Qmail SMTP server behind firewall configuration - smtp

i've a problem with configuration Qmail + SimScan + SpamAssassin (dovecot + RoundCube) with SPF plugin.
For Spf spam prevention, this system rejects all mail that don't passed SPF test with tool "spfquery" (read SPF explanation for understand my problem).
My Network configuration is:
NAT/Firewall: 10.0.1.1
MailServer: 10.0.1.2
Dns Server : 10.0.1.19
External IP: 212.212.12.12
All modules in my mail server works greatly, also network configuration.
Now i've problem with SPF-rejection or DNSBL, beacuse server IP for incoming mail is 10.0.1.1
Log for smtp server is:
CHKUSER accepted sender: from remote mx5.pippo.com:unknown:10.0.1.1> rcpt <> : sender accepted
qmail-smtpd: spf-reject: HELO(mx5.pippo.com) from 10.0.1.1 MAILFROM:info#pippo.com
Why my tcpserver see mail from 10.0.1.1 and not from mx record of pippo.com?
This is a bad configuration of my NAT or tcpserver/smtp server?

Intersting question. I think something is wrong with your config.
If I understand correctly, your MX record for your domain points to 212.212.12.12, which is the external IP of your router. You have port-forwarding setup on your router, to forward incoming connections on 212.212.12.12:25 to 10.0.1.2:25, which is the IP of your mail server on your private network.
If that's the case, your mail server should still see the connections from the remote IP that they are originating from, it should not look like the connections are coming from 10.0.1.1. Port-forwarding only re-writes the destination IP address on the packets, not the source address.
To confirm this, I did a test on a similar setup that I have at my house. I logged in remotely to a Linux box that I have running on my home network, on an inside IP behind by router, like you have. The Linux box did indeed see that I was coming from my remote IP address, not my home router's IP address.

Related

Failure Sending Mail using GSuite SMTP

I have a very curious issue with an application. When debugging locally, I can send emails just fine using a client's G Suite email credentials:
<smtp deliveryMethod="Network" from="client#customdomain.com">
<network defaultCredentials="false"
host="smtp.gmail.com"
port="587"
userName="client#customdomail.com"
password="supersecret"
enableSsl="true" />
</smtp>
Now, it's very important to note that the application will send just fine with the credentials when running on localhost using Visual Studio. However, when deploying to LIVE and using the exact same credentials, the application refuses to send and I only get the canned response back saying "Failure Sending mail".
I have enabled "less secure applications" in the settings and have verified the "suspicious activity" from the server's IP address. I can also log in to the Gmail account from the server using RDP and opening Firefox to go to Gmail.com.
No firewall rule has been set to block SMTP or anything on port 587.
UPDATE: the materialized error message is
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 74.125.192.108:587
74.125.192.108 being smtp.gmail.com's IP Address (or one of them, at least)
UPDATE 2: I can also not get Thunderbird on the remote server to send an email using the supplied credentials, however it can connect via IMAP and download the contents of the inbox just fine.
Well in this very specific case, it was the fault of the Amazon infrastructure this application ran on. Either amazon themselves, or the reseller changed a policy that ended up blocking communications on ports 465, 587 and 993 (and probably others too).
The "solution" was to nag them to sort it out.

Openshift - Get user IP address on websocket connection

I'd like to log the user's IP address in an OpenShift application. I'm using this access log pattern in my WildFly application server configuration:
<access-log pattern="%{i,X-Forwarded-For} | %A%t%h%l%u%r%s%b%T%I" directory="${jboss.home.dir}" prefix="access" suffix=".log" worker="default"/>
So it basically logs the X-Forwarded-For header.
It works just fine for HTTP connections, but it prints a single - character instead of the client's real IP address when a websocket connection is made.
I've found this bug ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1313395, but there seems to be a commit that fixes the problem.
Is there a way to get the user's real IP address in this situation?

Nginx reverse proxy DNS configuration

I am looking to deploy an nginx/dns server on a vps proxy that maps to the real back-end in a different geographical location. The back-end runs apache,mysql,dovecot,postfix. It is a pay-for mail server. The users get entered through apache through php into mysql, and when users set up IMAP, dovecot/postfix pools them from mysql and delivers or uses the smtp outbound.
I read about something in the nginx.conf file, that I can declare the mail hostname on the proxy as so:
mail {
server_name mail.example.com;
...
}
This mail.example.com is the actual mx for the example.com mail exchanger listed in DNS? Here is where that came from:
"As you can see, we declared the name of this server at the top of the mail context.
This is because we want each of our mail services to be addressed as mail.example.
com. Even if the actual hostname of the machine on which NGINX runs is different,
and each mail server has its own hostname, we want this proxy to be a single point
of reference for our users. This hostname will in turn be used wherever NGINX
needs to present its own name, for example, in the initial SMTP server greeting."
So from my understanding, the physical hostname of the proxy should be something else besides mail.example.com. So in DNS on the proxy, I can define that as anyhost.example.com? The proxy also proxies back to my apache on the back-end.
Finally, on the back-end, how do I set up my DNS for that? What hostname do I choose for the actual box running apache,mysql,dovecot,postfix? Its all on one box. I understand that on the registrar, I point 2 nameservers, these should be two proxies, that way running a dig would only pull up the proxies and the MX which should be "known" to be on the proxy.
in your case where all of the services in one box including the proxy, you can set the apache, mysql and other services accessible only from localhost / 127.0.0.1. Then from nginx you put
upstream: 127.0.0.1:80
upstream: 127.0.0.1:3306
therefore the nginx is serving frontend request and forward them to designated services

Exchange SQL Server 2008 Database Mail issue

In my web application I have created a mail sender class and set the configurations of web.config file like this:
<mailSettings>
<smtp deliveryMethod="PickupDirectoryFromIis">
<network host="smtp.domain.com"
port="587"
userName="mail#domain.com"
password="password"/>
</smtp>
</mailSettings>
This is sending email. But SQL Server database mail can not send mail with the same account info.
Only one difference is PickupDirectoryFromIis .
Is there any setting on exchange server?
In the SQL Server Logs the errors are following.
Message
The mail could not be sent to the recipients because of the mail
server failure. (Sending Mail using Account 2 (2012-09-30T16:55:04).
Exception Message: Cannot send mails to mail server. (The SMTP server
requires a secure connection or the client was not authenticated. The
server response was: 5.7.1 Client was not authenticated).
Looks like this is a Authentication issue or port no issue.
Authentication Issue:
—————————-
Please make sure you have put the information as explained below:
Server name: smtp.gmail.com ( this is really important)
port no: 587 ( on many website this is given as 465 which is wrong, use 587 )
Check : This server requires a secure connection
Check Basic Authentication
username: youremailid#gmail.com ( should have gmail.com)
password: XXXXXXXXXXXXX
confirm password: confirm your password
Port No Issue:
——————–
Make sure port 587 is opened in your machine if you are following above example. If you are using any other port number (usually its port 25) to set up database mail in your office, make sure you speak with your security team and ask them to unblock port 25. Once they unblock port 25, your databasemail will work.
Network Connectivity:
—————————–
Also check network connectivity from your machine, if you can connect to internet from your machine on which you are testing your database mail. To test, do the following
Start- Run- type cmd – Hit Enter
Type ping gmail.com -t and then hit enter.
If output displays as Request timed out, it actually means there is network connectivity problem. Otherwise, your network connectivity is good.

Need help setup windows server 2008 SMTP server

I am trying to setup windows server 2008 smtp server to relay emails to gmail smtp. Everything appears to be setup but it is not sending emails. Could you please help me figure out whats wrong.
Below is the setup:
Windows server 2008 with SMTP server
feature installed. Need SMTP server
to forward all messages to gmail smtp
server to send.
I have google apps setup for my
domain, also I can send emails
throught my test app using
gmail smtp.
SMTP Server Configuration: By default has default smtp server virtual directory.
In Properties of that virtual smtp server changed following.
Fully qualified domain name = mydomain.com
smart host = smtp.gmail.com
TCP Port = 587
Out Bound Security = Basic Authentication(my username password for google apps email account)
In domains list under virtual smtp server. I have one default domain that's server dns. I added another one for my domain name.
With above setup i am trying to redirect all email to gmail smtp.
I tested connection to smtp.gmail.com from server on port 587 through telnet and it works.
I am trying to use above server from my web application also by just dropping emails in pickup directory. It get's picked up and also accepts request form web application but never sends an email.
I can see that it adds those emails in queue folder but it stays there forever.
When i try to send emails from web app to above server it rejects if To address is other than my domain.(Am i missing something in list of domains)
Thanks for all answers, finally found solution there is a property for maximum sessions which value was 0 by default. Changed it to 100 and it send all pending emails immediately.
Possible reasons are that some SMTP servers block the outgoing messages if there domain name mismatch, possible to prevent spam mails from being sent. So for example, I will not be able to send my email with an address abc#mydomain.com from my domain yourdomain.com.
Hope that helps.
Ensure your sending domain is the same as the google apps domain
Ensure your sending address is a real address and not just an alias
IIRC you need to use STARTTLS (SSL) not basic authentication
This souds like a DNS issue. Check your /badmail directory. It will have .bad and .bdp files in there. You can open these in notepad (there will be some binary in there).
However, it may point to the possible problem.
You may also want to try and enable logging on the SMTP service. There may be something in there.