[NBLUG/talk] Sending to Comcast mailserver woes....

Kyle Rankin kyle at nblug.org
Tue Nov 20 07:44:15 PST 2007 

On Mon, Nov 19, 2007 at 06:02:24PM -0800, Mark Street wrote:
> Hi,
> 
> I am still having fits with sending mail to comcast and a few other domains 
> for the past month.  Nothing has changed in my firewall in the past year or 
> so..... but I believe I have narrowed it down to my firewall - iptables - one 
> on a Red Hat 9 box and one on a CentOS 5 box.  If I turn off my firewall I 
> can send mail to comcast.net.  If I turn it back on and try to send I get 
> entries in /var/log/messages that show mx2.comcast.net or mx1.comcast.net 
> sending an ACK SYN to a random high port on my machine.  It does this for 
> about 15 seconds, then sends a ACK RST.  The mail never goes out.
> 
> I have edited my firewall script and turned off all ICMP filtering with no 
> positive effect.  Can anyone give me a clue as to why comcast insists on 
> coming back with a 3 way handshake and how I can tweak my firewall to 
> accomodate?
> 
> TIA
> 
> ---------------
> 
> Nov 19 10:19:21
> penguin kernel: Inbound IN=eth1 OUT= 
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116 
> DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=25 
> DPT=47704 WINDOW=5840 RES=0x00 ACK SYN URGP=0
> 
> Nov 19 10:19:24 penguin kernel: Inbound IN=eth1 OUT= 
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116 
> DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=25 
> DPT=47704 WINDOW=5840 RES=0x00 ACK SYN URGP=0
> 
> Nov 19 10:19:24 penguin kernel: Inbound IN=eth1 OUT= 
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116 
> DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=25 
> DPT=47704 WINDOW=5840 RES=0x00 ACK SYN URGP=0
> 
> Nov 19 10:19:30 penguin kernel: Inbound IN=eth1 OUT= 
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116 
> DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=25 
> DPT=47704 WINDOW=5840 RES=0x00 ACK SYN URGP=0
> 
> Nov 19 10:19:30 penguin kernel: Inbound IN=eth1 OUT= 
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116 
> DST=XXX.XXX.XXX.XXX LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=25 
> DPT=47704 WINDOW=5840 RES=0x00 ACK SYN URGP=0
> 
> Nov 19 10:19:35 penguin kernel: Inbound IN=eth1 OUT= 
> MAC=00:a0:d1:e4:5c:75:00:60:49:80:24:6e:08:00 SRC=76.96.30.116 
> DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=58685 PROTO=TCP 
> SPT=25 DPT=47704 WINDOW=5840 RES=0x00 ACK RST URGP=0
> -- 
> Mark Street, D.C., RHCE
> CTO Alliance Medical Center
> http://www.oswizards.com
> http://www.alliancemed.org
> --
> "First they ignore you, then they ridicule you, then they fight you, then you 
> win" - Gandhi
> "If you want truly to understand something, try to change it" - Kurt Lewin
> --
> Key fingerprint = 3949 39E4 6317 7C3C 023E  2B1F 6FB3 06E7 D109 56C0
> GPG key http://www.oswizards.com/pubkey.asc
> 

Could you include what actual SMTP error their mail server is sending to
you? Or is it that all communication with their MX is blocked?

-- 
Kyle Rankin
NBLUG President
The North Bay Linux Users Group
http://nblug.org
IRC: greenfly at irc.freenode.net #nblug 
kyle at nblug.org

More information about the talk mailing list