[CLUE-Tech] Sendmail and IPtables
David Anselmi
anselmi at americanisp.net
Fri Oct 4 08:02:37 MDT 2002
Jim Ockers wrote:
[...]
>
> The problem is not anything to do with sendmail, since telnet is not able
> to establish the socket to remote:25 either. We have seen this with various
> remote IP addresses. Again, most remote servers work just fine for accepting
> connections from our server to port 25; but a few give TCP SYN timeouts.
Could ECN be the problem? I've heard it interferes with web sites, not
mail, but I don't know much about it. Traceroute reaches the problem
machines, right?
> Netcat! That's a good idea. I'll have to look for it & how to use it,
> because I've got another system with the same problem. We were using
> "telnet hostname 25" or "telnet i.p.ad.dr 25" as our test mechanism.
Here's the link:
http://www.atstake.com/research/tools/nc110.tgz
There's a readme there too to tell you how it works. Telnet is fine for
manual testing, and I've scripted it on Solaris. On SuSE 7.2 netcat is
better for scripting. I do this:
netcat -zw5 host port
and test the return value. The -w5 keeps it from waiting too long when
the server is down. The -z closes the connection as soon as it's made
(handy). This gets a little tricky for testing UDP though.
> Here's one mail server that doesn't work with our 2.4.18 kernel but works
> with other kernels:
>
> [39] root at agadez:/home/root > telnet mta01.cdpd.airdata.com 25
I have a Debian 2.4.18 kernel (on a DEC Alpha) that can do this. I'll
send you the config. Obviously there will be a bunch of differences,
but maybe something will jump out in the network options.
Dave
More information about the clue-tech
mailing list