You will be glad to know I have the same problem here. I can't even telnet to smtp.gmail.com on tcp port 25. I can do this to other MTA's, just not gmails. No 3 way handshake (Not responding to my syns')
Looks as though perhaps SMTPS is now required for gmail as I used to have this working. (Although not on this workstation). I can telnet to tcp port 465 successfully. You will also notice that nmap shows the port as filtered: # nmap -sT -p 25 smtp.gmail.com Starting Nmap 5.00 ( http://nmap.org ) at 2010-06-30 12:55 EST Interesting ports on px-in-f109.1e100.net (74.125.155.109): PORT STATE SERVICE 25/tcp filtered smtp I don't think your issue is site specific.... Dave On Wed, Jun 30, 2010 at 1:38 AM, Ivan Lezhnjov Jr. < [email protected]> wrote: > I tried tcpdump, as you suggested, and what it reported was that apparently > communication was being established at port 25 but for whatever reason > GMail > wouldn't respond: > > GMail > r...@roosevelt:/home/ilj % tcpdump -ni eth0 host 74.125.43.27 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes > 12:19:08.251414 IP 91.194.239.113.41831 > 74.125.43.27.25: Flags [S], seq > 53304775, win 5840, options [mss 1460,sackOK,TS val 120648163 ecr > 0,nop,wscale > 6], length 0 > 12:19:11.251229 IP 91.194.239.113.41831 > 74.125.43.27.25: Flags [S], seq > 53304775, win 5840, options [mss 1460,sackOK,TS val 120649063 ecr > 0,nop,wscale > 6], length 0 > 12:19:17.251213 IP 91.194.239.113.41831 > 74.125.43.27.25: Flags [S], seq > 53304775, win 5840, options [mss 1460,sackOK,TS val 120650863 ecr > 0,nop,wscale > 6], length 0 > ^C > 3 packets captured > 6 packets received by filter > 0 packets dropped by kernel > > I tried another e-mail service which is very popular and pretty decent in > the > RuNet, the Yandex.Mail. All in all, the result was exactly the same: > > Yandex > r...@roosevelt:/home/ilj % tcpdump -ni eth0 host 77.88.21.38 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes > 18:07:17.642244 IP 91.194.239.113.50441 > 77.88.21.38.25: Flags [S], seq > 1208570375, win 5840, options [mss 1460,sackOK,TS val 126914980 ecr > 0,nop,wscale 6], length 0 > 18:07:20.639119 IP 91.194.239.113.50441 > 77.88.21.38.25: Flags [S], seq > 1208570375, win 5840, options [mss 1460,sackOK,TS val 126915880 ecr > 0,nop,wscale 6], length 0 > 18:07:26.639116 IP 91.194.239.113.50441 > 77.88.21.38.25: Flags [S], seq > 1208570375, win 5840, options [mss 1460,sackOK,TS val 126917680 ecr > 0,nop,wscale 6], length 0 > ^C > 3 packets captured > 3 packets received by filter > 0 packets dropped by kernel > > For whatever reason the SMTP servers' replies wouldn't come in to my > router. > The firewall is out of question so it's something else. > > > On Monday 28 June 2010 16:13:23 dan (ddp) wrote: > > You could try using tcpdump to see if there is an error returned from > > the remote smtp server. > > > > On Fri, Jun 25, 2010 at 5:24 AM, Ivan Lezhnjov Jr. > > > > <[email protected]> wrote: > > > Yes, there are plenty but all the same. It's a message that states > > > "ERROR: Error Sending email to 74.125.43.27 (smtp server)" nothing > else, > > > even with debug mode turned on. > > > > > > 2010/06/25 06:18:21 ossec-maild: DEBUG: Starting ... > > > 2010/06/25 06:18:21 ossec-maild: INFO: Chrooted to directory: > /var/ossec, > > > using user: ossecm > > > 2010/06/25 06:18:21 ossec-maild: INFO: Started (pid: 3266). > > > 2010/06/25 06:18:40 ossec-syscheckd: INFO: Starting syscheck database > > > (pre- scan). > > > 2010/06/25 06:19:46 ossec-syscheckd: INFO: Finished creating syscheck > > > database (pre-scan completed). > > > 2010/06/25 06:21:46 ossec-syscheckd: INFO: Starting syscheck scan > > > (forwarding database). > > > 2010/06/25 06:22:17 ossec-maild(1223): ERROR: Error Sending email to > > > 74.125.43.27 (smtp server) > > > 2010/06/25 06:22:27 ossec-maild(1223): ERROR: Error Sending email to > > > 74.125.43.27 (smtp server) > > > 2010/06/25 06:25:10 ossec-syscheckd: INFO: Ending syscheck scan > > > (forwarding database). > > > 2010/06/25 06:25:30 ossec-rootcheck: INFO: Starting rootcheck scan. > > > 2010/06/25 06:28:58 ossec-rootcheck: INFO: Ending rootcheck scan. > > > > > > I'm wondering what causes the error. The error message itself isn't > > > really helpful. > > > > > > On Thursday 24 June 2010 16:52:00 dan (ddp) wrote: > > >> Are there any errors in ossec.log regarding email? Have you tried > > >> running the daemon in debug mode? > > >> > > >> OSSEC's email daemon is pretty bare bones, so it might be worth while > > >> to route it through the system's smtpd. > > >> > > >> On Tue, Jun 22, 2010 at 3:19 AM, Ivan Lezhnjov Jr. > > >> > > >> <[email protected]> wrote: > > >> > Hey guys! > > >> > > > >> > I've been using OSSEC for a while on two Linux based routers and I > > >> > noticed that e-mail notifications on one of them is working almost > > >> > perfectly, meaning that e-mail notifications are sent out and OSSEC > > >> > can connect to the GMail's SMTP server but there's a problem. At > > >> > irregular intervals OSSEC fails to connect to GMail's SMTP. > > >> > > > >> > The second machine wasn't able to send out even a single e-mail > > >> > notification. > > >> > > > >> > Both machines use identical configuration (my e-mail address was > > >> > mangled to spam-protect myself): > > >> > > > >> > <global> > > >> > <email_notification>yes</email_notification> > > >> > <email_to>[email protected]</email_to> > > >> > <smtp_server>gmail-smtp-in.l.google.com</smtp_server> > > >> > <email_from>[email protected]</email_from> > > >> > </global> > > >> > > > >> > Each machine is located in a different network (autonomous > > >> > systems/ISPs). > > >> > > > >> > I have trouble seeing why one machine would send out e-mail > > >> > notifications successfully, albeit sometimes it fails to, due to its > > >> > inability to connect to the specified SMTP server, so I thought I'd > > >> > ask this here. > > >> > > > >> > Also, why another machine never succeeded at sending at least a > single > > >> > e-mail notification remains a complete mystery to me. It simply > > >> > doesn't make sense when I try to approach and understand this issue > > >> > with the "traditional" knowledge of e-mail infrastructure workflow. > > >> > Identical configurations > > >> > > > >> > My goal is to have robust e-mail notifications and working. So, I've > > >> > been wondering for a while why OSSEC works so unreliably with > GMail's > > >> > SMTP and if it's the same story with any other SMTP (I never tried > > >> > any other). > > >> > > > >> > Also, I've been thinking about setting up my own SMTP server on > these > > >> > two routers but I'm not really sure what kind of setup I should aim > > >> > for and/or if this will help at all. I'd appreciate it if someone > > >> > gave a hint on this. > > >> > > > >> > -- > > >> > > > >> > Ivan Lezhnjov Jr. > > >> > > > >> > Europe, Ukraine, Simferopol > > >> > > > >> > > +--------------------------------------------------------------------- > > >> > -+ > > >> > > > >> > Key ID 0x5811D90C > > >> > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C > > >> > Use GPG Exercise Your Right To Privacy > > > > > > -- > > > > > > Ivan Lezhnjov Jr. > > > > > > Europe, Ukraine, Simferopol > > > > > > > +----------------------------------------------------------------------+ > > > > > > Key ID 0x5811D90C > > > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C > > > Use GPG Exercise Your Right To Privacy > -- > > Ivan Lezhnjov Jr. > > Europe, Ukraine, Simferopol > > +----------------------------------------------------------------------+ > > Key ID 0x5811D90C > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C > Use GPG Exercise Your Right To Privacy >
