Error - 476 connections from your host are denied
Tom Rymes
received this error:
"An error occurred sending mail: The mail server sent an incorrect greeting:
connections from your host are denied."
and then this one:
"Sending of message failed.
The message could not be sent because the connection to SMTP server
rymes.com was lost in the middle of the transaction. Try again or contact
your network administrator."
I then telnetted to port 25 and got the error message in the subject line:
"476 connections from your host are denied".
I'm struggling to figure out why this might be, as I am on the local
network, I cannot think of anything that has changed this morning, and all
of the addresses I can think of test as OK in the web interface.
This only seems to occur when connecting to our external FQDN from within
the LAN, everything works as you would expect when connecting to the
internal IP Address. I am also able to connect to the web interface, which
is how I managed to send this e-mail.
I'm sure that this is something stupid, but I can't figure it out.
Many thanks,
Tom
#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGat...@mail.stalker.com>.
To unsubscribe, E-mail to: <CGateP...@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePr...@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePr...@mail.stalker.com>
Send administrative queries to <CGatePro...@mail.stalker.com>
Brian Gibson
you are coming from, if it is public, might be on one of the lists
--
++++++++++++++++++++++++++++
Brian Gibson
Systems Administrator
Wheaton College
Are you a musician? If so visit my Arbans Online music site at http://arbansonline.com and listen& contribute
Nicolas Hatier
The mail clients should use port 587 with authentication to submit their messages to CGP.
NH
On 2011-01-10 10:19, Brian Gibson wrote:
Does the server use DNS real time blocking lists? If so, the IP address you are coming from, if it is public, might be on one of the lists
On 1/10/2011 9:47 AM, Tom Rymes wrote:
I just tried sending an e-mail from my own desktop using Thunderbird and received this error:
"An error occurred sending mail: The mail server sent an incorrect greeting: connections from your host are denied."
and then this one:
"Sending of message failed.
The message could not be sent because the connection to SMTP server rymes.com was lost in the middle of the transaction. Try again or contact your network administrator."
I then telnetted to port 25 and got the error message in the subject line: "476 connections from your host are denied".
I'm struggling to figure out why this might be, as I am on the local network, I cannot think of anything that has changed this morning, and all of the addresses I can think of test as OK in the web interface.
This only seems to occur when connecting to our external FQDN from within the LAN, everything works as you would expect when connecting to the internal IP Address. I am also able to connect to the web interface, which is how I managed to send this e-mail.
I'm sure that this is something stupid, but I can't figure it out.
Many thanks,
Tom
Nicolas Hatier, ing. <nicolas...@niversoft.com>
Niversoft idées logicielles - http://www.niversoft.com
Tom Rymes
> "connections from your host are denied" is the SMTPTempBanned string, as
> if there was several protocol errors and bad connection attempts, and
> CGP decided to shut that IP down for a short while.
>
> The mail clients should use port 587 with authentication to submit their
> messages to CGP.
>
> NH
Thanks, Nicolas. The temporary block does seem to have expired now.
Having said that, my client was indeed submitting via port 587 and using
authentication and encryption.
Tom Rymes
> if there was several protocol errors and bad connection attempts, and
> CGP decided to shut that IP down for a short while.
>
> The mail clients should use port 587 with authentication to submit their
> messages to CGP.
>
> NH
If this is a whitelisted address, shouldn't this have never happened?
Nicolas Hatier
However, we are still not sure exactly what "it" was, do we?
NH
On 2011-01-10 10:52, Tom Rymes wrote:
On 01/10/2011 10:46 AM, Nicolas Hatier wrote:
"connections from your host are denied" is the SMTPTempBanned string, as
if there was several protocol errors and bad connection attempts, and
CGP decided to shut that IP down for a short while.
The mail clients should use port 587 with authentication to submit their
messages to CGP.
NH
If this is a whitelisted address, shouldn't this have never happened?
Tom
Tom Rymes
> From here, it looks like something that should never have happened.
>
> However, we are still not sure exactly what "it" was, do we?
>
> NH
Any suggestions as to what I might grep for in the logs to try and
figure out what "it" was?
Nicolas Hatier
You could also check for all FAILUREs log messages before you noticed the block - I don't know exactly for how much time in the logs, as the block may have been there for a while if the client was constantly retrying.
NH
On 2011-01-10 11:08, Tom Rymes wrote:
On 01/10/2011 10:59 AM, Nicolas Hatier wrote:
From here, it looks like something that should never have happened.
However, we are still not sure exactly what "it" was, do we?
NH
Any suggestions as to what I might grep for in the logs to try and figure out what "it" was?
Tom
Tom Rymes
> Grep with the IP or its DNS name, maybe. Then check what happened around
> each instance you find.
OK, looks like our router's address is being blocked after Pidgin kept
trying to login every 10 minutes, even though the password was rejected.
13:06:12.478 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2198(TLS)
failed. Error Code=incorrect password
13:06:14.490 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2198(TLS)
failed. Error Code=incorrect password
13:06:16.503 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2198(TLS)
failed. Error Code=incorrect password
13:06:44.770 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2207(TLS)
failed. Error Code=incorrect password
13:06:46.782 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2207(TLS)
failed. Error Code=incorrect password
13:06:46.782 3 SYSTEM [x.x.x.x] blocked on 5 login failures
What's frustrating about this is that, if I paste the router's address into
the "test" field on this page:
http://my.server.address:8010/Master/Settings/BlacklistedIPs.html?#Test
it returns as "LAN:[x.x.x.x] is Trusted" even though it's been temporarily
balcklisted. Shouldn't this report as "temporarily blacklisted"?
I also wonder how I can remove the host from the temporary blacklist before
the 60 minutes I have specified are up. I have tried modifying the blocking
time, but that only seems to work for new entries. I also wonder if there
is some way I can avoid having this happen in the future without causing a
security problem.
Of course, theI'm trying Pidgin as a replacement for Spark upon the
recommendation of Support. I have to say that I really don't like it
anywhere near as much, but it might resolve the roster/presence issues we've
had with both Microsoft Messenger and Spark.
I'm going to give Pandion a shot, too. Maybe it'll prove to have a better
user interface; I haven't been impressed with Pidgin.
Nicolas Hatier
NH
On 2011-01-10 15:00, Tom Rymes wrote:
On 01/10/2011 11:12 AM, Nicolas Hatier wrote:
Grep with the IP or its DNS name, maybe. Then check what happened around
each instance you find.
OK, looks like our router's address is being blocked after Pidgin kept trying to login every 10 minutes, even though the password was rejected.
13:06:12.478 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2198(TLS) failed. Error Code=incorrect password
13:06:14.490 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2198(TLS) failed. Error Code=incorrect password
13:06:16.503 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2198(TLS) failed. Error Code=incorrect password
13:06:44.770 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2207(TLS) failed. Error Code=incorrect password
13:06:46.782 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2207(TLS) failed. Error Code=incorrect password
13:06:46.782 3 SYSTEM [x.x.x.x] blocked on 5 login failures
What's frustrating about this is that, if I paste the router's address into the "test" field on this page:
http://my.server.address:8010/Master/Settings/BlacklistedIPs.html?#Test
it returns as "LAN:[x.x.x.x] is Trusted" even though it's been temporarily balcklisted. Shouldn't this report as "temporarily blacklisted"?
I also wonder how I can remove the host from the temporary blacklist before the 60 minutes I have specified are up. I have tried modifying the blocking time, but that only seems to work for new entries. I also wonder if there is some way I can avoid having this happen in the future without causing a security problem.
Of course, theI'm trying Pidgin as a replacement for Spark upon the recommendation of Support. I have to say that I really don't like it anywhere near as much, but it might resolve the roster/presence issues we've had with both Microsoft Messenger and Spark.
I'm going to give Pandion a shot, too. Maybe it'll prove to have a better user interface; I haven't been impressed with Pidgin.
Tom
Bret Miller
GetTempBlacklistedIPs()
SetTempBlacklistedIPs(IPs)
############################################################# This message is sent to you because you are subscribed to the mailing list <CGat...@mail.stalker.com>. To unsubscribe, E-mail to: <CGateP...@mail.stalker.com> To switch to the DIGEST mode, E-mail to <CGatePr...@mail.stalker.com> To switch to the INDEX mode, E-mail to <CGatePr...@mail.stalker.com> Send administrative queries to <CGatePro...@mail.stalker.com>
Nicolas Hatier
NH
Jeff Wark
"AddTempBlacklistedIPs" command and not really a "SetTempBlacklistedIPs"
command.
>>> *Nicolas Hatier, ing.* <nicolas...@niversoft.com
>>> <mailto:nicolas...@niversoft.com>>
>>> Niversoft idées logicielles - http://www.niversoft.com
>>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>>
>> the mailing list<CGat...@mail.stalker.com>.
>>
>> To unsubscribe, E-mail to:<CGateP...@mail.stalker.com>
>>
>> To switch to the DIGEST mode, E-mail to<CGatePr...@mail.stalker.com>
>>
>> To switch to the INDEX mode, E-mail to<CGatePr...@mail.stalker.com>
>>
>> Send administrative queries to<CGatePro...@mail.stalker.com>
>
> --
>
> *Nicolas Hatier, ing.* <nicolas...@niversoft.com
> <mailto:nicolas...@niversoft.com>>
Tom Rymes
"Tom Rymes" <try...@rymes.com> wrote:
> OK, looks like our router's address is being blocked
>after Pidgin kept trying to login every 10 minutes, even
>though the password was rejected.
OK, I just whitelisted our router's address until someone points out why
that is a Really Bad Idea®.
Tom
Tom Rymes
> On Mon, 10 Jan 2011 15:00:35 -0500
> "Tom Rymes" <try...@rymes.com> wrote:
>
>> OK, looks like our router's address is being blocked
>> after Pidgin kept trying to login every 10 minutes, even
>> though the password was rejected.
>
> OK, I just whitelisted our router's address until someone points out why
> that is a Really Bad Idea®.
>
> Tom
Is the fact that nobody has responded to my last message a good
indicator that whitelisting my router is not a bad idea?
John Kougoulos
> Unfortunately (according to the documentation) the
> SetTempBlacklistedIPs only adds to the blacklist.
>
> NH
>
> On 2011-01-10 15:21, Bret Miller wrote:
>> The only way I know of is to use CLI:
>>
>> GetTempBlacklistedIPs()
>> SetTempBlacklistedIPs(IPs)
>>
>> Bret Miller
>>
>> On 1/10/2011 12:13 PM, Nicolas Hatier wrote:
>>> I don't see a way to clear the temp blacklist, except maybe a
>>> stop/start of the CGP service.
>>>
>>> NH
I just had to clear a few. Just in case someone needs this:
GetTempBlacklistedIPs returns a string with the IP and the TTL for this
blocking.
with settempblacklistedips, you specify the same string with TTL 0 and
the IP is removed from the blacklist
eg:
GETTEMPBLACKLISTEDIPS
200 data follow
"[1.1.1.71]-790"
SETTEMPBLACKLISTEDIPS "[1.1.1.71]-0"
200 OK
GETTEMPBLACKLISTEDIPS
200 data follow
""
Best Regards,
John