[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Mail filtering gateway in DMZ config problem
 Date:  Mon, 18 Apr 2005 15:20:34 -0400
On 4/18/05, Ugo Bellavance <ugob at camo dash route dot com> wrote:
> Chris Buechler wrote:
> > On 4/18/05, Ugo Bellavance <ugob at camo dash route dot com> wrote:
> >
> >>My internal mail server sends a message to the filtering gateway, which
> >>processes it.  Then the filtering gatway tries to send the message to
> >>the destination mail server (say 24.24.24.24), it gets redirected to my
> >>internal mail server in an infinite loop.
> 
> >
> > I doubt if this is a firewall issue.  To verify that, run 'telnet
> > s0.m0n0.ch 25' on your gateway.  If you don't get an answer, there's a
> > network problem.  It's a sendmail configuration problem if the port
> > does answer with something like the following.
> >
> > Trying 80.238.135.125...
> > Connected to s0.m0n0.ch.
> > Escape character is '^]'.
> 
> This is why I think it is a firewall issue:
> 
> [ugob@mail ugob]$ telnet 80.238.135.125 25
> Trying 80.238.135.125...
> Connected to 80.238.135.125.
> Escape character is '^]'.
> 220 my.internal.com ESMTP MAIL Service, Version: 5.0.2195.6713 ready at
>  Mon, 18 Apr 2005 15:04:06 -0400
> 

Wow, what the...  Enable logging for the rule on the interface with
the mail server that permits SMTP outbound.  See what traffic it logs.
 m0n0wall has no capabilities to redirect traffic, so I'm guessing
sendmail is picking up outbound port 25 traffic somehow.  Logging the
traffic and seeing what m0n0wall sees will confirm or deny that.  If
it's trying to get out to 80.238.135.125, then m0n0wall is doing
something weird.  My guess is the first SMTP packet that goes out is
going to your LAN server's IP address, in which case we know something
local to the box is causing this behavior.

Alternatively, run tcpdump on the filtering server itself and telnet
to 25 on s0.m0n0.ch and see what it sees.  Or try both that and
logging.

-Chris