On 2012-03-04 17:14, /dev/rob0 wrote: > On Sun, Mar 04, 2012 at 04:24:44PM +0100, Stanisław Findeisen wrote: >> On 2012-03-04 11:26, Michael Tokarev wrote: >>> On 04.03.2012 13:30, Stanisław Findeisen wrote: >>>> On 2012-03-04 09:20, Stanisław Findeisen wrote: >>>>> I am running a small Postfix server, and for a couple of hours >>>>> I've been getting: "host ... refused to talk to me: 421 service >>>>> not available (connection refused, too many connections)" for >>>>> all the outgoing mail, all destination servers. >>>>> >>>>> What's wrong? >>>>> >>>>> I wasn't even able to subscribe to this mailing list: >>>>> >>>>> Mar 4 00:41:38 k8ux postfix/smtp[2987]: 1462B1F2505: >>>>> to=<majord...@postfix.org>, >>>>> relay=mail.cloud9.net[168.100.1.7]:25, delay=417, >>>>> delays=417/0.02/0.06/0, dsn=4.0.0, status=deferred (host >>>>> mail.cloud9.net[168.100.1.7] refused to talk to me: 421 service >>>>> not available (connection refused, too many connections)) >>> >>> This smells very much like your outgoing SMTP connections are >>> being trapped by your ISP and redirected to _their_ SMTP server. >> >> Wha... what a... ??! 8-O >> >> You say that mail.cloud9.net[168.100.1.7] was in reality my ISP's >> network node? I.e., they are doing some kind of man in the middle >> attack / IP address spoofing? > > Respectively: no, sort of, and no. mail.cloud9.net is still on its > own IP address, as are the other hosts you tried. It looks like > transparent redirection. > >> Why do you think they should be doing crap like that??! > > Controlling/limiting outbound abuse in case of spammers on their > networks ... this is my guess. But I don't work for your ISP. > >> It just started to work after some 15 hours or so. ALL >> destination servers (the whole queue has been sent out). > > Given this additional information, it looks like you triggered an > automated rate limiting system in the ISP firewall. > > Review your terms of service and acceptable use policy. Ensure that > you're in compliance. Then, talk to the ISP and ask them about it.
It stopped to work again. :-( My ISP say there are no limits, and that this is a failure of theirs. They were unable (or not willing) to explain why outgoing TCP traffic to ports 25 and 587 (they say this one is a problem too) is handled in a different way than other traffic (say TCP 80). I know what TCP/IP is, but I don't know too much about routing practice. What do you think they could be doing with this traffic and why? /dev/rob0: what is transparent redirection? Did you mean that my Postfix was tricked and talking to my ISP's SMTP server, instead of mail.cloud9.net[168.100.1.7] in this case? -- http://people.eisenbits.com/~stf/ http://www.eisenbits.com/ OpenPGP: E3D9 C030 88F5 D254 434C 6683 17DD 22A0 8A3B 5CC0
