To Mark and BetaRays
Ran tcpdump -n host sbanetweb.com and port 587 on both NAS and Joe
Then ran telent Sbanetweb.com 587
NASs response:
tcpdump -n -v host sbanetweb.com and port 587 tcpdump: listening on eth0,
link-type EN10MB (Ethernet), snapshot length 262144 bytes 14:31:39.595597 IP
(tos 0x0, ttl 64, id 29332, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.173.53334 > 96.224.250.24.587: Flags [S], cksum 0x1d7d (incorrect
-> 0x996f), seq 3501996066, win 64240, options [mss 1460,sackOK,TS val
192786259 ecr 0,nop,wscale 7], length 0
Joe's Response
tcpdump -n host sbanetweb.com and port 587
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
14:33:19.775678 IP 192.168.0.93.37764 > 96.224.250.24.587: Flags [S], seq
3335906493, win 64240, options [mss 1460,sackOK,TS val 2857439758 ecr
0,nop,wscale 7], length 0
14:33:19.794348 IP 96.224.250.24.587 > 192.168.0.93.37764: Flags [S.], seq
3900869960, ack 3335906494, win 65160, options [mss 1460,sackOK,TS val
270255731 ecr 2857439758,nop,wscale 7], length 0
14:33:19.795127 IP 192.168.0.93.37764 > 96.224.250.24.587: Flags [.], ack 1,
win 502, options [nop,nop,TS val 2857439778 ecr 270255731], length 0
14:33:19.838594 IP 96.224.250.24.587 > 192.168.0.93.37764: Flags [P.], seq
1:38, ack 1, win 510, options [nop,nop,TS val 270255776 ecr 2857439778],
length 37
14:33:19.839347 IP 192.168.0.93.37764 > 96.224.250.24.587: Flags [.], ack
38, win 502, options [nop,nop,TS val 2857439822 ecr 270255776], length 0
14:33:27.587639 IP 192.168.0.93.37764 > 96.224.250.24.587: Flags [P.], seq
1:5, ack 38, win 502, options [nop,nop,TS val 2857447570 ecr 270255776],
length 4
14:33:27.602233 IP 96.224.250.24.587 > 192.168.0.93.37764: Flags [.], ack 5,
win 510, options [nop,nop,TS val 270263539 ecr 2857447570], length 0
14:33:27.603022 IP 96.224.250.24.587 > 192.168.0.93.37764: Flags [P.], seq
38:89, ack 5, win 510, options [nop,nop,TS val 270263540 ecr 2857447570],
length 51
14:33:27.603725 IP 192.168.0.93.37764 > 96.224.250.24.587: Flags [.], ack
89, win 502, options [nop,nop,TS val 2857447586 ecr 270263540], length 0
14:33:27.603809 IP 96.224.250.24.587 > 192.168.0.93.37764: Flags [F.], seq
89, ack 5, win 510, options [nop,nop,TS val 270263540 ecr 2857447570],
length 0
14:33:27.604626 IP 192.168.0.93.37764 > 96.224.250.24.587: Flags [F.], seq
5, ack 90, win 502, options [nop,nop,TS val 2857447587 ecr 270263540],
length 0
14:33:27.618618 IP 96.224.250.24.587 > 192.168.0.93.37764: Flags [.], ack 6,
win 510, options [nop,nop,TS val 270263558 ecr 2857447587], length 0
This proves there is nothing wrong with Mcq (Sbanetweb.com).
As far as fail2ban, none of the ip addresses are blocked.
Wayne
-----Original Message-----
From: Mark Lawrence <m...@rekudos.net>
Sent: Thursday, April 24, 2025 2:13 PM
To: Wayne Spivak <wspi...@sbanetweb.com>
Cc: misc@opensmtpd.org
Subject: Re: MTA stopped connecting to Postfix server on 587
>The IP isn't blocked (at either the Pi or McQ). I can traceroute to
>McQ.
>I tried nc, telnet and open_ssl to attempt connecting on port 587, and
>they all failed from NAS to McQ. However, they did work on Joe and
>Beta to McQ.
I assume you used an IP address wth your test commands, or that DNS is
resolving correctly on NAS?
Otherwise, unless NAS has a local firewall and something changed there, this
is a strong indication that something along the network path is preventing
communication. I would check first locally on NAS with `tcpdump` or `ngrep`:
1. That TCP packets are actually leaving NAS for the destination
2. What ICMP packets are coming back from hops
And then do the same on McQ...
--
Mark Lawrence
