Is there a firewall log you can review?
Or any other log?
Can you test via?:
telnet cch.fyi 587
Actually, your first post shows connection refused.
I'm assuming you are coming from that same IP.
Check that your local FW is letting you out also.
the iPhone failure message is "cannot connect using SSL. do you want to try setting up the account without ssl?"
telnet cch.fyi 587
Trying 108.161.131.209...
telnet: Unable to connect to remote host: Connection refused
get the same with mail.eyethrees.net
not sure how to check the firewall logs (i've disabled ufw and firewalld is not installed)
You need to check the firewall closest to you also.
At you at home/work?
Does that firewall allow you to get to the Internet via port 587?
What is the test PC O/S?
ok /var/log/ufw.log is showing some stuff
Oct 21 20:32:06 server kernel: [ 8476.565435] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:ea:8e:77:90:e2:ba:59:20:28:08:00 SRC=75.67.225.131 DST=108.161.131.209 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64242 PROTO=TCP SPT=62720 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0
src 75.67.225.131 is me
unrelated
is DPT the port?
my PC is LinuxMint 21.2
port 23 is the default for telnet
Did you happen to forget to add the 587 at the end?
telnet 108.161.131.209 587
Try:
traceroute -T -p 587 108.161.131.209
Destination PorT.
yes i added the 587 at the end
i just tried again and checked the ufw.log file ... it did not update... the timestamps match to when I did have it enabled troubleshooting earlier
traceroute to 108.161.131.209 (108.161.131.209), 30 hops max, 60 byte packets
1 _gateway (10.0.0.1) 0.736 ms 0.926 ms 0.637 ms
2 100.92.55.131 (100.92.55.131) 19.295 ms 19.475 ms 19.627 ms
3 po-321-370-rur302.londonderry.nh.boston.comcast.net (96.108.58.153) 12.653 ms 18.866 ms 18.971 ms
4 po-300-xar01.londonderry.nh.boston.comcast.net (68.85.162.21) 19.406 ms 18.799 ms 18.908 ms
5 * po-300-xar01.londonderry.nh.boston.comcast.net (68.85.162.21) 19.022 ms 19.145 ms
6 162.151.52.50 (162.151.52.50) 21.620 ms 18.098 ms *
7 * be-501-ar01.needham.ma.boston.comcast.net (162.151.52.34) 15.231 ms *
8 * ae3.3611.edge2.Dallas1.level3.net (4.69.209.5) 54.283 ms 56.639 ms
9 4.71.217.102 (4.71.217.102) 57.175 ms 53.740 ms ae3.3611.edge2.Dallas1.level3.net (4.69.209.5) 60.127 ms
10 ae3.jbdr-02.dal.tierpoint.net (206.123.64.43) 60.396 ms 60.623 ms 60.480 ms
11 xe-001.jcore-04.dal.tierpoint.net (206.123.65.30) 60.871 ms ae3.jbdr-02.dal.tierpoint.net (206.123.64.43) 60.184 ms 60.656 ms
12 xe-001.jcore-04.dal.tierpoint.net (206.123.65.30) 61.010 ms 72.249.128.19 (72.249.128.19) 60.355 ms xe-001.jcore-04.dal.tierpoint.net (206.123.65.30) 60.786 ms
13 server.eyethrees.net (108.161.131.209) 68.464 ms 72.249.128.19 (72.249.128.19) 60.403 ms server.eyethrees.net (108.161.131.209) 60.613 ms
Please always include the command you run.
I only see the output.
sorry about that
$ sudo traceroute -T -p 587 108.161.131.209
traceroute to 108.161.131.209 (108.161.131.209), 30 hops max, 60 byte packets
1 _gateway (10.0.0.1) 0.709 ms 0.621 ms 0.850 ms
2 100.92.55.130 (100.92.55.130) 20.119 ms 100.92.55.131 (100.92.55.131) 19.747 ms 20.152 ms
3 po-321-370-rur302.londonderry.nh.boston.comcast.net (96.108.58.153) 19.791 ms 96.108.57.113 (96.108.57.113) 12.460 ms 21.008 ms
4 po-300-xar01.londonderry.nh.boston.comcast.net (68.85.162.21) 21.525 ms po-2-rur301.londonderry.nh.boston.comcast.net (96.108.47.105) 21.228 ms 21.336 ms
5 * po-300-xar01.londonderry.nh.boston.comcast.net (68.85.162.21) 21.503 ms 27.378 ms
6 be-303-arsc1.needham.ma.boston.comcast.net (162.151.113.41) 23.166 ms * be-501-ar01.needham.ma.boston.comcast.net (162.151.52.34) 19.737 ms
7 * 162.151.52.50 (162.151.52.50) 17.102 ms 14.793 ms
8 * * ae3.3611.edge2.Dallas1.level3.net (4.69.209.5) 58.075 ms
9 4.71.217.102 (4.71.217.102) 58.403 ms ae3.3611.edge2.Dallas1.level3.net (4.69.209.5) 61.709 ms 61.501 ms
10 ae3.jbdr-02.dal.tierpoint.net (206.123.64.43) 58.127 ms 57.924 ms 4.71.217.102 (4.71.217.102) 58.181 ms
11 xe-001.jcore-04.dal.tierpoint.net (206.123.65.30) 61.005 ms 60.711 ms 60.744 ms
12 xe-001.jcore-04.dal.tierpoint.net (206.123.65.30) 60.865 ms 61.190 ms 72.249.128.19 (72.249.128.19) 57.490 ms
13 server.eyethrees.net (108.161.131.209) 57.445 ms 72.249.128.19 (72.249.128.19) 52.883 ms 61.568 ms
hmm...
That isn't being blocked anywhere!
WTF?!?!?!
Now it fails to connect for me too:
openssl s_client -starttls smtp -connect 108.161.131.209:587
4007DB532C7F0000:error:8000006F:system library:BIO_connect:Connection refused:../crypto/bio/bio_sock2.c:125:calling connect()
4007DB532C7F0000:error:10000067:BIO routines:BIO_connect:connect error:../crypto/bio/bio_sock2.c:127:
connect:errno=111
But earlier I got:
openssl s_client -starttls smtp -connect mail.eyethrees.net:587
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = cch.fyi
verify return:1
---
Certificate chain
0 s:CN = cch.fyi
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Oct 12 04:37:09 2023 GMT; NotAfter: Jan 10 04:37:08 2024 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgISBEsLO4BiiYOIww5Z534pdHOiMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEwMTIwNDM3MDlaFw0yNDAxMTAwNDM3MDhaMBIxEDAOBgNVBAMT
B2NjaC5meWkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATEh1a9sB8fN7vRPRT/
Ugnjq2bkX2QdrQI1a2LJRfyRdWimcxNl+4ProNafi0jNVygVuFAWAmxN5FYIF/RO
NRt4o4ICyjCCAsYwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSpTSl3O+coH96FJWhc
mnc2BL90ajAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEF
BQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggr
BgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzCB0wYDVR0RBIHLMIHIghJi
bG9nLmNocmlzaGVhdGgudXOCB2NjaC5meWmCDWNocmlzaGVhdGgudXOCDWV5ZXRo
cmVlcy5uZXSCEm1haWwuZXlldGhyZWVzLm5ldIIUc2VydmVyLmV5ZXRocmVlcy5u
ZXSCFnd3dy5ibG9nLmNocmlzaGVhdGgudXOCC3d3dy5jY2guZnlpghF3d3cuY2hy
aXNoZWF0aC51c4IRd3d3LmV5ZXRocmVlcy5uZXSCFnd3dy5tYWlsLmV5ZXRocmVl
cy5uZXQwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEDBgorBgEEAdZ5AgQCBIH0BIHx
AO8AdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYsiY4aUAAAE
AwBHMEUCIBGFP4skRVpuHWSclWWtEefuqVSFIb5Mfm8v1BkgvXotAiEAsTxlo1hO
b+bJ19Dx2wRai+ikl2tDd3mfZEwO1WvpbToAdQB2/4g/Crb7lVHCYcz1h7o0tKTN
uyncaEIKn+ZnTFo6dAAAAYsiY4bxAAAEAwBGMEQCIEvDeduvVF7gH6g9kJXUlgXw
9HqDh0zjIYzz2+ANhtNUAiBt7AIEV+rr4/q9irsyGDD0hwebdHYtuITt/3+wQXQU
qjANBgkqhkiG9w0BAQsFAAOCAQEARX470PI8JxztTucgeUbAD5wPfYDjDavGrvVE
InH7GpCkHkxBOMoffFXYSKogxfN0DbAwCR5F45r/xCzq2IRY7+75+FEUBIKp54JG
dCeJVVUUIj3V/LbG9t94/KQnEFZgUT3zrX87+hATXHE9xREmI1TOhamlm72ffN0e
uiVz8oxHWGlNuVnFkrCrNrQ3ps3/LGvrVNQTfx4KWCZ4cCuKIW/MJ1m0MN7flW65
qb4rdWU2Q3Eulqxqn+rdAwKa34l70NdoTtxtUlxoVH1Lvh8FXonten5Jn0ojloCY
7+XYjTnJAt4Fs3++EdIsWF65kKVADgyGLniIBXycWIo3vM2maw==
-----END CERTIFICATE-----
subject=CN = cch.fyi
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4540 bytes and written 433 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 CHUNKING
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: DA941D1A3D36EC17399B506C47E061DD8E7397A65141E28FFE797E0BE577B9CA
Session-ID-ctx:
Resumption PSK: 9147356EC8463D03A887811A9E6E3E22FFC34E5284CE822DEEA5947A3252A21461645FB409AC91849B19E241B7E67371
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 16 69 ea 7c 84 33 0b 13-7b 21 d4 2d d3 13 9f 46 .i.|.3..{!.-...F
0010 - 66 cb 9b 54 8b 8d ec bf-cb 21 e7 b5 d9 cc 29 96 f..T.....!....).
0020 - d7 11 a3 a0 09 e3 2f bf-8f e1 00 ca 6c f7 85 84 ....../.....l...
0030 - 94 3b 2f 8f 32 6d ba cb-c5 2a 5b 4c 99 e0 59 5d .;/.2m...*[L..Y]
0040 - 7d ae f0 bc d9 24 e1 85-26 ec 41 4a 6a 87 34 d4 }....$..&.AJj.4.
0050 - e8 62 bf 52 ef ae cb 43-23 b6 86 b3 cd 1a 33 bf .b.R...C#.....3.
0060 - 0c bb ac fb 8d 36 eb 27-b9 92 94 d4 8c d4 8c fe .....6.'........
0070 - 4e 64 54 25 69 29 42 60-8b 1c 32 6d 3f 18 d9 17 NdT%i)B`..2m?...
0080 - 37 39 b0 7b 5d 91 52 13-c1 71 e5 ed fb 1c 7d 36 79.{].R..q....}6
0090 - 59 b5 d2 b8 40 aa 34 02-04 60 c3 0a e1 5c d6 7e Y...@.4..`...\.~
00a0 - c6 9c 8d e3 0e 73 77 fa-a5 2c c4 67 f7 60 09 e7 .....sw..,.g.`..
00b0 - d3 25 bb 4a ad a9 e8 2c-0e 37 a9 66 cd 6e 49 dd .%.J...,.7.f.nI.
00c0 - af e2 08 bd b6 ea e3 a4-04 e8 64 2e 72 70 29 75 ..........d.rp)u
Start Time: 1697949708
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
Name fails too:
openssl s_client -starttls smtp -connect mail.eyethrees.net:587
40B70D30B77F0000:error:8000006F:system library:BIO_connect:Connection refused:../crypto/bio/bio_sock2.c:125:calling connect()
40B70D30B77F0000:error:10000067:BIO routines:BIO_connect:connect error:../crypto/bio/bio_sock2.c:127:
connect:errno=111
i've been getting the 111 error all day
Are you using Fail2BAN or some other protection at that site?