On Sat, Mar 22, 2025 at 10:37:31AM -0500, Bob Lindner via mailop wrote:
> Has anyone run into issues sending mail to email addresses at sbcglobal.net,
> bellsouth.net, att.net, att.net, ameritech.net, nvbell.net, flash.net,
> swbell.net, prodigy.net, pacbell.net, currently.com, and snet.net? All of
> these domains have MX records that use prodigy.net.
>
> We are finding 3 of our 10 mail servers receive this error when sending:
> ----
> 2025-03-21 16:34:37 1tvjz9-000000086Xv-3pod SMTP connection outbound
> 1742592877 1tvjz9-000000086Xv-3pod redacted.domain.com
> redacted-usern...@att.net
> 2025-03-21 16:36:49 1tvjz9-000000086Xv-3pod H=al-ip4-mx-vip2.prodigy.net
> [144.160.235.144]: SMTP timeout after initial connection: Connection timed
> out
> 2025-03-21 16:41:50 1tvjz9-000000086Xv-3pod TLS session: (SSL_connect):
> timed out: delivering unencrypted to H=ff-ip4-mx-vip2.prodigy.net
> [144.160.159.22] (not in hosts_require_tls)
> ----
Firewall changes on your end need to be ruled out, and the first
diagnostic tool to reach for should be to capture and analyse "tcpdump"
PCAP files. Something along the lines of:
tcpdump -s0 -w /var/tmp/traffic.pcap host 144.160.235.144 and tcp port 25
FWIW, my MTA, in Melbourne AU, sees:
posttls-finger: Connected to 144.160.235.144[144.160.235.144]:25
posttls-finger: < 220 alph753.prodigy.net ESMTP Sendmail Inbound
8.15.2/8.15.2; Sat, 22 Mar 2025 13:15:31 -0400
posttls-finger: > EHLO [...]
posttls-finger: < 250-alph753.prodigy.net Hello <name>[<ip>], pleased to
meet you
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-8BITMIME
posttls-finger: < 250-SIZE 41943040
posttls-finger: < 250-STARTTLS
posttls-finger: < 250-DELIVERBY
posttls-finger: < 250 HELP
...
posttls-finger: Untrusted TLS connection established
to 144.160.235.144[144.160.235.144]:25:
TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Which is unremarkable, other than TLS 1.2, which is becoming less common
nowdays in comparison with TLS 1.3.
However, connectoins to the same IP from the DANE survey node at
UCI.EDU:
$ posttls-finger "[144.160.235.144]"
posttls-finger: Connected to 144.160.235.144[144.160.235.144]:25
posttls-finger: < 220 alph730.prodigy.net ESMTP Sendmail Inbound
8.15.2/8.15.2; Sat, 22 Mar 2025 13:19:16 -0400
posttls-finger: > EHLO [...]
posttls-finger: < 250-alph730.prodigy.net Hello [<ip>], pleased to meet you
posttls-finger: < 250 ENHANCEDSTATUSCODES
posttls-finger: > QUIT
posttls-finger: < 221 2.0.0 alph730.prodigy.net closing connection
,,,
So from UCI I'm hitting a different anycast node, or the remote
behaviour is dynamic, with some IPs getting a different level of service
than others. The EHLO response format may suggest failure to resolve
the client IP address (which is not expected for the UCI node).
--
Viktor.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
