YA iptables mistery.

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

rex007can

YA iptables mistery.

Postby rex007can » Mon Feb 26, 2007 3:24 pm

I have two servers in two locations.
Everything seems fine.
I have set up IPTables on both with the same config.
Ports 80 8080 443 8443 25 110 143 53(udp) 8009 8005 5768 5432 8082 10000 11000 and all internal networks
all are oppened.
Webmail works fine
SAC works fine
Sending and receiving external works fine.
Outlook client works, IMAP client works.

The ONLY problem I'm getting is sending mail between the two servers. That doesn't work for some reason. The servers can talk to the other servers on the internet, but cannot talk to eachother if IpTables is turned on.

WHat port/protocol am I missing for that to work?

Thanks.

kanderson

Postby kanderson » Mon Feb 26, 2007 3:44 pm

Go to server1 and type

dig FQDN.server2.com

then on server 2:

DIG fqdn.server1.com

That should show resolution. If it's correct, can you send via telnet:

from server 1

telnet fqdn.server2.com 25
helo fqdn.server1.com
mail from: testsender@domain.com
rcpt to: testrecipient@domain.com
data
this is a test
.
quit

What are the results from that?

Kev.

rex007can

Postby rex007can » Mon Feb 26, 2007 4:34 pm

I have Bind running on one of the servers for performance purposes with spam filtering.
Since Dig does not look in the hosts file, this server gives me the external IP address of the remote server instead of the internal one when runnig dig. but a ping of a telnet reaches the proper address.
(My servers are natted outside, but see eachother through a site-to-site VPN)

That being said.
I have site1 and site2

both firewalls have pretty much the same configuration

With site1 on and site 2 on , no emails in between
With site1 off and site 2 on, emails work in between
with site1 on and site2 off, no email in between.

So that would have to mean the problem is with IPTables at site 1.
Also, while both site1 and site2 have firewall on, telnet port 25 and manually sending an email works perfectly fine on both sides.

kanderson

Postby kanderson » Mon Feb 26, 2007 5:01 pm

Use the /etc/mail/mailertable to add entries for each server's partner. This will stop sendmail from sending to the external IP rather than the internal, and I suspect it'll resolve your issue.

Kev.

rex007can

Postby rex007can » Mon Feb 26, 2007 5:36 pm

Wont that cause a problem because both servers serve the same domain?

kanderson

Postby kanderson » Mon Feb 26, 2007 5:57 pm

Not usually. It depends on how you're sending mail between them.

Lets start with some docs. Did you set it up according to the instructions here?

http://www.scalix.com/wiki/index.php?ti ... alixServer

Thanks
Kev.

rex007can

Postby rex007can » Mon Feb 26, 2007 6:16 pm

Yes. The servers have been up and running for a few months. But I had the firewalls down. They are behind a NAT which has it's own rules to protect from the Internet.

Now I'm working on improving internal security, so I'd like to configure the firewalls.
One thing is, since my first server started at 9.1, spamassassin is configured differently on it. It has 2 IP addresses with sendmail listening on one and scalix on the other.

That may also be a problem. The thing I don't get is, addresses do not change weather the firewall is up or down. If emails don't get through because the IP's are somehow wrong, wouldn't I be having this problem independently of the firewall state?

I looked closely at the rules again. Both servers are exactly the same.


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 9 guests

cron