On Mon, Jun 14, 2021 at 01:55:40PM -0500, Linda Pagillo wrote:
> I have already verified and reverified with our server host that port 465
> is open on their main fw. However, when I do a port scan to 465 from the
> outside it says it is closed. My server host did the same scan and said
> that it's not them and it's a firewall on the server. I only have one
> firewall on the server and it is completely disabled at this time. Since
> the packets do get to the server we know it's not a firewall upstream.
>
> tcpdump shows the syn packets coming in -- but nothing going out.
Actually, the tcpdump program sees packets *before* they're dropped by
the host (ipfilter or similar) firewall. So in fact, you're actually
providing very strong evidence that there's a local firewall dropping
the packets. Otherwise, the host would respond either with a SYN-ACK or
with TCP RST packet.
> The firewall (iptables) is empty. (fully cleared and flushed -- even
> rebooted with no rules)
Except that clearly there's a firewall in place, or the routing table
has no routes to anything outside the local subset, so the host has no
way to reply.
> Postfix answers fine on all other ports and so do other apps on the
> machine, so not likely to be routing unless something specific to postfix
> on this port.
This disproves the empty routing table hypothesis, making firewall rules
all the more likely.
> If something is blocking the response or the ingress it's not iptables. At
> this point, I'm not sure what else it could be.
Perhaps you have a different packet filter stack installed.
--
Viktor.
