Unable to access mail server

cnisvcs

Perch
I need some help with troubleshooting the following issue:

Last Thursday I received a phonecall from my client, who complained that for 4 days they cannot receive emails (timeouts in Outlook), neither can access the accounts via webmail on all of their computers in the office. I quickly checked that I was able to access the webmail using their domain name, so the issue was not with the server itself. I logged in to their main server via TS and ran a few tests:

1. Tried to open the webmail page in IE - timed out.

2. Ran ping 204.14.107.1 - host unreachable

3. Ran tracert - died on rtr1.mysphere.biz, one hop before the mail server, see below.

Tracing route to mail.cni-hosting.com [204.14.107.1]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms 10.10.10.1
2 17 ms 20 ms 20 ms er1.chi1.speakeasy.net [64.81.140.1]
3 26 ms 13 ms 15 ms 220.ge-0-1-0.cr2.chi1.speakeasy.net [69.17.83.15
3]
4 16 ms 20 ms 84 ms chx-edge-01.inet.qwest.net [63.150.27.97]
5 12 ms 16 ms 13 ms cer-core-01.inet.qwest.net [205.171.139.161]
6 12 ms 15 ms 14 ms cer-brdr-01.inet.qwest.net [205.171.139.58]
7 17 ms 20 ms 20 ms qwest-gw.cgcil.ip.att.net [192.205.32.97]
8 68 ms 70 ms 70 ms tbr2 033901.cgcil.ip.att.net [12.123.4.250]
9 69 ms 66 ms 69 ms tbr2-cl18.dtrmi.ip.att.net [12.122.10.133]
10 66 ms 65 ms 65 ms tbr1-cl1958.attga.ip.att.net [12.122.10.198]
11 65 ms 65 ms 65 ms tbr2-cl1474.ormfl.ip.att.net [12.122.12.122]
12 66 ms 64 ms 66 ms gar1-p360.miufl.ip.att.net [12.123.33.37]
13 64 ms 65 ms 65 ms 12.118.175.82
14 118 ms 108 ms 71 ms border5.pc1.bbnet1.mia003.pnap.net [69.25.0.13]
15 66 ms 70 ms 65 ms webhosting-9.border5.mia003.pnap.net [216.52.162
.66]
16 65 ms 66 ms 64 ms rtr1.m****here.biz [204.10.104.77]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.

4. Opened the website at their main domain - no problem there.

5. Logged into their main Netopia router and did not find any reason why that one particular ip would be blocked, no firewall rules, nothing extraordinary in logs.

I chatted with one of Jodo tech support guys about possibility of mail server blocking originating ip, he declined such, but recommended issuing trouble ticket. The trouble ticket returned with confirmation about Jodohost not blocking access to the mail server based on originating ip address.

I suggested client to call their ISP to get their insight. ISP rep put a blame on Jodo. Problem persisted for about 5-7 days then disappeared. Yesterday, just as a follow-up I connected to client's server and was able to access Jodo mail server via http, ping and tracert gave positive results.

Today I received the call - problem resumed. I ran some tests with same results as described above. On top of that I ran a check whether mailserver's ip or client's originating ip are on any RBL - negative there.

My client can receive his business emails from home, so that is not a disaster, but quite major inconvenience. I would hate to loose the client due to the problem beyond my control. Does anybod have any suggestions?

Personally, I see one of three possibilities:
1. The rtr1 router kills any traffic (http, icmp) from my client ip to the mail server - the frewall kind of action.
2. Something is not right in routing tables - in rtr1 or router on the way back from mailserver, so the traffic returning from mailserver dies somewhere along the way back. I have not enough knowlede about routers, but I know that routers have their own protocol for sharing/updating routing tables. That would explain why all the traffic is lost in transit, regardless of port or protocol.
3. One of the routers on the way back blocks the traffic - again firewall type of action.

Has anyone had a similar experience? If so, how the issue was resolved. I appreciate any help.

Robert
 
This is for sure odd, are they doing just plain static routing on their netopia? If so it should not matter at all, if they are trying to exchange RIP data, I don't think it should matter, but I guess it could. However I do not believe this is the case as RIP only works for 12 hops.
 
I am not aware of routing being configured in any way in that router, so it is safe to assume that the default static routing is in place.

Do you thin it makes sense to configure a static route to the mail server network? If so, how the line should look like?
 
No there is no need to configure a route, it is taking the proper route to the server. Tanmaya will be the best person to look into this, but that router is shared among the servers, so if they can get to the website the mail server should work too, that says that the router and network config are in place properly, and helps eliminate where the problem could be.
 
I can successfuly ping and tracert rtr1, but cannot reach the mailserver, which is only one hop away.

Is it possible that all those packets - ping, tracert, http - are actually reaching the server, but responses are being blocked by some router/firewall on the way back? That would mean that whatever it is, it doesn't like the mailserver's ip. I did check RBLs though.
 
Yes it is possible. I will email Tanmaya to check this topic when he comes on shift.
 
Back
Top