DMZ emails to LAN proxmox

[Jlux]

Hi all

I have a proxmox server sitting inside a lan behind a firewall and 2 webservers sitting in a public dmz. My issue is that I would like to give the webservers the ability to email from the DMZ to outside company emails addresses through the proxmox in the LAN.
What I have tried so far is as follows
1. Add the public web addresses to the allow relay list in proxmox
2. Opening port 26 and port forwarding that port to proxmox on the firewall
3. Forcing my public dmz webservers to use port 26 to sent smtp emails
4. Opening file main.cf.in in linux and added the dmz address to the mynetworks.

The port forwarding for both port 25 and 26 goes to the proxmox

When I send the emails I see that the port forward works and the proxmox gets connected by the public dmz address but then I see a disconnect right away after and that is it.

What can I do to solve this issue. Thanks in Advance

 

[dietmar]

4. Opening file main.cf.in in linux and added the dmz address to the mynetworks.

Please use the web interface to add the address:

Configuration/MailProxy/Networks

Simply editing the template will not work.

When I send the emails I see that the port forward works and the proxmox gets connected by the public dmz address but then I see a disconnect right away after and that is it.

Looks like a firewall issue if you simply get a disconnect without further info. Please use telnet for testing:

# telnet IPADDRESS 26

to see if you can establish a connection manually.

- Dietmar

 

[Jlux]

Sorry maybe I wasn't clean enough in the first post. I have added the public dmz IP address to the mail proxy/networks list in the web interface. I now have listed there my internal lan subnet and 2 public dmz Ip addresses. I can telnet on port 26 from the public dmz in through the firewall to reach the proxomx. I get a response from the proxomx using telnet 26 so I know its working. As far as a firewall issue, if a firewall was blocking it the proxomx wouldn't show a connection and then drop connection in the real time list because it wouldn't get through the firewall. Is there anything else I can do.

Thanks

 

[dietmar]

Please can you post the corresponding syslog entries.

 

[Jlux]

This around the time of the email being sent. The IP address that the email is being sent on is 202.86.214.107. I have including extra syslog enteries from before and after in case you needed anything else.

Thanks for all your help


2009-01-13 03:56:12 Mail.Info 192.168.2.40 postfix/smtpd[18401]: lost connection after RCPT from a25.sub248.net78.udm.net[78.85.248.25]
2009-01-13 03:56:12 Mail.Info 192.168.2.40 postfix/smtpd[18401]: disconnect from a25.sub248.net78.udm.net[78.85.248.25]
2009-01-13 03:56:12 Mail.Info 192.168.2.40 postfix/smtpd[18390]: connect from unknown[92.47.99.15]
2009-01-13 03:56:14 Mail.Info 192.168.2.40 postfix/smtpd[18390]: NOQUEUE: reject: RCPT from unknown[92.47.99.15]: 504 5.5.2 <user-4fc82332be>: Helo command rejected: need fully-qualified hostname; from=<uwkqk@blueberrycake.com> to=<eoncambitzi@tacticsconsulting.com.au> proto=ESMTP helo=<user-4fc82332be>
2009-01-13 03:56:15 Mail.Info 192.168.2.40 postfix/smtpd[18390]: lost connection after DATA from unknown[92.47.99.15]
2009-01-13 03:56:15 Mail.Info 192.168.2.40 postfix/smtpd[18390]: disconnect from unknown[92.47.99.15]
2009-01-13 03:56:15 Mail.Info 192.168.2.40 postfix/smtpd[18180]: connect from 202-86-214-107.telarus.com.au[202.86.214.107]
2009-01-13 03:56:18 Mail.Info 192.168.2.40 postfix/smtpd[18180]: disconnect from 202-86-214-107.telarus.com.au[202.86.214.107]
2009-01-13 03:56:25 Mail.Info 192.168.2.40 postfix/smtpd[18401]: connect from unknown[204.116.144.232]
2009-01-13 03:56:25 Mail.Info 192.168.2.40 postfix/smtpd[18401]: NOQUEUE: reject: RCPT from unknown[204.116.144.232]: 504 5.5.2 <NKQITXGII>: Helo command rejected: need fully-qualified hostname; from=<sentimentalyeq26@ericoind.com> to=<addrallenbroadfoot@tacticsconsulting.com.au> proto=ESMTP helo=<NKQITXGII>
2009-01-13 03:56:25 Mail.Info 192.168.2.40 postfix/smtpd[18401]: lost connection after DATA from unknown[204.116.144.232]
2009-01-13 03:56:25 Mail.Info 192.168.2.40 postfix/smtpd[18401]: disconnect from unknown[204.116.144.232]
2009-01-13 03:56:30 Mail.Info 192.168.2.40 postfix/smtpd[18180]: connect from unknown[94.189.238.225]
2009-01-13 03:56:32 Mail.Info 192.168.2.40 postfix/smtpd[18180]: NOQUEUE: reject: RCPT from unknown[94.189.238.225]: 554 5.7.1 Service unavailable; Client host [94.189.238.225] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=94.189.238.225;

 

[dietmar]

And which is the DMZ IP address?

 

[dietmar]

Ok, found the DMZ IP in your post (sorry for the stupid question above):

2009-01-13 03:56:18 Mail.Info 192.168.2.40 postfix/smtpd[18180]: disconnect from 202-86-214-107.telarus.com.au[202.86.214.107]
2009-01-13 03:56:25 Mail.Info 192.168.2.40 postfix/smtpd[18401]: connect from unknown[204.116.144.232]

And how does the log look when you connect using telnet? What firewall Model/Version do you have?

 

[Jlux]

Hi

The log files look exactly the same as above. I see a connect and disconnect from the IP address in the real-time logs.

The firewall is a Netgear FVS318v3. Everything seems to be working fine on the firewall.

Any other ideas?

 

[dietmar]

The log files look exactly the same as above. I see a connect and disconnect from the IP address in the real-time logs.

Confused - you wrote earlier that telnet works. Please issue some SMTP command when testing with telnet to see if it really works?

The firewall is the only conmponent between, so I am quite sure the problem is there. Maybe you can use tcpdump to see what happens to the TCP/IP packets.

 

[Jlux]

I am pretty sure this means I am connecting to the server. If the firewall was blocking it I wouldn't be able to communicate with the Proxmox.

220 proxmox.tacticsconsulting.com.au ESMTP Proxmox
Helo
501 Syntax: HELO hostname
mail from sa-demotactics@tacticsconsulting.com.au
503 5.5.1 Error: send HELO/EHLO first
HELO
501 Syntax: HELO hostname
HELO Proxmox
502 5.5.2 Error: command not recognized
HELO mail.orstead.com.au
250 proxmox.tacticsconsulting.com.au
mail from sa-demotactics@tacticsconsulting.com.au
501 5.5.4 Syntax: MAIL FROM:<address>
RCPT to monitoring@orstead.com.au
503 5.5.1 Error: need MAIL command

 

[dietmar]

Ok, so it work with telnet, and fails with postfix.

That is quite strange. We already observed such errors with other firewalls. The problem is usually that the firewall resize the TCP/IP packtes (MTU resizing). Did you enable such thing on your firewall?

- Dietmar

 

[Jlux]

Sorry MTU size is set to default which is 1500

 

[dietmar]

The only component between is the firewall. It works with telnet, but not with standard postfix. So something strange is going on (firewall bug?)