary IP address we were assigned, to no avail. I've searched through all the log files and have found no reference to their IP address that is significant.

I originally asked in this post for someone else to traceroute the server to make sure that it wasn't the whole EV1 range that was blocked, Lippy did so below with success, so the problem is either my server or the other domain's.

My questions are:

1. If there was a hidden firewall rule or something of that nature on our server, would a traceroute even attempt to connect the path?

2. Where would a block of this nature be logged (if at all)? (/var/log/messages?)

3. If my traceroute gets all the way to the last jump before his server, does that necessarily mean that it is his server blocking me?

4. Any ideas on anything else that could cause this, or on possible ways I can at least get an error message to determine if it is my problem or his?

Thank you! I'm completely dumbfounded by this problem!

RedHat 9, fully updated with YUM and AtomicRocketTurtle's repos
Plesk 6, only one domain

Re: Problem with one website
 

Yes. It would.

Quote:

2. Where would a block of this nature be logged (if at all)? (/var/log/messages?)

In most cases, all firewall rules will be shown when you use 'iptables -L'. I don't think the rule is build in iptables module in your case, so the command should show everything.

Quote:

3. If my traceroute gets all the way to the last jump before his server, does that necessarily mean that it is his server blocking me?

Nope. It may mean that there's a problem with the last server before that one.

Quote:

4. Any ideas on anything else that could cause this, or on possible ways I can at least get an error message to determine if it is my problem or his?

I'd try to emulate http or smtp using telnet. For example
telnet someIP http
Ping can be blocked, so I wouldn't care much if it succeedes or not.
It's only one domain... Was there recently a change of IP (that may be still not recognized by the second server)?

I really appreciate your reply.

iptables -L does not list anything with his IP address. I just recently set up APF in the past week, and this problem has been for over a month, so I don't think the new rules are the cause. Even if I disable APF and iptables -L lists nothing, I cannot connect to his server.

Using telnet to try to connect to other ports was a good suggestion, but that is what I did initially and realized that it wasn't just SMTP, or just pings, that wasn't getting through and I had bigger problems on my hands. Nothing can connect it seems.

I tried pinging and connecting from another IP on my server, using the ping -I command, and that didn't even work. That is what makes me think that there is something low level on my server (or on the path to his server). But what makes it even more strange is that I had someone with a different server in my IP range try and connect, and was successful.

The IP on my server has been the same for over a year, and there have been no changes besides adding the occasional new employee email user.

Pinging, telnet'ing, and http all work from my computer here in the office to his server.

I had done a kernel upgrade probably 2 weeks ago (2.4.20 19 to 31 something... through yum update and the Fedora Legacy RH 9 Repository), and just tried to boot into the old kernel. Didn't work either, and now I'm back on the newer version.

Could you ask the other server owner to traceroute you? It'd probably break at some point, but it may be important where.

First check if your ip is listed at http://www.ordb.org/lookup/

If not, you will need to map out the connection failures and successes..

I suggest using hping2 to test the tcp & udp paths as well as the icmp paths.
From your secondary ip, make tcp pings to get a good connection mapped across the ports needed and also port 0

Then do this from the EV1 server and compare where the failures are.
Then, send pings from the EV1 server using the secondary ip as a source address, and look for replies to them at the secondary ip connection.

It is quite possible to have been blocked by an upstream router due to bad behaviour, either yours or the remote end, or even from an attack by someone else hoping to put you into an auto blocklist. The failure point can show you who to talk to for remedial action.
I have found several ISPs using email and other proxies without telling anyone and adding banned hosts to routers.

A temporary solution could be to change your dns settings and add your secondary ip address as a backup MX server, then get the two connected. Make a rewriting rule to send to the affected domain from the secondary ip number. If both addresses come from the same link, you could use a virtual ip address on the EV1 server.