ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Verizon blocking port 465 to godaddy?

    Scheduled Pinned Locked Moved IT Discussion
    104 Posts 11 Posters 18.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BRRABillB
      BRRABill @JaredBusch
      last edited by

      @JaredBusch said in Verizon blocking port 465 to godaddy?:

      @BRRABill said in Verizon blocking port 465 to godaddy?:

      Verizon has always been funky with e-mail.

      I think they just started supporting IMAP a little bit ago. (If they even do yet.)

      But we're not talking about Verizon email it email from Go Daddy just Verizon is the carrier and should have nothing to do with anything

      They do all sorts of nutty stuff.

      We use them for our corporate Internet, and it took me a few days to realize they monkey with the DNS servers they provide you. Because they return "search" results with them.

      They have alternative DNS servers that funtion more like proper DNS server that have to be used. (.12 vs .14)

      Anyway. my point is that Verizon does all sorts of weird stuff.

      JaredBuschJ 1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch @BRRABill
        last edited by

        @BRRABill said in Verizon blocking port 465 to godaddy?:

        @JaredBusch said in Verizon blocking port 465 to godaddy?:

        @BRRABill said in Verizon blocking port 465 to godaddy?:

        Verizon has always been funky with e-mail.

        I think they just started supporting IMAP a little bit ago. (If they even do yet.)

        But we're not talking about Verizon email it email from Go Daddy just Verizon is the carrier and should have nothing to do with anything

        They do all sorts of nutty stuff.

        We use them for our corporate Internet, and it took me a few days to realize they monkey with the DNS servers they provide you. Because they return "search" results with them.

        They have alternative DNS servers that funtion more like proper DNS server that have to be used. (.12 vs .14)

        Anyway. my point is that Verizon does all sorts of weird stuff.

        Again that's nothing to do with being at Stephen and less you choose to use theirs. They are the carrier and if you're not using their service for a certain thing and it should not be affecting anything and actually probably certain it is not in this case. If you don't use their DNS he certainly would not have any of those issues that you had

        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender
          last edited by

          @BRRABill Does Verizon require you to relay email through their proxy? That would majorly suck if they did.

          Sounds like they are screwing with DNS. I know Cox does the same thing, at least on the consumer side. If their DNS server can't find an answer, it returns the IP of their failure page website instead of an IP not found message.

          I avoid ISP DNS servers most times. Much prefer to use Google or others.

          BRRABillB 1 Reply Last reply Reply Quote 0
          • BRRABillB
            BRRABill @Dashrender
            last edited by

            @Dashrender said in Verizon blocking port 465 to godaddy?:

            @BRRABill Does Verizon require you to relay email through their proxy? That would majorly suck if they did.

            Sounds like they are screwing with DNS. I know Cox does the same thing, at least on the consumer side. If their DNS server can't find an answer, it returns the IP of their failure page website instead of an IP not found message.

            I avoid ISP DNS servers most times. Much prefer to use Google or others.

            Not through the business side of things.

            And the DNS is fixable if you use a different set of DNS servers.

            I'm not saying anything other than Verzion does some screwy things, so you never know what they are doing on their end.

            JaredBuschJ 1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @BRRABill
              last edited by

              @BRRABill said in Verizon blocking port 465 to godaddy?:

              @Dashrender said in Verizon blocking port 465 to godaddy?:

              @BRRABill Does Verizon require you to relay email through their proxy? That would majorly suck if they did.

              Sounds like they are screwing with DNS. I know Cox does the same thing, at least on the consumer side. If their DNS server can't find an answer, it returns the IP of their failure page website instead of an IP not found message.

              I avoid ISP DNS servers most times. Much prefer to use Google or others.

              Not through the business side of things.

              And the DNS is fixable if you use a different set of DNS servers.

              I'm not saying anything other than Verzion does some screwy things, so you never know what they are doing on their end.

              This is all distracting from the question at hand with irrelevant information.

              How to test telnetting our on port 465.

              1 Reply Last reply Reply Quote 0
              • BRRABillB
                BRRABill
                last edited by

                I profusely apologize to all for possibly adding any information that doesn't belong in this thread.

                I know ML is built on the philosophy of keeping threads real short and tight, and never deviating from the original post, so again I apologize to anyone I offended with my three sentences.

                Well, 5 now with these additional 2 sentences.

                Oh no, it's now 6 ... 777 ARGH!!!!!!!!!!

                JaredBuschJ 1 Reply Last reply Reply Quote 1
                • DashrenderD
                  Dashrender @Mike Davis
                  last edited by

                  @Mike-Davis said in Verizon blocking port 465 to godaddy?:

                  I found out that two weeks ago Verizon turned off their smtp relay, which is what set this whole thing in to motion.

                  Do I understand this correctly -

                  The old way it worked was - your email client while at your location would connect to Verizon's SMTP relay, which would then send your emails onto GoDaddy's email servers, which would then send out your email?
                  (it's also possible that your email client, while at your location, would connect to Verizon's SMTP relay and deliver the email direct to the end recipients server).
                  Did you have to enter Verizon's SMTP into the settings? Or was Verizon simply intercepting all outbound SMTP traffic and routing it forcefully through their own servers?

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender
                    last edited by

                    But - really, as JB would say.

                    FFS - who cares, because SMTP is not used on port 465 normally, so Verizon's use of a SMTP gateway shouldn't affect 465 traffic.

                    1 Reply Last reply Reply Quote 1
                    • DashrenderD
                      Dashrender
                      last edited by Dashrender

                      @Mike-Davis said in Verizon blocking port 465 to godaddy?:

                      Can anyone suggest a test that I can do to narrow down where 465 is being blocked?

                      Looks like

                      openssl s_client -connect localhost:465
                      

                      Should get you a connection. If the cert appears to be from someone other than your email provider (i.e. Godaddy) then it's a good bet that that is where your issue is.

                      If you don't have a linux box to run this from, you can install bash on Windows 10 and run the command, worked fine for me.

                      I found the info over here http://serverfault.com/questions/64411/whats-the-best-way-to-check-if-an-smtp-server-is-ssl-enabled-or-not

                      1 Reply Last reply Reply Quote 3
                      • JaredBuschJ
                        JaredBusch @BRRABill
                        last edited by

                        @BRRABill said in Verizon blocking port 465 to godaddy?:

                        I profusely apologize to all for possibly adding any information that doesn't belong in this thread.

                        I know ML is built on the philosophy of keeping threads real short and tight, and never deviating from the original post, so again I apologize to anyone I offended with my three sentences.

                        Well, 5 now with these additional 2 sentences.

                        Oh no, it's now 6 ... 777 ARGH!!!!!!!!!!

                        A flowing discussion is fine, but at some point you need to get back to the question at hand or reply as a new thread and make your own topic. Additionally my opinion on where that line should be is significantly different than @scottalanmiller's.

                        I got stuck on a bunch of calls, but it looks like @Dashrender found the solution.

                        BRRABillB 1 Reply Last reply Reply Quote 0
                        • BRRABillB
                          BRRABill @JaredBusch
                          last edited by

                          @JaredBusch said in Verizon blocking port 465 to godaddy?:

                          @BRRABill said in Verizon blocking port 465 to godaddy?:

                          I profusely apologize to all for possibly adding any information that doesn't belong in this thread.

                          I know ML is built on the philosophy of keeping threads real short and tight, and never deviating from the original post, so again I apologize to anyone I offended with my three sentences.

                          Well, 5 now with these additional 2 sentences.

                          Oh no, it's now 6 ... 777 ARGH!!!!!!!!!!

                          A flowing discussion is fine, but at some point you need to get back to the question at hand or reply as a new thread and make your own topic. Additionally my opinion on where that line should be is significantly different than @scottalanmiller's.

                          I got stuck on a bunch of calls, but it looks like @Dashrender found the solution.

                          I find this post distracting and unnecessary.

                          I kid, Kid.

                          I also originally read your post as you got stuck on a bunch of cats, which is odd.

                          1 Reply Last reply Reply Quote 1
                          • Mike DavisM
                            Mike Davis
                            last edited by

                            So I went over there today and swapped out the Verizon Actiontec modem for a Ubiquiti EdgeRouter. Same results. I'm going to try the command that @Dashrender posted.

                            gjacobseG 1 Reply Last reply Reply Quote 0
                            • gjacobseG
                              gjacobse @Mike Davis
                              last edited by

                              @Mike-Davis

                              Have any luck with them being online? Is it just blocking port 465 still or all iNet traffic?

                              Mike DavisM 1 Reply Last reply Reply Quote 0
                              • Mike DavisM
                                Mike Davis @gjacobse
                                last edited by

                                @gjacobse I got them back on line. They tried to flash the firmware on the router to see if that would fix it the problem and it reset it back to factory. They had a static IP but the factory image set it to PPPoE. Once I got the static IP settings, I got them back online. Then I decided to set up the Ubiquiti EdgeRouter to see if that made a difference.

                                DashrenderD 1 Reply Last reply Reply Quote 0
                                • Mike DavisM
                                  Mike Davis
                                  last edited by

                                  Since this was on a windows box, I downloaded OpenSSL from:
                                  http://gnuwin32.sourceforge.net/packages/openssl.htm

                                  open a command prompt and CD to the folder: C:\Program Files (x86)\GnuWin32\bin

                                  run the command:
                                  C:\Program Files (x86)\GnuWin32\bin>openssl.exe s_client -connect smtpout.secureserver.net:465

                                  1 Reply Last reply Reply Quote 0
                                  • Mike DavisM
                                    Mike Davis
                                    last edited by Mike Davis

                                    on a machine outside of that particular Verizon connection, I get:

                                    CONNECTED(00000188)
                                    ---
                                    Certificate chain
                                     0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Arizona/2.5.4.15=Private Organization/serialNumber=R-1724730-3/C=US/ST=Arizona/L=Scottsdale/O=Special Domain Services, LLC/CN=smtpout.secureserver.net
                                       i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certs.starfieldtech.com/repository//CN=Starfield Secure Certificate Authority - G2
                                     1 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certs.starfieldtech.com/repository//CN=Starfield Secure Certificate Authority - G2
                                       i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2
                                    ---
                                    Server certificate
                                    -----BEGIN CERTIFICATE-----
                                    MIIHkjCCBnqgAwIBAgIIS/V8PjyZBugwDQYJKoZIhvcNAQELBQAwgcYxCzAJBgNV
                                    BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUw
                                    IwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypo
                                    dHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNV
                                    BAMTK1N0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIw
                                    HhcNMTUwMzAzMjIxMjM5WhcNMTcwMzAzMjIxMjM5WjCB4jETMBEGCysGAQQBgjc8
                                    AgEDEwJVUzEYMBYGCysGAQQBgjc8AgECEwdBcml6b25hMR0wGwYDVQQPExRQcml2
                                    YXRlIE9yZ2FuaXphdGlvbjEUMBIGA1UEBRMLUi0xNzI0NzMwLTMxCzAJBgNVBAYT
                                    AlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYD
                                    VQQKExxTcGVjaWFsIERvbWFpbiBTZXJ2aWNlcywgTExDMSEwHwYDVQQDExhzbXRw
                                    b3V0LnNlY3VyZXNlcnZlci5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
                                    AoIBAQC9hry553FPLZF+osh3csqglPwR/eLcOn3SM5kutIKS1lzp31yIBn8kN7lF
                                    fF3iH6MF6CE3nh6bvYtfM6hkyOvtjxR0pEwi0klpa/mMu0GTa1nM4eu6Ay6Vab49
                                    LHzbUwoxb8gimGxAG0OHpUlYAf+1OV5FpQCVZ90Nebe1cAIVlLpcqlv8fXOHoWSJ
                                    bDpvS9LmtrPe9erocZMqUb9QYReGkKFBmx/aHR9zVCkVfe3mqAAWv3NFc2q9WArl
                                    V4fDOUuXrokpYj2Gig6QhkB0LmH5ht3TThP/6SF3/XqCSAxlBSPuiiWUp3rJ8BBD
                                    L4oZ4F5PeNxgiBt7vkx3iOZeMQPzAgMBAAGjggNkMIIDYDAMBgNVHRMBAf8EAjAA
                                    MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAw
                                    OwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9z
                                    ZmlnMnMzLTAuY3JsMFkGA1UdIARSMFAwTgYLYIZIAYb9bgEHFwMwPzA9BggrBgEF
                                    BQcCARYxaHR0cDovL2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBv
                                    c2l0b3J5LzCBggYIKwYBBQUHAQEEdjB0MCoGCCsGAQUFBzABhh5odHRwOi8vb2Nz
                                    cC5zdGFyZmllbGR0ZWNoLmNvbS8wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jZXJ0aWZp
                                    Y2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZmlnMi5jcnQwHwYD
                                    VR0jBBgwFoAUJUWBaFAmOD07LSy+zWrZtj2zZmMwQQYDVR0RBDowOIIYc210cG91
                                    dC5zZWN1cmVzZXJ2ZXIubmV0ghx3d3cuc210cG91dC5zZWN1cmVzZXJ2ZXIubmV0
                                    MB0GA1UdDgQWBBR80Y/u5RJrFrQ25pPtjpC41cO5jzCCAX8GCisGAQQB1nkCBAIE
                                    ggFvBIIBawFpAHUAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFL
                                    4bNwHQAABAMARjBEAiBEWFT4EUeGAlXBCKgVu7CI+hW7VWRJ69kLCxHrGLjxjwIg
                                    O2D8ajSDTU1hyp08aIV2fUgkOx6026sMudX30SXDZq4AdwBo9pj4H2SCvjqM7rko
                                    HUz8cVFdZ5PURNEKZ6y7T0/7xAAAAUvhs3GaAAAEAwBIMEYCIQCi9DiAZxnoyw7p
                                    fF/2x+sW3c+KxcP3rgt0//Ub2RbBGgIhAIo2ysh0hiW7FVBj2lJqE0O6fbQhEP3m
                                    NnIOIv8nmRFUAHcApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFL
                                    4bN0rgAABAMASDBGAiEA6PyETzZs7MwhGzsqDxnvGMrLL1hSa+4/gejppr8YxOUC
                                    IQDnfRD4Jskd5/FXXfUIPYTjRWpIyeDTzgMSwAXFZYiqozANBgkqhkiG9w0BAQsF
                                    AAOCAQEAEuONLSXYCeaqB5lsyPF/lw+nPOdoITVeQLmLz5R0i34pnMy9xWQKHBeb
                                    Ag0Yd+zDqWqAK3/TfNNq9RHoT3+d+B3KNXiOZvvJuMShq+9ZXf4263P8U4Q3mQEZ
                                    Bj0ehjvXvaPVLRlGItNrTBMoWoICic3Sx3yCItp6iArlbQnQCsq5mLu2e5IHE+D9
                                    iU0lfAt50pQDRzQ6bwogBdaRbYR1UnzKlla8gmbiU+/rA8b+vymD9GMxTlzDfHD0
                                    u+ElIpvneXENRI3v4MgBxAu++6VOVRz1PWwCeAMshXaj26u0geIsb2zZbfZH4rsI
                                    0CqVKhxNIq9XpECiykV3DXi2BlPDvg==
                                    -----END CERTIFICATE-----
                                    subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Arizona/2.5.4.15=Private Organization/serialNumber=R-1724730-3/C=US/ST=Arizona/L=Scottsdale/O=Special Domain Services, LLC/CN=smtpout.secureserver.net
                                    issuer=/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certs.starfieldtech.com/repository//CN=Starfield Secure Certificate Authority - G2
                                    ---
                                    No client certificate CA names sent
                                    ---
                                    SSL handshake has read 4177 bytes and written 450 bytes
                                    ---
                                    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
                                    Server public key is 2048 bit
                                    Compression: NONE
                                    Expansion: NONE
                                    SSL-Session:
                                        Protocol  : TLSv1
                                        Cipher    : DHE-RSA-AES256-SHA
                                        Session-ID: 92225808B974C42795D8CD7FAA697CBFB7195DAB308C49FA7EC3E15A3A9D445C
                                        Session-ID-ctx: 
                                        Master-Key: F2B445BD9EB3860ACD43072294D998EE46E4DC892B4FF93F248E879B3E005D3BED352E5EB6FB793E66B1481C14A44EC2
                                        Key-Arg   : None
                                        Start Time: 1481080657
                                        Timeout   : 300 (sec)
                                        Verify return code: 20 (unable to get local issuer certificate)
                                    ---
                                    220 p3plsmtpa11-08.prod.phx3.secureserver.net :SMTPAUTH: ESMTP
                                    1 Reply Last reply Reply Quote 0
                                    • Mike DavisM
                                      Mike Davis
                                      last edited by Mike Davis

                                      on a machine inside the the problem verizon connection, I get:

                                      Loading 'screen' into random state - done
                                      CONNECTED(00000140)
                                      depth=1 /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certs.starfieldtech.com/repository//CN=S
                                      arfield Secure Certificate Authority - G2
                                      verify error:num=20:unable to get local issuer certificate
                                      verify return:0
                                      15712:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:./ssl/s23_lib.c:188:
                                      1 Reply Last reply Reply Quote 0
                                      • Mike DavisM
                                        Mike Davis
                                        last edited by

                                        I would suspect something like the AV on the computer, but if the laptop is taken out of the network, it sends mail fine. Also on an iPhone, we reproduced the same problem. On wifi through the bad Verizon connection, the phone can't send email. If we disconnect from wifi and let it go to the mobile carrier the email sends. So it's not a Windows or AV thing.

                                        I'm hoping if I can get an email address of someone in support at Verizon so I can email them my findings to prove it's on their network.

                                        1 Reply Last reply Reply Quote 0
                                        • Mike DavisM
                                          Mike Davis
                                          last edited by

                                          As for some of the back story to respond to the stuff up above about the SMTP relay. Yes, up until two weeks ago, if you were a Verizon customer, you had to put their server in your SMTP server field, and specify port 465 and SSL and a Verizon username and password. So this was not an open relay, but a way for them to see exactly what customer was sending what and how much. For what ever reason, they shut that service down and you should be able to connect to your email provider directly. That doesn't seem to be working....

                                          I know all the settings for the accounts are correct, because as soon as they leave that particular Verizon connection, they can send email once again.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender
                                            last edited by

                                            WOW, the invasion of privacy on that email service seems borderline criminal.

                                            Is this a business connection?

                                            Mike DavisM 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 1 / 6
                                            • First post
                                              Last post