RE: MX problems

[Skywing <Skywing () valhallalegends com>]

Firewalling based on a static port number is now DPI?

- S

-----Original Message-----
From: Warren Bailey <wbailey () gci com>
Sent: Tuesday, May 19, 2009 16:25
To: gmclean () xilogix net <gmclean () xilogix net>; polar.humenn () gmail com <polar.humenn () gmail com>
Cc: nanog () nanog org <nanog () nanog org>
Subject: Re: MX problems


Or...

His provider is using dpi to drop packets destined for non provider mx servers.

This would certainly reduce spam from compromised hosts.

----- Original Message -----
From: Gregory McLean <gmclean () xilogix net>
To: Polar Humenn <polar.humenn () gmail com>
Cc: nanog () nanog org <nanog () nanog org>
Sent: Tue May 19 15:19:23 2009
Subject: Re: MX problems

On Tue, 2009-05-19 at 19:02 -0400, Polar Humenn wrote:
> > From my mail log. Geez, I can't even get to Cornell, which is just down the
> friggin road! (Yeah, I know, but really).
> What is going on?
>
> May 19 18:58:26 greene postfix/smtp[5895]: connect to
> mailin-01.mx.AOL.COM[205.188.159.57]:
> No route to host (port 25)
> May 19 18:58:27 greene postfix/smtp[5904]: connect to
> penguin.cs.cornell.edu[128.84.96.11]:
> No route to host (port 25)
> May 19 18:58:27 greene postfix/smtp[5899]: connect to
> mx.vgs.untd.com[64.136.52.37]:
> No route to host (port 25)
> May 19 18:58:27 greene postfix/smtp[5919]: connect to
> incoming3.american.edu[147.9.1.250]:
> No route to host (port 25)
> May 19 18:58:30 greene postfix/smtp[5904]: connect to
> iago.cs.cornell.edu[128.84.96.10]:
> No route to host (port 25)
> May 19 18:58:30 greene postfix/smtp[5904]: 0992D8DDE: to=<
> simeon () cs cornell edu>, relay=none, delay=371744, status=deferred (connect
> to iago.cs.cornell.edu[128.84.96.10]: No route to host)
> May 19 18:58:30 greene postfix/smtp[5919]: connect to
> incoming2.american.edu[147.9.1.249]:
> No route to host (port 25)
> May 19 18:58:30 greene postfix/smtp[5919]: 5F6AC8C0E: to=<drshow () wamu org>,
> relay=none, delay=116954, status=deferred (connect to
> incoming2.american.edu[147.9.1.249]:
> No route to host)
> May 19 18:58:33 greene postfix/smtp[5901]: connect to
> cisbec.net.s6a1.psmtp.com[64.18.5.10]: No route to host (port 25)
> May 19 18:58:33 greene postfix/smtp[5913]: connect to
> smtp-mx6.mac.com[17.148.20.69]:
> No route to host (port 25)
> May 19 18:58:35 greene postfix/smtp[5895]: connect to
> mailin-01.mx.AOL.COM[205.188.156.248]:
> No route to host (port 25)
> May 19 18:58:36 greene postfix/smtp[5899]: connect to
> mx.dca.untd.com[64.136.44.37]:
> No route to host (port 25)
> May 19 18:58:36 greene postfix/smtp[5899]: D3A158876: to=<becward () JUNO COM>,
> relay=none, delay=183359, status=deferred (connect to
> mx.dca.untd.com[64.136.44.37]:
> No route to host)
> May 19 18:58:42 greene postfix/smtp[5901]: connect to
> cisbec.net.s6a2.psmtp.com[64.18.5.11]: No route to host (port 25)
> May 19 18:58:45 greene postfix/smtp[5901]: connect to
> cisbec.net.s6b1.psmtp.com[64.18.5.13]: No route to host (port 25)
> May 19 18:58:45 greene postfix/smtp[5910]: connect to
> hrndva-smtpin01.mail.rr.com[71.74.56.243]: No route to host (port 25)
> May 19 18:58:48 greene postfix/smtp[5901]: connect to
> cisbec.net.s6b2.psmtp.com[64.18.5.14]: No route to host (port 25)
> May 19 18:58:48 greene postfix/smtp[5901]: 0992D8DDE: to=<
> arahant1 () cisbec net>, relay=none, delay=371762, status=deferred (connect to
> cisbec.net.s6b2.psmtp.com[64.18.5.14]: No route to host)

I smell a port blocking going on... Or a mis config on a firewall. (A
firewall/router set to reject with icmp-host-prohibited)

That would be my guess.