Re: outgoing tcp port 25 blocked? how to prove it?

Liste des GroupesRevenir à c misc 
Sujet : Re: outgoing tcp port 25 blocked? how to prove it?
De : lesen (at) *nospam* wimezu.com (Lesley Esen)
Groupes : comp.misc
Date : 19. Oct 2024, 23:23:24
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <871q0bwx43.fsf@wimezu.com>
References : 1 2 3 4 5
kludge@panix.com (Scott Dorsey) writes:

In article <877ca519ph.fsf@wimezu.com>, Lesley Esen  <lesen@wimezu.com> wrote:
Thanks.  That makes sense.  The output now makes sense.  Completely
blocked right from the first hop.  Perhaps AWS did not actually unblock
outbound tcp 25; perhaps they unblocked only inbound tcp 25.
>
%tcptraceroute -n srv1.dorfdsl.de 25
Selected device ena0, address 172.26.5.226, port 22831 for outgoing packets
Tracing the path to srv1.dorfdsl.de (82.139.196.13) on TCP port 25
(smtp), 30 hops max
1  * * *
2  * * *
3  * * *
>
That looks like your machine is blocking it since you don't even see your
router.  Or else your router is blocking it.
--scott

That's a good thing to check.  I don't think I have a firewall in my
FreeBSD.  For instance, I don't have any configuration for pf in my
rc.conf---full rc.conf below.  As far as I know, I should have
pf_enable="YES".  It's what the documentation says at

  https://docs.freebsd.org/en/books/handbook/firewalls/

%sudo pfctl -s nat
pfctl: /dev/pf: No such file or directory
%sudo pfctl -s rules
pfctl: /dev/pf: No such file or directory

So I think it's disabled.  It's completely disabled at AWS as well:

  https://prnt.sc/29bBWY8bTT25

--8<-------------------------------------------------------->8---
hostname="a.antartida.xyz"
ec2_configinit_enable=YES
ec2_fetchkey_enable=YES
ec2_loghostkey_enable=YES
firstboot_freebsd_update_enable=YES
firstboot_pkgs_enable=YES
ntpd_enable=YES
dev_aws_disk_enable=YES
growfs_enable="YES"
ifconfig_DEFAULT="SYNCDHCP accept_rtadv"
sshd_enable="YES"
firstboot_pkgs_list="awscli"
ipv6_activate_all_interfaces="YES"
rtsold_enable="YES"
rtsold_flags="-M /usr/local/libexec/rtsold-M -a"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
sendmail_enable="YES"
milteropendkim_enable="YES"
milteropendkim_flags="-x /usr/local/etc/mail/opendkim.conf"
--8<-------------------------------------------------------->8---

I also don't see any process that could be firewall-related---full
pstree below.

%pstree
-+= 00001 root /sbin/init
 |--= 00283 root dhclient: system.syslog (dhclient)
 |--= 00286 root dhclient: ena0 [priv] (dhclient)
 |--= 00347 _dhcp dhclient: ena0 (dhclient)
 |--= 00384 root /usr/sbin/rtsold -M /usr/local/libexec/rtsold-M -a
 |--= 00389 root rtsold: rtsold.llflags (rtsold)
 |--= 00390 root rtsold: rtsold.script (rtsold)
 |--= 00391 root rtsold: rtsold.sendmsg (rtsold)
 |--= 00392 root rtsold: system.syslog (rtsold)
 |--= 00491 root /sbin/devd
 |--= 00693 root /usr/sbin/syslogd -s
 |--= 00752 ntpd /usr/sbin/ntpd -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -f /va
 |-+= 00822 root sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
 | \-+= 89365 root sshd: lesen [priv] (sshd)
 |   \-+- 89367 lesen sshd: lesen@pts/0 (sshd)
 |     \-+= 89368 lesen -sh (sh)
 |       \-+= 89380 lesen pstree
 |         \--- 89381 lesen ps -axwwo user,pid,ppid,pgid,command
 |--= 00832 root /usr/sbin/cron -s
 |--= 05136 mailnull /usr/local/sbin/opendkim -x /usr/local/etc/mail/opendkim.c
 |--= 60767 lesen keyboxd --homedir /home/lesen/.gnupg --daemon
 |--= 60769 lesen dirmngr --homedir /home/lesen/.gnupg --daemon
 |-+= 60771 lesen gpg-agent --homedir /home/lesen/.gnupg --use-standard-soc
 | \--- 60772 lesen scdaemon --multi-server
 |-+= 81681 root screen -S shell (screen-4.9.1)
 | \--= 81682 lesen -/bin/sh
 |-+= 82130 root screen -S sendmail (screen-4.9.1)
 | \-+= 82131 lesen -/bin/sh
 |   \--= 82309 lesen emacs a.antartida.xyz.mc (emacs-29.1)
 |-+= 00769 root /bin/sh /usr/local/bin/svscanboot
 | |-+- 00777 root svscan /service
 | | \-+- 00783 root supervise loop
 | |   \-+- 00788 root tcpserver -HR 0.0.0.0 119 /home/lesen/usenet1/loop.exe
 | |     |--- 89105 root /home/lesen/usenet1/loop.exe
 | |     \--- 89346 root /home/lesen/usenet1/loop.exe
 | \--- 00778 root readproctitle service errors: ...BC2A3}> T NIL)\n8: (READ-BY
 |--= 00852 root /usr/libexec/getty 3wire ttyu0
 |--= 00844 root /usr/libexec/getty Pc ttyv0
 |--= 00845 root /usr/libexec/getty Pc ttyv1
 |--= 00846 root /usr/libexec/getty Pc ttyv2
 |--= 00847 root /usr/libexec/getty Pc ttyv3
 |--= 00848 root /usr/libexec/getty Pc ttyv4
 |--= 00849 root /usr/libexec/getty Pc ttyv5
 |--= 00850 root /usr/libexec/getty Pc ttyv6
 \--= 00851 root /usr/libexec/getty Pc ttyv7
%

Date Sujet#  Auteur
18 Oct 24 * outgoing tcp port 25 blocked? how to prove it?8Lesley Esen
18 Oct 24 `* Re: outgoing tcp port 25 blocked? how to prove it?7Marco Moock
18 Oct 24  `* Re: outgoing tcp port 25 blocked? how to prove it?6Lesley Esen
18 Oct 24   +* Re: outgoing tcp port 25 blocked? how to prove it?4Lesley Esen
18 Oct 24   i`* Re: outgoing tcp port 25 blocked? how to prove it?3Marco Moock
18 Oct 24   i `* Re: outgoing tcp port 25 blocked? how to prove it?2Lesley Esen
20 Oct 24   i  `- Re: outgoing tcp port 25 blocked? how to prove it?1Lesley Esen
19 Oct 24   `- Re: outgoing tcp port 25 blocked? how to prove it?1Scott Dorsey

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal