NOT MT related: All domains containing “mail” in any part of the FQDN do not work
I have a customer who has this problem on his internal PCs.
I can’t go there to check it out in person right now,
I had to limit myself to doing some quick checks with remote desktop.
Anyone have any idea what the problem might be?
for example kkkmailzzz..com resolves, ping, but the https on various browsers doesn’t work.
Any other https site with any name that NOT contain “mail” on FQDN works.
I was not expecting mr. rextended with this title…
That sounds strange. Perhaps there is some middleware security box that’s trying to generically block webmail services is about all I got. But you run the network, so IDK…
That’s right, I provide the connection and public IPs, but I don’t control or manage their internal routers.
Yes, I checked my devices and there is no filter (stupid filter I would say) that does this thing,
but if someone had already had to deal with something like this… maybe it was enlightening…
Maybe a traceroute using TCP port 443 would give you more information? Not sure what kind of OS you have access to for remote debugging.
A “smart” antivirus running on clients’ PCs?
@eltikpad
On the CPE if I connect, for example, with fetch on https://mail.yahoo.com it responds, and the https certificate is correct,
once passed their tplink router (I really want to say that I neither sold it to him nor configured it),
nothing that contains “mail” anywhere in the domain name (but not in the web page) works anymore.
Tested only on windows with firefox / edge / chrome.
When I can go there I investigate more.
@mkx
This is the conclusion I came to too. But I’m not entirely convinced.
When I go there I’ll investigate further and then I’ll let all you know.
I have a few suggestions to try out if possible. Check if TCP connection is allowed at the network level, for example in PowerShell:
Test-NetConnection -Port 443 mail.yahoo.com
What do they use for DNS server? Can you try pointing a PC or a browser to a public DNS server?
It definitely looks like some security software either on computers or in between.
Thanks for the tip.
For DNS, it definitely works at the command prompt, and there are no extensions installed on the browser.
(use my DNS and the servers server other 2000 customers that do not have that problem.
When I have physical access to the device then I will investigate further.
finally made a personal visit on site… a certain 5hitty tplink did the aforementioned filter… no comment…
Thank you all for your time.
@rextended, random question, do you offer service in around Lucca (Tuscany)?
I use S.I.C.E. (Capannori, ~5Km from Lucca) as distributor for the equipments, they have a lot of well trained staff.
I am in the same region, but Lucca is a little far away…
Curious why you asked…
We have relatives there, and taking my mom to visit this summer. They wanted me to "fix their wi-fi" while visiting & thinking how to outsource 
.
Haha, classic! Ah yeah, the ol vacation tech support package – been there, fixed that, didn’t get a t-shirt! 
Parenti… serpenti! 
[Dearest relatives]
The full proverb being:
Parenti serpenti, cugini assassini, fratelli coltelli.
maybe a bit too excessive, a softer one:
Parenti, mal di denti. 