moderated i/o timeout on port 25? #bug


Rob McMillin
 

One of my mailing lists — and only one! — is suddenly having trouble sending mail. The error message it's complaining about looks like this:
Message
[MontanaES] Finnegan - degenerative myelopathy
Attempted
13:33
Response
mx2c40.carrierzone.com: dial tcp4 64.29.151.237:25: i/o timeout
First off, why is this attempting to connect via port 25 (unsecured SMTP)? This sounds like a config issue on your end. Second, is there any way I can get the full server bounce message? Third, this is only happening with this one mailing list, and I subscribe to or own many.


 

On Mon, Jun 20, 2022 at 8:41 PM Rob McMillin <rlm@...> wrote:
One of my mailing lists — and only one! — is suddenly having trouble sending mail. The error message it's complaining about looks like this:
Message
[MontanaES] Finnegan - degenerative myelopathy
Attempted
13:33
Response
mx2c40.carrierzone.com: dial tcp4 64.29.151.237:25: i/o timeout
First off, why is this attempting to connect via port 25 (unsecured SMTP)? This sounds like a config issue on your end.

No. Port 25 is the correct port for email relay.

 
Second, is there any way I can get the full server bounce message? Third, this is only happening with this one mailing list, and I subscribe to or own many.

There is no server bounce message, because we're unable to connect with your server at all. That's what the 'dial' and 'i/o timeout' stuff means (it only now occurs to me to try to make that a more user friendly error. Sorry about that). It appears that your email provider is blocking one, but not both, of our outbound email servers. My suggestion is to email them and ask them to unblock 66.175.222.12. (This is also why I'm directly replying to you as well as to the list).

Cheers,
Mark


Rob McMillin
 

On 6/20/22 22:50, Mark Fletcher wrote:
On Mon, Jun 20, 2022 at 8:41 PM Rob McMillin <rlm@...> wrote:
One of my mailing lists — and only one! — is suddenly having trouble sending mail. The error message it's complaining about looks like this:
Message
[MontanaES] Finnegan - degenerative myelopathy
Attempted
13:33
Response
mx2c40.carrierzone.com: dial tcp4 64.29.151.237:25: i/o timeout
First off, why is this attempting to connect via port 25 (unsecured SMTP)? This sounds like a config issue on your end.
 
No. Port 25 is the correct port for email relay.

Yes, it's correct if you're sending mail unencrypted. But unencrypted SMTP relaying has been deprecated for a while now. The correct port should be 465 (see RFC 8314, "Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access") or 587 (see RFC 6509, "Message Submission for Mail").

Second, is there any way I can get the full server bounce message? Third, this is only happening with this one mailing list, and I subscribe to or own many.
 
There is no server bounce message, because we're unable to connect with your server at all. That's what the 'dial' and 'i/o timeout' stuff means (it only now occurs to me to try to make that a more user friendly error. Sorry about that). It appears that your email provider is blocking one, but not both, of our outbound email servers. My suggestion is to email them and ask them to unblock 66.175.222.12. (This is also why I'm directly replying to you as well as to the list).
Except for the part where it works for all the other mailing lists from your service (and this one until quite recently). Why is it trying to send mail via an obsolescent port?


Duane
 

On Tue, Jun 21, 2022 at 07:53 AM, Rob McMillin wrote:
Except for the part where it works for all the other mailing lists from your service (and this one until quite recently).
I'd bet that previously all of your messages were being sent out on the other Groups.io email server, so they went through.  As Mark said, your service is blocking one of them, so that's where the problem shows up.  The problem could easily show up for other group messages if they happen to be sent on that server.

I think you misread the RFCs.  The first is a recommendation, not a requirement.  The second is a memo and says Message Relay should continue to use port 25.  If any changes need to be made, I'm sure Mark will handle it.

Duane


 

On Tue, Jun 21, 2022 at 5:53 AM Rob McMillin <rlm@...> wrote:

Yes, it's correct if you're sending mail unencrypted. But unencrypted SMTP relaying has been deprecated for a while now.

Yes, which is why we use TLS/STARTTLS.
 

The correct port should be 465 (see RFC 8314, "Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access") or 587 (see RFC 6509, "Message Submission for Mail").

You should contact your email provider, because they also don't accept connections on either of those ports. (And if we started accepting connections from 587, boy howdy would our spam load increase).

Cheers,
Mark 


 

Why does "timeout on port 25" sound like an old rock song?
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


Rob McMillin
 

Okay, super cool, what servers are you trying to send these messages from so I can have a ghost of a chance of telling my mail service who to unblock? It looks like it's only one of several candidate servers that's affected.


 

On Thu, Jun 23, 2022 at 05:22 AM, Rob McMillin wrote:

what servers are you trying to send these messages from
so I can have a ghost of a chance of telling my mail service who to unblock?
66.175.222.12 and 66.175.222.108


Rob McMillin
 

Thank you, Lena!


Rob McMillin
 

So it looks like SORBS (sorbs.net) has put out a hit on 66.175.222.12 but not 66.175.222.108. Could you guys maybe look into this and see what the deal is? I asked Aplus to see if they can get SORBS to issue a temporary whitelist, but this would certainly explain the differential and inconsistent delivery behavior.


 

On Thu, Jun 23, 2022 at 9:22 AM Rob McMillin <rlm@...> wrote:
So it looks like SORBS (sorbs.net) has put out a hit on 66.175.222.12 but not 66.175.222.108. Could you guys maybe look into this and see what the deal is? I asked Aplus to see if they can get SORBS to issue a temporary whitelist, but this would certainly explain the differential and inconsistent delivery behavior.

SORBS has had that server listed for over a year now. I have asked to have them remove it, but they won't.

Mark 


Duane
 

On Thu, Jun 23, 2022 at 11:22 AM, Rob McMillin wrote:
So it looks like SORBS (sorbs.net) has put out a hit on 66.175.222.12
As Mark said, that was over a year ago.  Actually 1.5 years ago since the dates on the 'hits' are from December of 2020 so they apparently don't update them, nor really care much about the situation they cause.  Makes me wonder why any service would use them.

Duane


 

Does spectrum use them?

So far, since I switched to spectrum, I have had no issues with groups.io.

 

From: main@beta.groups.io <main@beta.groups.io> On Behalf Of Duane
Sent: Thursday, June 23, 2022 3:00 PM
To: main@beta.groups.io
Subject: Re: [beta] i/o timeout on port 25? #bug

 

On Thu, Jun 23, 2022 at 11:22 AM, Rob McMillin wrote:

So it looks like SORBS (sorbs.net) has put out a hit on 66.175.222.12

As Mark said, that was over a year ago.  Actually 1.5 years ago since the dates on the 'hits' are from December of 2020 so they apparently don't update them, nor really care much about the situation they cause.  Makes me wonder why any service would use them.

Duane


Rob McMillin
 

I think I may be on my way to convincing tech support to either unplug SORBS altogether, or move it back down the stack where it can be managed at the user level with whitelists. They have removed it at the port blocking (network) level, but migrated it back to having SMTP heed it. They mumbled something about whitelisting the two outbound SMTP IP addresses, so, maybe some good news on the horizon?

Thanks for the help, everyone.


Rob McMillin
 

I would not be surprised if Spectrum used SORBS, yes.


Rob McMillin
 

So I finally convinced my mail host to unblock 66.175.22.12. Back to normal now.

Thanks, Mark, especially if I came off as testy.