Solved

ISP block port 25 - VPN client option?

Posted on 2011-03-17
15
712 Views
Last Modified: 2012-05-11
Hi

Im using EAsendmail in a vb.net app to send emails.
It works on in my office VPN. But  testing from my broadband at home my ISP blocks port 25  and I cannot send.
Using then the VPN cisco client over my broadband I wthought this would work but i can still not IE telnet to our inbount SMTP, probably because my broadband determines the external route,.

Is there any way I can solve this with the VPN client?


Thanks
Dab
0
Comment
Question by:Dabosa
  • 10
  • 3
  • 2
15 Comments
 
LVL 1

Expert Comment

by:CallingCircles
ID: 35161879
Consider using the Message Submission protocol port on port 587 to get around port 25 blocks.  Also you might want to verify the route to your smtp server over your vpn client (e.g. tracert <hostname>) to verify you are reaching the internal (office side) address of your SMTP server and not the external interface.  Your PIX administrator may have also blocked VPN clients from using port 25.
0
 

Author Comment

by:Dabosa
ID: 35161908
Ok but if it turns out the internal smtp is not reached, if this were to be fixed should it work on port 25 eventhough My isp is blocking it? considering VPN client is not blocking.
0
 
LVL 1

Expert Comment

by:CallingCircles
ID: 35161927
If you did a traceroute and the ICMP packets reached the server you are trying to get to then chances are your PIX is set to block port 25 traffic from VPN clients.
0
 

Author Comment

by:Dabosa
ID: 35161949
I only know the external ip of smtp inbound, hos can i determine the internal interface?
Traceroute to external is unreachable. The app uses dns lookup also and is automatically going to the external adress.
0
 

Author Comment

by:Dabosa
ID: 35161952
It uses dnslookup to send the email
0
 

Author Comment

by:Dabosa
ID: 35161975
It works on another isp that is not blocking 25 and this is when connecting with or without the VPN client
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 35162204
Can you send any other IPsec traffic at all? I assume you use IPsec VPN.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Dabosa
ID: 35162398
yes everything else is working with vpn clinet, outlook2007 for instance my servershares ect- all i want is to make the app (EASENDMAIL) think im in the office when im on vpnclient at home. the app  uses dnslookup checks the mx record and sends using  port 25.  My ISP block port 25.


so If I  telnet to  port 25 its not working when on vpn client. This is what I need to work, like @ the office, can it be done?



0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 35162410
I see. Just was wondering. Sounds stupid to block SMTP port. How do you know your ISP blocks this port vs. some other device/firewall? Did you contact/ask them? Somehow this does not make sense to me.
When you do a manual DNS lookup on your mail server name configured in your mail app does it resolve to a public (external) IP or your internal (private) IP? I am wondering if it's a Split DNS issue.
0
 

Author Comment

by:Dabosa
ID: 35164241
Not really stupid as this diminishes spam on ISP's network, but very sad for me who wants to use it.
if I do dnslookup for MX to our domain it resloves to the external smtp. I just can send anything because of the port block.


0
 

Author Comment

by:Dabosa
ID: 35164247
I know they block because its on their site and if I test for example:

the 4 largest ISP's in Sweden seem to block it also.

telnet smtp.gmail.com 25

I get no respons
0
 

Author Comment

by:Dabosa
ID: 35164261
Ive tested Telia, Telenor and BBB (bredbandbolaget)
0
 

Accepted Solution

by:
Dabosa earned 0 total points
ID: 35169325
I know how it can be solved. My VPN Client policy needs to have split tunneling configured over puplic internet.
0
 
LVL 4

Expert Comment

by:Allvirtual
ID: 35169382
As I said your DNS resolution needs to be split.
0
 

Author Closing Comment

by:Dabosa
ID: 35196764
Its the solution
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now