Solved

Why can't I connect to email server on port 110?

Posted on 2011-02-15
9
962 Views
Last Modified: 2012-05-11
I am helping a remote office with some networking and server work, and without explanation their email program (Outlook 2003) stopped allowing clients to receive emails (POP3).  After contacting web host tech support to check the email server, and all seemed fine there, I did further testing from my location.  I am in a different town, and from a command line I can telnet to their email server to port 110 and receive connection.  From their location, using command line, I can telnet to the email server on port 25, port 143, but not on port 110 - connection is refused without much explanation.

So, my first thought is - a firewall problem.  They use a Watchguard Firebox x10e, and there have been no changes made to the settings in it.  There is no filter on outbound traffic, and I have open SMTP port 25 for inbound.  The POP3 setting for inbound has always been port 25, is this correct?  I have tried changing to 110, and it still does not solve the current problem, so I changed it back to 25, the way it has always been.  So, either way this does not appear to be the cause of our current problem.

Does anyone know what else I can check?  The ISP is Qwest, and there have been some known line problems the last few days, in certain areas, but they are having no other internet problems at this remote office.  Only the POP3 port 110 connection fails.  Email server tech support is at a loss, and so am I, so I would appreciate any other clues.

Thanks,
Rob
0
Comment
Question by:Rob Grinage
  • 3
  • 3
  • 3
9 Comments
 
LVL 33

Expert Comment

by:paulmacd
ID: 34897756
If you can connect to it via port 110, there's no reason they shouldn't be able to except that something is blocking the traffic.  

Where is the mail server hosted?  Is there another mail host using port 110 you can test from the problem network?  Or is there a way you can set up a machine (a web server, perhaps) that responds on port 110 you can use for testing?  What about trying to connect to a free mail service via POP3 from the problem network.
0
 
LVL 10

Expert Comment

by:kgreeneit
ID: 34897792
Hi there, this is definitely a firewall issue on the clients site.

The fact that you can telnet to port 110 from your location tells you that the correct service is running and port is open on the mail server.

When on the clients site, first try to see if the problem is the same on a different PC in there to ensure it is not local to one particular computer.

Secondly, check the LAN to WAN rules on the firewall as well as the WAN to LAN rules as it is an outbound connection the client pc is making to the external mail server.

Ensure also that there are no NAT rules on the firewall on the client's site that are pointing port 110 to an incorrect internal IP address.

Check also if there is any client software firewalls blocking port 110 such as Windows Firewall or another 3rd party product.

0
 
LVL 1

Author Comment

by:Rob Grinage
ID: 34898262
I agree it sounds like a firewall issue... all PCs on the LAN have the same problem.  In the Watchguard settings, there is a Policy set for POP3 and it all looks correct.  It is set to Allow outbound to all addresses, on Port 110... on the Inbound rule there is a Port Redirect to 25 - which is proper, right?  Because inbound emails would be sent via the senders SMTP protocol?  I do not see anything that would be blocking the 110 traffic, and yet it does not work.

I tried to monitor the Watchguard Syslog for clues about what is happening when I try to telnet to port 110, but I can't decipher anything relevant to my problem.  I am connecting via RDP to their MS 2003 Server, which has no other firewall enabled, and I am blocked out to port 110.  They are also using McAffee Security software network-wide, but again, they say nothing has been altered at their end.  I am stumped.

Any other clues would be appreciated.

Thanks,
Rob
0
 
LVL 10

Expert Comment

by:kgreeneit
ID: 34898503
Hi again, I agree these issues can be quite confusing and time consuming when trying to resolve them.

It's important to note that most firewall's have two types of rules. They are a standard firewall rule which tells the firewall to allow communication with a particular port, and also then a NAT rule which is separate to a standard firewall rule - but still depends on the standard firewall rule being created in the first place - and this NAT rule actually forwards the particular port to an internal IP address on the network that has the relevant service available to present the ports.

On the firewall, it sounds like outbound (LAN to WAN) is configured to allow port 110 out to all addresses so that should be fine however, for the incoming rules, you should have a firewall rule that allows port 25 (SMTP) and port 110 (POP3) through. This rule is not going to be a NAT (Redirect) rule however as there is no mail server inside the client site that has these services.

Once the firewall has two standard firewall rules allowing communication with these two ports just with no NAT rules pointing the ports to anywhere, then this should be fine. If there is a NAT rule pointing port 25 to a particular IP address inside the network, then unless this IP is a mail server, you can remove the NAT on it.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 33

Expert Comment

by:paulmacd
ID: 34898681
From the problem network, try connecting via telnet to 216.54.124.35 on port 110 (telnet 216.54.124.35 110) and see if you can.  That's my mail server.  I'm curious if the problem is local or on the mail server end.  You never did say where the mail server was hosted.
0
 
LVL 1

Author Comment

by:Rob Grinage
ID: 34898799
OK, now we are getting somewhere... From the problem network, I can connect with  (telnet 216.54.124.35 110) no problem.  Our mal server is hosted by HostingZoom, the IP is 69.73.177.144

From the problem network, it will not connect to port 110 of our mail server, no matter whether I use the IP address, the mail.ourdomain.com or the actual server name, which is r6.nswebhost.com

However, from my network I can connect to port 110 of the mail server, no matter what name I use or the IP address.  I have already contacted the tech support folks at HostingZoom, and they can't seem to find anything wrong on their end... I will try now and explain the facts to them, but if anyone has a clue what could be wrong on their side that I can point them to, it would really help - I am sure.

Thanks!
Rob
0
 
LVL 10

Accepted Solution

by:
kgreeneit earned 250 total points
ID: 34898895
You pretty much have then proved that it is not an issue with the client site. If you are happy that there are no specific block rules on the firewall in the client site that are blocking communication with the hosting company's DNS name or IP address and you have checked / disabled temporarily the McAfee security policy on the clients to ensure this isn't causing it then it has to be on the hosting side.

If the client site can telnet to another POP3 server without issue, then it would seem that the hosting company for the Mail server may have some sort of block on their end for the public IP address of the client site.

0
 
LVL 33

Assisted Solution

by:paulmacd
paulmacd earned 250 total points
ID: 34898905
I can connect to  69.73.177.144 port 110 from my network as well.  

Since we've established port 110 isn't being blocked on the problem network, the next most likely answers are that the problem network is being blocked on the provider's end OR that there's a particular rule on the problem network's firewall that only blocks port 110 to 69.73.177.144.  Can you see anything like that - specifically, any rule that's particular to the server/port combination?  

The provider's side you'll pretty much have to leave to them, but since nothing changed on your end prior to the problem, it seems most likely the problem is on their end.

0
 
LVL 1

Author Closing Comment

by:Rob Grinage
ID: 34899788
Well, I contacted tech support with the specific problem... their response was - they couldn't find any block on the problem network IP.  HOWEVER, after I got their reply I checked the telnet again from the problem network... lo and behold it is working now.  So, either they inadvertantly fixed the problem and didn't know it, or they knew about it and didn't want to tell me...  Anyway, thanks for the great help.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now