Print Page | Close Window

inbound connections blocked

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
Printed Date: 19 August 2018 at 12:23am

Topic: inbound connections blocked
Posted By: gillonba
Subject: inbound connections blocked
Date Posted: 24 July 2009 at 12:45pm
We have been troubleshooting an issue where a particular sender has been unable to send mail via our spam filters when their firewall is blocking port 25. 

We have been working with this sender for a number of days now.  They have been able to relay mail to us from one of their servers, but the other one cannot.  Messages build up in queue but cannot be delivered.  They can send mail to everyone else just fine, but according to their logs whenever they try to send to our server they get a connection refused message.  We verified the IP and they are attempting to send to our spam servers, which is correct.

We cannot find any connection attempts from their IP in our Spam Filter logs.  When they try to telnet in to our servers from the affected server, they immediately receive a connection refused message.  We can telnet in from other servers.

We did come up with a breakthrough when they unblocked port 25 on their server.  Suddenly the queue cleared out.  Connections started appearing in our logs from their IP address.  When they blocked the port again, suddenly delivery stopped.

So the question is: is there some sort of blocking mechanism in the spam filter that verifies that we can reach the sender?  Is it part of the greylist, perhaps?  Is there a way to disable this check for this sender?

Posted By: Desperado
Date Posted: 24 July 2009 at 2:43pm
Port 25 is what the servers use to communicate back and forth on.  If port 25 is blocked, the mail servers can't talk ... fairly simple.

The Desperado
Dan Seligmann.

Posted By: LogSat
Date Posted: 24 July 2009 at 3:43pm

As Desperado correctly pointed out, internet email traffic occurs on port 25. If the sender is blocking port 25 on on their firewall, then their firewall (not SpamFilter) will block all outgoing connections out to the internet. To confirm this, you saw that there are indeed no connection attempts in SpamFilter from their remote IP. This is again because their own firewall is preventing SMTP traffic to leave their network.

In order to send outgoing emails, their administrators will need to allow outgoing connections on port 25. They can still leave incoming connections blocked, but the outgoing ones must be allowed.

Roberto Franceschetti" rel="nofollow - LogSat Software" rel="nofollow - Spam Filter ISP

Posted By: gillonba
Date Posted: 24 July 2009 at 4:21pm
I'm sorry if I wasn't clear:
outbound connections are open, inbound connections are blocked.
The server in question sends mail to other servers just fine.  According to them, the ONLY server they have trouble sending to is ours.  I didn't think we would need to contact their server to receive from them, but I thought I'd ask

Posted By: LogSat
Date Posted: 24 July 2009 at 7:53pm

It's possible the administrator(s) of the sender's domain are not troubleshooting this correctly.

SpamFilter accepts incoming SMTP traffic on TCP port 25, which is the RFC requirement to process internet emails. When a remote server establishes a TCP connection to port 25 on SpamFilter, the "return" TCP traffic from SpamFilter to the remote server will occur on a random TCP port established by the remote server (this can be any port except port 25).

SpamFilter will never attempt to contact back the remote server when processing incoming emails. If the remote administrators are stating that unblocking  "inbound" port 25 on their firewall solves the problem, I would have to doubt the accuracy of that statement, as there is absolutely no traffic from SpamFilter to the remote port 25.

I checked the domain name for the email address you used to signup on this forum. If this is the domain to which these failed email attempts are being sent, we can see you have 3 MX records for the domain, and on each one of them you have SpamFilter running. You are running v4.1.2.812 on the first 2 MX records, and v4.0.1.786 on the 3rd MX record. The version mismatch on one server has absolutely no impact.

I do see however that you have enabled greylisting on all 3 servers. While this will cause an initial delay of possibly a few hours for the very first email to be received from a remote server, after that first email is received there will never be any problems in the future. In addition, even with greylisting enabled you will see the IP address of the remote server's connection attempt being logged in SpamFilter's activity logfile.

When you said 
Originally posted by gillonba gillonba wrote:

We cannot find any connection attempts from their IP in our Spam Filter logs
, have you checked for the presence of the IP in the logs for all 3 of your SpamFilter servers? If you did, and the IP was not logged, you can be certain that SpamFilter did not receive a connection from the remote server. If your servers are behind a firewall however, you should also check your firewall logs to ensure that it was not your firewall that blocked the connection attempt. However I must always go back to the remote admin's statement about unblocking port 25 and this solving the issue, as this is again a very "strange" statement... 

Roberto Franceschetti" rel="nofollow - LogSat Software" rel="nofollow - Spam Filter ISP

Print Page | Close Window