SMTP does not work after IP address change

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

blentini
Posts: 14
Joined: Sat Dec 23, 2006 10:31 am
Location: Boston, MA
Contact:

SMTP does not work after IP address change

Postby blentini » Mon Feb 12, 2007 6:25 pm

Hi,

I have some users that use authenticated smtp. This weekend we changed the IP on the server so that it could be behind a firewall.

Everything works except SMTP users. These users get "denied due to spam list" whenever they try to send mail to anyone besides local users. Does anyone have a clue what might be wrong. I have a feeling it has something to do with the smtp authentication, but I have no idea how to fix it.

Any help will be greatly appreciated.

blentini
Posts: 14
Joined: Sat Dec 23, 2006 10:31 am
Location: Boston, MA
Contact:

Postby blentini » Mon Feb 12, 2007 6:29 pm

Here is what I see in the log

REPORT SMTP Relay (SMTPD Relay Pr) 02.12.07 16:52:31
[OM.DMON 2172] SMTP: Rejected relay attempt from mustik@SOMEDOMAIN.com at 68.236.122.5 to bob.lentini@SOMEDOMAIN.com

mito
Posts: 194
Joined: Fri Mar 24, 2006 11:33 am

Postby mito » Mon Feb 12, 2007 11:30 pm

Easy steps first: search the forums and check the wiki... I had this exact problem back in october/september, and now there's a HowTO in the wiki about this:

HowTos/ChangeIP

Check that page over and see if it fixes your problems... if not I would suggest going through your smtpd.cfg and see if you see any oddities, if not, post the relevant (uncommented) lines here and someone is sure to help.

Mito

kanderson

Postby kanderson » Tue Feb 13, 2007 1:12 am

if you check in /var/opt/scalix/??/s/sys/smtpd.conf you'll find a line authorizing relaying from your old IP address. You'll want to add/change it to include 68.236.122.5 (based on your below example).

Kev.

blentini
Posts: 14
Joined: Sat Dec 23, 2006 10:31 am
Location: Boston, MA
Contact:

Postby blentini » Tue Feb 13, 2007 9:20 am

I can certainly add the IP for people that are in my office, but we have remote users that use smtp as well. I was relying on the smtp authentication to handle that. Are there any other suggestions? It appears to me that the SMTP Auth is not working. Is there any way to check this?

Also we are behind a firewall. The local system IP is different from the actual IP people are connecting to. I think this might have more to do with that is going on. I have scoured the forums and I haven't come up with anything that describes this. I did change the IP the same way it was described in the how to. Thanks for the link.

kanderson

Postby kanderson » Tue Feb 13, 2007 11:13 am

But is your SERVER's new IP listed in there as being authorized for relaying?

blentini
Posts: 14
Joined: Sat Dec 23, 2006 10:31 am
Location: Boston, MA
Contact:

Postby blentini » Tue Feb 13, 2007 11:38 am

Here is what I have in the config. I masked out the IPs for security reasons. I added notes to describe what they are.

RELAY accept 127.0.0.1 (Note: localhost)
RELAY accept xxx.xxx.xxx.xxx (Note: actual IP assigned to the NIC card)
RELAY accept xxx.xxx.xxx.xxx (Note: Public IP that is translated in the firewall)


Thanks for your help. Keep in mind that these are smtp users. They are using thunderbird and other clients. I just want them to authenticate and be able to send mail using this smtp server. All other functions of scalix works. My outlook clients work fine.

kanderson

Postby kanderson » Tue Feb 13, 2007 11:50 am

You probably don't want the bottom of those 3 lines, actually.

In your logfile, both the sender and the recipient have the same domain. Is that the domain of your server? 'cause that's not relaying, that's just submitting.

You're certain that SMTP authentication is turned on and being used by the sender?

Kev.

blentini
Posts: 14
Joined: Sat Dec 23, 2006 10:31 am
Location: Boston, MA
Contact:

Postby blentini » Tue Feb 13, 2007 12:57 pm

Just got it working. If your running a Cisco PIX with the SMTP fixup, it messes with the authentication.

Thanks so much for all your help.

mito
Posts: 194
Joined: Fri Mar 24, 2006 11:33 am

Postby mito » Tue Feb 13, 2007 1:34 pm

blentini wrote:Just got it working. If your running a Cisco PIX with the SMTP fixup, it messes with the authentication.

Thanks so much for all your help.


That's actually a very good thing to know... as I have 2 or 3 of those, just not in front of my mailserver.

What did you have to do to fix it? This would be good info for the wiki as well

blentini
Posts: 14
Joined: Sat Dec 23, 2006 10:31 am
Location: Boston, MA
Contact:

Postby blentini » Tue Feb 13, 2007 1:52 pm

You need to remove the fixup. I believe the command is "no smtp fixup"

Our servers are hosted, so I don't have my own pix anymore to play with.

mito
Posts: 194
Joined: Fri Mar 24, 2006 11:33 am

Postby mito » Tue Feb 13, 2007 1:54 pm

blentini wrote:You need to remove the fixup. I believe the command is "no smtp fixup"

Our servers are hosted, so I don't have my own pix anymore to play with.


Ah, well, the fact that you had it enabled made me think that you needed it enabled for some reason. I haven't hosted behind a pix yet so I didn't know if it would be necessary...

blentini
Posts: 14
Joined: Sat Dec 23, 2006 10:31 am
Location: Boston, MA
Contact:

Postby blentini » Tue Feb 13, 2007 1:56 pm

Yeah, the PIX is a great firewall, but those fixups can be a little tricky. The name is misleading because they tend to cause more problems then they "fix".


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 14 guests

cron