Odd Telnet/SMTP Behavior

[rmmagow]

Hi All,
In my DMZ I have mail-relay servers for processing various tasks that need to communicate via email to the outside. I have an inside firewall protecting the DMZ where these servers live. From inside my network I have a computer at (eg) 10.20.30.15. I can go on that system, enter telnet mail-relay servers on port 25 and get a 200 esmtp message, all is well. I go to a machine at 10.20.30.16, enter the telnet command and get "connect failed".
This is a windows environment. I've done my due checking. For Example, from the failing machine I actually can enter telnet to port 80 and get connected. I don't use Smart Defense (at least I don't think it's doing anything) firewall logs see me telnetting to odd-baall ports like 99 etc. The machines are W2K and pretty old. failing and working are both W2K. I DO NOT see the telnet to port 25 in the FW logs, making me think it really is a server issue but I can't see and firewall code running on the machines. Is there some kind of "silent-drop" taking place??
Where to from here?? Thanks much.

 

[g33man]

Check your policy to ensure all rules are logging. Also, the implied rules should not be triggering on tcp/25 traffic. FW-1 is so mature, I just can't imagine it dropping a log entry except when told.

Failing that, if you still suspect the firewall, all you can do is sniff the traffic to see if the request is really reaching the FW interface.

(In my experience with FW-1 connected to Windows systems, if something is not behaving correctly, it is usually the Windows box).

 

[rmmagow]

Turned out to be ISS protection services (old BlackIce). SMTP outbound was prevented in case the devices were turned into SPAM-bots. I let the machines process port 25 traffic and all is OK now.
Thanks.

 

[tjbradford]

was thinking exactly that when i read this post , you already sorted it though , we use mcafee and its a bugger at blocking us techies diagnostic ports ! grrrrr