I have an Ubuntu 14 Server host. I can ping and HTTP to an external server, but cannot SMTP to it.
Doing host mail.domain.com
returns the correct external address, so DNS is working. Doing ping mail.domain.com
shows me that we successfully reach the server. Doing telnet mail.domain.com 80
shows me I get the expected 400 error. Doing a curl
also shows the expected data.
But, doing a telnet mail.domain.com 25
gives me a telnet: Unable to connect to remote host: Connection refused
. Doing a traceroute mail.domain.com
shows that I presumably go a few hops outside of the Ubuntu server, across some Comcast nodes, but then fail out?
1 <hidden>
2 <hidden>
3 <hidden>
4 pos-3-15-0-0-cr01.56marietta.ga.ibone.comcast.net (68.86.91.221) 17.061 ms pos-0-6-0-0-cr01.miami.fl.ibone.comcast.net (68.86.95.57) 11.345 ms pos-3-15-0-0-cr01.56marietta.ga.ibone.comcast.net (68.86.91.221) 17.052 ms
5 he-0-11-0-1-pe04.56marietta.ga.ibone.comcast.net (68.86.89.94) 15.382 ms 15.381 ms be-15-pe02.nota.fl.ibone.comcast.net (68.86.83.146) 8.659 ms
6 65.124.97.177 (65.124.97.177) 50.463 ms 49.446 ms 49.418 ms
7 * * *
8 63.148.218.166 (63.148.218.166) 85.529 ms 75.366 ms 75.155 ms
9 216.197.122.66 (216.197.122.66) 83.499 ms 77.650 ms 77.689 ms
10 * * *
11 * * *
From another (Windows 7) box on the local network, that telnet command works fine, with the expected 220 SMTP message.
1 <hidden>
2 <hidden>
3 <hidden>
4 10 ms 11 ms 19 ms pos-3-15-0-0-cr01.56marietta.ga.ibone.comcast.net [68.86.91.221]
5 8 ms 8 ms 8 ms be-12-pe02.nota.fl.ibone.comcast.net [68.86.82.121]
6 48 ms 48 ms 53 ms nap-edge-04.inet.qwest.net [65.122.166.77]
7 * * * Request timed out.
8 75 ms 73 ms 75 ms 63.148.218.166
9 75 ms 75 ms 75 ms 216.197.122.66
10 75 ms 70 ms 70 ms 216.119.120.174
11 76 ms 76 ms 76 ms mail.domain.com
Steps 1-3 show the same data. Any suggestions? Why would packets from one box get routed differently than another coming from the same network?
Best Answer
Given that this is a corporate situation, the most plausible culprit is the company firewall. Like in most corporate set-ups, the firewall rejects all outbound TCP port 25 connections, except those originating from designated machines. The Windows server probably is one of these, and the Ubuntu server isn't.
To find out whether this is the case, perform any of these diagnostics, in decreasing order of sensibility:
tcptraceroute mail.domain.com 25
from the Ubuntu server to find out which hop is rejecting the establishment of an SMTP connection.telnet mail.domain.com 25
from the Ubuntu server. Better not tell the network administrators.From these diagnostics you will find out whether the TCP connection is blocked within the company, at the destination, or somewhere in between. I'd say the odds for these are 1G:10:1. In either case, you will need to talk to the network administrators to solve the issue, so you might as well take step 1 right away.
Note that it makes no sense to do a
traceroute
when you can alreadyping
a destination. The successful ping proves that the destination is live and reachable. Therefore all hops in between are reachable. No need to demonstrate that.