Results 1 to 11 of 11

Thread: Possible SMTP Problem??

  1. #1
    Junior Member
    Join Date
    Oct 2009
    Posts
    3

    Possible SMTP Problem??

    We had a two hour power outage here several days ago after a big wind. Since immediately afterwards my wife and I have been unable to send any outbound emails from our Thunderbird clients. (We each have our own separate Thunderbird client, running on separate computers, connected to a LAN in our house behind a DSL router.) We can still receive messages fine, and using webmail, we can still send outbound emails. All other internet functions seem to work as normal.

    My computer is running Vista and uses Vista Firewall Control, my wife uses ZA on her XP based system. Our SMTP outgoing servers are configured to use port 587. These configurations have been working well for several years.

    The problem is that on any message we try to send from Thunderbird, the little status window that says displays progress pops up and shows “connected to mail.hover.com” as soon as we press send. That’s normal, but now that’s as far as it gets until Thunderbird times out and displays a send message error.

    Telus is our ISP and we use Netidentity/Hover for our email. I contacted Hover and they indicated that they had stopped our email uploading since they suspected our computers had been taken over by some come kind of spambot, as we had suddenly sent over 500 emails! After several days of back and forth with them, they said we had been re-enabled. Unfortunately we still cannot send emails, and Hover has washed their hands of the problem.

    It seems an odd co-incidence that the power outage and the ‘spambot’ takeover of our computer(s) happened at the same time. Makes it hard to know which is the cause of the ongoing problems.

    So I downloaded the latest versions of AVG, Spybot Search and Destroy, Malwarebytes Anti-Malware, and HijackThis, and ran them on both machines. Nothing. I am (reasonably) confident that there is nothing bad on either of our machines.

    So that leads me back to the power outage. If I assume that nothing has changed at Hover’s end, and I have verified that none of the settings on our computers has changed, then it would seem possible that it was a Telus problem or a router/DSL modem problem.

    Maybe I need to reconfigure the router somehow?
    Is there a way to monitor or log the SMTP conversation between our Thunderbird and the Hover mail server, so I can better figure out what is going on?

    Any other suggestions would be greatly appreciated.

  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,943
    I'd scan with a more effective antivirus than AVG, use AntiVir or better yet..Microsoft Security Essentials.

    But I agree, I'd think it too much of a coincidence to have a worm cause a problem the night of a storm.

    Outbound SMTP problems can often related to MTU size being incorrect. I haven't seen this issue in a long time, used to be common in the early years of broadband as routers matured with their firmware, the problem would surface when routers were used on PPPoE DSL and the routers didn't support changing the MTU to 1492.

    Was the power outage from a lightening storm? Modem and/or router could have been affected. I'm not sure what Telus uses, but you might look into finding out how to do a factory reset on the device..and then reconfigure it to the settings your ISP requires. Maybe they will have to send you a new unit.

    Another test...could you configure an e-mail client like Outlook Express to your ISPs e-mail as a test? If it can send outbound e-mail on port 587? If this test works, that you can send e-mails..(send it to an address that you can verify received it...like your Hover web mail) ...I'd assume your ISP connection is fine, and that the router is working fine...not corrupting the traffic.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Junior Member
    Join Date
    Oct 2009
    Posts
    3
    Thanks for your response. Here is where I am at now:

    I ran the built in diagnostics on my router / DSL modem, everythign seemed to work, but the DNS test, of Pinging the primary Domain Name Server failed. Not sure what that means. Also checked, but there doesn't seem to be any place to program the MTU size.

    Hover still claim the problem is not at their end, but here's is what I have done so far.

    I can telnet to their server, port 110, I get a message that says "+OK pop3 ready", I enter my username and password and it lets me log in.

    Now, I am not a POP3 or SMTP expert, but I thought that POP3 was used for incoming mail and SMTP for outgoing mail. So the fact that I can log on this way tells me that POP3 is working, so I should be able to download emails on Thunderbird, which I can. This is not the problem anyways!

    But when I try to log onto the SMTP server to retrieve my emails, I have problems. First I telnet to mail.hover.com 587. It takes a long time, but I eventually get back

    220 smtp.hostedmail.com ESMTP

    Then I reply with helo smtp.hostedmail.com

    and get back

    250 omf02.hostedmail.com

    then I reply with

    mail from:<my email address>

    and get back

    250 2.1.0 OK

    Then things go sideways. If I enter

    rcpt to:<any email address>

    I get

    554 5.7.1 <the email address I entered> Recipient address rejected: Access denied

    So, I guess I am hoping to find out if:

    1) My logic is correct, ie that testing the POP3 connection does not tell anything about SMTP.
    2) That my approach and commands to test the SMTP connection are correct.
    3) What it likely means that I get Access denied regarless of what email address I enter?

    Thank you!!!

    Dan
    Last edited by Dan45; 10-30-09 at 07:17 PM. Reason: forgot to mention something

  4. #4
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,943
    Yes on point 1.
    Point 2...probably, but sometimes telnet isn't a 100% test.
    Tried toggling the TLS checkbox in your outbound SMTP settings?
    Did you try my other suggestion of setting out a different e-mail account in something like Outlook Express?
    Or perhaps setup your Hover account in Outlook Express? To rule out something wonky with TBird?
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  5. #5
    A+, S+, M+, C+, CySA+ Shinobi's Avatar
    Join Date
    Jan 2001
    Location
    South Carolina
    Posts
    4,436
    Blog Entries
    1
    Incorrect MTU settings.. that happened to me once..


    Maybe Cat can chime in on this..
    Just curious if maybe putting a sniffer like Wireshark on the workstation might find anything poking out thru 587?
    _______________________________________________
    Vendor neutral certified in IT Project Management, IT Security, Cisco Networking, Cisco Security, Wide Area Networks, IPv6, IT Hardware, Unix, Linux, and Windows server administration

  6. #6
    Senior Member Blisster's Avatar
    Join Date
    Jan 2002
    Posts
    9,668
    was going to suggest wireshark myself. Do a capture when you try to send and you should be able to determine axactly where the communication is breaking down. If you can connect via telnet and get as far as you did I might guess that it is some sort of t-bird config issue, though for it to happen to 2 hosts simultaneously is suspect.
    The long wait (latency) for the log on is suspicious, something could be timing out due to latency issues.


    Quote Originally Posted by Edward Abbey
    A patriot must always be ready to defend his country against his government.

  7. #7
    Junior Member
    Join Date
    Oct 2009
    Posts
    3
    OK, I downloaded Eudora and tried it (to see if it was a Thunderbird problem.) Same result.

    I also tried toggling TLS, same result.

    Then I downloaded wireshark and captured Thunderbird trying to send an email to the server. But it is too much for me to figure out what is happening. Can I post the capture file here, or will it have too much sensitive data in it that I don't want out in public?? Maybe I can blank out certain bits??

    Thanks for the help, I appreciate it!

    Dan

  8. #8
    Senior Member Blisster's Avatar
    Join Date
    Jan 2002
    Posts
    9,668
    you can filter the capture file based on the smtp port, then save it as a pcap file and send it to me if you like. There shouldn't be anything sensitive in the SMTP traffic stream.
    PM if you want to try this and I can take a look.


    Quote Originally Posted by Edward Abbey
    A patriot must always be ready to defend his country against his government.

  9. #9
    Regular Member Pettos's Avatar
    Join Date
    Oct 2006
    Location
    Sydney
    Posts
    251
    I dunno if this could be it, but your ISP might have changed their outgoing mail server address and not told you. This happened to me.

    I am (in australia) with bigblue, which is owned by iinet. They say that you have to use the iinet mail server, but it never worked until i thought to changed it to mail.bigblue.net.au which worked. then about a year later it was changed back to mail.iinet.net.au again, they didn't say anything to anyone, so again had to use trial and error?

    Just thought I would suggest playing around with the smtp settings?

    *prepares to be slapped*

  10. #10
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,943
    Before going through the steps of posting screenies, have you tried configuring an e-mail client to another POP3 host that uses that port? Just to see if it's on your ISP end? If you can get TBird or Outlook or whatever working with another POP3 host for outbound SMTP on that port...it can help narrow things down.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  11. #11
    Senior Member Blisster's Avatar
    Join Date
    Jan 2002
    Posts
    9,668
    so I opened the file and applied a filter to show SMTP by typing SMTP in the filter field and clicking apply. This shows that there are 3 SMTP packets in the conversation (6, 47, 49). You can drill down into each packet by selecting it and then expanding the fields in the middle pane of wireshark. You can also right-click on one of the packets and select 'Follow TCP Stream' and get the assembled conversation in a few different formats (ASCII, Hex, Raw, ec). When I do this on the SMTP exchange we see this:

    .=....$......9..8..5..3..2......../...........
    y.....s.......`.220 smtp.hostedemail.com ESMTP
    502 5.5.2 Error: command not recognized


    It looks like your machine is connecting to the mail server and then either sending a command that the mail server doesnt recognize, or possibly the packet is getting fragmented or otherwise malformed when it is being sent and the mail server sees it as an unrecognized command.

    This tells us that your machine is establishing a connection and a session with the mail server, but that the mail server isn't understanding the commands from your system. To understand why exactly you may need to dig deeper into the capture and understand the traffic that is passing between the two hosts.

    Clearing out the SMTP filter and looking at the packets between 6 and 42, it looks like there might possibly be some checsum or fragmentation issues, but its hard to say without looking more deeply into the session. If it is infact bad checksums or fragmented packets then lowering the MTU on your router might help the issue. (i'd guess it is due to your router, as you say you are seeing this problem on both machines on your network)


    Quote Originally Posted by Edward Abbey
    A patriot must always be ready to defend his country against his government.

Similar Threads

  1. network problem.. could it be virus attack?
    By maxchock in forum Networking Forum
    Replies: 0
    Last Post: 10-04-08, 04:18 AM
  2. Problem: Accessing RapidShare through Wireless Router
    By pg in forum ms.public.windows.networking.wireless
    Replies: 1
    Last Post: 05-03-08, 07:12 AM
  3. Atheros (problem)
    By kdeo in forum Wireless Networks & Routers
    Replies: 8
    Last Post: 04-18-08, 01:56 AM
  4. internet problem
    By edk66 in forum General Broadband Forum
    Replies: 0
    Last Post: 12-13-07, 03:59 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •