Jump to content


Computer Nerd Kev

Member Since 12 Jul 2014
Offline Last Active Sep 25 2020 07:38 AM
-----

Topics I've Started

[Solved] Not actually my IP, but maybe Blocked

25 September 2020 - 07:26 AM

A user in the US has been unable to access my sites (either computernerdkev.heliohost.org or www.ombertech.com), or open an FTP connection to tommy.heliohost.org, for many weeks.

 

Their ISP assigns them a dynamic IP address, of which one example is: 24.243.100.168

 

All connection attempts time out.

 

They have run traceroute with the following output:

$ traceroute computernerdkev.heliohost.org
traceroute to computernerdkev.heliohost.org (65.19.143.6), 30 hops max, 60
byte packets
 1 router (192.168.2.1) 5.689 ms 7.986 ms 7.924 ms
 2 * * *
 3 tge0-0-20.edbgtx1101h.rgv.rr.com (66.68.194.245) 39.967 ms 43.620 ms
 43.339 ms
 4 agg24.phrrtxgy01r.texas.rr.com (24.175.56.130) 25.059 ms 23.983 ms
 25.453 ms
 5 agg26.dllatxl301r.texas.rr.com (24.175.56.72) 46.915 ms 54.508 ms
 40.182 ms
 6 bu-ether14.dllstx976iw-bcr00.tbone.rr.com (66.109.6.88) 46.831 ms
66.109.1.216 (66.109.1.216) 32.597 ms
bu-ether14.dllstx976iw-bcr00.tbone.rr.com (66.109.6.88) 45.757 ms
 7 66.109.5.121 (66.109.5.121) 39.299 ms 50.577 ms 50.841 ms
 8 10ge7-7.core1.dal1.he.net (184.105.55.249) 47.837 ms 42.734 ms
 42.099 ms
 9 100ge2-2.core4.fmt2.he.net (184.105.64.221) 81.441 ms 77.495 ms
 77.616 ms
10 100ge14-2.core3.fmt1.he.net (184.105.80.93) 93.010 ms 86.576 ms
 79.323 ms
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

This ends at a similar point to where it does if I run traceroute, yet I can access Heliohost fine. So it seems like it's not an issue with routing from the user's ISP - therefore I wonder if their IP address range has been blocked at the Heliohost server for some reason?


[Solved] Non-SSL SMTP Port Requires SSL

25 July 2020 - 09:11 AM

Hello,

I've come to the conclusion that the non-SSL SMTP email port on Tommy doesn't actually work without SSL (aka TLS).

The background is that some of my Email software is old and when Tommy was upgraded after the crash, the new encryption libraries were no longer compatible with my old software. I've been slowly working to get that software working with a newer OpenSSL library, and making do until then in various ways.

I recently set up a new email account (using a unique password) for which security isn't very important, so I tried going unencrypted using the non-SSL port for SMTP (587 on Tommy). But it wouldn't work.

Long story short, the email server software isn't providing any authentication methods to the client unless STARTTLS is used to enable encryption.

Here I'm trying to connect without SSL:
 

<-- 220-tommy.heliohost.org ESMTP Exim 4.92 #2 Sat, 25 Jul 2020 05:38:10 +0000 
<-- 220-We do not authorize the use of this system to transport unsolicited, 
<-- 220 and/or bulk e-mail.
--> EHLO heliohost.org
<-- 250-tommy.heliohost.org Hello heliohost.org [1.136.169.170]
<-- 250-SIZE 52428800
<-- 250-8BITMIME
<-- 250-PIPELINING
<-- 250-STARTTLS
<-- 250 HELP
--> QUIT
<-- 221 tommy.heliohost.org closing connection
msmtp: the server does not support authentication
msmtp: could not send mail

 


Here's what it looks like talking unencrypted to another server where it does work properly (some info redacted):
 
 

<-- 220 [SERVERNAME] ESMTP Postfix (Ubuntu)
--> EHLO localhost
<-- 250-[SERVERNAME]
<-- 250-PIPELINING
<-- 250-SIZE 10240000
<-- 250-VRFY
<-- 250-ETRN
<-- 250-STARTTLS
<-- 250-AUTH PLAIN LOGIN     <---- We don't get this on Tommy!
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250-DSN
<-- 250 SMTPUTF8
--> AUTH PLAIN [ENCODED PASSWORD]  <---- It tells us that we can do this
<-- 235 2.7.0 Authentication successful
--> MAIL FROM:<[MY EMAIL ADDRESS]>
--> RCPT TO:<[RECEIVER'S EMAIL ADDRESS]>
--> DATA
<-- 250 2.1.0 Ok
<-- 250 2.1.5 Ok
<-- 354 End data with <CR><LF>.<CR><LF>
--> Date: Sat, 25 Jul 2020 15:14:05 +1000
[MESSAGE]
--> .
<-- 250 2.0.0 Ok: queued as 7C7FE3B25F1
--> QUIT
<-- 221 2.0.0 Bye

 


Here I'm back with Tommy using another client where the SSL is new enough to work, and STARTTLS is enabled (this is still on the non-SSL port 587):
 
 

* Connecting to SMTP server: mail.ombertech.com ...
[17:02:20] SMTP< 220-tommy.heliohost.org ESMTP Exim 4.92 #2 Sat, 25 Jul 2020 06:56:29 +0000 
[17:02:20] SMTP< 220-We do not authorize the use of this system to transport unsolicited, 
[17:02:20] SMTP< 220 and/or bulk e-mail.
[17:02:20] ESMTP> EHLO The-Overheating-Giant
[17:02:20] ESMTP< 250-tommy.heliohost.org Hello The-Overheating-Giant [1.136.166.92]
[17:02:20] ESMTP< 250-SIZE 52428800
[17:02:20] ESMTP< 250-8BITMIME
[17:02:20] ESMTP< 250-PIPELINING
[17:02:20] ESMTP< 250-STARTTLS
[17:02:20] ESMTP< 250 HELP
[17:02:20] ESMTP> STARTTLS
[17:02:21] ESMTP< 220 TLS go ahead
* SSL certificate of mail.ombertech.com previously accepted
[17:02:21] ESMTP> EHLO The-Overheating-Giant
[17:02:21] ESMTP< 250-tommy.heliohost.org Hello The-Overheating-Giant [1.136.166.92]
[17:02:21] ESMTP< 250-SIZE 52428800
[17:02:21] ESMTP< 250-8BITMIME
[17:02:21] ESMTP< 250-PIPELINING
[17:02:21] ESMTP< 250-AUTH PLAIN LOGIN   <---- Now Tommy talks about AUTH, but only after STARTTLS has enabled TLS/SSL
[17:02:22] ESMTP< 250 HELP
[17:02:22] ESMTP> AUTH PLAIN ********
[17:02:22] ESMTP< 235 Authentication succeeded
[17:02:22] SMTP> MAIL FROM:<[MY EMAIL ADDRESS]>
[17:02:22] SMTP< 250 OK
[17:02:22] SMTP> RCPT TO:<[RECEIVER'S EMAIL ADDRESS]>
[17:02:22] SMTP< 250 Accepted
[17:02:22] SMTP> DATA
[17:02:23] SMTP< 354 Enter message, ending with "." on a line by itself
[17:02:23] SMTP> . (EOM)
[17:02:23] SMTP< 250 OK id=1jzE6i-000PnH-MD
[17:02:23] SMTP> QUIT
[17:02:24] SMTP< 221 tommy.heliohost.org closing connection

 


In that same client if I disable STARTTLS it fails like on the other system. Here though I can force it to attempt the AUTH command even though no AUTH methods are provided by the server, but the server won't accept that:
 
 

* Connecting to SMTP server: mail.ombertech.com ...
[16:31:38] SMTP< 220-tommy.heliohost.org ESMTP Exim 4.92 #2 Sat, 25 Jul 2020 06:25:47 +0000 
[16:31:38] SMTP< 220-We do not authorize the use of this system to transport unsolicited, 
[16:31:38] SMTP< 220 and/or bulk e-mail.
[16:31:38] ESMTP> EHLO The-Overheating-Giant
[16:31:38] ESMTP< 250-tommy.heliohost.org Hello The-Overheating-Giant [1.136.169.176]
[16:31:38] ESMTP< 250-SIZE 52428800
[16:31:38] ESMTP< 250-8BITMIME
[16:31:38] ESMTP< 250-PIPELINING
[16:31:38] ESMTP< 250-STARTTLS
[16:31:38] ESMTP< 250 HELP
[16:31:38] ESMTP> AUTH PLAIN ********
[16:31:38] ESMTP< 503 AUTH command used when not advertised     <---- Tommy knows when I'm trying to cheat
** LibSylph-WARNING: [16:31:38] error occurred on SMTP session

** error occurred on SMTP session
** Sylpheed-WARNING: send: error: 503 AUTH command used when not advertised

** LibSylph-WARNING: [16:31:38] Error occurred while sending the message.

** Error occurred while sending the message.

 
The intended SSL Port 465 works fine, if the client's encryption library is new enough. Perhaps port 587 is actually supposed to only work with STARTTLS and therefore SSL, even though the CPanel info suggests differently. So if it's intentional I'll go away with my tail between my legs and try to wrestle my old systems into the modern encrypted world (which I'm working on anyway). If it's a mistake in Exim's configuration though, I'd be glad to see it fixed.
 
PS. No my current ISP doesn't have an authentication-free SMTP server available to customers, which I could use for sending by using my Heliohost-hosted email address in the "From:" header.


Server Ports on Wiki

25 July 2020 - 07:42 AM

Hello,

 

I notice that there's a new (since I last checked) wiki. Trouble is that it seems to be missing the one thing that I always checked the wiki for, which was the table of server ports for connecting over SFTP and similar protocols.

 

I found the specific port number that I was after by looking in the configuration of another PC, but for the future I'd really like that info restored on the Wiki, and I think I'll save a copy this time - the Wayback Machine didn't even capture it!


[Solved] Account Inactivity Immunity Lost

28 May 2020 - 07:41 AM

Hello,

 

I donated during the fundraiser for the Lilly server and even though the terms for that don't seem to be online anymore, I believe I received 4 months inactivity immunity.

 

It was apparantly restored after I was moved from Ricky back to Tommy after the hardware failure in this thread:

https://www.helionet...ve/#entry164633

 

My account just got locked out after what I'm pretty sure was more like one month. Could someone check the setting for this again please?

 

Thanks.