Re: [Fed-Talk] email firewall problem
Re: [Fed-Talk] email firewall problem
- Subject: Re: [Fed-Talk] email firewall problem
- From: Michael Kluskens <email@hidden>
- Date: Thu, 10 Feb 2005 09:20:52 -0500
On Feb 9, 2005, at 9:22 PM, email@hidden wrote:
Hi VA Mac users,
I have been using Mail (latest update) on a MAC running OS 10.3.7.
Until
recently I was able to send and receive emails from my university
account.
Now I can only receive. I tried both SSL (port 25) and no SSL. When
SSL is
off I get a message saying teh password was rejected, even though it is
correct. When using SSL I am told the smtp server won't accept traffic
through port 25. I called the University of Penn and they say it is a
VA
firewall issue. Does anyone know how to configure this to work? My IRM
folks
don't support Macs.
Thanks.
Larry
Basically you're saying that it appears that a connection from port 25
on your machine is making it to the server but not when you're using
SSL. Since this is impossible the error messages are confusing the
issue, this is a problem I have ran into before with Apple's Mail, the
error messages are not necessarily correct, instead they contain the
most common answer for a particular problem because the server's
response while most likely more correct is unintelligible to most
people.
First try to use the U of Penn server to send email to your U of Penn
email account. That is always the first step.
One possibility is that they changed the authentication, for sending
email Mail supports "none", "password", "MD5 Challenge-Response",
"Kerberos Version 4", "Kerberos Version 5 (GSSAPI)". In theory any of
those can be done with or without SSL (password without SSL is a very
bad idea). SSL can be done over any of 3 different ports, 25 (smtp),
587 (submission), or 465 (smtps) (little fuzzy on the protocol for
465). I think non-SSL can be only be done over 25 or 587. That leaves
about 50 different combinations, usually not to hard to eliminate most
combinations
Two approaches, either you call and ask them how to configure
Thunderbird (or Outlook) for Windows XP paying attention of the
settings for ports and protocols.
Or, you work through the problem one step at a time.
Step one, what ports does the server you're trying to reach accept mail
on and is anything on your end or their end blocking it.
The only way they would be blocking incoming port 25 would be if all
email to that server is now routed through a different email server
(I'm assuming you're outside their perimeter). From an email servers
point of view there is virtually no difference between you sending
email and another server sending email, the differences that exist
relate to blacklisting dialup accounts, open relays, open proxies, and
several other unsavory computer systems. The test below should tell
you if that is the problem. The blocking port 25 in the other email
message refers to outgoing port 25 from the computer network/ISP that
you are on, the test below should also tell you if that is the issue.
Open terminal and type (assuming the server is psu.edu)
>host -t MX psu.edu (I don't have a U of Penn server address in hand)
psu.edu mail is handled by 10 tr10g05.aset.psu.edu.
psu.edu mail is handled by 10 tr12g04.aset.psu.edu.
psu.edu mail is handled by 10 tr12g05.aset.psu.edu.
psu.edu mail is handled by 10 r02n08-fddi.cac.psu.edu.
psu.edu mail is handled by 10 r02a07.cac.psu.edu.
psu.edu mail is handled by 10 tr10g04.aset.psu.edu.
In this case all email to "psu.edu" is handled by one of six servers
with an equal ranking.
To determine the status of the connection between you and the server,
the best way is to use telnet to open a connection to it on port 25.
In terminal again:
>telnet psu.edu 25
Trying 128.118.142.105...
Connected to tr10g04.aset.psu.edu.
Escape character is '^]'.
220 tr10n04.aset.psu.edu ESMTP Sendmail 8.13.2/8.13.2; Thu, 10 Feb 2005
09:05:49 -0500
now type QUIT
In this case I have determined that one of the servers serving psu.edu
claims to be running "Sendmail 8.13.2" and that there is no firewall
between me and that server.
You can also do the same thing with ports 465 and 587 but you may have
to type HELO or EHLO in order to get any information from the server.
Without more information from you it's a lot of work and time to
enumerate all the possible things to test.
What experience do I have with this, I ran an EIMS email server
(versions 1.x up to 3.x) here for about ten years, until they wanted to
reduce the number of email servers in our division from three to two.
Michael Kluskens email@hidden
Code 5314, Radar Division phone: (202)404-1818
Naval Research Laboratory fax: (202)404-7572
Washington, DC 20375-5336
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden