[ale] blocked domains

Bob Toxen transam at verysecurelinux.com
Thu Nov 29 16:52:13 EST 2007


On Tue, Nov 27, 2007 at 07:54:22PM -0500, Daniel Kahn Gillmor wrote:
> On Tue 2007-11-27 13:39:25 -0500, Bob Toxen wrote:

...
> Bob, i'm pretty sure that the problem referenced was
> rejected/blackholed SMTP traffic (selected via some sort of IP-based
> blacklist), not a full IP-level packet rejection.  If was just SMTP, a
> traceroute probably wouldn't have helped much in the diagnosis.
In that case, do telnet to port 25 via

  Linux:
    telnet mail.turkey.com 25

  Windoze:
    telnet mail.turkey.com:25

If you then get as far as:

     Trying 204.127.217.16

then DNS resolution worked.

If you then get as far as:

  Connected to mail.turkey.com.
  Escape character is '^]'.

then the initial TCP 3-way handshake completed and you know that
the system is up, that there is a process listening on TCP port 25,
and that there is not a firewall (yours or theirs) blocking access.


Then enter the SMTP dialog (see p254 of Real World Linux Security, 2nd):
  EHLO mail.me.com
  MAIL From:<me at me.com>
  RCPT To:<someone at turkey.com>
  DATA
  From: me at me.com
  To: someone at turkey.com
  Subject: Stupid turkeys

  This is test email.
  Did it get delivered, trashed, or bounced?
  .
  quit

Many mail servers, if they won't talk to you either will drop you as
as soon as the connection is made, when you get the:

  Connected to mail.turkey.com.
  Escape character is '^]'.

with a blah, blah Forbidden, see http://www.turkey.com/getlost.html.

Others, when they thenreceive the MAIL From and RCPT To lines will
decide if you are blocked and, if so, will issue the above Forbidden
response at that time and then drop the connection.


> Regards,

>          --dkg

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality spam and virus filters.
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002



More information about the Ale mailing list