Unable to send email

Tuesday 15 February 2005

Last Thursday, I obediently installed a number of Windows Updates. It all went fine. Once I had rebooted, I was no longer able to send via my personal email account. Odd, but I had seen it before. Rebooting (and maybe scanpst'ing) had fixed it before, so I did those two things. No luck.

I finally fixed it, but mysteries remain.

I double-checked the name and password on the account. They were fine. My ISP (RCN) requires that I use their SMTP server for sending outgoing mail, even though I don't use their POP server for receiving mail. My wife and son both use the same outgoing SMTP server with the same credentials, and they were able to send email, so I was confused.

The onset of the problem coincided with my installation of Windows Updates, and only affected the one computer in three that had the Updates, so I naturally believed they were at fault. Naively believing in a Newtonian universe, I read the knowledgebase articles about the fixes to see which sounded like it might be somewhere near an email stack. I picked the most likely one and uninstalled it. No change.

Next, I used telnet to connect directly to the SMTP server (this tutorial on SMTP authentication proved useful as a guide). Sure enough, the server rejected my username and password. I tried telnet'ing from my wife's Mac, just in case somehow the OS was interfering. Nope, the credentials were rejected there too. But my wife could send mail. Checking her email account settings, I see that she's actually going in anonymously! I set the username and password, and she can still send email.

Next, I wrung my hands for a long time, and bemoaned my fate, and generally got depressed about the impossibility of understanding and troubleshooting the complexity of modern computer systems.

Next, I installed Ethereal to capture the network traffic to see what is happening. No surprise there: it shows Outlook doing just what I had done with telnet, and being denied access.

Having figured out Ethereal enough to watch network traffic on a Windows machine, I figured I might as well install it on my son's computer to see how it is managing to send email. Here's the strangest part: He was sending the same credentials as me, and also being returned an "authentication failed" message. But his Outlook Express simply ignored the error and sent the email anyway, and the SMTP server gladly accepted it and delivered it!

To reiterate: the client-server interactions that worked went like this:

  1. Client: Let me in, it's ned.
  2. Server: I don't believe you: you can't come in.
  3. Client: Screw you, I'm coming in anyway!
  4. Server: That's OK, I was just kidding!

Is this the state of SMTP security? No wonder we have a spam problem!

So now at least I understand why some email was getting through, but what's wrong with the credentials anyway? Next I went to my account page at RCN to see if the username and password are correct. After all, the "successful" credentials were being flagged as wrong anyway, so maybe I didn't know my password?

At the RCN account page, sure enough, it accepted my username and password, so it turns out I did know them after all. I was about to change the password just to see if that would flush out some frogs, when I notice one of the options on the page: "Reactivate your email account".

Aha! Turns out that since I never use the POP half of my email account, they decided to deactivate it. Reactivating it made everything work, at last!

Remaining mysteries:

  1. Why didn't RCN try sending me an email to let me know the account was being deactivated. (I checked the POP account: there's no mail there, although maybe they dumped it when they deactivated it.)
  2. Why didn't RCN notice that the SMTP side of the account was quite active, thank you very much, and leave everything as it was?
  3. Why "deactivate" the account so that credentials fail, but then accept email anyway?
  4. Was the account deactivated last Thursday, or was one of the Windows Updates a fix so that Outlook would notice the credentials were deactivated?
  5. What do ordinary people do to keep their computers running smoothly?

Comments

[gravatar]
Will Rickards 4:13 PM on 15 Feb 2005

I use RCN. I don't use their SMTP server. They just block port 25. Most hosting companies are also running SMTP on another port. You just need to find out what it is and use that. Drove me batty until I figured they were blocking port 25 except through their servers.

I still have thunderbird setup to check my RCN account. About once a month they send a newsletter, which I delete.

[gravatar]
mike 5:10 PM on 15 Feb 2005

you asked... ordinary people call up RCN and bitch relentlessly...

[gravatar]
Stefan Visser 7:25 PM on 15 Feb 2005

"5. What do ordinary people do to keep their computers running smoothly?"

Well, not mocking about with telnet and ethereal I bet!

But seriously, most software is geared towards the absolute beginner. Once you actually learned stuff and become an intermediate and say, stop using the pop3 servers, things go to hell.

That people just do not want to learn about computers or don't have the time for it, gives the developers a huge gap to muck about and put on the party hat. God forbid they actually test against not-so-common cases! That will never happen!

[gravatar]
Ned Batchelder 7:31 PM on 15 Feb 2005

Yeah, I suppose I would have solved the problem a lot faster if I hadn't been so "clever". The first time I saw an error with the string "rcn.com" in it, I would have called RCN. They would have said, "I'll just reactivate your email account", and that would have been it!

[gravatar]
brian 7:38 PM on 15 Feb 2005

The Ned I know would have solved this problem by writing his own SMTP server! ;-)

[gravatar]
Ned Batchelder 7:41 PM on 15 Feb 2005

I almost hacked up a POP3 proxy to see what was happening, because I thought I had something that already did half of it...

[gravatar]
Doug 5:49 AM on 16 Feb 2005

As a matter of principle, POP3 and SMTP ought to be provided by the same service provider. This idea of using one service provider for POP3 and another one for SMTP is dysfunctional. I'm on the fence about blocking port 25. But even with port 25 blocked, there is a very good solution that works: message submission agents on port 587. Read about it in RFC 2476. The problem with message submission is that not many service providers support or even know about it.

About your own ISP, I suspect they have two rules that determine who can relay mail: (1) authenticated users, (2) mail from their own network's IP addresses. So when authentication fails, they still allow you to send mail by rule 2. It's interesting to consider that the most common authentication might be POP3-before-SMTP. If you had been using that, then maybe your mail account would not have been deactivated because you would regularly log in with POP3.

[gravatar]
andrew 12:45 PM on 16 Feb 2005

(Nelson Mutz voice) Haaa ha!

[gravatar]
Tom Morris 7:13 PM on 22 Feb 2005

It may be entirely a coincidence, but my outbound mail failed the day after yours. I was sending authenticated SMTP on port 25 from Comcast to Earthlink (a Comcast partner).

One or the other apparently decided to start blocking port 25. After way too long on the phone with tech support, I found that I could use port 587 instead. Same server, same authentication, same account/password. This is enhancing security somehow?

I guess that the ISPs have decided that spammers aren't doing enough to disrupt email, they need to add their bit too.

Add a comment:

name
email
Ignore this:
not displayed and no spam.
Leave this empty:
www
not searched.
 
Name and either email or www are required.
Don't put anything here:
Leave this empty:
URLs auto-link and some tags are allowed: <a><b><i><p><br><pre>.