SMTP (out) communication | MDaemon Technologies Community Forum
  1. Forum
  2. MDaemon
  3. SMTP (out) communication

SMTP (out) communication

  • S

    We're faced with a firewall problem passing traffic out using a virtual ip address for mdaemon (i.e. 192.168.21.xxx)

    In the smtp (out) log (below) specifically the item in RED.  Mdamon is using a loopback address which  can not be seen by our firewall's NATing policies.

    How can traffic like this be configured to use the default bound IP address? 

    Wed 2023-05-31 10:35:12.548: [02495910] REMOTE message: pd3501000270355.msg
    Wed 2023-05-31 10:35:12.548: [02495910] *  Session 02495910; child 0001
    Wed 2023-05-31 10:35:12.548: [02495910] *  From: xxxx@xxxxx.com
    Wed 2023-05-31 10:35:12.548: [02495910] *  To: xxxxx@xxx.com
    Wed 2023-05-31 10:35:12.548: [02495910] *  Subject: General Information
    Wed 2023-05-31 10:35:12.548: [02495910] *  Message-ID: <eme7ddca38-7d8c-434c-be84-1ac325c62cc9@486de2c9.com>
    Wed 2023-05-31 10:35:12.548: [02495910] *  Size: 169535; <j:\mdaemon\queues\remote\pd3501000270355.msg>
    Wed 2023-05-31 10:35:12.548: [02495910] *  DNSSEC service requested
    Wed 2023-05-31 10:35:12.555: [02495910] Resolving MX record for stoweattorneys.com (DNS Server: 1.0.0.1)...
    Wed 2023-05-31 10:35:12.671: [02495910] *  P=010 S=001 D=stoweattorneys.com TTL=(5) MX=[aspmx.l.google.com]
    Wed 2023-05-31 10:35:12.671: [02495910] *  P=020 S=002 D=stoweattorneys.com TTL=(5) MX=[alt2.aspmx.l.google.com]
    Wed 2023-05-31 10:35:12.671: [02495910] *  P=020 S=005 D=xxx.com TTL=(5) MX=[alt1.aspmx.l.google.com]
    Wed 2023-05-31 10:35:12.671: [02495910] *  P=030 S=000 D=xxx.com TTL=(5) MX=[aspmx2.googlemail.com]
    Wed 2023-05-31 10:35:12.671: [02495910] *  P=030 S=003 D=xxx.com TTL=(5) MX=[aspmx5.googlemail.com]
    Wed 2023-05-31 10:35:12.671: [02495910] *  P=030 S=004 D=xxxx.com TTL=(5) MX=[aspmx3.googlemail.com]
    Wed 2023-05-31 10:35:12.672: [02495910] *  P=030 S=006 D=xxxx.com TTL=(5) MX=[aspmx4.googlemail.com]
    Wed 2023-05-31 10:35:12.672: [02495910] Attempting SMTP connection to aspmx.l.google.com
    Wed 2023-05-31 10:35:12.675: [02495910] Resolving A record for aspmx.l.google.com (DNS Server: 1.0.0.1)...
    Wed 2023-05-31 10:35:12.693: [02495910] *  D=aspmx.l.google.com TTL=(3) A=[142.251.111.26]
    Wed 2023-05-31 10:35:12.693: [02495910] Attempting SMTP connection to 142.251.111.26:25
    Wed 2023-05-31 10:35:12.695: [02495910] Waiting for socket connection...
    Wed 2023-05-31 10:35:12.696: [02495910] *  Connection established 127.0.0.1:39904 --> 142.251.111.26:25

    0 likes
  • A

    You can change the IP that is used for the logging by going to Setup / Domain Manager / Select the Domain / Host name & IP.  In the IPv4 field enter the IP address you would like to be used.  On our mail server we use the public IP address of our mail server.  

    You can also use the local IP address of the mail server.  

    I'm not sure this setting is going to address your issue, but it will change the IP address that is used in the logs.  The actual traffic should all be controlled by the TCP/IP settings in the operating system.

    --
    Arron Caruth

    0 likes
  • S

    Arron,

    " Setup / Domain Manager / Select the Domain / Host name & IP."

    This section you mentioned above is set to the virtual ip for the mdaemon mail server using the button, and then making a selection of the available IP addresses.

    Loopback ip address is very odd in the smtp out log file and we need to change it to follow the ip we selected (above).

     

    0 likes
  • S

    Looking into this further I took an example (below) and checked the firewall to see how it was being displayed.

    Wed 2023-05-31 13:01:02.453: [02496666] *  Connection established 127.0.0.1:53146 --> 198.8.14.170:25

    It appears the firewall is using the ip address of the network card on the mail server ("192.168.21.178") but not the virtual ip address specified in  "Setup / Domain Manager / Select the Domain / Host name & IP".

     

     

    0 likes
  • A

    I've been doing more testing and it looks like my initial response was incorrect. It is not using the IP address specified under Host name & IP like I thought it was. I would agree, it looks like its getting the IP address from the network adapter.  I'm waiting for a confirmation from the developers.

    --
    Arron Caruth

    0 likes
  • S

    Understood.  Thank you for your help.

    0 likes
  • A

    MDaemon is getting the IP from the connected socket.  If you do not have MDaemon configured to bind to outbound sockets, then the operating system chooses the IP. 

    If you want to use a different IP, you can configure MDaemon to bind to outbound sockets. 

    Go to Setup | Server Settings | DNS & IPs | Binding and check "Enable outbound IP binding" and tell it what IP to use.

    --
    Arron Caruth

    0 likes
  • S

    It is,  and has been bound (see screen shot below). 

    Also, looking at what is actually bound please see the output of netstat -an (below).

      TCP    192.168.21.251:25      0.0.0.0:0              LISTENING
      TCP    192.168.21.251:80      0.0.0.0:0              LISTENING
      TCP    192.168.21.251:135     192.168.21.164:27549   ESTABLISHED
      TCP    192.168.21.251:135     192.168.21.164:27550   ESTABLISHED
      TCP    192.168.21.251:135     192.168.21.176:61993   ESTABLISHED
      TCP    192.168.21.251:135     192.168.21.176:61994   ESTABLISHED
      TCP    192.168.21.251:143     0.0.0.0:0              LISTENING
      TCP    192.168.21.251:366     0.0.0.0:0              LISTENING
      TCP    192.168.21.251:443     0.0.0.0:0              LISTENING
      TCP    192.168.21.251:444     0.0.0.0:0              LISTENING
      TCP    192.168.21.251:465     0.0.0.0:0              LISTENING
      TCP    192.168.21.251:587     0.0.0.0:0              LISTENING
      TCP    192.168.21.251:993     0.0.0.0:0              LISTENING
      TCP    192.168.21.251:993     192.168.21.177:55965   ESTABLISHED
      TCP    192.168.21.251:993     192.168.21.177:56050   ESTABLISHED
      TCP    192.168.21.251:1000    0.0.0.0:0              LISTENING
      TCP    192.168.21.251:2216    192.168.21.164:27537   ESTABLISHED
      UDP    192.168.21.251:4069    *:*

     

    0 likes
  • A

    In MDaemon under Setup / Domain Manager / Select a domain / Host Name & IP, do you have the option enabled for "This domain recognizes only connections made to these IPs" checked?  

    Do you have multiple domains?  

    Is the box checked for all domains?

    Are there any errors in MDaemon's system log on startup when it tries to bind to the IPs?

     

    --
    Arron Caruth

    0 likes
  • S

    "In MDaemon under Setup / Domain Manager / Select a domain / Host Name & IP, do you have the option enabled for "This domain recognizes only connections made to these IPs" checked?"

    Yes.

    "Do you have multiple domains?"

    We have two, one **.local and another which is public.  They both share the same internal virtual ip address which was selected in 
    "Setup / Domain Manager / Select a domain / Host Name & IP" using the "Detect button".

    "Is the box checked for all domains?"

    Both have "This domain recognizes only connections...." this flag enabled.

    "Are there any errors in MDaemon's system log on startup when it tries to bind to the IPs?"

    No.  However, just to be sure, I stopped and restarted the system so the any possible errors would post in the current log file, and still no binding errors. 

     

    0 likes
  • A

    What version of MDaemon are you using?

    --
    Arron Caruth

    0 likes
  • S

    The version is V21.5.1

    0 likes
  • A

    If you uncheck "Enable outbound IP binding" and "This domain recognizes only connections made to these IPs" for both domains, what happens? Does the OS choose the desired IP?

    It's very suspicious that MDaemon is reporting that a socket bound to localhost has connected to anything other than localhost.  A socket bound to localhost should only be able to connect to localhost.  Localhost traffic does not leave the machine (it is not routed over the network). 

    What IP does your firewall report that the connection is coming from? 

    --
    Arron Caruth

    0 likes
  • S

    If you uncheck "Enable outbound IP binding" and "This domain recognizes only connections made to these IPs" for both domains, what happens? Does the OS choose the desired IP?

    No change after making the corrections. Mdaemon reports 127.0.0.1

    What IP does your firewall report that the connection is coming from? 

    This clustered virtual machine has a fixed IP address (192.168.21.178).

    Mdaemon has a bound and fixed virtual ip of (192.168.21.251). All traffic in and out of Mdaemon must have this IP address for all communications to work correctly.  Our firewall NATs the internal address (192.168.21.251) to our pulic mail address.

    Because traffic isn't leaving Mdaemon on the correct ip 192.168.21.251 our firewall sees (127.0.0.1) as 192.168.21.178  

    Traffic leaving the firewall with a source of 192.168.21.178 can not be sent back to 192.168.21.251 because if obviously didn't originate from the server but rather Mdaemon (192.168.21.251)

    NOTE:  On a seperate community post regarding certificates not verifying:

    SSL negotiation successful (TLS 1.2, 255 bit key exchange, 128 bit AES encryption)
    SSL certificate is not valid (CRYPT_E_NO_REVOCATION_CHECK) 

    We now realize both of these issues are related.  This verification leaves our system using127.0.0.1, the firewall see this as 192.168.21.178, so the reply back from our firewall isn't directed correctly to our bound and fixed virtual ip of (192.168.21.251), but rather 192.168.21.178, so Mdaemon is seeing the reply at all and notes the drop as "SSL certificate is not valid"

    What now?

     

    0 likes
  • A

    We haven't been able to find anything wrong with how MDaemon is binding to an IP yet, but we are still testing.

    What type of firewall are you using?

    --
    Arron Caruth

    0 likes
  • S

    We're using a sonicwall NSA2700 in High Availablility state.

    0 likes
  • A

    If you run the following command in an Adminstartor powershell command prompt on the MDaemon server what is returned for the SkipAsSource value for 192.168.21.251?

    Get-NetIPAddress | ft IPAddress, InterfaceAlias, SkipAsSource

    What is the SkipAsSource value for 192.168.21.178?

    If you set SkipAsSource to true for 192.168.21.178, does it change the behavior?

     

    --
    Arron Caruth

    0 likes
  • A

    Can you also install WireShark and capture some outbound SMTP traffic from MDaemon and send me the capture so we can take a look at it?

    You can send it to arron.caruth @ mdaemon.com.

     

    --
    Arron Caruth

    0 likes
  • S

    Arron,

    Based on the problems we've experienced where the system appeareas to be configured correctly, yet isn't working properly. I made the choice to uninstall, reinstall and then recovered the configurations. Additionally, I cleaned up the network card using a utlity that restored its original integrity on both the virtual and physical server.

    Please see both areas highlighted in yellow which demonstrates normal behavior.

    Tue 2023-06-06 08:10:29.691: [02522887] Resolving A record for cluster5.us.messagelabs.com (DNS Server: 1.0.0.1)...
    Tue 2023-06-06 08:10:29.708: [02522887] *  D=cluster5.us.messagelabs.com TTL=(0) A=[67.219.246.212]
    Tue 2023-06-06 08:10:29.708: [02522887] *  D=cluster5.us.messagelabs.com TTL=(0) A=[67.219.250.217]
    Tue 2023-06-06 08:10:29.708: [02522887] *  D=cluster5.us.messagelabs.com TTL=(0) A=[67.219.247.99]
    Tue 2023-06-06 08:10:29.708: [02522887] *  D=cluster5.us.messagelabs.com TTL=(0) A=[67.219.247.195]
    Tue 2023-06-06 08:10:29.708: [02522887] *  D=cluster5.us.messagelabs.com TTL=(0) A=[67.219.250.221]
    Tue 2023-06-06 08:10:29.708: [02522887] *  D=cluster5.us.messagelabs.com TTL=(0) A=[67.219.246.211]
    Tue 2023-06-06 08:10:29.708: [02522887] Randomly picked 67.219.250.221 from list of possible hosts
    Tue 2023-06-06 08:10:29.708: [02522887] Attempting SMTP connection to 67.219.250.221:25
    Tue 2023-06-06 08:10:29.709: [02522887] Waiting for socket connection...
    Tue 2023-06-06 08:10:29.808: [02522887] *  Connection established 192.168.21.251:53099 --> 67.219.250.221:25
    Tue 2023-06-06 08:10:29.808: [02522887] Waiting for protocol to start...
    Tue 2023-06-06 08:10:29.922: [02522887] <-- 220 server-9.tower-637.messagelabs.com ESMTP
    Tue 2023-06-06 08:10:29.922: [02522887] --> EHLO mail.hsmc-ul.com
    Tue 2023-06-06 08:10:30.020: [02522887] <-- 250-server-9.tower-637.messagelabs.com
    Tue 2023-06-06 08:10:30.020: [02522887] <-- 250-STARTTLS
    Tue 2023-06-06 08:10:30.020: [02522887] <-- 250-PIPELINING
    Tue 2023-06-06 08:10:30.020: [02522887] <-- 250 8BITMIME
    Tue 2023-06-06 08:10:30.020: [02522887] --> STARTTLS
    Tue 2023-06-06 08:10:30.126: [02522887] <-- 220 ready for TLS
    Tue 2023-06-06 08:10:30.339: [02522887] SSL negotiation successful (TLS 1.2, 256 bit key exchange, 256 bit AES encryption)
    Tue 2023-06-06 08:10:30.406: [02522887] SSL certificate is valid (matches cluster5.us.messagelabs.com and is signed by recognized CA)
    Tue 2023-06-06 08:10:30.406: [02522887] --> EHLO mail.hsmc-ul.com
    Tue 2023-06-06 08:10:30.503: [02522887] <-- 250-server-9.tower-637.messagelabs.com
    Tue 2023-06-06 08:10:30.503: [02522887] <-- 250-PIPELINING
    Tue 2023-06-06 08:10:30.503: [02522887] <-- 250 8BITMIME
    .

    .

    .

    That again for all your help.

     

     

     

     

     

    0 likes
  • A

    Thanks for letting me know and I'm glad its working for you now!

    --
    Arron Caruth

    0 likes
  • 1 / 2
  • 2
Please login to reply to this topic!

Participants