It turned out that my ISP was filtering port 25. Too bad I realized it this late.
Anyway, big thank you to everynoe who tried to help me with this! On Wednesday 30 June 2010 06:01:43 Dave Lowe wrote: > You will be glad to know I have the same problem here. > I can't even telnet to smtp.gmail.com on tcp port 25. > I can do this to other MTA's, just not gmails. No 3 way handshake (Not > responding to my syns') > > Looks as though perhaps SMTPS is now required for gmail as I used to have > this working. (Although not on this workstation). I can telnet to tcp port > 465 successfully. > > You will also notice that nmap shows the port as filtered: > # nmap -sT -p 25 smtp.gmail.com > > Starting Nmap 5.00 ( http://nmap.org ) at 2010-06-30 12:55 EST > Interesting ports on px-in-f109.1e100.net (74.125.155.109): > PORT STATE SERVICE > 25/tcp filtered smtp > > I don't think your issue is site specific.... > > > Dave > > > On Wed, Jun 30, 2010 at 1:38 AM, Ivan Lezhnjov Jr. < > > [email protected]> wrote: > > I tried tcpdump, as you suggested, and what it reported was that > > apparently communication was being established at port 25 but for > > whatever reason GMail > > wouldn't respond: > > > > GMail > > r...@roosevelt:/home/ilj % tcpdump -ni eth0 host 74.125.43.27 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > decode listening on eth0, link-type EN10MB (Ethernet), capture size > > 65535 bytes 12:19:08.251414 IP 91.194.239.113.41831 > 74.125.43.27.25: > > Flags [S], seq 53304775, win 5840, options [mss 1460,sackOK,TS val > > 120648163 ecr 0,nop,wscale > > 6], length 0 > > 12:19:11.251229 IP 91.194.239.113.41831 > 74.125.43.27.25: Flags [S], seq > > 53304775, win 5840, options [mss 1460,sackOK,TS val 120649063 ecr > > 0,nop,wscale > > 6], length 0 > > 12:19:17.251213 IP 91.194.239.113.41831 > 74.125.43.27.25: Flags [S], seq > > 53304775, win 5840, options [mss 1460,sackOK,TS val 120650863 ecr > > 0,nop,wscale > > 6], length 0 > > ^C > > 3 packets captured > > 6 packets received by filter > > 0 packets dropped by kernel > > > > I tried another e-mail service which is very popular and pretty decent in > > the > > RuNet, the Yandex.Mail. All in all, the result was exactly the same: > > > > Yandex > > r...@roosevelt:/home/ilj % tcpdump -ni eth0 host 77.88.21.38 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > decode listening on eth0, link-type EN10MB (Ethernet), capture size > > 65535 bytes 18:07:17.642244 IP 91.194.239.113.50441 > 77.88.21.38.25: > > Flags [S], seq 1208570375, win 5840, options [mss 1460,sackOK,TS val > > 126914980 ecr 0,nop,wscale 6], length 0 > > 18:07:20.639119 IP 91.194.239.113.50441 > 77.88.21.38.25: Flags [S], seq > > 1208570375, win 5840, options [mss 1460,sackOK,TS val 126915880 ecr > > 0,nop,wscale 6], length 0 > > 18:07:26.639116 IP 91.194.239.113.50441 > 77.88.21.38.25: Flags [S], seq > > 1208570375, win 5840, options [mss 1460,sackOK,TS val 126917680 ecr > > 0,nop,wscale 6], length 0 > > ^C > > 3 packets captured > > 3 packets received by filter > > 0 packets dropped by kernel > > > > For whatever reason the SMTP servers' replies wouldn't come in to my > > router. > > The firewall is out of question so it's something else. > > > > On Monday 28 June 2010 16:13:23 dan (ddp) wrote: > > > You could try using tcpdump to see if there is an error returned from > > > the remote smtp server. > > > > > > On Fri, Jun 25, 2010 at 5:24 AM, Ivan Lezhnjov Jr. > > > > > > <[email protected]> wrote: > > > > Yes, there are plenty but all the same. It's a message that states > > > > "ERROR: Error Sending email to 74.125.43.27 (smtp server)" nothing > > > > else, > > > > > > even with debug mode turned on. > > > > > > > > 2010/06/25 06:18:21 ossec-maild: DEBUG: Starting ... > > > > > > 2010/06/25 06:18:21 ossec-maild: INFO: Chrooted to directory: > > /var/ossec, > > > > > > using user: ossecm > > > > 2010/06/25 06:18:21 ossec-maild: INFO: Started (pid: 3266). > > > > 2010/06/25 06:18:40 ossec-syscheckd: INFO: Starting syscheck database > > > > (pre- scan). > > > > 2010/06/25 06:19:46 ossec-syscheckd: INFO: Finished creating syscheck > > > > database (pre-scan completed). > > > > 2010/06/25 06:21:46 ossec-syscheckd: INFO: Starting syscheck scan > > > > (forwarding database). > > > > 2010/06/25 06:22:17 ossec-maild(1223): ERROR: Error Sending email to > > > > 74.125.43.27 (smtp server) > > > > 2010/06/25 06:22:27 ossec-maild(1223): ERROR: Error Sending email to > > > > 74.125.43.27 (smtp server) > > > > 2010/06/25 06:25:10 ossec-syscheckd: INFO: Ending syscheck scan > > > > (forwarding database). > > > > 2010/06/25 06:25:30 ossec-rootcheck: INFO: Starting rootcheck scan. > > > > 2010/06/25 06:28:58 ossec-rootcheck: INFO: Ending rootcheck scan. > > > > > > > > I'm wondering what causes the error. The error message itself isn't > > > > really helpful. > > > > > > > > On Thursday 24 June 2010 16:52:00 dan (ddp) wrote: > > > >> Are there any errors in ossec.log regarding email? Have you tried > > > >> running the daemon in debug mode? > > > >> > > > >> OSSEC's email daemon is pretty bare bones, so it might be worth > > > >> while to route it through the system's smtpd. > > > >> > > > >> On Tue, Jun 22, 2010 at 3:19 AM, Ivan Lezhnjov Jr. > > > >> > > > >> <[email protected]> wrote: > > > >> > Hey guys! > > > >> > > > > >> > I've been using OSSEC for a while on two Linux based routers and I > > > >> > noticed that e-mail notifications on one of them is working almost > > > >> > perfectly, meaning that e-mail notifications are sent out and > > > >> > OSSEC can connect to the GMail's SMTP server but there's a > > > >> > problem. At irregular intervals OSSEC fails to connect to GMail's > > > >> > SMTP. > > > >> > > > > >> > The second machine wasn't able to send out even a single e-mail > > > >> > notification. > > > >> > > > > >> > Both machines use identical configuration (my e-mail address was > > > >> > > > > >> > mangled to spam-protect myself): > > > >> > <global> > > > >> > > > > >> > <email_notification>yes</email_notification> > > > >> > <email_to>[email protected]</email_to> > > > >> > <smtp_server>gmail-smtp-in.l.google.com</smtp_server> > > > >> > <email_from>[email protected]</email_from> > > > >> > > > > >> > </global> > > > >> > > > > >> > Each machine is located in a different network (autonomous > > > >> > systems/ISPs). > > > >> > > > > >> > I have trouble seeing why one machine would send out e-mail > > > >> > notifications successfully, albeit sometimes it fails to, due to > > > >> > its inability to connect to the specified SMTP server, so I > > > >> > thought I'd ask this here. > > > >> > > > > >> > Also, why another machine never succeeded at sending at least a > > > > single > > > > > >> > e-mail notification remains a complete mystery to me. It simply > > > >> > doesn't make sense when I try to approach and understand this > > > >> > issue with the "traditional" knowledge of e-mail infrastructure > > > >> > workflow. Identical configurations > > > >> > > > > >> > My goal is to have robust e-mail notifications and working. So, > > > >> > I've been wondering for a while why OSSEC works so unreliably > > > >> > with > > > > GMail's > > > > > >> > SMTP and if it's the same story with any other SMTP (I never tried > > > >> > any other). > > > >> > > > > >> > Also, I've been thinking about setting up my own SMTP server on > > > > these > > > > > >> > two routers but I'm not really sure what kind of setup I should > > > >> > aim for and/or if this will help at all. I'd appreciate it if > > > >> > someone gave a hint on this. > > > >> > > > > >> > -- > > > >> > > > > >> > Ivan Lezhnjov Jr. > > > >> > > > > >> > Europe, Ukraine, Simferopol > > > > +--------------------------------------------------------------------- > > > > > >> > -+ > > > >> > > > > >> > Key ID 0x5811D90C > > > >> > > > > >> > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 > > > >> > D90C > > > >> > > > > >> > Use GPG Exercise Your Right To Privacy > > > > > > > > -- > > > > > > > > Ivan Lezhnjov Jr. > > > > > > > > Europe, Ukraine, Simferopol > > > > +----------------------------------------------------------------------+ > > > > > > Key ID 0x5811D90C > > > > > > > > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C > > > > > > > > Use GPG Exercise Your Right To Privacy > > > > -- > > > > Ivan Lezhnjov Jr. > > > > Europe, Ukraine, Simferopol > > > > +----------------------------------------------------------------------+ > > > > Key ID 0x5811D90C > > > > Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C > > > > Use GPG Exercise Your Right To Privacy -- Ivan Lezhnjov Jr. Europe, Ukraine, Simferopol +----------------------------------------------------------------------+ Key ID 0x5811D90C Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C Use GPG Exercise Your Right To Privacy
