|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Exchange/DMZ/postfix
From: Andrew (jasari_i
yahoo.com)
Date: Fri Dec 03 2004 - 20:24:22 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--- Andrew <jasari_iyahoo.com> wrote:
>
> --- Charles Quesenberry <quesenberrypeak.org>
> wrote:
>
> > On Fri, 2004-12-03 at 16:48 -0800, Andrew wrote:
> > > Hi,
> > >
> > > I'm new to messaging and have been having a lot
> of
> > > trouble getting this to work.
> > >
> > > I work in a small school (K-12)and I want to
> give
> > the
> > > older children an email account. So I decided to
> > use
> > > exchange but also wanted to use postfix as a
> mail
> > > relay.
>
> If I run netstat -ant from the postfix machine I
> get:
>
> Active Internet connections (servers and
> established)
> Proto Recv-Q Send-Q Local Address
> Foreign Address State
> tcp 0 0 0.0.0.0:1025
> 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:111
> 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:10000
> 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:631
> 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:5335
> 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:25
> 0.0.0.0:* LISTEN
> tcp 1 0 127.0.0.1:25
> 127.0.0.1:1042 CLOSE_WAIT
> tcp 1 0 127.0.0.1:25
> 127.0.0.1:1043 CLOSE_WAIT
> tcp 0 0 127.0.0.1:25
> 127.0.0.1:1044 ESTABLISHED
> tcp 1 0 127.0.0.1:25
> 127.0.0.1:1029 CLOSE_WAIT
> tcp 1 0 127.0.0.1:25
> 127.0.0.1:1034 CLOSE_WAIT
> tcp 0 0 :::22 :::*
>
> LISTEN
> tcp 0 0 ::ffff:192.168.2.201:22
> ::ffff:192.168.1.60:1778 ESTABLISHED
> tcp 0 0 ::ffff:127.0.0.1:1044
> ::ffff:127.0.0.1:25 ESTABLISHED
>
>
> If I try to telnet to postfix from a machine in the
> LAN I get "could not open connection to host on port
> 25"
>
>
> If I stop IPTables I get the same response. I also
> get
> the same response from machines whether they're in
> the
> LAN or the DMZ.
>
> Thanks
> > >
> > > I followed the instructions on this website:
> > >
> > >
> >
>
http://postfix.state-of-mind.de/patrick.koetter/mailrelay/
> > >
> > > but am still failing miserably.
> > >
> > > My network uses NAT. The teaching section is
> > > 192.168.1.0/24 and my DMZ is 192.168.2.0/24. I
> use
> > > smoothwall as the firewall
> > > (http://smoothwall.org/about/)
> > >
> > > The LAN side domain is called teaching.local and
> I
> > > have a registered domain called "domain.com"
> (I've
> > > changed the UPN section in the exchange so I
> don't
> > > think this is the problem)and sorted the MX
> > record. I
> > > have put a mailserver in the DMZ and know that
> > > everything is working in the sence that I can
> send
> > > mail to and from this machine.
> > >
> > > The postfix machine in the DMZ has an IP address
> > of
> > > 192.168.2.200
> > >
> > > The Exchange server is 192.168.1.60/24.
> > >
> > > The DMZ allows access to:
> > >
> > > TCP ALL 25 192.168.2.200 25
> > > TCP ALL 110 192.168.2.200 110
> > >
> > > My main.cf looks like this:
> > >
> > > soft_bounce = no
> > > command_directory = /usr/sbin
> > > daemon_directory = /usr/libexec/postfix
> > > local_recipient_maps =
> > > unknown_local_recipient_reject_code = 444450
> > > mynetworks = 192.168.1.0/24, 192.168.2.0/24
> > > relay_domains = $mydestination, domain.com,
> > > mail.domain.com
> > > relay_recipient_maps =
> > > hash:/etc/postfix/relay_recipients
> > >
> > > transport_maps = hash:/etc/postfix/transport
> > > debug_peer_level = 2
> > > debugger_command =
> > >
> PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> > > xxgdb $daemon_directory/$process_name
> > $process_id &
> > > sleep 5
> > >
> > > sendmail_path = /usr/sbin/sendmail.postfix
> > > newaliases_path = /usr/bin/newaliases.postfix
> > > mailq_path = /usr/bin/mailq.postfix
> > > setgid_group = postdrop
> > > html_directory = no
> > > manpage_directory = /usr/share/man
> > > sample_directory =
> > > /usr/share/doc/postfix-2.1.5/samples
> > > readme_directory =
> > > /usr/share/doc/postfix-2.1.5/README_FILES
> > > mydestination = $myhostname,
> localhost.$mydomain,
> > > $mydomain
> > >
> > > I have IPTABLES as a firewall and have amongst
> > other
> > > basic rules set to ACCEPT tcp -- anywhere
> anywhere
> > > state NEW tcp dpt:smtp
> > >
> > > If I log on to the machine locally I can telnet
> on
> > > port 25 using 127.0.0.1 and get a greeting if I
> > use
> > > 192.168.2.201 I get nothing and if I do
> > > mail.domain.com the same.
> > >
> >
> > I would solve this problem first.
> >
> > What IP address is Postfix listening on? Some
> > distro's set it to listen
> > on only the loopback. What is the output of
> > 'netstat -ant'?
> >
> > What happens if you stop iptables/smoothwall? Can
> > you telnet into port
> > 25 from a different machine then?
> >
> >
> > Chuck
> >
> >
> >
>
>
>
>
> __________________________________
> Do you Yahoo!?
> The all-new My Yahoo! - What will yours do?
> http://my.yahoo.com
>
Sorry I meant to say the machine is listening on all
interfaces.
Thanks
__________________________________
Do you Yahoo!?
Send holiday email and support a worthy cause. Do good.
http://celebrity.mail.yahoo.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]