Problems with the SMTP client of PMDF - VMS

This is a discussion on Problems with the SMTP client of PMDF - VMS ; I happen to have a strange problem here: running PMDF V6.3 with PMAS 3.0.2, on OpenVMS Alpha V7.3-2: we receive permanent SMTP connection errors from some users trying to send email from some specific servers (e.g., from t-online.de), whereas most ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Problems with the SMTP client of PMDF

  1. Problems with the SMTP client of PMDF

    I happen to have a strange problem here:
    running PMDF V6.3 with PMAS 3.0.2, on OpenVMS Alpha V7.3-2:


    we receive permanent SMTP connection errors from some users
    trying to send email from some specific servers (e.g., from t-online.de),
    whereas most servers succeed without problems. As these are permanent
    errors, people using these mailservers are not able to send any mails to our
    Alpha. I can not say how long this is already happening, but at least the
    user
    using the mailserver of t-online.de is not succeeding to connect to us for
    several weeks now.
    The errors are either
    "retry time not reached for any host after a long failure period"
    or "Connection timed out:
    SMTP timeout while connected to PHAC171.uni-graz.at [143.50.171.171]
    after initial connection:
    retry timeout exceeded".
    Please mind that other emails keep getting in at the same time these
    specific servers give up on me.

    The only difference I can tell so far (and I have no good explanation for
    this) is that telnetting to port 25 gives strange answers for all but
    localhost:

    $ telnet localhost/po=25
    %TELNET-I-TRYING, Trying ... 127.0.0.1
    %TELNET-I-SESSION, Session 01, host localhost, port 25
    220 PHAC171.UNI-GRAZ.AT -- Server ESMTP (PMDF V6.3#07111)
    vrfy binder
    250 2.5.0 Local user
    ehlo
    250-PHAC171.UNI-GRAZ.AT
    250-8BITMIME
    etc.etc.

    From a different host things look like this:
    telnet 143.50.171.171 25
    Trying 143.50.171.171...
    Connected to phac171.kfunigraz.ac.at.
    Escape character is '^]'.
    220 ************************************************** ***
    helo my
    250 PHAC171.UNI-GRAZ.AT OK, [81.16.105.45].
    vrfy binder
    500 5.5.1 Unknown command "XXXX binder" specified
    ehlo
    500 5.5.1 Unknown command "XXXX my" specified

    mail from: etc. etc. works nevertheless - at least from the few
    sites I can test....
    Any guesses what's happening here?

    Thanx,
    Alex




  2. Re: Problems with the SMTP client of PMDF

    In article , "Alex Binder" writes:
    >I happen to have a strange problem here:
    >running PMDF V6.3 with PMAS 3.0.2, on OpenVMS Alpha V7.3-2:
    >
    >
    >we receive permanent SMTP connection errors from some users
    >trying to send email from some specific servers (e.g., from t-online.de),
    >whereas most servers succeed without problems. As these are permanent
    >errors, people using these mailservers are not able to send any mails to our
    >Alpha. I can not say how long this is already happening, but at least the
    >user
    >using the mailserver of t-online.de is not succeeding to connect to us for
    >several weeks now.
    >The errors are either
    >"retry time not reached for any host after a long failure period"
    >or "Connection timed out:
    > SMTP timeout while connected to PHAC171.uni-graz.at [143.50.171.171]
    >after initial connection:
    > retry timeout exceeded".
    >Please mind that other emails keep getting in at the same time these
    >specific servers give up on me.
    >
    >The only difference I can tell so far (and I have no good explanation for
    >this) is that telnetting to port 25 gives strange answers for all but
    >localhost:
    >
    >$ telnet localhost/po=25
    >%TELNET-I-TRYING, Trying ... 127.0.0.1
    >%TELNET-I-SESSION, Session 01, host localhost, port 25
    >220 PHAC171.UNI-GRAZ.AT -- Server ESMTP (PMDF V6.3#07111)
    >vrfy binder
    >250 2.5.0 Local user
    >ehlo
    >250-PHAC171.UNI-GRAZ.AT
    >250-8BITMIME
    >etc.etc.
    >
    >From a different host things look like this:
    >telnet 143.50.171.171 25
    >Trying 143.50.171.171...
    >Connected to phac171.kfunigraz.ac.at.
    >Escape character is '^]'.
    >220 ************************************************** ***
    >helo my
    >250 PHAC171.UNI-GRAZ.AT OK, [81.16.105.45].
    >vrfy binder
    >500 5.5.1 Unknown command "XXXX binder" specified
    >ehlo
    >500 5.5.1 Unknown command "XXXX my" specified
    >
    >mail from: etc. etc. works nevertheless - at least from the few
    >sites I can test....
    >Any guesses what's happening here?
    >

    Have you got a firewall (possibly a CISCO firewall) in front of your
    mailserver which rather than having a hole for port 25 punched through it is
    trying to handle the mail and then pass it onto your mailserver.
    For Cisco firewalls you need to turn off the mailguard feature by using a
    command like

    no fixup protocol smtp

    David Webb
    Security team leader
    CCSS
    Middlesex University



    >Thanx,
    >Alex
    >
    >
    >


  3. Re: Problems with the SMTP client of PMDF


    schrieb im Newsbeitrag
    news:gccl7h$1h1$1@south.jnrs.ja.net...
    > In article , "Alex Binder"
    > writes:
    >>I happen to have a strange problem here:
    >>running PMDF V6.3 with PMAS 3.0.2, on OpenVMS Alpha V7.3-2:
    >>
    >>
    >>we receive permanent SMTP connection errors from some users
    >>trying to send email from some specific servers (e.g., from t-online.de),
    >>whereas most servers succeed without problems. As these are permanent
    >>errors, people using these mailservers are not able to send any mails to
    >>our
    >>Alpha. I can not say how long this is already happening, but at least the
    >>user
    >>using the mailserver of t-online.de is not succeeding to connect to us for
    >>several weeks now.
    >>The errors are either
    >>"retry time not reached for any host after a long failure period"
    >>or "Connection timed out:
    >> SMTP timeout while connected to PHAC171.uni-graz.at [143.50.171.171]
    >>after initial connection:
    >> retry timeout exceeded".
    >>Please mind that other emails keep getting in at the same time these
    >>specific servers give up on me.
    >>
    >>The only difference I can tell so far (and I have no good explanation for
    >>this) is that telnetting to port 25 gives strange answers for all but
    >>localhost:
    >>
    >>$ telnet localhost/po=25
    >>%TELNET-I-TRYING, Trying ... 127.0.0.1
    >>%TELNET-I-SESSION, Session 01, host localhost, port 25
    >>220 PHAC171.UNI-GRAZ.AT -- Server ESMTP (PMDF V6.3#07111)
    >>vrfy binder
    >>250 2.5.0 Local user
    >>ehlo
    >>250-PHAC171.UNI-GRAZ.AT
    >>250-8BITMIME
    >>etc.etc.
    >>
    >>From a different host things look like this:
    >>telnet 143.50.171.171 25
    >>Trying 143.50.171.171...
    >>Connected to phac171.kfunigraz.ac.at.
    >>Escape character is '^]'.
    >>220 ************************************************** ***
    >>helo my
    >>250 PHAC171.UNI-GRAZ.AT OK, [81.16.105.45].
    >>vrfy binder
    >>500 5.5.1 Unknown command "XXXX binder" specified
    >>ehlo
    >>500 5.5.1 Unknown command "XXXX my" specified
    >>
    >>mail from: etc. etc. works nevertheless - at least from the few
    >>sites I can test....
    >>Any guesses what's happening here?
    >>

    > Have you got a firewall (possibly a CISCO firewall) in front of your
    > mailserver which rather than having a hole for port 25 punched through it
    > is
    > trying to handle the mail and then pass it onto your mailserver.


    David, you're right with the firewall, but our IT-people swear they do not
    block or handle port 25 on the firewall. Additionally, most mailservers
    seam not to care too much about these issues, e.g., hotmail.com (not the
    best
    example, I know :-) has no problems sending mail to our client. Also
    test-mails
    sent from Eisner are delivered correctly. I have no idea why some
    mailservers
    (e.g., T-Online.de) just give up when connecting to the client.
    Anyone can shed any light on this, e.g. giving me some hint where to look
    for
    specific infomration why this is happening?

    Alex



  4. Re: Problems with the SMTP client of PMDF

    In article , "Alex Binder" writes:
    >
    > schrieb im Newsbeitrag
    >news:gccl7h$1h1$1@south.jnrs.ja.net...
    >> In article , "Alex Binder"
    >> writes:
    >>>I happen to have a strange problem here:
    >>>running PMDF V6.3 with PMAS 3.0.2, on OpenVMS Alpha V7.3-2:
    >>>
    >>>
    >>>we receive permanent SMTP connection errors from some users
    >>>trying to send email from some specific servers (e.g., from t-online.de),
    >>>whereas most servers succeed without problems. As these are permanent
    >>>errors, people using these mailservers are not able to send any mails to
    >>>our
    >>>Alpha. I can not say how long this is already happening, but at least the
    >>>user
    >>>using the mailserver of t-online.de is not succeeding to connect to us for
    >>>several weeks now.
    >>>The errors are either
    >>>"retry time not reached for any host after a long failure period"
    >>>or "Connection timed out:
    >>> SMTP timeout while connected to PHAC171.uni-graz.at [143.50.171.171]
    >>>after initial connection:
    >>> retry timeout exceeded".
    >>>Please mind that other emails keep getting in at the same time these
    >>>specific servers give up on me.
    >>>
    >>>The only difference I can tell so far (and I have no good explanation for
    >>>this) is that telnetting to port 25 gives strange answers for all but
    >>>localhost:
    >>>
    >>>$ telnet localhost/po=25
    >>>%TELNET-I-TRYING, Trying ... 127.0.0.1
    >>>%TELNET-I-SESSION, Session 01, host localhost, port 25
    >>>220 PHAC171.UNI-GRAZ.AT -- Server ESMTP (PMDF V6.3#07111)
    >>>vrfy binder
    >>>250 2.5.0 Local user
    >>>ehlo
    >>>250-PHAC171.UNI-GRAZ.AT
    >>>250-8BITMIME
    >>>etc.etc.
    >>>
    >>>From a different host things look like this:
    >>>telnet 143.50.171.171 25
    >>>Trying 143.50.171.171...
    >>>Connected to phac171.kfunigraz.ac.at.
    >>>Escape character is '^]'.
    >>>220 ************************************************** ***
    >>>helo my
    >>>250 PHAC171.UNI-GRAZ.AT OK, [81.16.105.45].
    >>>vrfy binder
    >>>500 5.5.1 Unknown command "XXXX binder" specified
    >>>ehlo
    >>>500 5.5.1 Unknown command "XXXX my" specified
    >>>
    >>>mail from: etc. etc. works nevertheless - at least from the few
    >>>sites I can test....
    >>>Any guesses what's happening here?
    >>>

    >> Have you got a firewall (possibly a CISCO firewall) in front of your
    >> mailserver which rather than having a hole for port 25 punched through it
    >> is
    >> trying to handle the mail and then pass it onto your mailserver.

    >
    >David, you're right with the firewall, but our IT-people swear they do not
    >block or handle port 25 on the firewall.


    The

    220 ************************************************** ***

    would seem to argue otherwise. I've only ever seen this when a Firewall is
    intercepting the connection and dealing with it itself.

    >Additionally, most mailservers
    >seam not to care too much about these issues, e.g., hotmail.com (not the
    >best
    >example, I know :-) has no problems sending mail to our client. Also
    >test-mails
    >sent from Eisner are delivered correctly. I have no idea why some
    >mailservers
    >(e.g., T-Online.de) just give up when connecting to the client.


    When a firewall is handling it most mailservers sending will be OK but it will
    react badly with some others.
    As I said before this is a very well known issue with CISCO firewall's
    mailguard feature in particular but also with other firewalls.
    What firewall are you running ? Others may have experience of the particular
    firewall and how to stop it trying to deal with the mail itself.

    David Webb
    Security team leader
    CCSS
    Middlesex University

    >Anyone can shed any light on this, e.g. giving me some hint where to look
    >for
    >specific infomration why this is happening?
    >
    >Alex
    >
    >


  5. Re: Problems with the SMTP client of PMDF


    > David, you're right with the firewall, but our IT-people swear they do not
    > block or handle port 25 on the firewall.


    They certainly have mailguard enabled. It is also a brain damaged
    version of FOS, which doesn't recognize EHLO.

    First thing to do is to disable the MailGuard with

    NO FIXUP PROTOCOL 25

    as David recommended. I have PiXes here, and they are fine, but I
    always nuke the SCREWUP PROTOCOL 25 option.

    The PiX is trying to interpret and check the various SMTP commands, and
    you have to pry its little fingers off your SMTP session.

    There are other possibilities of course, there could be a routing issue
    between the senders who can't reach you and your server. A TRACEROUTE
    from the remote site to yours might help.


    ---------------------------------------------------------
    Tom Wade | EMail: tee dot wade at eurokom dot ie
    EuroKom | Tel: +353 (1) 296-9696
    A2, Nutgrove Office Park | Fax: +353 (1) 296-9697
    Rathfarnham | Disclaimer: This is not a disclaimer
    Dublin 14 | Tip: "Friends don't let friends do Unix !"
    Ireland


  6. Re: Problems with the SMTP client of PMDF

    Alex Binder wrote:

    > David, you're right with the firewall, but our IT-people swear they do not
    > block or handle port 25 on the firewall. Additionally, most mailservers
    > seam not to care too much about these issues, e.g., hotmail.com (not the best
    > example, I know :-) has no problems sending mail to our client. Also test-mails
    > sent from Eisner are delivered correctly. I have no idea why some
    > mailservers (e.g., T-Online.de) just give up when connecting to the client.
    > Anyone can shed any light on this, e.g. giving me some hint where to look
    > for specific infomration why this is happening?
    >


    Something somewhere is changing what the SMTP client is sending
    to the PMDF SMTP server and also what the server is sending back.


    telnet 143.50.171.171 25
    Trying 143.50.171.171...
    Connected to phac171.kfunigraz.ac.at.
    Escape character is '^]'.
    220 ************************************************** ***
    helo my
    250 PHAC171.UNI-GRAZ.AT OK, [81.16.105.45].
    vrfy binder
    500 5.5.1 Unknown command "XXXX binder" specified
    ehlo
    500 5.5.1 Unknown command "XXXX my" specified


    The 220 banner that the SMTP server is sending has been changed to
    "220 ************************************************** ***" and the
    "vrfy binder" the client sent was changed to "XXXX binder". My guess
    is that the other systems, like hotmail, that do not have a problem are
    not sending verfy commands so they do not run into this problem.
    You're IT-people can swear they do not block or handle port 25 on
    the firewall but it is pretty obvious that something between these two
    hosts is.

    regards
    Mike

    --
    +-------------------------------------------------------------------------+
    Michael Corbett Email: Corbett@process.com
    Process Software Phone: 800 722-7770 x369
    959 Concord St. 508 879-6994 x369
    Framingham MA 01701-4682 FAX: 508 879-0042

  7. Re: Problems with the SMTP client of PMDF

    Just wanted to give a short reply to all the good guys her -

    Tom and all the others hit the nail on the head:
    They had Mailguard enabled and after convincing them to stop
    messing around a "NO FIXUP PROTOCOL 25" (as recommended by Tom)
    resolved the whole issue.

    Thanks again to all of you,

    Alex



+ Reply to Thread