0002641: SMTP Proxy not responding from external

(0003706)
lucagiove (developer)
2010-01-27 09:30

just checked it out, it doesn't happen on Enterprise version

(0003710)
aender (reporter)
2010-01-27 10:56

Nice. But the Community has that problem. So there have to be anything different.

The Rule 11 from the rules of system services in "System access configuration" looks wrong for me:
See the attached image.

There is no Entry for "Source interface". All other rules have an entry.
Could this be the problem?

Where can i find the file for this setting?

(0003717)
aender (reporter)
2010-01-29 08:16

Please tell me the location of the file with the system standard rules for dnat. So i can solve the problem for myself....

(0003718)
lucagiove (developer)
2010-01-29 09:34

you should have this template file:

root@kenny:/etc/firewall/inputfw # cat smtpscan.conf.tmpl
#if $SMTPSCAN_ENABLED == "on"
#for $zone in $ENABLED_ZONES
tcp,,25,on,,$zone#if $zone == "GREEN" then "&VPN:ANY" else ""#,off,SMTPD,ACCEPT,,
#end for
#end if

and these are the firewall rules:

root@kenny:/etc/firewall/inputfw # cat smtpscan.conf
tcp,,25,on,,GREEN&VPN:ANY,off,SMTPD,ACCEPT,,
tcp,,25,on,,RED,off,SMTPD,ACCEPT,,

(0003719)
aender (reporter)
2010-01-29 10:36

OK.

On the Community Edition the first file smptscan.conf.tmpl looks like this:

#if $SMTPSCAN_ENABLED == "on" and $ENABLED_ZONES != []
tcp,,25,on,,${"&".join($INPUTFW_ZONES)}:ANY,off,SMTPD,ACCEPT,,
#end if

Second file smtpscan.conf.tmpl looks like this:

tcp,,25,on,,RED:ANY,off,SMTPD,ACCEPT,,

I changed both files to yours and now all works fine. Thanks a lot.

(0003721)
lucagiove (developer)
2010-01-29 11:12

it's enough to change the .tmpl only

(0004176)
Anonymous (viewer)
2010-04-24 08:08

Hello folks.
I am also reporting the same smtp proxy issue on my community 2.3.0 version system

I have implemented the suggest changes/fixes to the smtpscan.conf.tmpl file and it has made no difference.

I would like to persue this issue.

David

(0004177)
david_thistlethwaite (reporter)
2010-04-24 08:11

The above note (0004176) was me.
Just needed an account
thanks

(0004198)
baldy (reporter)
2010-05-01 18:10

David,

From a working system :

smtpscan.conf :

tcp,,25,on,,GREEN&VPN:ANY,off,SMTPD,ACCEPT,,
tcp,,25,on,,RED,off,SMTPD,ACCEPT,,
tcp,,25,on,,VPN,off,SMTPD,ACCEPT,,

smtpscan.conf.tmpl :

#if $SMTPSCAN_ENABLED == "on"
#for $zone in $ENABLED_ZONES
tcp,,25,on,,$zone#if $zone == "GREEN" then "&VPN:ANY" else ""#,off,SMTPD,ACCEPT,
,
#end for
#end if

I have also added both files to this issue.

Can you test and post back ?
Also verify in the GUI that the proxy is enabled.

Regards,

Klaas-Jan

(0004228)
david_thistlethwaite (reporter)
2010-05-05 07:52

Klaas-Jan
I have confirmed that my system has the above entries in the smtpscan.conf and .tmpl files and that the gui reports that the smtp proxy is activated.

Still no email flow unless the NAT rule is active.

Strange.

David

(0004241)
baldy (reporter)
2010-05-09 11:52

Hi David,

Did you telnet from internal to RED or from an external location ?

There is an issue with 2.3 when trying to telnet to RED from internal.

Also, have you tried a clean install ?
I have already deployed a dozen or so 2.3 machines and they all accepted mail after changing the files in question.

When enabling the smtp proxy on RED there should be no neesd to open port 25 with a new NAT rule.

Regards,

Klaas-Jan

Notes
(0003706) lucagiove (developer) 2010-01-27 09:30	just checked it out, it doesn't happen on Enterprise version

(0003710) aender (reporter) 2010-01-27 10:56	Nice. But the Community has that problem. So there have to be anything different. The Rule 11 from the rules of system services in "System access configuration" looks wrong for me: See the attached image. There is no Entry for "Source interface". All other rules have an entry. Could this be the problem? Where can i find the file for this setting?

(0003717) aender (reporter) 2010-01-29 08:16	Please tell me the location of the file with the system standard rules for dnat. So i can solve the problem for myself....

(0003718) lucagiove (developer) 2010-01-29 09:34	you should have this template file: root@kenny:/etc/firewall/inputfw # cat smtpscan.conf.tmpl #if $SMTPSCAN_ENABLED == "on" #for $zone in $ENABLED_ZONES tcp,,25,on,,$zone#if $zone == "GREEN" then "&VPN:ANY" else ""#,off,SMTPD,ACCEPT,, #end for #end if and these are the firewall rules: root@kenny:/etc/firewall/inputfw # cat smtpscan.conf tcp,,25,on,,GREEN&VPN:ANY,off,SMTPD,ACCEPT,, tcp,,25,on,,RED,off,SMTPD,ACCEPT,,

(0003719) aender (reporter) 2010-01-29 10:36	OK. On the Community Edition the first file smptscan.conf.tmpl looks like this: #if $SMTPSCAN_ENABLED == "on" and $ENABLED_ZONES != [] tcp,,25,on,,${"&".join($INPUTFW_ZONES)}:ANY,off,SMTPD,ACCEPT,, #end if Second file smtpscan.conf.tmpl looks like this: tcp,,25,on,,RED:ANY,off,SMTPD,ACCEPT,, I changed both files to yours and now all works fine. Thanks a lot.

(0003721) lucagiove (developer) 2010-01-29 11:12	it's enough to change the .tmpl only

(0004176) Anonymous (viewer) 2010-04-24 08:08	Hello folks. I am also reporting the same smtp proxy issue on my community 2.3.0 version system I have implemented the suggest changes/fixes to the smtpscan.conf.tmpl file and it has made no difference. I would like to persue this issue. David

(0004177) david_thistlethwaite (reporter) 2010-04-24 08:11	The above note (0004176) was me. Just needed an account thanks

(0004198) baldy (reporter) 2010-05-01 18:10	David, From a working system : smtpscan.conf : tcp,,25,on,,GREEN&VPN:ANY,off,SMTPD,ACCEPT,, tcp,,25,on,,RED,off,SMTPD,ACCEPT,, tcp,,25,on,,VPN,off,SMTPD,ACCEPT,, smtpscan.conf.tmpl : #if $SMTPSCAN_ENABLED == "on" #for $zone in $ENABLED_ZONES tcp,,25,on,,$zone#if $zone == "GREEN" then "&VPN:ANY" else ""#,off,SMTPD,ACCEPT, , #end for #end if I have also added both files to this issue. Can you test and post back ? Also verify in the GUI that the proxy is enabled. Regards, Klaas-Jan

(0004228) david_thistlethwaite (reporter) 2010-05-05 07:52	Klaas-Jan I have confirmed that my system has the above entries in the smtpscan.conf and .tmpl files and that the gui reports that the smtp proxy is activated. Still no email flow unless the NAT rule is active. Strange. David

(0004241) baldy (reporter) 2010-05-09 11:52	Hi David, Did you telnet from internal to RED or from an external location ? There is an issue with 2.3 when trying to telnet to RED from internal. Also, have you tried a clean install ? I have already deployed a dozen or so 2.3 machines and they all accepted mail after changing the files in question. When enabling the smtp proxy on RED there should be no neesd to open port 25 with a new NAT rule. Regards, Klaas-Jan

Issue History
Date Modified	Username	Field	Change
2010-01-26 21:33	aender	New Issue
2010-01-26 21:33	aender	File Added: Bildschirmfoto 2010-01-26 um 21.30.44.png
2010-01-27 09:30	lucagiove	Note Added: 0003706
2010-01-27 10:56	aender	Note Added: 0003710
2010-01-29 08:16	aender	Note Added: 0003717
2010-01-29 09:34	lucagiove	Note Added: 0003718
2010-01-29 10:36	aender	Note Added: 0003719
2010-01-29 11:12	lucagiove	Note Added: 0003721
2010-01-29 11:12	lucagiove	Status	new => resolved
2010-01-29 11:12	lucagiove	Fixed in Version	=> 2.3
2010-01-29 11:12	lucagiove	Resolution	open => fixed
2010-01-29 11:12	lucagiove	Assigned To	=> lucagiove
2010-04-24 08:08	Anonymous	Note Added: 0004176
2010-04-24 08:08	Anonymous	Status	resolved => feedback
2010-04-24 08:08	Anonymous	Resolution	fixed => reopened
2010-04-24 08:11	david_thistlethwaite	Note Added: 0004177
2010-04-24 08:11	david_thistlethwaite	Issue Monitored: david_thistlethwaite
2010-05-01 18:10	baldy	Note Added: 0004198
2010-05-01 18:10	baldy	File Added: smtpscan.conf
2010-05-01 18:10	baldy	File Added: smtpscan.conf.tmpl
2010-05-05 07:52	david_thistlethwaite	Note Added: 0004228
2010-05-09 11:52	baldy	Note Added: 0004241
2010-07-08 14:38	lucagiove	Status	feedback => resolved
2010-07-08 14:38	lucagiove	Resolution	reopened => fixed

Relationships