Blocked??
Blocked??
ESM 0-1.52- refused connection at 11/22/04 13:42:22
Today a client out of nowhere can no longer connect to the mail server.
I telneted into the mail server and they get this.
I telneted into another mail server, and they get in fine...
What do I do to allow them?? I whitelisted their IP and everything?
Help!?
Today a client out of nowhere can no longer connect to the mail server.
I telneted into the mail server and they get this.
I telneted into another mail server, and they get in fine...
What do I do to allow them?? I whitelisted their IP and everything?
Help!?
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Ian,
I show this many times in my logs:
11/22/04 13:29:40
SMTP-IN 1E1E5EFA9AC44D458199AED711766F.MAI 704 66.255.128.137 421 mailserver.domain.com ESMTP MailEnable Service, Version: 0-1.52- refused connection at 11/22/04 13:29:40 0 0
Basically, The server is simply refusing the connection, and I have no idea why!
I show this many times in my logs:
11/22/04 13:29:40
SMTP-IN 1E1E5EFA9AC44D458199AED711766F.MAI 704 66.255.128.137 421 mailserver.domain.com ESMTP MailEnable Service, Version: 0-1.52- refused connection at 11/22/04 13:29:40 0 0
Basically, The server is simply refusing the connection, and I have no idea why!
Ian or anyone,
Not sure if I am opening up a can of worms, but there are a few other IP addresses that are being refused.
What would be the reason for refusing the connection?
How can I guarantee the connection since I am whitelisting the IP as well?
Some IPs that are rejected SAY they are rejected becasue they are found in a DNS blacklist, but this simply just says refused and nothing else....
Ideas?
Not sure if I am opening up a can of worms, but there are a few other IP addresses that are being refused.
What would be the reason for refusing the connection?
How can I guarantee the connection since I am whitelisting the IP as well?
Some IPs that are rejected SAY they are rejected becasue they are found in a DNS blacklist, but this simply just says refused and nothing else....
Ideas?
-
- Posts: 5858
- Joined: Fri Jan 16, 2004 6:49 am
- Location: Melbourne
Can you please let me know what your domain is you could Private Message it to me if you like.
Regards,
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
For those who find this in the future:
In the Access Control, the IP was banned.
The IP was banned because of this:
has used local loopback address [127.0.0.1] because it is hosted locally and could not be resolved using DNS settings.
11/19/04 15:53:22 ME-I0073: IP Address xx.xxx.xxx.xxx banned.
Not sure why, but it was.
In addition, I whitelisted that exact IP but it did nothing to solve the problem.
So the REASON was it was banned in the Access Control, but why it was banned and why didn't the whitelist work, we have yet to figure out.
In the Access Control, the IP was banned.
The IP was banned because of this:
has used local loopback address [127.0.0.1] because it is hosted locally and could not be resolved using DNS settings.
11/19/04 15:53:22 ME-I0073: IP Address xx.xxx.xxx.xxx banned.
Not sure why, but it was.
In addition, I whitelisted that exact IP but it did nothing to solve the problem.
So the REASON was it was banned in the Access Control, but why it was banned and why didn't the whitelist work, we have yet to figure out.
-
- Posts: 5858
- Joined: Fri Jan 16, 2004 6:49 am
- Location: Melbourne
OK, now that we have found that the IP was in the access control list of MailEnable or blocked by the SMTP service. I will explain why whitelisting the IP did not allow traffic through. The whitelist will prevent an IP from getting added to the access control list but if already added the whitelist can do nothing for an IP.
For you now I would suggest you add any IPs required to the whitelist this will help.
You said you had 3000 IPs in the access list this can affect your throughput what I would suggest is that you monitor this list and remove some of the IPs every month from the top of the list this is important when you have the SMTP Properties -> Security Tab -> Auto add IP to access control upon set number of failed connections. And in many cases once you have blocked the IPs for a period of time they will not continue to attack your server.
For you now I would suggest you add any IPs required to the whitelist this will help.
You said you had 3000 IPs in the access list this can affect your throughput what I would suggest is that you monitor this list and remove some of the IPs every month from the top of the list this is important when you have the SMTP Properties -> Security Tab -> Auto add IP to access control upon set number of failed connections. And in many cases once you have blocked the IPs for a period of time they will not continue to attack your server.
Regards,
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
-
- Posts: 5858
- Joined: Fri Jan 16, 2004 6:49 am
- Location: Melbourne
By the way that is not the correct log entry explaining why your remote client could not send mail through your server, I have done a check on the web site http://www.dnsreport.com and it shows some errors with your DNS settings you will need to rectify these, to totally remove these problems you have in the logs.
Regards,
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.