Need network flow from eideticker-ci1.ateam.phx1.mozilla.com to smtp.mozilla.org port 25

RESOLVED FIXED

Status

Infrastructure & Operations
NetOps
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: davehunt, Assigned: dcurado)

Tracking

Details

(Reporter)

Description

4 years ago
Our new Jenkins instance for Eideticker needs to be able to send failure alerts to ateamnotices@mozilla.com, however it cannot currently do so due to the following error:

ERROR: Could not connect to SMTP host: smtp.mozilla.org, port: 25
javax.mail.MessagingException: Could not connect to SMTP host: smtp.mozilla.org, port: 25;
  nested exception is:
	java.net.SocketTimeoutException: connect timed out
	at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934)
	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638)
	at javax.mail.Service.connect(Service.java:295)
	at javax.mail.Service.connect(Service.java:176)
	at javax.mail.Service.connect(Service.java:125)
	at javax.mail.Transport.send0(Transport.java:194)
	at javax.mail.Transport.send(Transport.java:124)
	at hudson.tasks.MailSender.execute(MailSender.java:117)
	at hudson.tasks.Mailer.perform(Mailer.java:137)
	at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:804)
	at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:776)
	at hudson.model.Build$BuildExecution.post2(Build.java:183)
	at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:725)
	at hudson.model.Run.execute(Run.java:1701)
	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
	at hudson.model.ResourceController.execute(ResourceController.java:88)
	at hudson.model.Executor.run(Executor.java:231)
Caused by: java.net.SocketTimeoutException: connect timed out
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:579)
	at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:286)
	at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:231)
	at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1900)
	... 17 more
(Assignee)

Updated

4 years ago
Assignee: network-operations → dcurado
(Assignee)

Comment 1

4 years ago
working on this
Status: NEW → ASSIGNED
(Assignee)

Comment 2

4 years ago
That was an interesting one. =-)
We allow anyone to talk to our mail servers, so you know, we can get mail. =-)

But, Mozilla appears to control what can leave the ateam vlan.

OK, I put a policy in place that should allow the mail to go through now.
For a quick check to see if it works, you can try to: telnet smtp.mozilla.org 25 
The policy is listed below.
Please let me know if you have any problems?
Thanks -- Dave

  From zone: ateam, To zone: untrust
  Source addresses:
    eideticker-ci1: 10.8.120.133/32
  Destination addresses:
    mx2: 63.245.216.70/32 
    mx1: 63.245.216.69/32
  Application: junos-smtp
    IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
      Source port range: [0-0] 
      Destination port range: [25-25]
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
(Reporter)

Comment 3

4 years ago
Yep, this works, thanks! :)
You need to log in before you can comment on or make changes to this bug.