Blocked??

Discussions on webmail and the Professional version.
Post Reply
HELP HELP

Blocked??

Post by HELP HELP » Mon Nov 22, 2004 6:43 pm

ESM 0-1.52- refused connection at 11/22/04 13:42:22

Today a client out of nowhere can no longer connect to the mail server.

I telneted into the mail server and they get this.

I telneted into another mail server, and they get in fine...

What do I do to allow them?? I whitelisted their IP and everything?

Help!?

MailEnable-Ian
Site Admin
Posts: 9101
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Post by MailEnable-Ian » Mon Nov 22, 2004 11:17 pm

Hi,

Have you checked your log files. Can you provide more detail on the problem.

Regards,

Guest

Post by Guest » Tue Nov 23, 2004 3:00 am

Ian,

Where are the logs that would show a telnet refusal / mail connection refusal?

Guest

Post by Guest » Tue Nov 23, 2004 3:07 am

Ian,

I show this many times in my logs:

11/22/04 13:29:40
SMTP-IN 1E1E5EFA9AC44D458199AED711766F.MAI 704 66.255.128.137 421 mailserver.domain.com ESMTP MailEnable Service, Version: 0-1.52- refused connection at 11/22/04 13:29:40 0 0

Basically, The server is simply refusing the connection, and I have no idea why!

Guest

Post by Guest » Tue Nov 23, 2004 3:20 am

Ian or anyone,

Not sure if I am opening up a can of worms, but there are a few other IP addresses that are being refused.

What would be the reason for refusing the connection?

How can I guarantee the connection since I am whitelisting the IP as well?

Some IPs that are rejected SAY they are rejected becasue they are found in a DNS blacklist, but this simply just says refused and nothing else....

Ideas? :?:

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Post by MailEnable-Ben » Tue Nov 23, 2004 3:40 am

Can you please let me know what your domain is you could Private Message it to me if you like.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

Rooey49
Posts: 2
Joined: Wed Feb 26, 2003 11:42 pm

Post by Rooey49 » Tue Nov 23, 2004 4:13 am

sent to you Ben

Rooey49
Posts: 2
Joined: Wed Feb 26, 2003 11:42 pm

Post by Rooey49 » Tue Nov 23, 2004 4:54 am

For those who find this in the future:

In the Access Control, the IP was banned.

The IP was banned because of this:

has used local loopback address [127.0.0.1] because it is hosted locally and could not be resolved using DNS settings.
11/19/04 15:53:22 ME-I0073: IP Address xx.xxx.xxx.xxx banned.

Not sure why, but it was.

In addition, I whitelisted that exact IP but it did nothing to solve the problem.

So the REASON was it was banned in the Access Control, but why it was banned and why didn't the whitelist work, we have yet to figure out.

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Post by MailEnable-Ben » Tue Nov 23, 2004 4:58 am

OK, now that we have found that the IP was in the access control list of MailEnable or blocked by the SMTP service. I will explain why whitelisting the IP did not allow traffic through. The whitelist will prevent an IP from getting added to the access control list but if already added the whitelist can do nothing for an IP.

For you now I would suggest you add any IPs required to the whitelist this will help.

You said you had 3000 IPs in the access list this can affect your throughput what I would suggest is that you monitor this list and remove some of the IPs every month from the top of the list this is important when you have the SMTP Properties -> Security Tab -> Auto add IP to access control upon set number of failed connections. And in many cases once you have blocked the IPs for a period of time they will not continue to attack your server.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Post by MailEnable-Ben » Tue Nov 23, 2004 5:06 am

By the way that is not the correct log entry explaining why your remote client could not send mail through your server, I have done a check on the web site http://www.dnsreport.com and it shows some errors with your DNS settings you will need to rectify these, to totally remove these problems you have in the logs.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

Post Reply