|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Exchange/DMZ/postfix
From: Andrew (jasari_i
yahoo.com)
Date: Fri Dec 03 2004 - 20:16:19 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--- Charles Quesenberry <quesenberrypeak.org> wrote:
> On Fri, 2004-12-03 at 16:48 -0800, Andrew wrote:
> > Hi,
> >
> > I'm new to messaging and have been having a lot of
> > trouble getting this to work.
> >
> > I work in a small school (K-12)and I want to give
> the
> > older children an email account. So I decided to
> use
> > exchange but also wanted to use postfix as a mail
> > relay.
If I run netstat -ant from the postfix machine I get:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address
Foreign Address State
tcp 0 0 0.0.0.0:1025
0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111
0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000
0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631
0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5335
0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25
0.0.0.0:* LISTEN
tcp 1 0 127.0.0.1:25
127.0.0.1:1042 CLOSE_WAIT
tcp 1 0 127.0.0.1:25
127.0.0.1:1043 CLOSE_WAIT
tcp 0 0 127.0.0.1:25
127.0.0.1:1044 ESTABLISHED
tcp 1 0 127.0.0.1:25
127.0.0.1:1029 CLOSE_WAIT
tcp 1 0 127.0.0.1:25
127.0.0.1:1034 CLOSE_WAIT
tcp 0 0 :::22 :::*
LISTEN
tcp 0 0 ::ffff:192.168.2.201:22
::ffff:192.168.1.60:1778 ESTABLISHED
tcp 0 0 ::ffff:127.0.0.1:1044
::ffff:127.0.0.1:25 ESTABLISHED
If I try to telnet to postfix from a machine in the
LAN I get "could not open connection to host on port
25"
If I stop IPTables I get the same response. I also get
the same response from machines whether they're in the
LAN or the DMZ.
Thanks
> >
> > I followed the instructions on this website:
> >
> >
>
http://postfix.state-of-mind.de/patrick.koetter/mailrelay/
> >
> > but am still failing miserably.
> >
> > My network uses NAT. The teaching section is
> > 192.168.1.0/24 and my DMZ is 192.168.2.0/24. I use
> > smoothwall as the firewall
> > (http://smoothwall.org/about/)
> >
> > The LAN side domain is called teaching.local and I
> > have a registered domain called "domain.com" (I've
> > changed the UPN section in the exchange so I don't
> > think this is the problem)and sorted the MX
> record. I
> > have put a mailserver in the DMZ and know that
> > everything is working in the sence that I can send
> > mail to and from this machine.
> >
> > The postfix machine in the DMZ has an IP address
> of
> > 192.168.2.200
> >
> > The Exchange server is 192.168.1.60/24.
> >
> > The DMZ allows access to:
> >
> > TCP ALL 25 192.168.2.200 25
> > TCP ALL 110 192.168.2.200 110
> >
> > My main.cf looks like this:
> >
> > soft_bounce = no
> > command_directory = /usr/sbin
> > daemon_directory = /usr/libexec/postfix
> > local_recipient_maps =
> > unknown_local_recipient_reject_code = 444450
> > mynetworks = 192.168.1.0/24, 192.168.2.0/24
> > relay_domains = $mydestination, domain.com,
> > mail.domain.com
> > relay_recipient_maps =
> > hash:/etc/postfix/relay_recipients
> >
> > transport_maps = hash:/etc/postfix/transport
> > debug_peer_level = 2
> > debugger_command =
> > PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> > xxgdb $daemon_directory/$process_name
> $process_id &
> > sleep 5
> >
> > sendmail_path = /usr/sbin/sendmail.postfix
> > newaliases_path = /usr/bin/newaliases.postfix
> > mailq_path = /usr/bin/mailq.postfix
> > setgid_group = postdrop
> > html_directory = no
> > manpage_directory = /usr/share/man
> > sample_directory =
> > /usr/share/doc/postfix-2.1.5/samples
> > readme_directory =
> > /usr/share/doc/postfix-2.1.5/README_FILES
> > mydestination = $myhostname, localhost.$mydomain,
> > $mydomain
> >
> > I have IPTABLES as a firewall and have amongst
> other
> > basic rules set to ACCEPT tcp -- anywhere anywhere
> > state NEW tcp dpt:smtp
> >
> > If I log on to the machine locally I can telnet on
> > port 25 using 127.0.0.1 and get a greeting if I
> use
> > 192.168.2.201 I get nothing and if I do
> > mail.domain.com the same.
> >
>
> I would solve this problem first.
>
> What IP address is Postfix listening on? Some
> distro's set it to listen
> on only the loopback. What is the output of
> 'netstat -ant'?
>
> What happens if you stop iptables/smoothwall? Can
> you telnet into port
> 25 from a different machine then?
>
>
> Chuck
>
>
>
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]