Unsolved
This post is more than 5 years old
37 Posts
0
103580
March 29th, 2004 22:00
telnet problem
I am trying to use telnet to send an email. Everytime I put in the command "open whatever.com 25" its says "Strike any key to continue" When I do that it says "connection to host lost". I thought it might be the built in firewall in xp so I killed the alg.exe process but still get the same message. I have a dial up ISP with an accelarator so I disabled that but still the same message. I am rookie and advise would be great thanks!!!
p2hvt
0 events found
No Events found!
p2hvt
37 Posts
0
April 7th, 2004 19:00
Maybe they want you to be running an "ident" server for some odd reason! You can download "ident" servers (see Google for xp ident server, but since the ident connection is initiated by the mail server, it won't get in if you're firewalled unless you let TCP/113 in.
Jim a few things (forgive the rookie) what is an "ident" server? Also the only FW I use is the one that was bundled with Win Xp Home. So if I understand you right the sever at notreal.com is trying to open port 113 on my computer? Why? Any security risk thier? Do I have control over the bundled FW in Win Xp to allow port 113 to be opened?
jwatt
4.4K Posts
0
April 7th, 2004 19:00
identd is a server which implements the TCP/IP proposed
standard IDENT user identification protocol as specified
in the RFC 1413 document.
identd operates by looking up specific TCP/IP connections
and returning the user name of the process owning the con-
nection. It can optionally return other information
instead of a user name.
It's largely worthless, as it can be easily forged. And very few firewalled sites let "ident" traffic in! According to this Microsoft article, it's possible to permit specific ports in through the XP firewall by configuring them under the "Services" tab .
Another possibility is that your own IP address doesn't have a DNS name associated with it, and the mail server's refusing to talk to you for that reason.
You can determine that easily by using "nslookup". Open a cmd.exe window (Start/Run cmd.exe), and type nslookup {myIP}, where {myIP} is your own IP address, as shown by "ipconfig". If your IP address begins with 192.168, you'll need to try the IP address of the WAN side of your router instead. If your IP address begins with 192.168, it's being assigned by a router, and letting TCP/113 traffic in would have to done by altering the settings on the router.
If no name is returned, then there's no DNS entry associated with your IP address.
I actually think the "no name associated with this IP address" theory is more plausible than the "no ident service" theory. Since there are many machines connected to the Internet for which there's no DNS name associated with their IP address, that adds about as much security as requiring "identd" replies - none.
(edit) Another possibility is that your ISP blocks outbound SMTP to anywhere except their own mail servers. You'd need to review the ISP's "Acceptable Use Policy" to find out whether that's what's happening.
Jim
Message Edited by jimw on 04-07-2004 01:52 PM
jwatt
4.4K Posts
0
April 7th, 2004 19:00
I checked the server from a Unix telnet client, so I could look at the traffic with Ethereal. I had no difficulty establishing a connection!
The Ethereal log shows that I received an incoming connection to TCP/113, which is the "auth" service, also known as "ident", from the server. Our machine replied to that connection. The SMTP signon message from the server didn't appear until after the "auth" transaction completed.
Maybe they want you to be running an "ident" server for some odd reason! You can download "ident" servers (search Google for xp ident server), but since the ident connection is initiated by the mail server, it won't get in if you're firewalled unless you let TCP/113 in.
Jim
p2hvt
37 Posts
0
April 8th, 2004 14:00
p2hvt
37 Posts
0
April 8th, 2004 15:00
Jim this is a response I got while trying to figure this out. Let me know if this makes sense! Thanks
"Please note that Open relay is a term used to describe an email server that is not secured against unauthorized access in order to send email. Spam is often generated from such servers, either knowingly or unknowingly.
HUGEISP (edit) blocks open relay servers from delivering mail to HUGEISP (edit). This prevents a great deal of spam from arriving in our customer's email boxes. If someone is trying to send you email, and are being denied for this reason, they will have to speak to the administrator of their email server.
The administrator can choose to secure the server, or contact our Abuse department and prove that their server is in fact secured. If the administrator has secured the server, they need to email us at (Removed email address) and provide the server's ip address or name. Once verified that the relay is closed, the server will be removed from the block list, and HUGEISP (edit) will begin to accept mail from them. Please note that you can't even connect to the open relay server.
jwatt
4.4K Posts
0
April 8th, 2004 16:00
While it makes sense, it doesn't explain what you're seeing. They're saying that if an incoming SMTP connection to their mail servers is "blacklisted" because it has been detected as an open relay, they won't accept EMAIL from that IP address.
What they're talking about: joe@example.com sends EMAIL to the machine mail.example2.com, with the recipient set to spamvictim@example3.com. That means that the domain of the recipient isn't within the domain "example2.com". If mail.example2.com is an "open relay", it will send the message along to the mail system at example3.com. If mail.example2.com is configured to prevent this, it will refuse to accept the message headed for "spamvictim@example3.com".
What we know is that HUGEISP's mail servers will accept incoming EMAIL from you, but you can't even open an SMTP connection to the system you're testing with. Suppose your IP address is "blacklisted" by the mail server you've been testing with? That could cause the mail to be rejected with a "550" type permanent SMTP error. But that isn't happening. The connection abruptly closes with no protocol messages having been exchanged!
You can check your own IP address to see if it's on a large number of blacklists at http://www.dnsstuff.com/. At the top of the center colum, there's an entry field labelled "Spam Database Lookup". Put your own IP address in, and see what's returned.
The question to HUGEISP remains, "Are you blocking SMTP connections from your customers to systems other than your own mail servers?"
(edit) By way of clarification...If example3.com won't accept EMAIL directly from example.com, a machine in the example.com DNS domain could try to use an "open relay" like mail.example2.com to get around example3.com's blacklist of machines in the example.com domain.
Jim
Message Edited by jimw on 04-08-2004 10:45 AM
p2hvt
37 Posts
0
April 8th, 2004 16:00
jwatt
4.4K Posts
0
April 8th, 2004 17:00
It's not difficult to understand why they're doing that, given the magnitude of the SPAM problem. But it would have been better if they were upfront about that restriction in their AUP.
Jim
p2hvt
37 Posts
0
April 8th, 2004 17:00
time for a new ISP?
p2hvt
37 Posts
0
April 8th, 2004 17:00
Jim here is what I was told this time I think we have the answer?
ME: Does HUGEISP blocking SMTP connections from your customers to systems other than your own mail servers?
ISP:: Please hold on for a moment, while I look at the issue.
ISP: Let me know what exactly happens?
ME: I try to open "somedomain.com 25" using my telnet client. When I do I get disconected with the message "connection to host lost." The connection abruptly closes with no protocol messages having been exchanged(Thanks Jim fot the lingo!!!)
ISP: You have to use smtp of HUGEISP when you are connected through HUGEISP Internet connection.
ME: I'm a rookie can you give me more detail?
ME: I know I have to to use HUGEISP's SMTP to check and send my HUGEISP mail however I would like to be able to send email via somedomain.com SMTP mail server. Does HUGEISP block this ?
ISP: You can use smtp.HUGEISP.net for smtp server when you use HUGEISPconnection even if you use other email addresses.
ME: ??
ME: But I want my email to come from somedomain.com it seems that HUGEISP is blocking me from opening any ISP: It is not possible to send email of other domain smtp server. HUGEISP block port 25, which is used for sending email. When you use HUGEISP smtp server for that domain also, you will not experience any problems.
ME: So HUGEISP blocks me from opeing port 25 on any other mail server?
ISP: Yes I am sorry. It is not possible to use port 25. You have to use smtp server of HUGEISP only.
jwatt
4.4K Posts
0
April 8th, 2004 17:00
ISP: Yes I am sorry. It is not possible to use port 25. You have to use smtp server of HUGEISP only.
OK, that's what seemed to be happening. You either talk to HUGEISP's SMTP servers, or you don't talk SMTP!
Jim
p2hvt
37 Posts
0
April 8th, 2004 17:00
p2hvt
37 Posts
0
April 8th, 2004 18:00
jwatt
4.4K Posts
0
April 8th, 2004 18:00
Yep, that's what they're saying! We have a sample of two - theirs, which works, and the test server, which doesn't.
As to how they might do that, it's possible to set policies in routers that would do that. Something like "if the destination port is TCP/25 and the destination IP address isn't one of our mail servers, send a "reset" (connection denied) packet to the source IP address/source port". That's of course just a guess.
Jim
jwatt
4.4K Posts
0
April 8th, 2004 20:00
Jim