Netro Support: Firewall

Overview
Netro provides services to it's customers including:
- Mail including:
  - SMTP (port 25)
  - SMTPS (port 465)
  - Submission (port 587)
  - POP3 (port 110)
  - POP3S (port 995)
- FTP including:
  - FTP (port 21)
  - FTPS (port 990) on newer servers.

To protect our network, we run an IDS (Intrustion Detection System) to mitigate brute force attacks.
If three login attempts are made with the wrong password, our system will automatically block the originating IP address for three hours,
similar to how banks block three failed PIN attempts on ATM's and EFTPOS terminals for 24 hours.
Please note: The block time is subject to change.

Troubleshooting
Connectivity can be tested using tools such as:

1. Using telnet
Install Telnet Client e.g.
telnet pop.netro.com.au pop3
telnet smtp.netro.com.au 587
telnet ftp.netro.com.au ftp
telnet sftp.netro.com.au 4

Note:
- Escape Character is 'CTRL+]'
- quit to exit (Type help for more information).

2. Using OpenSSL
SSL/TLS
openssl s_client -connect smtp.netro.com.au:465
openssl s_client -connect smtp.netro.com.au:587 -starttls smtp
openssl s_client -connect pop.netro.com.au:pop3 -starttls pop3
openssl s_client -connect pop.netro.com.au:pop3s
openssl s_client -connect ftp.netro.com.au:ftp -starttls ftp
openssl s_client -connect ftp.example.com:ftps

3. Using nmap
Downloading Nmap
nmap --script smtp-commands smtp.netro.com.au -p smtps
nmap --script pop3-capabilities pop.netro.com.au -p pop3s
nmap --script banner sftp.netro.com.au -p 4

If you can't connect, try:
- From different device/network
- Different server, such as Gmail:
  Read Gmail messages on other email clients using POP
  pop & smtp.gmail.com
- Contact support, include your IP address.

Links
- Wikipedia: IDS
- Post Office Protocol (POP)
- Simple Mail Transfer Protocol (SMTP)
- Extended Simple Mail Transfer Protocol (ESMTP)
- Simple Authentication and Security Layer (SASL)
- Wikipedia: FTP
- HyperText Transfer Protocol (HTTP)
- Transport Layer Security (TLS) (including predecessor Secure Sockets Layer (SSL)
- Opportunistic TLS e.g. STARTTLS & STRIPTLS vulnerability.
- Email encryption in transit
- IANA: Service Name and Transport Protocol Port Number Registry

Updated Dec-18