Hi Scott
Yeah I thought something similar but traces match to all of mx1.hotmail.com IPs
Have tried the same to Gmails servers also
From our existing mail server (202.170.167.18)
[root@mail ~]# tcptraceroute mx1.hotmail.com 25
traceroute to mx1.hotmail.com (65.55.37.104), 30 hops max, 25 byte packets
1 203.167.254.30 (203.167.254.30) 0.541 ms 1.505 ms 1.602 ms
2 202.170.167.118 (202.170.167.118) 8.611 ms 10.540 ms 10.575 ms
3 icore.inhb.co.nz (203.167.255.114) 12.548 ms 13.384 ms 14.421 ms
4 fa0-1.96.r1-inhb.safenz.net (202.170.160.225) 16.343 ms 18.423 ms 18.459 ms
5 f0-0-98.icore1.safenz.net (202.170.160.47) 23.351 ms 23.392 ms 24.244 ms
6 f0-0-76.icore3.safenz.net (202.170.162.187) 30.219 ms 15.834 ms 15.817 ms
7 ten-0-3-0-106.bdr01.akl02.akl.VOCUS.net.au (114.31.203.49) 16.701 ms 16.798 ms 17.627 ms
8 ten-0-1-0-62.bdr02.akl02.akl.VOCUS.net.au (114.31.202.43) 139.498 ms 137.833 ms 140.651 ms
9 ip-35.202.31.114.VOCUS.net.au (114.31.202.35) 140.650 ms 136.749 ms 137.562 ms
10 ten-0-1-0-63.bdr02.akl02.akl.VOCUS.net.au (114.31.202.45) 140.496 ms 137.789 ms 140.849 ms
11 microsoft.com.any2ix.coresite.com (206.223.143.143) 142.707 ms 144.776 ms 144.798 ms
12 xe-3-0-0-0.lax-96cbe-1b.ntwk.msn.net (207.46.47.11) 147.645 ms 146.690 ms 145.928 ms
13 xe-3-0-2-0.bay-16c-1a.ntwk.msn.net (207.46.46.242) 151.616 ms 151.696 ms 152.653 ms
14 ge-1-1-0-0.by2-64c-1b.ntwk.msn.net (207.46.43.53) 155.700 ms 153.864 ms 155.765 ms
15 ge-5-0-0-0.co1-64c-1a.ntwk.msn.net (207.46.40.190) 181.720 ms 202.785 ms 203.747 ms
16 ge-3-0-0-0.co2-64c-1a.ntwk.msn.net (207.46.43.171) 176.716 ms 177.705 ms 175.807 ms
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
From our new mail server (118.67.193.2)
[root@mta1 ~]# tcptraceroute mx1.hotmail.com 25
traceroute to mx1.hotmail.com (65.55.37.120), 30 hops max, 25 byte packets
1 f0-2-fw2.waspnet.co.nz (118.67.193.14) 0.825 ms 0.896 ms 1.050 ms
2 202.170.167.118 (202.170.167.118) 1.890 ms 2.692 ms 2.760 ms
3 icore.inhb.co.nz (203.167.255.114) 7.323 ms 6.487 ms 4.627 ms
4 fa0-1.96.r1-inhb.safenz.net (202.170.160.225) 7.428 ms 7.399 ms 7.114 ms
5 f0-0-98.icore1.safenz.net (202.170.160.47) 7.002 ms 10.748 ms 10.848 ms
6 f0-0-76.icore3.safenz.net (202.170.162.187) 14.002 ms 15.286 ms 16.121 ms
7 ten-0-3-0-106.bdr01.akl02.akl.VOCUS.net.au (114.31.203.49) 14.277 ms 14.670 ms 15.756 ms
8 ten-0-1-0-62.bdr02.akl02.akl.VOCUS.net.au (114.31.202.43) 139.628 ms 137.444 ms 137.715 ms
9 ge-0-0-1.bdr02.akl01.akl.VOCUS.net.au (114.31.202.33) 138.247 ms 137.747 ms 138.548 ms
10 ten-0-1-0-63.bdr02.akl02.akl.VOCUS.net.au (114.31.202.45) 137.878 ms 137.625 ms 142.223 ms
11 microsoft.com.any2ix.coresite.com (206.223.143.143) 145.074 ms 144.358 ms 145.248 ms
12 xe-3-0-0-0.lax-96cbe-1b.ntwk.msn.net (207.46.47.11) 146.654 ms 146.778 ms 150.891 ms
13 xe-3-0-2-0.bay-16c-1a.ntwk.msn.net (207.46.46.242) 157.453 ms 155.162 ms 155.030 ms
14 ge-1-1-0-0.by2-64c-1b.ntwk.msn.net (207.46.43.53) 154.778 ms 153.700 ms 153.140 ms
15 ge-5-0-0-0.co1-64c-1a.ntwk.msn.net (207.46.40.190) 176.389 ms 174.891 ms 175.001 ms
16 ge-3-0-0-0.co2-64c-1a.ntwk.msn.net (207.46.43.171) 174.790 ms 175.741 ms 174.093 ms
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
[root@mta1 ~]# telnet mx1.hotmail.com 25
Trying 65.54.188.126...
telnet: connect to address 65.54.188.126: Connection refused
Trying 65.55.37.72...
telnet: connect to address 65.55.37.72: Connection refused
Trying 65.55.37.88...
telnet: connect to address 65.55.37.88: Connection refused
Trying 65.55.37.104...
telnet: connect to address 65.55.37.104: Connection refused
Trying 65.55.37.120...
telnet: connect to address 65.55.37.120: Connection refused
Trying 65.55.92.136...
telnet: connect to address 65.55.92.136: Connection refused
Trying 65.55.92.152...
telnet: connect to address 65.55.92.152: Connection refused
Trying 65.55.92.168...
telnet: connect to address 65.55.92.168: Connection refused
Trying 65.55.92.184...
telnet: connect to address 65.55.92.184: Connection refused
Trying 65.54.188.72...
telnet: connect to address 65.54.188.72: Connection refused
Trying 65.54.188.94...
telnet: connect to address 65.54.188.94: Connection refused
Trying 65.54.188.110...
telnet: connect to address 65.54.188.110: Connection refused
telnet: Unable to connect to remote host: Connection refused
Regards
Jodi
From: Scott Howard [mailto:scott@doc.net.au]
Sent: Friday, 1 April 2011 14:29
To: Jodi Thomson
Cc: nznog@list.waikato.ac.nz
Subject: Re: [nznog] new mail server on new ip block
I've never heard of those providers blocking by refusing connections, which makes me suspect it's not them doing it but someone in the path.
This is where tcptraceroute is your friend. Run "tcptraceroute mx1.hotmail.com 25" and see where the connections are actually being refused - my money is on it not being at the destination itself.
Scott
On Thu, Mar 31, 2011 at 5:53 PM, Jodi Thomson <jodi@team.waspnet.co.nz> wrote:
Hi all
Am after some advice please.
We’ve recently taken possession of a shiny new IP block from APNIC – 118.67.192.0/21 so that we can give our current IP’s back to our upstream.
As part of the renumbering processes we’re taking the opportunity of building a new mail server as the old one is getting a little tired.
However we’ve run into a minor snag: The IP of our new mail server mta1.waspnet.co.nz 118.67.193.2 and this being explicitly refused connection on port 25 to many of the major providers such as Gmail, Excite and Hotmail – (In fact the entire range is but am only concerned with one at this stage)
Apr 1 13:25:01 mta1 postfix/smtp[8807]: connect to gmail-smtp-in.l.google.com[72.14.213.27]: Connection refused (port 25)
Apr 1 13:25:01 mta1 postfix/smtp[8807]: connect to alt1.gmail-smtp-in.l.google.com[74.125.67.27]: Connection refused (port 25)
Apr 1 13:25:01 mta1 postfix/smtp[8807]: connect to alt2.gmail-smtp-in.l.google.com[74.125.47.27]: Connection refused (port 25)
Apr 1 13:25:01 mta1 postfix/smtp[8807]: connect to alt3.gmail-smtp-in.l.google.com[74.125.113.27]: Connection refused (port 25)
Apr 1 13:25:01 mta1 postfix/smtp[8807]: connect to alt4.gmail-smtp-in.l.google.com[209.85.229.27]: Connection refused (port 25)
Apr 1 13:25:01 mta1 postfix/smtp[8808]: connect to mx2.hotmail.com[65.55.92.184]: Connection refused (port 25)
Apr 1 13:25:01 mta1 postfix/smtp[8808]: connect to mx1.hotmail.com[65.54.188.110]: Connection refused (port 25)
Apr 1 13:25:01 mta1 postfix/smtp[8808]: connect to mx2.hotmail.com[65.54.188.126]: Connection refused (port 25)
Apr 1 13:25:01 mta1 postfix/smtp[8808]: connect to mx4.hotmail.com[65.54.188.110]: Connection refused (port 25)
Apr 1 13:25:01 mta1 postfix/smtp[8808]: connect to mx3.hotmail.com[65.54.188.126]: Connection refused (port 25)
Other providers such as TCL are just timing out on the connection attempt
/var/log/maillog:Mar 29 08:27:29 mta1 postfix/smtp[28902]: connect to mx.clear.net.nz[203.97.33.212]: Connection timed out (port 25)
Telnet to port 25 produces the same results
Yahoo interestingly isn't blocking it and other a few other providers are letting us through
The frustrating thing for me is that once I got SPF & rDNS sorted we had full connectivity to all of these on the 17th & 18th March. Then on the 19th we started to be blocked again.
I’ve filled in online forms with the big three to no avail. I've checked SORBS, Senderbase, etc and I can see no reason why we should not get through. Any suggestions/assistance as to what I can try next would be greatly appreciated.
We’re currently using it for sending team.waspnet.co.nz mail
Cheers
Jodi
PS – We also have an IPv6 block which I am waiting upstream advertisement
PPS – There will be beer J
Jodi Thomson
Network & Systems Engineer
Ph +64-6-8355800
Fax +64-6-8355811
Mob +64-21-903712
E-Mail jodi@team.waspnet.co.nz
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog