M
Mike Romp
OS: Windows XP Pro SP1
NIC: Intel PRO 100 VE
I have a client who has just recently (within the past few weeks) stopped
being able to send mail through his work email account. He has a personal
mail account that works fine. The mail client is irrelevant as you will
soon see (OE6). Both mail accounts are set to use POP3/SMTP. Both accounts
use the same server for POP and SMTP (but different from each other).
Before I go on, I should clarify that by work mail server, I mean the
account he uses for work email. It is not on his local network. He had
tried XP's system restore before I was even aware of the problem.
I began troubleshooting this problem by having him TELNET to port 25 of his
work mail server. The connection times out. He can connect fine to port
110 as he is able to receive mail. I can connect to his mail server. He is
able to connect to port 25 of his personal mail server. For kicks, I had
him attempt a connection to port 25 of one of my mail servers (a NETSTAT on
my server shows nothing while he tries to connect). Connection times out.
He can, however, ping my mail server and connect to its web server. The
problem has to exist somewhere in or above the TCP layer. It is not a DNS
issue as we have tried IPs as well as FQDNs and the hosts file is fine. A
NETSTAT on his computer while trying to connect to port 25 gets no further
than SYN_SENT.
He is on a 10.x.x.x NAT'd network. If he puts his mail settings into the
same client on a different computer, he can connect just fine, so there is
no filtering done outside of the network. It has to be with his
workstation. Also, TCP/IP filtering and Windows firewall are disabled. No
other software firewall exists on the workstation. I killed all
non-critical procs just to be certain. He uses Norton AV Corp 7.6, and
disabling realtime protection doesn't help (hey, why should it?).
If I have him create a VPN into one of my servers and use it for its default
gateway, everything works as expected. The problem has to be local to the
interface and the bindings present.
I ran AdAware and HijackThis on his workstation and he has no spyware/LSPs
that I can see. I have tried disabling all services/protocols bound to the
adapter except for TCP/IP, F&P, MSClient, and NDPS (greyed out, don't want
to mess with it and there is IPX/SPX on this network). I have had him
completely uninstall his NIC, delete all associated driver files, and
reinstall w/ freshly downloaded drivers (downloaded before the uninstall, of
course). Also tried NETSH INT IP RESET to no avail.
I have not been able to put any sniffing tools to analyze the packets on
his workstation since he is over 100 miles away, and as a rule, I won't do
anything that complicated remotely.
If anybody can provide any insight it would be greatly appreciated. Any
information is helpful, but please do not flame me with things like "just
reload the OS". I've gotten this far, I know that's an option. It's just
not feasible at this point. Of course, it may be just as helpful to know if
this baffles any experts out there
Thanks in advance,
Mike
NIC: Intel PRO 100 VE
I have a client who has just recently (within the past few weeks) stopped
being able to send mail through his work email account. He has a personal
mail account that works fine. The mail client is irrelevant as you will
soon see (OE6). Both mail accounts are set to use POP3/SMTP. Both accounts
use the same server for POP and SMTP (but different from each other).
Before I go on, I should clarify that by work mail server, I mean the
account he uses for work email. It is not on his local network. He had
tried XP's system restore before I was even aware of the problem.
I began troubleshooting this problem by having him TELNET to port 25 of his
work mail server. The connection times out. He can connect fine to port
110 as he is able to receive mail. I can connect to his mail server. He is
able to connect to port 25 of his personal mail server. For kicks, I had
him attempt a connection to port 25 of one of my mail servers (a NETSTAT on
my server shows nothing while he tries to connect). Connection times out.
He can, however, ping my mail server and connect to its web server. The
problem has to exist somewhere in or above the TCP layer. It is not a DNS
issue as we have tried IPs as well as FQDNs and the hosts file is fine. A
NETSTAT on his computer while trying to connect to port 25 gets no further
than SYN_SENT.
He is on a 10.x.x.x NAT'd network. If he puts his mail settings into the
same client on a different computer, he can connect just fine, so there is
no filtering done outside of the network. It has to be with his
workstation. Also, TCP/IP filtering and Windows firewall are disabled. No
other software firewall exists on the workstation. I killed all
non-critical procs just to be certain. He uses Norton AV Corp 7.6, and
disabling realtime protection doesn't help (hey, why should it?).
If I have him create a VPN into one of my servers and use it for its default
gateway, everything works as expected. The problem has to be local to the
interface and the bindings present.
I ran AdAware and HijackThis on his workstation and he has no spyware/LSPs
that I can see. I have tried disabling all services/protocols bound to the
adapter except for TCP/IP, F&P, MSClient, and NDPS (greyed out, don't want
to mess with it and there is IPX/SPX on this network). I have had him
completely uninstall his NIC, delete all associated driver files, and
reinstall w/ freshly downloaded drivers (downloaded before the uninstall, of
course). Also tried NETSH INT IP RESET to no avail.
I have not been able to put any sniffing tools to analyze the packets on
his workstation since he is over 100 miles away, and as a rule, I won't do
anything that complicated remotely.
If anybody can provide any insight it would be greatly appreciated. Any
information is helpful, but please do not flame me with things like "just
reload the OS". I've gotten this far, I know that's an option. It's just
not feasible at this point. Of course, it may be just as helpful to know if
this baffles any experts out there
Thanks in advance,
Mike