#38 can't connect to discovery.razor.cloudmark.com:2703

[Jonathan Engbrecht]

I'm trying to register a number of new systems to use razor, but am unable to register. I've recently had success setting up a number of other machines here. I'm getting a tcp reset from the server when I make the connection.

May 25 10:45:16.939295 admin[2024]: [ 3] Unable to connect to discovery.razor.cloudmark.com:2703; Reason: Connection timed out.
May 25 10:45:16.939431 admin[2024]: [ 1] razor-admin error: nextserver: Bootstrap discovery failed. Giving up.

[Jonathan Engbrecht]

Issue with the NAT at our end (oops). Please close/delete.

[Lukasz Zygmanski]

I have the same problem the next day since 8:53 UTC+1 (CET):
Apr 26 08:53:11.591713 check[27290]: [ 3] Unable to connect to c301.cloudmark.com:2703; Reason: Połączenie odrzucone.
Apr 26 08:53:11.697076 check[27290]: [ 3] Unable to connect to c303.cloudmark.com:2703; Reason: Połączenie odrzucone.
Apr 26 08:53:11.809951 check[27290]: [ 3] Unable to connect to c302.cloudmark.com:2703; Reason: Połączenie odrzucone.

and

telnet discovery.razor.cloudmark.com 2703
Trying 208.83.137.118...
Trying 208.83.137.117...
Trying 208.83.139.205...
telnet: Unable to connect to remote host: Connection refused

[Andrew]

Hi. Today I set up new mail server with spamassassin and razor and got the following message:

Sep 26 00:56:26.450199 admin[16826]: [ 2]  Razor-Agents v2.84 starting razor-admin -home=/var/spool/spamd/.razor -register
Sep 26 00:56:46.576142 admin[16826]: [ 3] Unable to connect to discovery.razor.cloudmark.com:2703; Reason: Operation timed out.
Sep 26 00:57:06.639271 admin[16826]: [ 3] Unable to connect to discovery.razor.cloudmark.com:2703; Reason: Operation timed out.
Sep 26 00:57:06.639476 admin[16826]: [ 1] razor-admin error: nextserver: Bootstrap discovery failed. Giving up.

Host discovery.razor.cloudmark.com resolved:

host discovery.razor.cloudmark.com
discovery.razor.cloudmark.com has address 208.83.137.118
discovery.razor.cloudmark.com has address 208.83.137.117
discovery.razor.cloudmark.com has address 208.83.139.205

but all 3 hosts unreachable by icmp

 ping -c 10 discovery.razor.cloudmark.com
PING discovery.razor.cloudmark.com (208.83.137.118): 56 data bytes

--- discovery.razor.cloudmark.com ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss

connect telnet to port 2703 also failed

telnet discovery.razor.cloudmark.com 2703
Trying 208.83.137.117...
telnet: connect to address 208.83.137.117: Operation timed out
Trying 208.83.139.205...
telnet: connect to address 208.83.139.205: Operation timed out
Trying 208.83.137.118...
telnet: connect to address 208.83.137.118: Operation timed out
telnet: Unable to connect to remote host

I tried icmp and telnet from another mail server connected through another ISP and discovery.razor.cloudmark.com does not respond either via icmp or telnet.
I checked razor-agent.log and found that the last email was checked through razor two months ago
Jul 27 19:30:20.720790 check[85621]: [ 3] mail 1 is not known spam.

Then I checked with our server located in the US and icmp/telnet were reachable.

 telnet 208.83.137.205 2703
Trying 208.83.137.205...
Connected to d303.cloudmark.com.
Escape character is '^]'.
sn=D&srl=670&a=l&a=cg

Using looking glass from various ISP I found that ip 208.83.137.117, 208.83.139.218, 208.83.139.205 are reachable from one ISP, and are not reachable from others.

traceroute:

icmp/telnet reachable

1. gw.ipv4.layer6.net
2. 104.200.152.56
3. xe-8-0-1.cr6-lax2.ip4.gtt.net
4. et-9-3-0.cr9-nyc3.ip4.gtt.net
5. cloudmark-gw.ip4.gtt.net 
6. d303.cloudmark.com    

icmp/telnet unreachable:

1. 193.200.173.254
2. 185.13.7.241
3. v1045.cs-krasn100.kv.wnet.ua
4. xe-6-1-0.mx1-nyc.nyc.w-net.us
5. nyiix1.voxel.net
6. bbr2.ae7.nym007.pnap.net
7. core4.be4.inapvox-lag.nym007.pnap.net
8. border3-ae1-0.nym007.pnap.net
9. ???

Is it possible that you or your upstreams have problems with routing or are you blocking/restricting requests from some ip/network/ISP by design?