[ALUG] I need an E-Mail expert to help me solve this

Phil Ashby phil.alug at ashbysoft.com
Sun Feb 19 15:23:45 GMT 2017

On 19/02/17 12:00, Chris Green <cl at isbd.net> wrote:
> I have an E-Mail requirement/problem that I've wasted several hours on over the past few days to
> little effect.  Maybe someone here can help.
> My home (linux) machine runs all the time and hosts the domain zbmc.eu which is registered at
> gandi.net.  The zone file there is configured to point at my home machine and the MX record is
> set up too:-
 > chris at cheddar$ host zbmc.eu
 > zbmc.eu has address
 > zbmc.eu mail is handled by 10 zbmc.eu.
 > chris at cheddar$ is my PlusNet ADSL connection.
> ..[lots of testing that indicates 'something' is blocking SMTP on some routes, but not all...]

Hi Chris,

I have almost the same setup as you, an external/public server (mail.ashbysoft.com) that forwards
mail to an internal/private server at home (phil.ashbysoft.com, on PlusNet), my external server is
in a co-lo facility and managed by me, rather than a 3rd part but hey, it's still working so it 
doesn't look like PlusNet per se..

I tried a few tests for your host:

- from my home network (via NAT, PlusNet):

   phlash at zaphod:~$ host zbmc.eu
   zbmc.eu has address
   zbmc.eu mail is handled by 10 zbmc.eu.

   phlash at zaphod:~$ telnet zbmc.eu 25	# not looking good for inbound connectivity on 25

   phlash at zaphod:~$ telnet zbmc.eu 587	# nor the alternative SMTP submission port 587

- from my external server (via NAT, Virgin Media):

   phil:~$ telnet zbmc.eu 25		# still no joy

   phil:~$ telnet zbmc.eu 587		# kind of expected by now :/

   phil:~$ ping zbmc.eu			# just checking the endpoint is up :)
   PING zbmc.eu ( 56(84) bytes of data.
   64 bytes from chrisisbd01.plus.com ( icmp_seq=1 ttl=243 time=25.2 ms
   64 bytes from chrisisbd01.plus.com ( icmp_seq=2 ttl=243 time=25.5 ms
   64 bytes from chrisisbd01.plus.com ( icmp_seq=3 ttl=243 time=21.6 ms

- last check for my own connectivity, to prove it's not local to me:

   phil:~$ telnet phil.ashbysoft.com 25	# looks OK
   Connected to phil.ashbysoft.com.
   Escape character is '^]'.
   220 phil.ashbysoft.com ESMTP Exim 4.88 Sun, 19 Feb 2017 15:05:43 +0000

My conclusion so far would be that you have local firewalling / filtering issues that are permitting 
traffic from the TsoHost servers but nowhere else? Are you running fail2ban and it has been a bit 
enthusiastic (this has got me in the past, blocking the kids mobiles when they bork their password a 
couple of times)? What about port forwarding arrangements, just for specified external IPs?

NB: I have switched to port 587 for all my immediate users (family & friends, you know the score!) 
to submit mail from their clients through my relay service, as they were finding that port 25 was 
blocked outbound by whatever ISP they were using at the time (typically mobile / public services 
like The Cloud).

Hope this helps,

