[pfx] Re: Postfix mails accepted for delivery, but never received

[Bill Cole via Postfix-users]

On 2023-09-11 at 12:15:10 UTC-0400 (Mon, 11 Sep 2023 09:15:10 -0700 
(PDT))
Fred Morris via Postfix-users <m3...@m3047.net>
is rumored to have said:
Looks like you've got the general idea.

On Mon, 11 Sep 2023, Jesper Hansen via Postfix-users wrote:
[...]
All the non port 25 tests, took about 15-27 hops.

But the port 25 ones only took 7 or 8, and have a look at the IP at 
the next-to-last hop of the route.
192.168.20.20?? What?

Anyone can put any packet onto any network they have an interface for, 
even ones with RFC1918 source addresses. For years, Sprint's internal 
routers all used NET10 source addresses so if you traced across Sprint, 
you got many lines of * or a bunch of 10.* replies, depending on the 
egress/ingress filtering of the networks in-between.

I suspect that most "empty" hops in a traceroute these days indicate 
routers with RFC1918 addresses and proper egress filtering.

5  165.217.24.125.in-addr.arpa (125.24.217.165)  9.645 ms  9.548 ms  
9.473 ms
6  203.113.59.128 (203.113.59.128)  13.410 ms  7.639 ms  7.460 ms
7  192.168.20.20 (192.168.20.20)  9.929 ms 89.206.23.94.in-addr.arpa 
(94.23.206.89)  7.406 ms 192.168.20.20 (192.168.20.20)  9.611 ms


user@wopr4:/etc/postfix$ sudo traceroute -T -p 25 smtp.univie.ac.at
traceroute to smtp.univie.ac.at (131.130.3.111), 30 hops max, 60 byte 
packets
1  192.168.0.1 (192.168.0.1)  1.084 ms  1.277 ms  1.432 ms
2  * * *
3  node-16rl.pool-125-24.dynamic.totinternet.net (125.24.216.129)  
7.886 ms  7.710 ms  7.526 ms
4  * * *
5  node-16zp.pool-125-24.dynamic.totinternet.net (125.24.217.165)  
10.211 ms  10.037 ms node-16zl.pool-125-24.dynamic.totinternet.net 
(125.24.217.161)  9.846 ms
6  203.113.59.130 (203.113.59.130)  9.668 ms  7.902 ms 203.113.59.128 
(203.113.59.128)  7.783 ms
7  192.168.20.20 (192.168.20.20)  9.091 ms  8.829 ms  11.607 ms
8  justin.univie.ac.at (131.130.3.111)  10.002 ms  8.949 ms  8.725 ms

I also find it very impressive that it reaches univie.ac.at in 9 ms, 
considering the tracetime when NOT using port 25, is 260 ms.

I'm surprised it reaches it at all.

Yeah, because it did not.

Anyone can send a packet claiming to be from 131.130.3.111. That's 
precisely how the port 25 intercept works: a middlebox sees packets on 
port 25 and replies to them with packets supposedly from the target IP.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org