SMTP Issue - Hostgator and KingHost
-
Hey everyone, how’s it going?
I’m experiencing a weird issue and would like your input.
I have two separate hosts, each with its own independent pfSense.
For the past week, on Host 1, I haven’t been able to establish a telnet connection to port 587 on Hostgator’s SMTP. And as of today (30/09), the same issue started happening with KingHost's SMTP as well. I can still ping the SMTP servers, but the telnet connection on port 587 fails.
On Host 2, everything works normally and telnet connects without any issues.
We opened a ticket with Hostgator, and they confirmed that our IP is NOT blocked (which makes sense since I can ping the server).
Here’s what the pfSense log shows:
I’m not using any proxy, and the outbound traffic is completely allowed.
Has anyone experienced something similar?
Thanks!
-
@antonioremigio1 looks like they never answered you syn..
Which would scream they are blocking your IP to me to be honest.. I just tried connecting to them
Trying 192.185.177.60... Connected to 192.185.177.60. Escape character is '^]'. 220-br184.hostgator.com.br ESMTP Exim 4.96.2 #2 Mon, 30 Sep 2024 22:50:31 -0300 220-We do not authorize the use of this system to transport unsolicited,If they are not blocking your IP, something between you and them maybe.. Something upstream of you blocking 587?
Or maybe you got back a rst, if you looked at your states right away and seeing closed, maybe they sent a rst.. I would sniff on pfsense wan when you try and open the connection.
-
Hello @johnpoz,
Thanks for your reply.
Capturing packets from the WAN, it shows like this:
10:23:01.221460 IP MY_IP.14054 > 191.6.220.63.587: tcp 0
10:23:09.230543 IP MY_IP.14054 > 191.6.220.63.587: tcp 0
10:24:29.122553 IP MY_IP.11360 > 191.6.220.63.587: tcp 0
10:24:29.122636 IP MY_IP.7203 > 191.6.220.63.587: tcp 0
10:24:29.285716 IP MY_IP.39871 > 191.6.220.63.587: tcp 0
10:24:30.126378 IP MY_IP.7203 > 191.6.220.63.587: tcp 0
10:24:30.126476 IP MY_IP.11360 > 191.6.220.63.587: tcp 0
10:24:30.298397 IP MY_IP.39871 > 191.6.220.63.587: tcp 0
10:24:32.126268 IP MY_IP.7203 > 191.6.220.63.587: tcp 0
10:24:32.126304 IP MY_IP.11360 > 191.6.220.63.587: tcp 0
10:24:32.313791 IP MY_IP.39871 > 191.6.220.63.587: tcp 0
10:24:36.126446 IP MY_IP.11360 > 191.6.220.63.587: tcp 0
10:24:36.141969 IP MY_IP.7203 > 191.6.220.63.587: tcp 0
10:24:36.313947 IP MY_IP.39871 > 191.6.220.63.587: tcp 0
10:24:44.142201 IP MY_IP.11360 > 191.6.220.63.587: tcp 0
10:24:44.157670 IP MY_IP.7203 > 191.6.220.63.587: tcp 0
10:24:44.329661 IP MY_IP.39871 > 191.6.220.63.587: tcp 0Thank's.
-
@antonioremigio1 so you never get anything back from them. Either they just dropping your traffic or it never gets to them because of a block between you and them on 587.
Or they are blocking you and the prob level 1 guy you talking to didn't have a clue..
-
Same thing here :
220-br184.hostgator.com.br ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 10:50:02 -0300 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. HELO me.com 250 br184.hostgator.com.br Hello laubervilliers-658-1-179-108.w82-127.abo.wanadoo.fr [82.127.62.180] quitAnswers just fine.
Btw : Hosting a (whatever) server means often therein is a fail2ban or comparable protection mechanism that scans the logs of the server you try to contact. If there are to many failed attempts, lets say 3 within 10 minutes, the IP gets banned. This happens more then you think, as we all think we know our mail password ;)
Normally, when banning arrives, a firewall gets injected that blocks "the IP using port '587' TCP" (in this case) so you will still be able to contact port 443 TCP so you can still connect to the web interface - if any - or use the POP or IMAP access.And yeah, TCP is not ICMP.
The guy that can tell you that your are blocked is normally not the one you can get on the phone.
IPv4 on the block lists don't stay blocked for ever, as that is impossible : over time, the blacklist would contain every possible IPv4 ... so they are releases after 'some time'. -
Alright @Gertjan,
But is this rule automatically created by pfSense?
The Hostgator SMTP started working again without me taking any action on my firewall, only Kinghost's SMTP is still blocked.
I’m 99% sure the block is on their end.
I’m waiting for support to reply.
I’ll update here once I have any news.
Thanks.
-
@antonioremigio1 said in SMTP Issue - Hostgator and KingHost:
is this rule automatically created by pfSense?
No it's at the mail server end. Nothing you can do about it but wait for it to expire usually.
-
@antonioremigio1 said in SMTP Issue - Hostgator and KingHost:
The Hostgator SMTP started working again without me taking any action on my firewall, only Kinghost's SMTP is still blocked.
I’m 99% sure the block is on their end.
Exact. Proves somewhat my point : the fail2ban story. The block was only temporary.
You can easily test all this : use telnet on port 587 to login manually, like a mail client does.
But : do not use the correct password. Within minutes of testing, you will get blocked.
And unblocked xx hours later, as you've seen.The mentioned fail2ban process (run on the server) puts firewall rules on the (mail) server to block users that 'fail' something, mostly : wrong password. Think about password guessing scripts ....
-
Solved:
Hey everyone,
It worked, the issue was a block on the email provider's side.
They unblocked my IP, and email sending is working again.
Thank you all for your support.
Cheers!
-
@antonioremigio1 said in SMTP Issue - Hostgator and KingHost:
It worked, the issue was a block on the email provider's side.
So like I thought the first guy you talked to "opened a ticket with Hostgator, and they confirmed that our IP is NOT blocked" was some idiot without a clue ;)
-
-
@antonioremigio1 Hope gave them a bit of business end about - thought you said our IP wasn't blocked ;)
