Dear Andy: I saw your post to lkml about the SMTP->Windows connection problems with the 2.4.16 kernel. http://lists.insecure.org/linux-kernel/2001/Dec/1517.html I am having the exact same problem with a 2.4.18 kernel from kernel.org. (Unmodified, no Red Hat patches, etc.) If I reboot into the 2.4.9-34 Red Hat kernel, using the same IP addresses and iptables configuration etc., I can establish the SMTP connection just fine to these remote mail servers. Using 2.4.18 I just get connection refused, even though they ping just fine, just as you describe. This is really bad because I was trying to use the 2.4.18 kernel on my mail relays. Did you ever get this resolved? It didn't sound like anyone on the lkml believed you. From the looks of things in the message below, this problem must be specific to the ix86 kernels, since he says his Alpha 2.4.18 system can connect just fine to one of the Windows mail servers that I was having trouble connecting to. ...and yes, I've filed several trouble reports with the "offending" ISPs, but they never seemed to be able to find anything wrong with their setup... (Other than using Windows on a mail server of course). Thanks, Jim PS This is 2.4.9-34 connecting to SMTP: [29] root@tostada.us.pason.com:/root > telnet mta01.cdpd.airdata.com 25 Trying 199.88.234.33... Connected to mta01.cdpd.airdata.com (199.88.234.33). Escape character is '^]'. 220 mta01.cdpd.airdata.com (IntraStore TurboSendmail) ESMTP Service ready quit 221 Until later [63.251.183.29] Connection closed by foreign host. PPS This is 2.4.18-JEO-SMP connecting to the same SMTP server: [10] root@taco.us.pason.com:/root > telnet mta01.cdpd.airdata.com 25 Trying 199.88.234.33... Both systems have identical outbound connectivity. The hardware is identical. The only different thing between them is the kernel. nmap synstealth scans of that host are inconclusive. Forwarded message: > From: David Anselmi > To: clue-tech@clue.denver.co.us > Subject: Re: [CLUE-Tech] Sendmail and IPtables > Date: Fri, 04 Oct 2002 08:02:37 -0600 > Jim Ockers wrote: > [...] > > > > The problem is not anything to do with sendmail, since telnet is not able > > to establish the socket to remote:25 either. We have seen this with various > > remote IP addresses. Again, most remote servers work just fine for accepting > > connections from our server to port 25; but a few give TCP SYN timeouts. > Could ECN be the problem? I've heard it interferes with web sites, not > mail, but I don't know much about it. Traceroute reaches the problem > machines, right? > > Netcat! That's a good idea. I'll have to look for it & how to use it, > > because I've got another system with the same problem. We were using > > "telnet hostname 25" or "telnet i.p.ad.dr 25" as our test mechanism. > Here's the link: > http://www.atstake.com/research/tools/nc110.tgz > There's a readme there too to tell you how it works. Telnet is fine for > manual testing, and I've scripted it on Solaris. On SuSE 7.2 netcat is > better for scripting. I do this: > netcat -zw5 host port > and test the return value. The -w5 keeps it from waiting too long when > the server is down. The -z closes the connection as soon as it's made > (handy). This gets a little tricky for testing UDP though. > > Here's one mail server that doesn't work with our 2.4.18 kernel but works > > with other kernels: > > > > [39] root@agadez:/home/root > telnet mta01.cdpd.airdata.com 25 > I have a Debian 2.4.18 kernel (on a DEC Alpha) that can do this. I'll > send you the config. Obviously there will be a bunch of differences, > but maybe something will jump out in the network options. > Dave > _______________________________________________ > CLUE-Tech mailing list > CLUE-Tech@clue.denver.co.us > http://clue.denver.co.us/mailman/listinfo/clue-tech -- Jim Ockers - Pason (ockers@pason.com) Contact info: http://www.pason.com/ockers.html Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email) at http://www.cauce.org/ .