|
||||||||
Chris Buechler wrote: > On 4/18/05, Ugo Bellavance <ugob at camo dash route dot com> wrote: > >>Chris Buechler wrote: >> >>>On 4/18/05, Ugo Bellavance <ugob at camo dash route dot com> wrote: >>> >>> >>>>My internal mail server sends a message to the filtering gateway, which >>>>processes it. Then the filtering gatway tries to send the message to >>>>the destination mail server (say 24.24.24.24), it gets redirected to my >>>>internal mail server in an infinite loop. >> >>>I doubt if this is a firewall issue. To verify that, run 'telnet >>>s0.m0n0.ch 25' on your gateway. If you don't get an answer, there's a >>>network problem. It's a sendmail configuration problem if the port >>>does answer with something like the following. >>> >>>Trying 80.238.135.125... >>>Connected to s0.m0n0.ch. >>>Escape character is '^]'. >> >>This is why I think it is a firewall issue: >> >>[ugob@mail ugob]$ telnet 80.238.135.125 25 >>Trying 80.238.135.125... >>Connected to 80.238.135.125. >>Escape character is '^]'. >>220 my.internal.com ESMTP MAIL Service, Version: 5.0.2195.6713 ready at >> Mon, 18 Apr 2005 15:04:06 -0400 >> > > > Wow, what the... Enable logging for the rule on the interface with > the mail server that permits SMTP outbound. See what traffic it logs. > m0n0wall has no capabilities to redirect traffic, so I'm guessing > sendmail is picking up outbound port 25 traffic somehow. Logging the > traffic and seeing what m0n0wall sees will confirm or deny that. If > it's trying to get out to 80.238.135.125, then m0n0wall is doing > something weird. My guess is the first SMTP packet that goes out is > going to your LAN server's IP address, in which case we know something > local to the box is causing this behavior. Yes, what the... glad to see I'm not the only one puzzled :) m0n0 logs (reverse chronological): (I've changed the IPs fot names instead: mail_filter (in the dmz), internal_mail (in the lan). -->most recent entry iface SIP Sport DIP Dport proto LAN mail_filter, port 41980 internal_mail, port 25 TCP DMZ mail_filter, port 41980 internal_mail, port 25 TCP DMZ 80.238.135.125, port 25 mail_filter, port 41980 TCP LAN internal_mail, port 25 mail_filter, port 41980 TCP LAN mail_filter, port 41980 internal_mail, port 25 TCP DMZ mail_filter, port 41980 internal_mail, port 25 TCP DMZ 80.238.135.125, port 25 192.168.100.101, port 41980 TCP -->oldest entry > > Alternatively, run tcpdump on the filtering server itself and telnet > to 25 on s0.m0n0.ch and see what it sees. Or try both that and > logging. > Packet sniffer (tethereal) 4.713661 mail_filter -> 80.238.135.125 TCP 42046 > smtp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=371225098 TSER=0 WS=0 4.714263 80.238.135.125 -> mail_filter TCP smtp > 42046 [SYN, ACK] Seq=0 Ack=1 Win=17520 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 4.714360 mail_filter -> 80.238.135.125 TCP 42046 > smtp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=371225098 TSER=0 4.715040 80.238.135.125 -> mail_filter SMTP Response: 220 whatever.my.internal.mail Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Mon, 18 Apr 2005 16:54:36 -0400 4.715103 mail_filter -> 80.238.135.125 TCP 42046 > smtp [ACK] Seq=1 Ack=122 Win=5840 Len=0 TSV=371225098 TSER=281308 6.314799 mail_filter -> 80.238.135.125 SMTP Command: quit 6.315440 80.238.135.125 -> mail_filter SMTP Response: 221 2.0.0 mta2.camo-route.com Service closing transmission channel 6.315506 mail_filter -> 80.238.135.125 TCP 42046 > smtp [ACK] Seq=7 Ack=190 Win=5840 Len=0 TSV=371225258 TSER=281324 6.315628 80.238.135.125 -> mail_filter TCP smtp > 42046 [FIN, ACK] Seq=190 Ack=7 Win=17514 Len=0 TSV=281324 TSER=371225258 6.319595 mail_filter -> 80.238.135.125 TCP 42046 > smtp [FIN, ACK] Seq=7 Ack=191 Win=5840 Len=0 TSV=371225258 TSER=281324 6.320026 80.238.135.125 -> mail_filter TCP smtp > 42046 [ACK] Seq=191 Ack=8 Win=17514 Len=0 TSV=281324 TSER=371225258 As you can see, mail_filter really thinks he's speaking with 80.238.135.125. Anyone has an idea of what is going on? Thanks Ugo > -Chris |