Is Telkom hijacking Mweb SMTP server DNS names?

Claymore

Claymore

Executive Member
Joined
Jan 20, 2004
Messages
8,340
I was helping someone the other day who was having issues with sending Mweb email when on a Telkom ADSL connection; he was getting authentication errors. Eventually I ran a tracert to smtp.mweb.co.za, and the destination was not an Mweb server, it was a SAIX SMTP server. That explained the authentication issue; obviousl;y the SAIX server couldn't authenticate Mweb credentials.

I changed his SMTP to relay.mweb.co.za, which seemed to work, and later to the real IP address of the Mweb server.

Is this a known thing?
 
AchmatK

AchmatK

Honorary Master
Joined
Dec 8, 2009
Messages
10,049
I've been having intermittent authentication errors with my Mweb email address using Telkom ADSL for the past week.
 
S

savage

Expert Member
Joined
Aug 11, 2003
Messages
2,922
It's not unheard off for ISPs to intercept port 25 and redirect it to their own SMTP servers. The reasoning behind this is to combat spam. I'd rather not say anything in terms of my personal opinion about this practice.

Your client, should not be using port 25, but rather, be using port 587 (smtp-submission).

If the DNS name per say has been hijacked, then that is rather alarming, but I won't easily believe that until actual traceroutes are posted and validated.
 
Claymore

Claymore

Executive Member
Joined
Jan 20, 2004
Messages
8,340
savage said:
It's not unheard off for ISPs to intercept port 25 and redirect it to their own SMTP servers. The reasoning behind this is to combat spam. I'd rather not say anything in terms of my personal opinion about this practice.

Your client, should not be using port 25, but rather, be using port 587 (smtp-submission).

If the DNS name per say has been hijacked, then that is rather alarming, but I won't easily believe that until actual traceroutes are posted and validated.
Click to expand...

When I'm out there again, I'll do the trace.

Does Mweb support 587 nowadays?
 
Claymore

Claymore

Executive Member
Joined
Jan 20, 2004
Messages
8,340
So here's the trace from a Telkom ADSL user to "smtp.mweb.co.za". The smtp.mweb.co.za IP address is actually 196.35.198.134.

mweb smtp.png
 
S

savage

Expert Member
Joined
Aug 11, 2003
Messages
2,922
Very, very weird indeed. smtp.mweb.co.za resolves to a completely different IP for me.

Horrendous that SAIX is doing this :sick:
 
hackerjargon

hackerjargon

Well-Known Member
Joined
Sep 8, 2010
Messages
237
I'm getting different results from telkom adsl side. It's very odd.

Tracing route to smtp.mweb.co.za [196.43.0.142]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms D-Link.Home [10.0.0.2]
2 * * * Request timed out.
3 25 ms 27 ms 26 ms 105.224.0.49
4 29 ms 26 ms 28 ms 105.228.0.6
5 27 ms 25 ms 27 ms 105.224.0.13
6 26 ms 27 ms 26 ms rndf-ip-hsll-2-wan.telkom-ipnet.co.za [196.25.166.217]
7 27 ms 27 ms 27 ms rrba-ip-essr-2-atm-2-0-0-1.telkom-ipnet.co.za [196.43.23.98]
8 27 ms 26 ms 27 ms smtp-north.saix.net [196.43.0.142]

Trace complete.
 
V

Valerion

Expert Member
Joined
Oct 13, 2003
Messages
1,926
This is rather worrying, if they are modifying DNS for their customers. I guess this is another reason for me to use Google's public DNS.
 
You must log in or register to reply here.
Top