proxsmtpd not forwarding to green

This forum is for all copfilter version 2 support related questions in English. (IPCop version 2)
Post Reply
ljr0
Posts: 122
Joined: 21 Jan 2010 22:03

proxsmtpd not forwarding to green

Post by ljr0 » 17 Feb 2011 22:58

I have 2 IPCOP boxes feeding my mail server on the green network. They both use to be 1.4.21 and copfilter 0.84beta4 and they both worked fine. There are no other addons on either of these boxes. So, I decided to try the new v2 on one of the boxes. I installed both IPCOPv2 and Copfilter v2 and set up Copfilter exactly as the original one.

All the mail coming to the Copfilter v2 box reaches the mail server and then immediately disconnects. There's no other info on the mail server except that it now connects on it's public address.

I don't mean that to be confusing. On the mail server, the original Copfilter box connected to the server on it's green network IP address, i.e. 10.11.100.15. My mail server is on the green network at 10.11.100.2. Now the mail log no longer shows this GREEN address, it now shows the RED IP address of the copfilter box. I don't suppose this is a problem, my mail server is configured to listen on all IP addresses and I can connect to the mail server from other IP addresses.

This is the web readout when I start proxsmtpd


Restarting proxsmtpd..
proxsmtpd is not running
waiting 0 second(s)
removing firewall rules
proxsmtpd is not running
No firewall rules active, proxsmtp mail filtering not active
Iptables firewall rules active:
using RED IP Alias Address: xx.xx.xx.xx
Configured with MAIL Server on network: GREEN
SMTP Traffic Scanning enabled on RED: wan-1
starting proxsmtpd
sent a HUP signal to monit waiting 1 second(s) waiting 1 second(s)
proxsmtpd is running with PID 16751
Iptables firewall rules active:
Table: nat Chain: PREROUTING 3 160 REDIRECT tcp -- wan-1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 redir ports 10025
Table: nat Chain: PREROUTING 0 0 REDIRECT tcp -- wan-1:0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 redir ports 10025
Table: filter Chain: INPUT 6 280 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10025
Table: nat Chain: OUTPUT 3 132 DNAT tcp -- * * xx.xx.xx.xx xx.xx.xx.xx tcp dpt:25 to:10.11.100.2:25
Table: nat Chain: OUTPUT 0 0 DNAT tcp -- * * xx.xx.xx.xx xx.xx.xx.xx tcp dpt:25 to:10.11.100.2:25
Table: nat Chain: POSTROUTINGI 4 176 SNAT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:25 to:xx.xx.xx.xx
Table: nat Chain: POSTROUTING 0 0 SNAT tcp -- * * 10.11.100.0/24 10.11.100.2 tcp dpt:25 to:10.11.100.15

This is the log file var/log/messages

Feb 17 12:50:59 ipcop2 kernel: GREEN REJECT IN=lan-1 OUT= MAC=00:14:d1:3c:65:ae:00:12:3f:93:79:af:08:00 SRC=10.11.100.2 DST=10.11.100.15 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=32377 PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 17 12:51:00 ipcop2 kernel: GREEN REJECT IN=lan-1 OUT= MAC=00:14:d1:3c:65:ae:00:12:3f:93:79:af:08:00 SRC=10.11.100.2 DST=10.11.100.15 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=32397 PROTO=UDP SPT=137 DPT=137 LEN=76

I noticed that your updates to Copfilter v2 indicated there was some issue with proxsmtpd and the iptables. I've downloaded the most recent versions and I've installed clamav v97 as well. Is there somewhere else I should be looking or another way to test. There's no telnet in ipcop so I can't check what the server's actually seeing when it connects. Please advise

karesmakro
Site Admin
Posts: 1280
Joined: 09 Dec 2009 21:17

Re: proxsmtpd not forwarding to green

Post by karesmakro » 17 Feb 2011 23:21

At this moment I'm working on some fixes and preparing an update. All the rules was from this time, as I was searching for proxsmtp bug and forgot, to test some init scripts before publishing the beta release :(
Here you can find the fixed init scripts, which I was testing with ron (thanks again, ron)

http://www.it-connect-unix.de/copfilter ... -v2.tar.gz
md5sum: 10b0a65306438714f908c1d7735f6d2a

There are 3 files, which you all have to copy in right location (copfilter_monit, copfilter_p3scan, copfilter_proxsmtp)

p.s.: Your messages log file shows only rejectet netbios-ns requests

ljr0
Posts: 122
Joined: 21 Jan 2010 22:03

Re: proxsmtpd not forwarding to green

Post by ljr0 » 19 Feb 2011 02:26

Oops. I only copied the last lines that I saw connecting to my mail server. I'll use the updates you have here and see if it makes a difference.
Thanks

ljr0
Posts: 122
Joined: 21 Jan 2010 22:03

Re: proxsmtpd not forwarding to green

Post by ljr0 » 01 Mar 2011 02:52

Well those didn't work. I not seeing any rejects in /var/log/messages, but it still connects and then immediately disconnects.

I'm also not getting the smtp 220 passthru hello message I get when I try to attach through the v0.84beta4 server.

Going to check your new release.

ljr0
Posts: 122
Joined: 21 Jan 2010 22:03

Re: proxsmtpd not forwarding to green

Post by ljr0 » 01 Mar 2011 03:12

After upgrading to V5, the Red interface is actively rejecting anything connecting to port 25.

Technopainting
Posts: 26
Joined: 29 Jul 2010 11:34

Re: proxsmtpd not forwarding to green

Post by Technopainting » 06 Mar 2011 00:43

Hi Kares,

I do have the same problem. I just wanted to moved my demo-and test cop with V2 to my production system. I removed the old versions from copfilter and made an update.

Perhaps I made a mistake because in the past the main traffic went through the old 1.4 cop but in fact the V2-cop is now dropping all port 25 accesses on the red interface.

Any suggestions?

Andreas

karesmakro
Site Admin
Posts: 1280
Joined: 09 Dec 2009 21:17

Re: proxsmtpd not forwarding to green

Post by karesmakro » 06 Mar 2011 13:05

There was already a new copfilter_proxsmtpd file, which ljr0 tested for me (thanks), but ...
I want to build a test environmen, because it seems, that opening port 25 on IPCop do not solve this issue!
I'll keep you inform, if there are any news!

Technopainting
Posts: 26
Joined: 29 Jul 2010 11:34

Re: proxsmtpd not forwarding to green

Post by Technopainting » 06 Mar 2011 15:45

Thanks for this update and I am waiting for your feedback.

Andreas

karesmakro
Site Admin
Posts: 1280
Joined: 09 Dec 2009 21:17

Re: proxsmtpd not forwarding to green

Post by karesmakro » 21 Mar 2011 00:51

Here you'll find the newest bugfixed mailscanner.sh, where addresses where added more than once to whitelist database, if the automatically adding whitelist function is activated on SMTP Copfilter GUI (thanks, Technopainting for reporting!)

download: http://www.it-connect-unix.de/copfilter ... telist.tgz
md5sum: 6338af5ead3719fbe3ab3cdd5e54b6aa

This mailscanner.sh version is running on both versions: v1 and v2

replace instructions:

Code: Select all

tar xzf mailscanner-v2-whitelist.tgz
cd mailscanner-v2-whitelist
cp -a /root/copfilter/opt/tools/bin/mailscanner.sh /root/copfilter/opt/tools/bin/mailscanner.sh-orig
cp -aR ./mailscanner.sh /root/copfilter/opt/tools/bin
regards

ljr0
Posts: 122
Joined: 21 Jan 2010 22:03

Re: proxsmtpd not forwarding to green

Post by ljr0 » 29 Mar 2012 05:10

That file did not work. I'm still getting the same message: SERVER: couldn't connect to: xx.xx.xx.xx:25: Transport endpoint is not connected.

The xx.xx.xx.xx IP address is my RED interface address of which I only have one setup on this server. Obviously it is connecting to that address or I wouldn't be getting any messages. The endpoint not being connect is true because the server is not letting the packets back out the red interface to my pubic server. However, prior to this update file you sent me, it would at least attach connect to the second proxy at 10.11.100.5, but showed it's address as the RED interface address. Now it is not connecting to the second proxy at all.

Post Reply