Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

Failed to connect to SMTP server - smtp Traffic Rejected

Jump to solution

Hello.

 

I see drops in my logs and I can't undesstend why:

 

2019-03-21_164055.jpg

 

In extended log I see:

 

2019-03-21_164206.jpg

 

Help to understand it, please.

0 Kudos
1 Solution

Accepted Solutions
Highlighted

apparently no issue at your site as there is same issue anywhere in the internet i checked
noroutetohost.png

and now to something completely different

View solution in original post

6 Replies
Highlighted

Hello,

would test connectivity between gateway and destination, as per log reject reason is "failed to connect to SMTP server".
regards
Vincent

and now to something completely different
0 Kudos
Highlighted
Nickel
Hello.

I try to test connectivity and what I see? I see strange things...

[Expert@CP-INET-FW-02:0]# telnet 80.237.91.168 25
Trying 80.237.91.168...
telnet: connect to address 80.237.91.168: No route to host

[Expert@CP-INET-FW-02:0]# tracert 80.237.91.168
traceroute to 80.237.91.168 (80.237.91.168), 30 hops max, 40 byte packets
1 31.173.230.225 (31.173.230.225) 19.316 ms 19.446 ms 19.511 ms
2 37.29.105.53 (37.29.105.53) 20.677 ms 20.804 ms 20.887 ms
3 kbk06.transtelecom.net (217.150.41.218) 19.549 ms 19.703 ms 19.628 ms
4 rdn06.rdn23.transtelecom.net (217.150.60.126) 128.941 ms 129.163 ms 129.660 ms
5 rostvertol-gw.transtelecom.net (217.150.60.125) 128.187 ms 128.234 ms 128.294 ms
6 gate.rostvert.ru (80.237.91.168) 128.340 ms 127.373 ms 127.312 ms

[Expert@CP-INET-FW-02:0]# ping 80.237.91.168
PING 80.237.91.168 (80.237.91.168) 56(84) bytes of data.
64 bytes from 80.237.91.168: icmp_seq=1 ttl=59 time=127 ms
64 bytes from 80.237.91.168: icmp_seq=2 ttl=59 time=127 ms

--- 80.237.91.168 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 127.463/127.567/127.671/0.104 ms

[Expert@CP-INET-FW-02:0]# telnet 80.237.91.168
Trying 80.237.91.168...
telnet: connect to address 80.237.91.168: No route to host

[Expert@CP-INET-FW-02:0]# ip r get 80.237.91.168
80.237.91.168 via 31.173.230.225 dev eth1.3021 src 31.173.230.234
cache ipid 0x9944 mtu 1500 advmss 1460 hoplimit 64

[Expert@CP-INET-FW-02:0]# ip r | grep default
default via 31.173.230.225 dev eth1.3021 proto routed
[Expert@CP-INET-FW-02:0]#
0 Kudos
Highlighted

apparently no issue at your site as there is same issue anywhere in the internet i checked
noroutetohost.png

and now to something completely different

View solution in original post

Highlighted
Nickel
Thank you.
0 Kudos
Highlighted

The ICMP type is Destination Unreachable, but it would have been interesting to see the accompanying code as well.  My guess is "Admin Prohibit".

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted
Nickel

Yes, you are right. Day ago after I understand, that it is not CP problem and found it.

 

00:30:20.379482 IP (tos 0x10, ttl 64, id 35366, offset 0, flags [DF], proto: TCP (6), length: 60) 31.173.230.232.10500 > 80.237.91.168.smtp: S, cksum 0x41a2 (correct), 3769254737:3769254737(0) win 5840 <mss 1460,sackOK,timestamp 634374519 0,nop,wscale 10>
00:30:20.507952 IP (tos 0x0, ttl 59, id 62007, offset 0, flags [none], proto: ICMP (1), length: 88) 80.237.91.168 > 31.173.230.232: ICMP host 80.237.91.168 unreachable - admin prohibited, length 68

 

So the problem on a remote side.