Is Telkom hijacking Mweb SMTP server DNS names?

Claymore

Claymore

Executive Member
Joined
Jan 20, 2004
Messages
8,851
Reaction score
1,782
Location
JHB
I was helping someone the other day who was having issues with sending Mweb email when on a Telkom ADSL connection; he was getting authentication errors. Eventually I ran a tracert to smtp.mweb.co.za, and the destination was not an Mweb server, it was a SAIX SMTP server. That explained the authentication issue; obviousl;y the SAIX server couldn't authenticate Mweb credentials.

I changed his SMTP to relay.mweb.co.za, which seemed to work, and later to the real IP address of the Mweb server.

Is this a known thing?
 
I've been having intermittent authentication errors with my Mweb email address using Telkom ADSL for the past week.
 
It's not unheard off for ISPs to intercept port 25 and redirect it to their own SMTP servers. The reasoning behind this is to combat spam. I'd rather not say anything in terms of my personal opinion about this practice.

Your client, should not be using port 25, but rather, be using port 587 (smtp-submission).

If the DNS name per say has been hijacked, then that is rather alarming, but I won't easily believe that until actual traceroutes are posted and validated.
 
savage said:
It's not unheard off for ISPs to intercept port 25 and redirect it to their own SMTP servers. The reasoning behind this is to combat spam. I'd rather not say anything in terms of my personal opinion about this practice.

Your client, should not be using port 25, but rather, be using port 587 (smtp-submission).

If the DNS name per say has been hijacked, then that is rather alarming, but I won't easily believe that until actual traceroutes are posted and validated.
Click to expand...

When I'm out there again, I'll do the trace.

Does Mweb support 587 nowadays?
 
So here's the trace from a Telkom ADSL user to "smtp.mweb.co.za". The smtp.mweb.co.za IP address is actually 196.35.198.134.

mweb smtp.png
 
I'm getting different results from telkom adsl side. It's very odd.

Tracing route to smtp.mweb.co.za [196.43.0.142]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms D-Link.Home [10.0.0.2]
2 * * * Request timed out.
3 25 ms 27 ms 26 ms 105.224.0.49
4 29 ms 26 ms 28 ms 105.228.0.6
5 27 ms 25 ms 27 ms 105.224.0.13
6 26 ms 27 ms 26 ms rndf-ip-hsll-2-wan.telkom-ipnet.co.za [196.25.166.217]
7 27 ms 27 ms 27 ms rrba-ip-essr-2-atm-2-0-0-1.telkom-ipnet.co.za [196.43.23.98]
8 27 ms 26 ms 27 ms smtp-north.saix.net [196.43.0.142]

Trace complete.
 
This is rather worrying, if they are modifying DNS for their customers. I guess this is another reason for me to use Google's public DNS.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X