Solved

I Need To Prove An Outbound Port Is Blocked

Posted on 2009-04-02
15
549 Views
Last Modified: 2013-11-30
I believe my ISP is blocking port 25 which would explain why I can send/receive anywhere I go except in my own home. I called that they say "No we are not blocking that port".

I don't believe it but am trying to prove it. The only proof I have is that I get an error on my mail client. I was hoping there was a tool like nmap or wireshark that would provide proof of what outbound ports are blocked.

I have these tools plus the SolarWinds tool set. But I cannot seem to find a way to conclusively prove my point - that port 25 is being blocked.

Thanks
0
Comment
Question by:pbhcpa
  • 5
  • 4
  • 3
  • +2
15 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 24056224
The actual question is where is the server that you are using to send and receive email?  But you can check your router, turn on the logging most have some sort of logging tool and watch your traffice come and go...
Have you checked any firewalls that you may have on your home computer?  Or network adapter you use at your home?
0
 
LVL 14

Expert Comment

by:MCSA2003
ID: 24056293
You can use wireshark but your going to need a hub to "sniff" the packets. A switch will not work as it is port specific where a hub will capture all traffic across the hub. Plug your router into the hub along with your pc. Start wireshark and select the interface you want to use to capture the packets from. Start wireshark and then try to send and receive on your email client. You can then look at the packets and the activity and is is moving across the wire. Wait until it fails befofre stopping the capture. Once it fails you can the stop and analyze the packets and possibly send them to your ISP once you confirm they are blocking that port.
0
 

Author Comment

by:pbhcpa
ID: 24056399
It is our in house mail server. (We've hosted our own for 15 years). My laptop's (running xp pro) has the firewall turned off and still gets the error.

I ran wireshark then sent an email and logged until it failed. Attached is the cap file. I changed to extension to txt so you'll have to change it to cap to read it in Wireshark. (cap is nto a supported extension on EE).

The mail server is 24.155.125.35. The only thing I see is a bad TCP flag but nothing that tells me anything conclusive as to whether or not port 25 is blocked.

ws.txt
0
 
LVL 6

Expert Comment

by:ITHelper80
ID: 24056479
Its not blocked, I just telnetted into your system over port 25...

FYI, I would remove your IP from the post, not everyone will be as honest as me =)
0
 
LVL 6

Expert Comment

by:ITHelper80
ID: 24056499
If you want to check what ports are open try ShieldsUP

https://www.grc.com/default.htm

Run the common port scan
0
 
LVL 14

Expert Comment

by:MCSA2003
ID: 24056540
I agree that port 25 is not being blocked. I did a couple email tests as well as telnetting to your mail server just like ITHelper said. Lets look a little further. Are you running exchange server? If so, you say you are trying to connect from "home". Do you have rpc/over http setup?
0
 

Author Comment

by:pbhcpa
ID: 24060466
Hey guys, I don't think I explained the issue clearly based on the responses. See the attachment. Thanks for all the input!
Illustration.jpg
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 6

Expert Comment

by:ITHelper80
ID: 24060490
Ok, did you run shieldsup from your home PC? Like I said it will scan your network and report back open ports.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24065334
If your ISP is blocking port 25, then usually they allow connections to port 25 on their network. Therefore the simple test is to see if you can telnet to their SMTP server (that they tell users of Outlook Express to use as the outbound server). If you can, then see if you can telnet to another mail server, such as maila.microsoft.com.
If neither work then either the port is blocked locally or by the ISP. If the ISP is blocking all port 25 traffic then they will know. It is highly unusual for them to do that without allowing access to their own server.

Simon.
0
 

Author Comment

by:pbhcpa
ID: 24068123
From outside my Residential ISP Service it is fine (running telnet mail.pbhcpa.com 25):

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.04.04 11:46:56 =~=~=~=~=~=~=~=~=~=~=~=
220 pbhcpa.com ESMTP MDaemon 10.0.3; Sat, 04 Apr 2009 11:43:38 -0500
QUIT
221 See ya in cyberspace

From my inside my Residential ISP Service:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.04.04 11:50:36 =~=~=~=~=~=~=~=~=~=~=~=

QUIT

To those of us on this post, it proves that it is blocked. However when I call my ISP I get some guy that just says "No we're not blocking port 25" - period. My telling the guy what I am writing right now does no good. I am looking for some test to run that provides very verbose detail that I can pass on to them. I set putty to log all session output but I know there is more happening on the wire.

Thanks!
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24069429
If you are on a residential ISP service then you may as well have the port blocked. Most sites will reject your email simply because you are on a residential service.
It is common for ISPs to block port 25 both in and outbound on the resiential services as an antispam measure - I wish more would do it, as most spam is sent from compromised home user machines.

Did you attempt to connect to your ISPs outbound SMTP server? Just connecting to a random mail server isn't really a valid test. You need to connect to a server that should work.

First line support at ISPs are useless, they just want to do one thing - get rid of you.

Simon.
0
 

Author Comment

by:pbhcpa
ID: 24069553
Thanks for the feedback. I appreciate the dialogi\ue and thought that is going into this.

It was not a random mail server. It was our corporate mail server - the one I administer. I do understand that ISPs do block port 25 and why. It is just that mine claims not to. I believe that to be incorrect. For me to change my SMPT port on my server will affect all in my company and would not be received well - not without plannign and notice.

Any ides on a test that will yield verbose results that I can send to a tier 2 or 3 tech?

I confirmed in my server logs that the outbound mail never reaches it when I send from home. I used a switch that does port mirroring and watched the traffic. The outbound traffic on port 25 is definitely leaving my router. So the problem is somewhere between my router and my server - My ISP.

It might be that the only way to conclusively prove this is for me to have access to their equipment (which will never happen) to trace the packets.

I may see if my server will allow me to use multiple smtp ports.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24069625
Connecting to the ISPs server will prove it. If you can connect to the ISPs server and no others, then they are blocking the port.

Simon.
0
 

Author Comment

by:pbhcpa
ID: 24069715
I can telnet to mail.grandecom.net 25 (My ISP's mail server) just fine but nowhere else. I agree that this proves it. I hate to keep asking this question but do you have any input on a test or tool that would yield verbose details regarding this? If not then I may be out of ways to prove my point.

FYI my server also supports port 587 which is standard. It looks like they are blocking that port as well.

My server supports 2 smtp ports so I may experiment with ports other than 25 or 587 but who knows what they are blocking. For all I know they could block everything but port 80, 22, 53 and 443.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 125 total points
ID: 24069726
All I do is a telnet test.

The fact that you can telnet to their own server but not to anything else, is all the proof that you need. Unusual for an ISP to block the secure port as well, that is often let through, but if the ISP is completely paranoid then anything could happen.

Simon.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Hello Friends, My friends and relatives always ask me how to delete all the various types of emails at once in our g-mail  or windows live account.  So I researched this topic to find a unique solution to this query.  Here it is for those who do …
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now