• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Unexpected Banner

Started by gungthar, May 23, 2017, 04:29:42 PM

Previous topic - Next topic

gungthar

On the enthusiast level test, upon sending my mail to my postfix configured email server, I'm given the error "Unexpected banner:". Any idea what this could be?

divad27182

Quote from: gungthar on May 23, 2017, 04:29:42 PM
On the enthusiast level test, upon sending my mail to my postfix configured email server, I'm given the error "Unexpected banner:". Any idea what this could be?
Banner probably refers to the first line of text that the SMTP server outputs.  It should probably look like:
220 [i]hostname[/i] ESMTP [i]packagename[/i]
There might legitimately be several lines all but the last start with "220-".  If, when you connect to port 25, you see anything other than these, then that is probably the problem.  Typically, test this with something like "telnet -6 hostname 25"

--David


born2host

#2
Hi there,
I have the same problem with the Unexpected Banner, but when I telnet localhost I see this:
[darkness@srv ~]$ telnet -6 localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 srv.mydomain.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
[darkness@srv ~]$
Then I do test to the IPv6:
[darkness@srv ~]$ telnet -6 2001:470:1f1b:ba:2001:470:1f1b:ba 25
Trying 2001:470:1f1b:ba:2001:470:1f1b:ba...
Connected to 2001:470:1f1b:ba:2001:470:1f1b:ba.
Escape character is '^]'.
220 srv.born2host.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
[darkness@srv ~]$
As I see from the previous comment it needs to be "220" and it is. At least HE to tell what banner they are expecting.

snarked

Per your text, different banners (host names) are being sent for IPv4 and IPv6.  Therefore, one of them doesn't match the expected host name (manually entered or from the MX-RR).  Maybe that's the problem.

born2host

Sorry. It's my bad. I edited the first output to srv.mydomain.com. Both of them have only one domain and it's the same.

born2host

[root@srv init.d]# telnet -6 localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 born2host.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@srv init.d]# telnet -6 2001:470:1f08:7e::8 25
Trying 2001:470:1f08:7e::8...
Connected to 2001:470:1f08:7e::8.
Escape character is '^]'.
220 born2host.com ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@srv init.d]#

Is it possible to see "Unexpected banner:" from HE because I use PostFix Mail server and they expect Exim or something else as mail server where the banners are different?

kriteknetworks

telnet -6 2001:470:1f08:7e::8 25
Trying 2001:470:1f08:7e::8...
telnet: connect to address 2001:470:1f08:7e::8: Connection refused

kumowoon1025

What do your routes/postfix configuration look like?

born2host

ifconfig output:
sit0: flags=193<UP,RUNNING,NOARP>  mtu 1480
        inet6 ::127.0.0.1  prefixlen 96  scopeid 0x90<compat,host>
        inet6 ::192.168.1.6  prefixlen 96  scopeid 0x80<compat,global>
        inet6 ::192.168.0.244  prefixlen 96  scopeid 0x80<compat,global>
        sit  txqueuelen 1000  (IPv6-in-IPv4)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

sit1: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1480
        inet6 2001:470:6840::2  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::1  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:6840::9  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:6840::6  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:6840::10  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::4  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::9  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:6840::1  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:6840::8  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:6840::5  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::7  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::8  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::3  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:1f08:7e::2  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::c0a8:106  prefixlen 64  scopeid 0x20<link>
        inet6 2001:470:6840::4  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::10  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:6840::3  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::6  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::c0a8:f4  prefixlen 64  scopeid 0x20<link>
        inet6 2001:470:6840::7  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::2  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::5  prefixlen 64  scopeid 0x0<global>
        sit  txqueuelen 1000  (IPv6-in-IPv4)
        RX packets 878  bytes 77840 (76.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3186  bytes 286878 (280.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

/etc/postfix/main.cf:
inet_protocols = ipv6
inet_interfaces = all

smtpd_banner = $myhostname ESMTP $mail_name (Debian)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = born2host.com
alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases
mydomain = born2host.com
myorigin = mail.born2host.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
relayhost =
mynetworks = 127.0.0.0/8 192.168.0.244/28 192.168.1.6/28 [2001:470:1f09:7e::8]/64 [2001:470:6840::8]/48 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
relay_domains = born2host.com, mail.born2host.com, srv.born2host.com, mx.born2host.com, lists.born2host.com,


I skipped some lines from main.cf as they are default by installation. As I`m using NowTV (UK) as an internet provider I think that their router is blocking me. But the server is DMZ + I added firewall rules in the router to accept any requests on port 25. As they provide me with IPv6 the router can`t be configured with the tunnel. I think this is the problem with the Now TV Hub Two.

kumowoon1025

Quote from: born2host on November 12, 2019, 07:42:17 AM
ifconfig output:
sit0: flags=193<UP,RUNNING,NOARP>  mtu 1480
        inet6 ::127.0.0.1  prefixlen 96  scopeid 0x90<compat,host>
        inet6 ::192.168.1.6  prefixlen 96  scopeid 0x80<compat,global>
        inet6 ::192.168.0.244  prefixlen 96  scopeid 0x80<compat,global>
...
Quote from: born2host on November 12, 2019, 07:42:17 AM
sit1: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1480
        inet6 2001:470:6840::2  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::1  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:6840::9  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:6840::6  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:6840::10  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::4  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::9  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:6840::1  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:6840::8  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:6840::5  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::7  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::8  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::3  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:1f08:7e::2  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::c0a8:106  prefixlen 64  scopeid 0x20<link>
        inet6 2001:470:6840::4  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::10  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:6840::3  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::6  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::c0a8:f4  prefixlen 64  scopeid 0x20<link>
        inet6 2001:470:6840::7  prefixlen 48  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::2  prefixlen 64  scopeid 0x0<global>
        inet6 2001:470:1f09:7e::5  prefixlen 64  scopeid 0x0<global>
        sit  txqueuelen 1000  (IPv6-in-IPv4)
        RX packets 878  bytes 77840 (76.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3186  bytes 286878 (280.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
...
Quote from: born2host on November 12, 2019, 07:42:17 AM
/etc/postfix/main.cf:
inet_protocols = ipv6
inet_interfaces = all

smtpd_banner = $myhostname ESMTP $mail_name (Debian)
...
Quote from: born2host on November 12, 2019, 07:42:17 AM
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = born2host.com.   # fqdn??
alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases
mydomain = born2host.com.       # or domain name?? if you leave hostname blank it'll take from server hostname.
myorigin = mail.born2host.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
relayhost =
mynetworks = 127.0.0.0/8 192.168.0.244/28 192.168.1.6/28 [2001:470:1f09:7e::8]/64 [2001:470:6840::8]/48 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
relay_domains = born2host.com, mail.born2host.com, srv.born2host.com, mx.born2host.com, lists.born2host.com,


I skipped some lines from main.cf as they are default by installation. As I`m using NowTV (UK) as an internet provider I think that their router is blocking me. But the server is DMZ + I added firewall rules in the router to accept any requests on port 25. As they provide me with IPv6 the router can`t be configured with the tunnel. I think this is the problem with the Now TV Hub Two.

Well I mean port 25 blocking could still be a problem, since if your ISP blocks the port, unless it's encapped or encrypted over a different port there's nothing you can do about the firewall on the ISP end. But it looks like the first problem to tackle is that local postfix is getting all ip tcp 25 no matter what you put in so lets try fixing that and then go from there.

I saw your interface setup and thought there is no way that thing works but does it actually work? Like can you ping6 outside network at all?? Anyway, what I actually meant to ask you for are the routes (routing table) like `ip -6 route show`. And idk what Debian you're running but I'm pretty sure ifconfig is deprecated. Like I can't see the tunnel endpoints, I'm not sure if you didn't configure it correctly or if it's just ifconfig problem, `ip tun show dev sit<0,1>` should return more germane info, I should think.

Try ping

born2host

Ok. I tried to pass the exam on 3 different installs - 1: Raspberry Pi 3 Model B with Debian, 2: HP ProLiant N54L - CentOS 7, 3: TragicServers VPS - with Ubuntu, but on all of them I failed because of filtering. I just asked a friend of mine who owns a hosting company to give me a KVM server with a free of filtering IP and in 15min I passed all the tests. Now I`ve got the Sage level. Thanks to everyone who helped.