PDA

View Full Version : port issues on my web server


terryb
15-02-2008, 03:51
Hi everyone,
Hope im not dpukicating this thread............

I have my own web server using windows 2003, email server ability mail server.
over the last week or two i have started having problems sending and receiving emails and today i can no longer even host sites using vm 20 meg connection.

after endless days tring to get to the bottom of the problem, both myself and a very experienced web developer and server technician we cannot find fault with the server.
we have come to the conclusion that ports are being blocked, mainly port 25.
has vm started blocking certain ports to prevent people having their own personal web servers?
the issue first started when one of my domains either got blocked or somehow blacklisted, im still not sure but i was unable to email anyone as each isp started rejecting mail. now all of a sudden i cant even get access to my sites.

any advice would be greatly appreciated.

jaycee
15-02-2008, 04:23
It's quite probable. Running web + mail servers used to be against the T&C, I don't know about now but unless you're on a business broadband package, they certainly won't do anything to fix it.

if you know an experienced guy, get him to nmap your connection. If it shows ports as closed, no blockings going on - if it shows no response at all, theyre being firewalled.

I could also point out Windows Server is a really lousy server, but :)

MovedGoalPosts
15-02-2008, 08:57
You are allowed to host web servers on your VM connection. You just have to ensure that traffic isn't that high that it degrades detrimentally performance elsewhere on the cable network. A proviso that affects any usage. Realistically you'd just end up getting traffic shaped if there are so many people trying to use your webhosting especially at evenings.

Some ports used to be blocked on the ntl network. Not sure if that has continued now they are VM. All the old links of lists blocked under ntl have disappeared as the ntlworld webspace has been removed. I can't see an equivalent for VM.

Ports were originally blocked supposedly due to issues with viruses or spam. In most cases it would only have affected a few users that were running business class applications. I don't know if port blocking applied to the business network as well as residential. It shouldn't do since running a mail server and stuff would be an essential business level service.

OldGeezer
15-02-2008, 09:19
If you are sending mail directly rather than via VM's mail servers, you may find that it is the receiver's ISP that is doing the blocking, since the mail is originating from a "dodgy" IP - that of a VM customer rather than VM's servers.

terryb
15-02-2008, 09:29
many thanks for the prompt replies, im glad im not the only person that stays up all hours doing computer things lol
cheers guys ;)

will give it a try and let you know the outcome.

AbyssUnderground
15-02-2008, 10:23
Virgin do not block these ports as I use them myself with no trouble. Its likely your LAN IP has changed rendering the port forwarding rules invalid.

You will be unable to host a proper mail server due to the lack of a configurable rDNS and lack of a static IP address. The majority of "real" mail servers will ignore your e-mails because it will class it as spam (due to the lack of an rDNS and static IP, which is often associated with spam sending e-mail servers).

You can however, use it to send mail using the virgin mail server. I'm ex ntl, so I use smtp.ntlworld.com to do so. I'm not sure what the modern equivalent is.

Graham M
15-02-2008, 10:25
For ex-NTL its still smtp.ntlworld.com for ex-BY it'll be whatever their equivalent is

terryb
26-02-2008, 01:25
Update........

After a pain stacking few days banging my head against a wall...........
ive found that the problem does indeed sit with VM

i have been unable to run my server on my VM cable modem, the server can be accessed for web page services but thats about it, i cannot email in or out believed to be due to the ip being dynamic. but now i cannot access the FTP part of the server.

I have tried the server and a totally seperate broadband connection and it works fine.
very weird and yet Tech support insist everything is fine.

maybe time to order a BT connection.

AbyssUnderground
26-02-2008, 09:44
Update........

After a pain stacking few days banging my head against a wall...........
ive found that the problem does indeed sit with VM

i have been unable to run my server on my VM cable modem, the server can be accessed for web page services but thats about it, i cannot email in or out believed to be due to the ip being dynamic. but now i cannot access the FTP part of the server.

I have tried the server and a totally seperate broadband connection and it works fine.
very weird and yet Tech support insist everything is fine.

maybe time to order a BT connection.

Something has to be wrong your end because I run my own server just fine with HTTP, FTP, etc. Did you change router when you changed broadband connection? If so the issue is probably the router. Enable DMZ to the server PC and try again. Remember you won't be able to send mail because the IP is dynamic and there is no rDNS...

Kymmy
26-02-2008, 09:58
From the server go to http://www.grc.com select shields up, then select it again from the list, that'll get you through to a port checker. If you choose TEST COMMON PORTS it'll check the main ports for http, https, smtp, ftp, ident, pop and so on. Choosing ALL SERVICE PORTS will scan every port below 1024. The report will tell you which ports are closed, open or not responding at all.

I'm currently running Win2K3 with Kerio Winroute Firewall (which also provides me with a software router supplying 2 work stations) and Kerio Mail server as a test before migrating over to a business package and it all works really well even on my VM L bb connection.

Kymmy

jaycee
26-02-2008, 10:24
You will probably find that you cannot send e-mail using your own smtp server, because a lot of other smtp servers now block connections from dynamic IP ranges due to spammers using compromised machines on home connections to send it.

Please bear in mind that unless you get some business package (whether it be VM's or any ADSL provider) you won't get a static IP or support for running any kind of server. VM is not the only one here. If you really want to host a server, get the business package and not the domestic one.

Kymmy
26-02-2008, 11:44
Not tried using direct SMTP although I do have my ident on the mail server set to the same as my IP ident. But a few blacklists denote the IP as a dynamic one so will block it on that account. Instead I just use smtp.ntlworld.com as a relay.

I only have it set up on my residential account purely to see if the software I had left over from when a customer pulled out of a deal could be put to use and yes it works bloody well. Though I did promise myself I'd soak test them for a couple of months before I rang up NTL bussiness and get this residential line converted across to a business line.

Kymmy

eth01
26-02-2008, 11:46
You are allowed to host web servers on your VM connection. You just have to ensure that traffic isn't that high that it degrades detrimentally performance elsewhere on the cable network. A proviso that affects any usage. Realistically you'd just end up getting traffic shaped if there are so many people trying to use your webhosting especially at evenings.

Some ports used to be blocked on the ntl network. Not sure if that has continued now they are VM. All the old links of lists blocked under ntl have disappeared as the ntlworld webspace has been removed. I can't see an equivalent for VM.

Ports were originally blocked supposedly due to issues with viruses or spam. In most cases it would only have affected a few users that were running business class applications. I don't know if port blocking applied to the business network as well as residential. It shouldn't do since running a mail server and stuff would be an essential business level service.

that's rubbish. you can host what you like, so long as it's not port blocked by VM. :)

Toto
26-02-2008, 12:39
VM do block a very small number of ports for security reasons, those ports associated with the blaster worm as an example. But common ports such as HTTP, HTTPS and FTP are not blocked as already confirmed by a number of posters here.

webcrawler2050
26-02-2008, 12:52
I highly doubt this is down to the VM network. I run an apache web server - on ports 80, 25, 26 21, 443 and a few others. Works just fine. One would expect, itd down to poor configuration on your local LAN or a poor router, personally I spent a fair few quid on a decent router and thats worked for a while now.

As for the "dynamic IP" sometimes, just use DynDNS http://www.dyndns.com/

Jon T
26-02-2008, 13:45
I highly doubt this is down to the VM network. I run an apache web server - on ports 80, 25, 26 21, 443 and a few others. Works just fine. One would expect, itd down to poor configuration on your local LAN or a poor router, personally I spent a fair few quid on a decent router and thats worked for a while now.

As for the "dynamic IP" sometimes, just use DynDNS http://www.dyndns.com/

That's fine for the webserver part, but what others that have posted here are getting at is that although there is nothing stopping you sending out mail directly to the internet with your own SMTP server, very few ISP''s incoming email server's will accept you mail becuase they are originating from an IP block that has been marked as a home user dynamic block. Many ISP's do this now to cobat spam/open mail relays.

If you are going to run a home based SMTP server you must configure it to route through NTL's SMTP. For example in Microsoft exchange you would just configure a SMTP connector.

webcrawler2050
26-02-2008, 13:55
Yep - I believe this is a form of spoofing.

Anywho - I use the VM SMTP with my exchange server and then through to the pop connector.

Works fine, sometimes get the odd error message but I think thats just the exchange server being a ****

Kymmy
26-02-2008, 14:34
I
As for the "dynamic IP" sometimes, just use DynDNS http://www.dyndns.com/

As I wanted to point a few domain names towards the IP this wasn;t an option for me unless I used thier custonDNS service which worked out at about £15 per domain name instead I used my domain name service and thier nameserver/dns service ($5 per domain) and pointed the A records to the IP with a C-names for WWW/FTP/MAIL.

Only problem is that if the Ip changed (though it rarely does I'd be 24hours waiting for the IP to propergate around the world where custonDNS is I believe faster.

It's all bye the bye now as I'm ready to order my business line with fixed IP.

Kymmy

terryb
27-02-2008, 05:03
thanks for the replies, much appreciated, will try the port test site (working nights atm) the dns side of things is fine ive been using zoneedit which is free and very reliable, i did use dyndns but found zoneedit to be better (and free of course lol)

im a little stumped with it all, everything working fine for months then all of a sudden it stops working.
I can run the webserver for the websites but certain functions that use email (contact forms, discussion board) just will not work at all.

ive been that peeved ive ordered a BT business package, assuming i could sort the issue im still gonna have the problems with running the mail server on a dynamic ip address.

Ive tried two different routers with all ports configured, its as tho something along the way is blocking traffic.
will try the port checking website and let you know.

Kymmy
27-02-2008, 12:27
The SMTP send isn't really an issue as you just use smtp.ntlworld.com as a relay, Although it does bypass the need for a mail server I was using it at home on my test server purely because I have multiple domains and having them hosted elsewhere means that I can sit for 10 minutes in the morning watching outlook struggle downloading them from a remote server. At least now Kerio Mailserver accepts the SMTP requests from the sources, checks against the blacklists, available user accounts and also does a spamassasin score and then keeps them nice and local for an ultra fast download to my outlook :) which also reduces the spam by 99% :D

Kymmy

daemon
27-02-2008, 14:04
terryb: I once had this problem and found that NTL had stopped relaying e-mail for my domain. It was plainly a mis-configuation issue and an e-mail to the postmaster address at ntlworld.com had it fixed in no time (without any response though).

I've been with NTL/VM since May 2001 and have been running services during that time. You are required to run secure services, which for SMTP means using authentication, and you can expect to receive open-relay test probes from NTL/VM. They could opt to refuse relaying if those probes fail.

Due to many ISPs using dynamic IP blocklists I now route the bulk of my e-mail through VMs SMTP server but my Spam reporting (to KnujOn and Spamcop) is routed directly. I reasoned that VM might attempt to Spam-filter my submissions.