ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Verizon blocking port 465 to godaddy?

    Scheduled Pinned Locked Moved IT Discussion
    104 Posts 11 Posters 18.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender
      last edited by

      not that it should matter, how about openssl'ing the IP address of your SMTP server instead of the FQDN?

      scottalanmillerS 1 Reply Last reply Reply Quote 1
      • Mike DavisM
        Mike Davis
        last edited by

        @Dashrender said in Verizon blocking port 465 to godaddy?:

        not that it should matter, how about openssl'ing the IP address of your SMTP server instead of the FQDN?

        good idea. That would rule out any DNS stuff like suggested above. It seems they are doing some kind of DNS round robin. I queried the DNS entry on a few different server and tried them all inside the bad Verizon and none of them work.

        Outside the bad network, which ever one I try seems to work.

        BRRABillB DashrenderD 2 Replies Last reply Reply Quote 0
        • DashrenderD
          Dashrender @Mike Davis
          last edited by

          @Mike-Davis said in Verizon blocking port 465 to godaddy?:

          Then I decided to set up the Ubiquiti EdgeRouter to see if that made a difference.

          What was the outcome of using the ER?

          Mike DavisM 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said in Verizon blocking port 465 to godaddy?:

            not that it should matter, how about openssl'ing the IP address of your SMTP server instead of the FQDN?

            Definitely try this to rule out DNS.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Mike Davis
              last edited by

              @Mike-Davis said in Verizon blocking port 465 to godaddy?:

              As for some of the back story to respond to the stuff up above about the SMTP relay. Yes, up until two weeks ago, if you were a Verizon customer, you had to put their server in your SMTP server field, and specify port 465 and SSL and a Verizon username and password. So this was not an open relay, but a way for them to see exactly what customer was sending what and how much. For what ever reason, they shut that service down and you should be able to connect to your email provider directly. That doesn't seem to be working....

              I know all the settings for the accounts are correct, because as soon as they leave that particular Verizon connection, they can send email once again.

              That was their recommendation but not the only way. You could always run your own proxy. They have no way to block it, not universally.

              1 Reply Last reply Reply Quote 1
              • BRRABillB
                BRRABill
                last edited by

                I've used a Verizon business connection for years and never had to use a relay.

                Mike DavisM 1 Reply Last reply Reply Quote 0
                • BRRABillB
                  BRRABill @Mike Davis
                  last edited by

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @Mike Davis
                    last edited by

                    @Mike-Davis said in Verizon blocking port 465 to godaddy?:

                    @Dashrender said in Verizon blocking port 465 to godaddy?:

                    not that it should matter, how about openssl'ing the IP address of your SMTP server instead of the FQDN?

                    good idea. That would rule out any DNS stuff like suggested above. It seems they are doing some kind of DNS round robin. I queried the DNS entry on a few different server and tried them all inside the bad Verizon and none of them work.

                    Outside the bad network, which ever one I try seems to work.

                    you can find all available IPs by using nslookup to find all MX records, then all the IPs of those entries. Should be much faster than pinging the FQDN from several sources.

                    Mike DavisM 1 Reply Last reply Reply Quote 0
                    • Mike DavisM
                      Mike Davis @Dashrender
                      last edited by

                      @Dashrender said in Verizon blocking port 465 to godaddy?:

                      @Mike-Davis said in Verizon blocking port 465 to godaddy?:

                      Then I decided to set up the Ubiquiti EdgeRouter to see if that made a difference.

                      What was the outcome of using the ER?

                      ER performed the same. I put the Verizon router back in place since the Verizon router also had wifi.

                      1 Reply Last reply Reply Quote 0
                      • Mike DavisM
                        Mike Davis @BRRABill
                        last edited by

                        @BRRABill said in Verizon blocking port 465 to godaddy?:

                        I've used a Verizon business connection for years and never had to use a relay.

                        It's an odd situation where what normally works doesn't and now I have to find the test to show them who needs to own the problem .

                        1 Reply Last reply Reply Quote 0
                        • Mike DavisM
                          Mike Davis @Dashrender
                          last edited by

                          @Dashrender said in Verizon blocking port 465 to godaddy?:

                          you can find all available IPs by using nslookup to find all MX records, then all the IPs of those entries. Should be much faster than pinging the FQDN from several sources.

                          I think they are using round robin DNS. I know what you mean. If you query yahoo.com, it lists all the addresses. If you query smtpout.secureserver.net you only get one address each time, and it's usually different.

                          > yahoo.com
                          Server:  google-public-dns-a.google.com
                          Address:  8.8.8.8
                          
                          Non-authoritative answer:
                          Name:    yahoo.com
                          Addresses:  2001:4998:c:a06::2:4008
                                    2001:4998:44:204::a7
                                    2001:4998:58:c02::a9
                                    98.138.253.109
                                    98.139.183.24
                                    206.190.36.45
                          
                          > smtpout.secureserver.net
                          Server:  google-public-dns-a.google.com
                          Address:  8.8.8.8
                          
                          Non-authoritative answer:
                          Name:    smtpout.where.secureserver.net
                          Address:  173.201.192.229
                          Aliases:  smtpout.secureserver.net
                          
                          > smtpout.secureserver.net
                          Server:  google-public-dns-a.google.com
                          Address:  8.8.8.8
                          
                          Non-authoritative answer:
                          Name:    smtpout.where.secureserver.net
                          Address:  68.178.252.229
                          Aliases:  smtpout.secureserver.net
                          
                          

                          As you can see for yahoo, you get a bunch of address the first time, but in the case of smtpout.secureserver.net, you get a different IP each time. With that said I tried a few of them and got the same result. The response gets truncated inside the bad Verizon network.

                          BRRABillB 1 Reply Last reply Reply Quote 0
                          • BRRABillB
                            BRRABill @Mike Davis
                            last edited by

                            @Mike-Davis said

                            As you can see for yahoo, you get a bunch of address the first time, but in the case of smtpout.secureserver.net, you get a different IP each time. With that said I tried a few of them and got the same result. The response gets truncated inside the bad Verizon network.

                            And it works to other servers inside the bad Verizon network?

                            1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender
                              last edited by

                              Sadly, I don't know how to tell if the cut off/broken setup connection is the fault of Verizon or GoDaddy? Clearly the setup is being messed with.

                              @BRRABill proposes that GoDaddy is perhaps blocking the IP address @Mike-Davis is coming from, but if that was the case, I would expect no connection at all.

                              @dashrender proposes that it's Verizon, but it can't be a full out block on 465, since @Mike-Davis can make a connection to Cox's server on port 465. This would mean that Verizon is specifically messing with GoDaddy on multiple IPs. and while not a long stretch of problems, @BRRABill is also on Verizon business connection and he can connect to smtpout.secureserver.net with the openssl command.

                              here's a side by side of the working vs non working results.

                              uY9dX34.png

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                I'd open a ticket to Verizon and ask.

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  And a ticket to GoDaddy, as well. Lots of relays block port ranges because they are common SPAM host locations.

                                  DashrenderD 1 Reply Last reply Reply Quote 1
                                  • DashrenderD
                                    Dashrender
                                    last edited by

                                    I don't know the first thing about SSL, but I noticed on my openssl session and @Mike-Davis working one, that neither have the message

                                    Loading 'screen' into random state - done
                                    

                                    But @Mike-Davis bad one and @BRRABill working one they both have that. This makes me think Verizon is adding this.

                                    QOU6wZl.png

                                    1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in Verizon blocking port 465 to godaddy?:

                                      And a ticket to GoDaddy, as well. Lots of relays block port ranges because they are common SPAM host locations.

                                      What relays though? @Mike-Davis is trying to connect directly to his email service provider. He's not using a relay anymore.

                                      @Mike-Davis mentioned earlier in the thread that Verizon discontinued their relay a little while ago, which is when all these troubles started.

                                      That's one more reason I think this is a Verizon issue. Verizon used to prevent connections to SMTP servers (obviously port 25, but apparently port 465 as well) to non Verizon IPs I'm guessing in the hopes of cutting down on spam leaving their network.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said in Verizon blocking port 465 to godaddy?:

                                        @scottalanmiller said in Verizon blocking port 465 to godaddy?:

                                        And a ticket to GoDaddy, as well. Lots of relays block port ranges because they are common SPAM host locations.

                                        What relays though? @Mike-Davis is trying to connect directly to his email service provider. He's not using a relay anymore.

                                        Host, relay... same thing. The MTA.

                                        DashrenderD 1 Reply Last reply Reply Quote 0
                                        • BRRABillB
                                          BRRABill
                                          last edited by

                                          One other question I have is ... do ALL of the clients on the bad network have this issue? Or do some of them work?

                                          From what I have seen from your testing and the testing @Dashrender and I have done, the connection is going through. But the SSL handshake is failing with:
                                          15712:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:./ssl/s23_lib.c:188:

                                          1 Reply Last reply Reply Quote 0
                                          • Mike DavisM
                                            Mike Davis
                                            last edited by

                                            @BRRABill said in Verizon blocking port 465 to godaddy?:

                                            One other question I have is ... do ALL of the clients on the bad network have this issue? Or do some of them work?

                                            yes, all their outlook clients and iphones are having this issue.

                                            BRRABillB 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 2 / 6
                                            • First post
                                              Last post