• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

filtered SMTP?

Started by newsonic, March 04, 2013, 08:12:27 PM

Previous topic - Next topic

newsonic

I'm trying to set up some mail servers which are connected to HE tunnels. These are running Ubuntu server 12.04.

netstat on all of these machines shows the SMTP server listening like this:

tcp6       0      0 :::25                   :::*                    LISTEN      0          20156       3906/master  

When I do an nmap of these machines I get all the expected ports open, 80, 22 etc but port 25 always shows as 'filtered'.

There is no firewall on these machines:

ip6tables -vnL
Chain INPUT (policy ACCEPT 2886 packets, 272K bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 2864 packets, 258K bytes)
pkts bytes target     prot opt in     out     source               destination

so the filtering must be happening before it gets to these machines.

Does HE filter SMTP? What other possibilities are there? I'm testing this from one mail server to the other; neither have firewalls enabled so theres no egress filtering getting in the way. The machines ipv6 are connected to one another purely through the HE tunnel.

Edit: also tcpdump on these mail servers shows no incoming connections on port 25 when I 'telnet -6' from one to the other on port 25.


broquea


newsonic

#2
The next stage for me is email over ipv6. Isn't this a catch 22?

Ie although the cert test bypasses this filtering I need to actually test it in order to get it going and I can't do that as its blocked...

broquea

As I read the notice, it should be able to reach your machine listening on 25. If you are submitting an email hosted on the domain hosted on the IPs associated with the tunnel, look for connections either in netstat or pcap. If you aren't seeing any come in at all, send them an email.