cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

Perdrix
Grafter
Posts: 76
Thanks: 8
Registered: ‎18-01-2014

Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

Trying with port 587

 

2022.01.20 06:17:17 SMTP (relay.plus.net): Port: 587, Secure: SSL, SPA: no
2022.01.20 06:17:17 SMTP (relay.plus.net): Finding host
2022.01.20 06:17:17 SMTP (relay.plus.net): Connecting to host
2022.01.20 06:17:17 SMTP (relay.plus.net): Securing connection
2022.01.20 06:17:18 SMTP (relay.plus.net): Disconnected from host

 

Trying with port 465

 

2022.01.20 08:25:56 SMTP (relay.plus.net): Port: 465, Secure: SSL, SPA: no
2022.01.20 08:25:56 SMTP (relay.plus.net): Finding host
2022.01.20 08:25:56 SMTP (relay.plus.net): Connecting to host
2022.01.20 08:25:56 SMTP (relay.plus.net): Securing connection
2022.01.20 08:25:56 SMTP (relay.plus.net): Connected to host
2022.01.20 08:25:57 SMTP (relay.plus.net): <rx> 220 avasout-ptp-003 smtp relay.plus.net
2022.01.20 08:25:57 SMTP (relay.plus.net): [tx] EHLO APOLLO
2022.01.20 08:25:57 SMTP (relay.plus.net): <rx> 250-avasout-ptp-003 hello [185.108.105.62], pleased to meet you
2022.01.20 08:25:57 SMTP (relay.plus.net): <rx> 250-HELP
2022.01.20 08:25:57 SMTP (relay.plus.net): <rx> 250-AUTH LOGIN PLAIN
2022.01.20 08:25:57 SMTP (relay.plus.net): <rx> 250-SIZE 104857600
2022.01.20 08:25:57 SMTP (relay.plus.net): <rx> 250-PIPELINING
2022.01.20 08:25:57 SMTP (relay.plus.net): <rx> 250-8BITMIME
2022.01.20 08:25:57 SMTP (relay.plus.net): <rx> 250 OK
2022.01.20 08:25:57 SMTP (relay.plus.net): Authorizing to server
2022.01.20 08:25:57 SMTP (relay.plus.net): [tx] AUTH LOGIN
2022.01.20 08:25:57 SMTP (relay.plus.net): <rx> 334 VXNlcm5hbWU6
2022.01.20 08:25:57 SMTP (relay.plus.net): [tx] cGVyZHJpeDUy
2022.01.20 08:25:58 SMTP (relay.plus.net): <rx> 334 UGFzc3dvcmQ6
2022.01.20 08:25:58 SMTP (relay.plus.net): [tx] *****
2022.01.20 08:25:58 SMTP (relay.plus.net): Disconnected from host

 

Here's what's supposed to happen:

 

2022.01.20 06:18:08 SMTP (relay.plus.net): Port: 465, Secure: SSL, SPA: no
2022.01.20 06:18:08 SMTP (relay.plus.net): Finding host
2022.01.20 06:18:08 SMTP (relay.plus.net): Connecting to host
2022.01.20 06:18:08 SMTP (relay.plus.net): Securing connection
2022.01.20 06:18:08 SMTP (relay.plus.net): Connected to host
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 220 avasout-peh-002 smtp relay.plus.net
2022.01.20 06:18:09 SMTP (relay.plus.net): [tx] EHLO APOLLO
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 250-avasout-peh-002 hello [212.159.61.44], pleased to meet you
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 250-HELP
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 250-AUTH LOGIN PLAIN
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 250-SIZE 104857600
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 250-PIPELINING
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 250-8BITMIME
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 250 OK
2022.01.20 06:18:09 SMTP (relay.plus.net): Authorizing to server
2022.01.20 06:18:09 SMTP (relay.plus.net): [tx] AUTH LOGIN
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 334 VXNlcm5hbWU6
2022.01.20 06:18:09 SMTP (relay.plus.net): [tx] cGVyZHJpeDUy
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 334 UGFzc3dvcmQ6
2022.01.20 06:18:09 SMTP (relay.plus.net): [tx] *****
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 235 ... authentication succeeded
2022.01.20 06:18:09 SMTP (relay.plus.net): Authorized to host
2022.01.20 06:18:09 SMTP (relay.plus.net): Connected to host
2022.01.20 06:18:09 SMTP (relay.plus.net): [tx] MAIL FROM: <*****>
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 250 <*****> sender ok
2022.01.20 06:18:09 SMTP (relay.plus.net): [tx] RCPT TO: <*****>
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 250 <*****> recipient ok
2022.01.20 06:18:09 SMTP (relay.plus.net): [tx] DATA
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 354 OK
2022.01.20 06:18:09 SMTP (relay.plus.net): [tx] 
.
2022.01.20 06:18:09 SMTP (relay.plus.net): <rx> 250 AQlsn0pnX62fnAQltnpCRw mail accepted for delivery

 

So you've broken it again Sad

 

 

13 REPLIES 13
Anoush
Aspiring Hero
Posts: 2,568
Thanks: 572
Fixes: 139
Registered: ‎22-08-2015

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

Do you get the same issue from a different non-Plusnet IP address? Could potentially be something related to that particular IP. If this was ‘broken’ for everybody, I’d expect we’d be hearing a lot more noise, and as it doesn’t appear we are, it’s likely not widespread. 

This is my personal Community Forum account to help out around these parts while I'm at home. If I'm posting from the 1st March 2020, this means I'm off-duty with no access to internal systems.
If this post resolved your issue, please click the 'This fixed my problem' button
Perdrix
Grafter
Posts: 76
Thanks: 8
Registered: ‎18-01-2014

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

The IP that's hitting the problems is owned by Surfshark which is my VPN provider.   The one that worked was of course the Plusnet IP address.    I can't readily test with another IP until I am next away from home.   Are Plusnet blocking VPN IPs?

 

David

 

 

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,887
Thanks: 4,979
Fixes: 316
Registered: ‎04-04-2007

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

Do you have a smartphone with mobile data that you could tether to?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Perdrix
Grafter
Posts: 76
Thanks: 8
Registered: ‎18-01-2014

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

I have an iPhone 6s.  To do what you're suggesting may be possible. Is it turning on the "personal hotspot" that would enable this?

 

I'll give it a try.

 

D.

 

 

Perdrix
Grafter
Posts: 76
Thanks: 8
Registered: ‎18-01-2014

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

Port 465:

2022.01.21 12:18:40 SMTP (relay.plus.net): Port: 465, Secure: SSL, SPA: no
2022.01.21 12:18:40 SMTP (relay.plus.net): Finding host
2022.01.21 12:18:40 SMTP (relay.plus.net): Connecting to host
2022.01.21 12:18:40 SMTP (relay.plus.net): Securing connection
2022.01.21 12:18:40 SMTP (relay.plus.net): Connected to host
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 220 avasout-ptp-004 smtp relay.plus.net
2022.01.21 12:18:41 SMTP (relay.plus.net): [tx] EHLO APOLLO
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 250-avasout-ptp-004 hello [213.205.242.5], pleased to meet you
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 250-HELP
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 250-AUTH LOGIN PLAIN
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 250-SIZE 104857600
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 250-PIPELINING
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 250-8BITMIME
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 250 OK
2022.01.21 12:18:41 SMTP (relay.plus.net): Authorizing to server
2022.01.21 12:18:41 SMTP (relay.plus.net): [tx] AUTH LOGIN
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 334 VXNlcm5hbWU6
2022.01.21 12:18:41 SMTP (relay.plus.net): [tx] cGVyZHJpeDUy
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 334 UGFzc3dvcmQ6
2022.01.21 12:18:41 SMTP (relay.plus.net): [tx] *****
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 235 ... authentication succeeded
2022.01.21 12:18:41 SMTP (relay.plus.net): Authorized to host
2022.01.21 12:18:41 SMTP (relay.plus.net): Connected to host
2022.01.21 12:18:41 SMTP (relay.plus.net): [tx] MAIL FROM: <*****>
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 250 <*****> sender ok
2022.01.21 12:18:41 SMTP (relay.plus.net): [tx] RCPT TO: <*****>
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 250 <*****> recipient ok
2022.01.21 12:18:41 SMTP (relay.plus.net): [tx] DATA
2022.01.21 12:18:41 SMTP (relay.plus.net): <rx> 354 OK
2022.01.21 12:18:41 SMTP (relay.plus.net): [tx] 
.
2022.01.21 12:18:42 SMTP (relay.plus.net): <rx> 250 AssKn79a7nK9OAssLnRnVR mail accepted for delivery

 

Port 587: 

2022.01.21 12:19:17 SMTP (relay.plus.net): Port: 587, Secure: TLS, SPA: no
2022.01.21 12:19:17 SMTP (relay.plus.net): Finding host
2022.01.21 12:19:17 SMTP (relay.plus.net): Connecting to host
2022.01.21 12:19:17 SMTP (relay.plus.net): Connected to host
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 220 avasout-ptp-003 smtp relay.plus.net
2022.01.21 12:19:18 SMTP (relay.plus.net): [tx] EHLO APOLLO
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-avasout-ptp-003 hello [213.205.242.5], pleased to meet you
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-HELP
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-AUTH LOGIN PLAIN
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-SIZE 104857600
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-PIPELINING
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-8BITMIME
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-STARTTLS
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250 OK
2022.01.21 12:19:18 SMTP (relay.plus.net): Securing connection
2022.01.21 12:19:18 SMTP (relay.plus.net): [tx] STARTTLS
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 220 Ready to start TLS
2022.01.21 12:19:18 SMTP (relay.plus.net): Securing connection
2022.01.21 12:19:18 SMTP (relay.plus.net): Connected to host
2022.01.21 12:19:18 SMTP (relay.plus.net): [tx] EHLO APOLLO
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-avasout-ptp-003 hello [213.205.242.5], pleased to meet you
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-HELP
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-AUTH LOGIN PLAIN
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-SIZE 104857600
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-PIPELINING
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250-8BITMIME
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250 OK
2022.01.21 12:19:18 SMTP (relay.plus.net): Authorizing to server
2022.01.21 12:19:18 SMTP (relay.plus.net): [tx] AUTH LOGIN
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 334 VXNlcm5hbWU6
2022.01.21 12:19:18 SMTP (relay.plus.net): [tx] cGVyZHJpeDUy
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 334 UGFzc3dvcmQ6
2022.01.21 12:19:18 SMTP (relay.plus.net): [tx] *****
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 235 ... authentication succeeded
2022.01.21 12:19:18 SMTP (relay.plus.net): Authorized to host
2022.01.21 12:19:18 SMTP (relay.plus.net): Connected to host
2022.01.21 12:19:18 SMTP (relay.plus.net): [tx] MAIL FROM: <*****>
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250 <*****> sender ok
2022.01.21 12:19:18 SMTP (relay.plus.net): [tx] RCPT TO: <*****>
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 250 <*****> recipient ok
2022.01.21 12:19:18 SMTP (relay.plus.net): [tx] DATA
2022.01.21 12:19:18 SMTP (relay.plus.net): <rx> 354 OK
2022.01.21 12:19:18 SMTP (relay.plus.net): [tx] 
.
2022.01.21 12:19:19 SMTP (relay.plus.net): <rx> 250 AssvnwuZkjySDAsswnebcd mail accepted for delivery

 

So that worked fine.

So it looks like you are blocking my VPN supplier's IP addresses 😕

As I ALWAYS use the VPN when away from home (Internet cafe/Hotel etc.) for very good reasons, this causes me a bit a problem.

Cheers, David

Townman
Superuser
Superuser
Posts: 23,046
Thanks: 9,639
Fixes: 160
Registered: ‎22-08-2007

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

Surfshark is based overseas (Netherlands) and thus their is a fair possibility that their "exit" IP address is...

  1. Being treated as being overseas and thus will be treated with greater caution
  2. Have been abused and thereby acquired a poor reputation listing (some people use VPNs to hide nefarious activities)
  3. Have hit its submission count per period limitation

I have found that the following approach to diagnostic testing tends to clearly disclose the reason for connection drops - I would expect condition (B) above to be clearly indicated with the appropriate 535 response narrative.

Test SMTP authentication

Email programs often report username / password error for issues not actually related to those being wrong, but for other connectivity issues. Such can be very frustrating when you are convinced that they are correct. Testing SMTP authentication through a command line interface can deliver a more precise error message. The following describes how to do this using TELNET.

This is not difficult, but you need the following resources which might be unfamiliar...

  1. TELNET - this might need installing as an additional option, for Windows see enabling TELNET.
  2. A code64 encoder / decoder such as this.

You can use TELNET to communicate direct with the SMTP server as follows...

Open the code64 encoder in a web browser and leave ready for use in the following steps.

Launch a windows command line window (DOS window) - press windows-key+R - type CMD into the run box - click OK

Enter...

telnet relay.plus.net 587

Press enter. Note if you use one of the other brand email services, use the appropriate SMTP server name for that brand. In response to SMTP server I'm here message, say 'HELLO'...

EHLO relay.plus.net

The SMTP server will then report what it can do after which tell the server you wish to authenticate...

AUTH login

The server should return the following, which is a base64 encoded string that requires your username:

334 VXNlcm5hbWU6

Use the code64 encoder to encode your username and paste it into the telnet window and press enter. For example:

bXl1c2VybmFtZQ==

The server should return the following, which is a base64 encoded string that requires your password:

334 UGFzc3dvcmQ6

Paste the base64 encoded password for the username. For example:

bXlwYXNzd29yZA==

The server will then report success or failure, any failure message should clearly indicate the reason for the failure. If the reason for the failure is not clear, please report back the message.

Close the SMTP / TELNET session by entering

quit

The session should look something similar to the below wherein your input is in bold...

220 avasout03 smtp relay.plus.net
EHLO relay.plus.net
250-avasout03 hello [your IP address], pleased to meet you
250-HELP
250-AUTH LOGIN PLAIN
250-SIZE 104857600
250-PIPELINING
250-8BITMIME
250-STARTTLS
250 OK
AUTH LOGIN
334 VXNlcm5hbWU6
bXl1c2VybmFtZQ==
334 UGFzc3dvcmQ6
bXlwYXNzd29yZA==
235 ... authentication succeeded
quit
221 avasout03 smtp closing connection
Connection to host lost.

Here are some examples of failure responses...

535 ...authentication rejected [as username / password is wrong]
535 ...authentication rejected as source IP has a poor reputation
535 Too many SMTP auth failures. Please try again later.

 

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Perdrix
Grafter
Posts: 76
Thanks: 8
Registered: ‎18-01-2014

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

Drats:

535 ...authentication rejected as source IP has a poor reputation

The IP in question is belongs to Surfshark's Glasgow server so definitely in the UK.

How to get around this?   Surely if you only allow registered users to login to the sendmail server, then this shouldn't be a problem.  It worked fine not long ago.

David

Perdrix
Grafter
Posts: 76
Thanks: 8
Registered: ‎18-01-2014

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

If I connect to relay.plus.net 587 using STARTTLS does the username/password authentication take place in clear or is it encrypted?    I believe the once the login is complete the rest of the session is encrypted - is that correct?

If I use post 465 and select SSL/TLS as the protocol is the username/password flow encrypted?
Which is the currently preferred port/protocol to use 465, SSL/TLS or 587/STARTTLS?
If one or the other will provide secured authentication and encrypted messages then I'm happy to stop using the VPN for email.

Thanks, David

Perdrix
Grafter
Posts: 76
Thanks: 8
Registered: ‎18-01-2014

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

The reason my IP is being blocked is that it is listed in the Spamhaus PBL.   It is NOT listed in any other IP reputation database as far as I can tell.

However:  Spamhaus quite explicitly say:

Important: If you are using any normal email software (such as Outlook, Entourage, Thunderbird, Apple Mail, etc.) and you are being blocked by this Spamhaus PBL listing when you try to send email, the reason is simply that you need to turn on "SMTP Authentication" in your email program settings. For help with SMTP Authentication or ways to quickly fix this problem click here.

So Plusnet should *NOT* be blocking connection requests that use SMTP authentication (and SSL/TLS/STARTTLS).

David

 

 

MisterW
Superuser
Superuser
Posts: 14,771
Thanks: 5,538
Fixes: 395
Registered: ‎30-07-2007

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

I believe the once the login is complete the rest of the session is encrypted - is that correct?

My understanding is that the whole session (including username & password) is encrypted. Using STARTTLS will permit a non-encrypted session IF the server doesnt support TLS but since the PN server do support it, it shouldnt be an issue. Dont forget to use SSL for the receive IMAP or POP connections as well.

I'm afraid (rightly or wrongly) the PN servers check IP reputation BEFORE they attempt authentication

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Townman
Superuser
Superuser
Posts: 23,046
Thanks: 9,639
Fixes: 160
Registered: ‎22-08-2007

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

Port 465 is deprecated and strict compliance with standards would dictate it ought not to be used.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Perdrix
Grafter
Posts: 76
Thanks: 8
Registered: ‎18-01-2014

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address


@MisterW wrote:

I'm afraid (rightly or wrongly) the PN servers check IP reputation BEFORE they attempt authentication


Well that's not correct Sad  

Townman
Superuser
Superuser
Posts: 23,046
Thanks: 9,639
Fixes: 160
Registered: ‎22-08-2007

Re: Cannot connect to relay.plus.net port 587 or 465 from a non-Plusnet IP address

Can you cite a technical specification for that assertion or is that simply your opinion because it does not work they way you want it to? The problem with depending solely on user credentials as you want is that lays open a marked vulnerability to compromised authentication being used via an untraceable channel. That being the case, logically the strategy is correct.

In the absence of there being a specification for such matters, then it’s down to whatever an organisation deems to be the best practice for protecting the security of services from the potential for abuse. The bottom line is service abusers hide behind VPNs and thus they deserve firmer restrictions than other connection methods. It would appear that your chosen VPN provider has a poor reputation. There are other VPN providers available.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.