[BlueOnyx:01187] Re: Problems with nat

Thomas Andreassen thomas.andreassen at arctictelecom.no
Wed May 6 17:31:27 -05 2009 

Yes. My firewall is blocking the "spam" coming out. (I use another server for my outgoing SMTP, and just block all smtp traffic from my own smtp, if not, I will send tons of spam from others using my ip as smtp. But, as told. My postmaster account get an error from all mail that my smtp try to send.)

As I have understand my dst-nat is portforwarding, and netmap is redirection. Netmap should not change the source IP, but dst-nat will. ( don't kill me if I am wrong) but on qmail, dst-nat rule made the qmail to get the source ip as my gateway, but on netmap, it got the real sender's IP. Sendmail got my gateway with both those rules.

I have to have my internal ip open for realy to recive any to my own addresses.  If I take the 192.168.x.0 net out of my relay, the box just drop all mail, also the mail for my domain. It may be something I have misunderstand here.

There is one other ting that may be wrong, and make the issue. When I installed the server, it setup the hostname "mail" and domain "xyz.net". I just wonder, when I then have a viritual host called "(www) xyz.net", may this make the issue? Should the server itself be on another domain than any of the virtual sites? (With the email users) (example "zyx.com" not anything in xyz.net domain)


Thomas A


-----Opprinnelig melding-----
Fra: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it] På vegne av Chris Gebhardt - VIRTBIZ Internet
Sendt: 7. mai 2009 00:12
Til: BlueOnyx General Mailing List
Emne: [BlueOnyx:01185] Re: Problems with nat

Thomas Andreassen wrote:
> This is not a general blueonyx problem I think, but an sendmail issue I have tried to solve, but is stuck.
> 
> I have an inbound nat to port 25 on my blueonyx, from my external IP. This is working great. But, it acts as an open relay. When my sendmail get the smtp mail, it think that all mail is sent from internal net, and relays it. The /var/log/maillog say that bla bla bla from 192.168.x.1 and relay the mail. 
> 
> The postmaster account is also spammed with reject mail when I put som firewall rules on my router. (mikrotik)
> 
> I have tried both netmap and dst-nat rules to try to get the server to understand that the sender ip, is not my nat box, but the other SMTP servers IP address. (qmail get this without problem with both netmap and dst-nat)
> 
> The issue was not an issue when I used qmail, who do not accts as default relay. 
> 
> I don't know if there is a solution to this, but all hint are welcome.
> 
> Sorry if this is the wrong mailinglist to ask. (but I had no problems using clarkconnect or deeproot who use qmail, and I think this may be a problem for other ppl too).

I'm guessing that you're really using port-forwarding/redirection?

Do you have your allowed relay set for your gateway's IP address?  If 
so, then the BX box is going to just relay blindly from that IP (since 
that's what it is being told to do).   I would instead  pull your 
gateway (the router) IP address out of there.   Then the BX box should 
only relay for the domains it hosts.

Or perhaps I'm misunderstanding your setup.

When you say your postmaster account is "spammed", do you really mean 
that you're getting a bunch of rejection messages (NDRs) because the 
messages won't go out?  In that case, make sure you check your firewall 
rules to be sure that you're not blocking something you shouldn't be.

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
_______________________________________________
Blueonyx mailing list
Blueonyx at blueonyx.it
http://www.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list