Very odd authentication problem

Can you telnet and see what error you get? I tried and I got a "Hello" but didnt have a username to test.

What are you using for DNS on your network? If you haven't changed it then it will be Cox DNS by default. Also when checking your DNS record I noticed your missing PTR for your MX. This may cause a problem, but not exactly the kind you described, but thought I would still mention it.

This is getting slightly above my level of expertise already! I tried telnet mail.juliepopledesigns.com and it just says 'Trying 67.55.35.229' and hangs there.

I don't know what PTR or MX means I'm afraid! But there is this - when I log into the router it tells me this:

WAN Default Gateway 68.8.108.1
WAN Primary DNS 68.105.28.11
WAN Secondary DNS 68.105.29.11
WAN Third DNS 68.105.28.12

And in the Network settings i have these as DNS servers:

68.105.28.11
68.105.29.11
68.105.28.12

Does that all look OK?

Chris 

Well your hitting the same IP that I am, so it doesn't seem to be a DNS issue. Not to say there aren't some weird things going on with your DNS, but I don't see it causing the problem described. May want to show this thread to your web designer and see what he says. Here is your DNS record:

;; QUESTION SECTION:
;juliepopledesigns.com. IN ANY

;; ANSWER SECTION:
juliepopledesigns.com. 14126 IN MX 0 juliepopledesigns.com.
juliepopledesigns.com. 21326 IN SOA ns.canaca.net. dnsadmin.host3.canaca.com. 2014061700 86400 7200 3600000 86400
juliepopledesigns.com. 21326 IN NS ns2.canaca.net.
juliepopledesigns.com. 21326 IN NS ns.canaca.net.
juliepopledesigns.com. 14126 IN A 67.55.35.229

;; Query time: 14 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Oct 19 15:45:45 2014
;; MSG SIZE rcvd: 185

The question is why can't you connect to 67.55.35.229 when I can. Can you ping 67.55.35.229? Thats easier, from the same command prompt you did Telnet, type "ping 67.55.35.229" and if it times out, try "Tracert  67.55.35.229" to see where it times out. To copy/paste from command (assuming MS Windows) right click on top of the window and Edit > Select All, then press enter. It will now be in your clipboard and you can paste it here.

Yes I can ping fine, and trace route:

traceroute to 67.55.35.229 (67.55.35.229), 64 hops max, 52 byte packets
1 10.16.0.1 (10.16.0.1) 24.220 ms 37.767 ms 28.151 ms
2 66.55.92.62 (66.55.92.62) 27.235 ms * *
3 p21.20g.csr1.lax1.servernap.net (66.252.6.34) 32.259 ms 25.223 ms 25.653 ms
4 ae0.er1.lax1.servernap.net (66.252.6.33) 23.672 ms 176.519 ms 33.019 ms
5 te0-0-0-34.ccr23.lax05.atlas.cogentco.com (38.104.84.133) 41.021 ms 109.903 ms 34.269 ms
6 be2179.ccr22.lax01.atlas.cogentco.com (154.54.41.81) 32.664 ms
be2178.mpd22.lax01.atlas.cogentco.com (154.54.41.117) 24.534 ms 185.685 ms
7 be2066.ccr22.iah01.atlas.cogentco.com (154.54.7.53) 157.845 ms
be2068.ccr22.iah01.atlas.cogentco.com (154.54.7.157) 64.297 ms
be2066.ccr22.iah01.atlas.cogentco.com (154.54.7.53) 64.296 ms
8 be2146.ccr22.dfw01.atlas.cogentco.com (154.54.25.242) 173.660 ms * 66.350 ms
9 be2010.ccr22.mci01.atlas.cogentco.com (154.54.46.217) 76.101 ms 86.327 ms 181.711 ms
10 be2157.ccr42.ord01.atlas.cogentco.com (154.54.6.118) 100.619 ms 317.709 ms 92.667 ms
11 be2080.ccr22.yyz02.atlas.cogentco.com (154.54.42.6) 103.700 ms 348.581 ms 102.135 ms
12 38.111.102.72 (38.111.102.72) 105.852 ms 318.235 ms 106.126 ms
13 38.111.102.68 (38.111.102.68) 108.931 ms 132.535 ms 106.681 ms
14 66.49.255.6 (66.49.255.6) 109.129 ms 110.115 ms 112.833 ms
15 67.55.35.229 (67.55.35.229) 109.374 ms 106.431 ms 104.188 ms

The issue isn't that I can't reach the server, it's *authentication* that fails. I can load up the webmail page, but it won't accept my password. There must be something about the way Cox sends password information?

So that means something must be blocking the port. What do you have for a Antivirus/Firewall? Can it be disabled and/or add a exception for port 110 and 25?

If that doesn't work, you can try bypassing your router, specially if its a work router for your VPN. The router may have port 25/110 rerouted for your work email. Its a stretch, but we are getting to the bottom of the solution barrel. 

I have no firewall/antivirus software installed (I'm on a Mac!) and I've just logged into the wifi router and there are no port blocking instructions listed. I manually added FTP (20) and POP3 (110) to the Port Forwarding list but ftp and mail still won't log in.

Also if the ports were blocked by anything, it wouldn't even ask for my username would it? Is the password usually sent via a different port than the username?

What kind of router do you have?

Also a Mac has a firewall still, try disabling it? If you need more specific instructions, what OSX do you have?

Also can you contact your webhost support? I wonder if your IP and/or account was black listed. That might explain why it works on a different ISP, since different IP. One way to test this is change MAC address of the WAN interface on the router, or connect the MAC directly to the modem. This might be best since it eliminates any possibility of a firewall issue on the router.

Health Edge said:

What kind of router do you have?

Also a Mac has a firewall still, try disabling it? If you need more specific instructions, what OSX do you have?

Also can you contact your webhost support? I wonder if your IP and/or account was black listed. That might explain why it works on a different ISP, since different IP. One way to test this is change MAC address of the WAN interface on the router, or connect the MAC directly to the modem. This might be best since it eliminates any possibility of a firewall issue on the router.

dpople said:
I manually added FTP (20) and POP3 (110) to the Port Forwarding list but ftp and mail still won't log in.

You don't want to forward any ports, because your not trying to route any incoming traffic unless you were trying to host the mail or FTP server. In orginal post, you mentioned authentication on another ISP, can you give more info on that? How is your VPN configured, and does your mail server possibly require it?

dpople said:
Is the password usually sent via a different port than the username?

Yes, but you need to ask who ever host your mail server that. But if it works via a VPN, and if the VPN is just rerouting all traffic..well its too hard to speculate without knowing the facts. Do you have a IT or Web Host support you can reach into? Not to say they are the problem, but confirming some things would help isolate the issue.

I mean to say, that using the same iPhone and iPad set up with exactly the same login details, I can pick up mail from the coffee shop down the road but not in my own house! So there's something about the way passwords are handled just for the juliepopledesigns.com domain and just our own Cox wireless network that is incompatible. We just don't know what!

The VPN works by simply going through another - any other - server instead of trying the Cox servers first. It doesn't even matter WHICH VPN we use, ANY VPN means we can authenticate email.

We do have IT support for the domain hosts (canaca.ca) that we've been in touch with, but I just don't know how much more we can go with them. Once it became obvious that there's nothing wrong with access to juliepopledesigns.com from literally any other location, Cox began being the focus of our investigations.

dpople said:
Cox began being the focus of our investigations.

Well I am out of ideas. In the end, your Cox service works, and there is no sign of a connectivity issues between you and the server. You can ping it, but it won't except your credentials. That means either the server is blocking all Cox connections, or just yours. It can't be anything Cox is doing IMO, because you would see it in your ping or tracert. My guess is they have your Cox IP blocked, and thats why a VPN which is proxy through a different connection (different IP) would work. That is why I asked how the VPN works. If anyone else has any ideas, feel free to post, but I am done. Good luck though. :-)

Aha right - well at least I've got something else to try. Thanks so much for all your help on this, if we ever get to the bottom of it we'll let you know!

Thanks so much again,

Derek