我正在新网络上配置新服务器,并努力使出站 SMTP 能够与已知邮件服务器配合使用。
如果我从现有服务器执行 nmap 扫描,则会显示端口 25,但从新服务器则不会显示。
从现有服务器
[user@existing ~]$ nmap -Pn -v smtp-mail.outlook.com --dns-servers 8.8.8.8
Starting Nmap 5.51 ( http://nmap.org ) at 2016-11-08 16:50 GMT
Initiating Parallel DNS resolution of 1 host. at 16:50
Completed Parallel DNS resolution of 1 host. at 16:50, 0.84s elapsed
Initiating Connect Scan at 16:50
Scanning smtp-mail.outlook.com (65.55.176.126) [1000 ports]
Discovered open port 25/tcp on 65.55.176.126
Discovered open port 587/tcp on 65.55.176.126
Completed Connect Scan at 16:50, 7.24s elapsed (1000 total ports)
Nmap scan report for smtp-mail.outlook.com (65.55.176.126)
Host is up (0.078s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
25/tcp open smtp
587/tcp open submission
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 8.11 seconds
从新服务器
[user@new ~]$ nmap -Pn -v smtp-mail.outlook.com --dns-servers 8.8.8.8
Starting Nmap 6.40 ( http://nmap.org ) at 2016-11-08 17:48 GMT
Initiating Parallel DNS resolution of 1 host. at 17:48
Completed Parallel DNS resolution of 1 host. at 17:48, 0.01s elapsed
Initiating Connect Scan at 17:48
Scanning smtp-mail.outlook.com (65.55.176.126) [1000 ports]
Discovered open port 587/tcp on 65.55.176.126
Completed Connect Scan at 17:48, 8.14s elapsed (1000 total ports)
Nmap scan report for smtp-mail.outlook.com (65.55.176.126)
Host is up (0.081s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
587/tcp open submission
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 8.19 seconds
主要区别是端口 25 未显示。
据我所知,我没有阻止来自新服务器的任何出站连接。
所以想知道是否有人知道为什么会发生这种情况?
我假设 nmap 正在端口上执行基本连接,并且没有收到响应,但不清楚为什么相同的连接到 587 有效
作为参考,直接端口连接到 587 显示工作
[user@new ~]$ nc -v smtp-mail.outlook.com 587
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 65.55.163.152:587.
220 BLU437-SMTP51.smtp.hotmail.com Microsoft ESMTP MAIL Service, Version: 8.0.9200.16384 ready at Wed, 9 Nov 2016 02:27:36 -0800
至 25
[user@new ~]$ nc -v smtp-mail.outlook.com 25
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connection timed out.
答案1
正如@EEAA 所建议的 - 由于其他人的滥用,我们的 ISP 正在阻止出站端口 25 SMTP。