Postfix after server IP change

  • First off all Server was running couple of months without any problems directly connected to ISP, but I had to change ISP and now server is behind NAT/Router with internal static IP and redirected ports on Router.


    Now the difficult part, Apache/FTP is working without any problems but postfix have problems with accepting mails, I know that it has something to do with my networking config, postfix cannot resolve incoming hostnames and sends it to spam (only warns now after re-configuring)


    LOG:

    Code
    1. Jun 22 19:21:52 data postfix/smtpd[2862]: connect from unknown[192.168.1.1]Jun 22 19:21:53 data postfix/policyd-weight[2507]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 IN_IPv6_RBL=4.25 CL_IP_NE_HELO=5.75 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .otodom. - helo: .smtpfarm2.allegro. - helo-domain: .allegro.) FROM_NOT_FAILED_HELO(DOMAIN)=7.25; <client=192.168.1.1> <helo=smtpfarm2.allegro.pl> <[email protected]> <[email protected]>; rate: 14.25Jun 22 19:21:53 data postfix/policyd-weight[2507]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: smtpfarm2.allegro.pl, MTA hostname: unknown[192.168.1.1] (helo/hostname mismatch); <client=192.168.1.1> <helo=smtpfarm2.allegro.pl> <[email protected]> <[email protected]>; delay: 1s


    main.cf


    What I have done wrong ?

  • A quick fix and it's recommended to do anyway is to disable HELO check, since you'll catch a lot of false positives with this. A lot of people have HELO mismatches, and even though it catches some spam, it's not that big of a difference.


    Test this:


    Code
    1. policyd-weight defaults | sed s/"$dnsbl_checks_only = 0"/"$dnsbl_checks_only = 1"/ > /etc/policyd-weight.conf


    Then:
    /etc/init.d/postfix restart


    And try again.

  • Thank You for that tip, now receiving works like it suppose to.


    Code
    1. Jun 23 11:38:16 data postfix/policyd-weight[2583]: cache_query: ask 192.168.1.1 [email protected] op.plJun 23 11:38:16 data postfix/policyd-weight[2583]: cache_query: "[email protected] 0" vs "[email protected] "Jun 23 11:38:16 data postfix/policyd-weight[2583]: decided action=PREPEND X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 IN_IPv6_RBL=4.25 (only DNSBL check requested); <instance=a49.4fe58e88.1f4a3.0> <client=192.168.1.1> <helo=smtpo28.poczta.onet.pl> <[email protected]> <[email protected]>; delay: 0sJun 23 11:38:16 data postgrey[1704]: action=pass, reason=client AWL, client_name=unknown, client_address=192.168.1.1, [email protected], [email protected] 23 11:38:16 data postfix/smtpd[2633]: 83FC21A809E: client=unknown[192.168.1.1]Jun 23 11:38:16 data postfix/cleanup[2635]: 83FC21A809E: message-id=<[email protected]>Jun 23 11:38:16 data postfix/smtpd[2633]: disconnect from unknown[192.168.1.1]Jun 23 11:38:16 data postfix/qmgr[1875]: 83FC21A809E: from=<[email protected]>, size=1813, nrcpt=1 (queue active)Jun 23 11:38:16 data postfix/virtual[2636]: 83FC21A809E: to=<[email protected]>, relay=virtual, delay=0.46, delays=0.46/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)Jun 23 11:38:16 data postfix/qmgr[1875]: 83FC21A809E: removed


    By the way after changing IP form external to internal I'v got a problem with spam sending from server, server didn't ask for any authentication, but after changing network type from subnet to host, now I only get these:


    Code
    1. Jun 23 11:30:09 data postfix/smtpd[2539]: connect from unknown[192.168.1.1]
    2. Jun 23 11:30:10 data postfix/smtpd[2539]: NOQUEUE: reject: RCPT from unknown[192.168.1.1]: 504 5.5.2 <vqyfqute>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<vqyfqute>
    3. Jun 23 11:30:11 data postfix/smtpd[2539]: lost connection after DATA from unknown[192.168.1.1]
    4. Jun 23 11:30:11 data postfix/smtpd[2539]: disconnect from unknown[192.168.1.1]
    5. Jun 23 11:32:14 data postfix/smtpd[2580]: initializing the server-side TLS engine
    6. Jun 23 11:32:14 data postfix/smtpd[2580]: connect from unknown[192.168.1.1]
    7. Jun 23 11:32:15 data postfix/smtpd[2580]: NOQUEUE: reject: RCPT from unknown[192.168.1.1]: 504 5.5.2 <hfgpilag>: Helo command rejected: need fully-qualified hostname; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<hfgpilag>
    8. Jun 23 11:33:31 data postfix/smtpd[2582]: initializing the server-side TLS engine
    9. Jun 23 11:33:31 data postfix/smtpd[2582]: connect from unknown[192.168.1.1]


    Is it right solution ? Earlier when server was on public IP only authenticated clients could send mails.


    P.S. Sorry for stupid questions but I'v took this server from other administrator and I don't know how he configured it.

  • For me it looks like some random spam bot is trying to send to an email address on your server. I can't really say for sure, since I don't know if any of those addresses are one of your clients. But it looks perfectly fine to me, I wouldn't be scare of it anyway =).

  • Yes, that's spyboot, now I also have smtp login atempts.


    One last question, system is running on Debian, is there any way to force postfix to resolve incoming connections to real outside IP then te local/router one ? I'v redirected almost all ports but it looks like on log. Every incomming connections are seen as local/router.

  • It's because you've configured your router wrong. I run a personal server at home also and it's behind NAT and it resolves the real IPs just fine.


    Can you write/draw what your setup looks like (Also what kind of router hardware/software you use)?

  • Router is SAPIDO RB-1733 (realtek based)


    WAN SIDE: Connected to ISP Device (UPC) Static IP from ISP.


    LAN SIDE: DHCP Server, IP assigned by MAC, redirected SSH/FTP/WWW/SMTP/POP3/IMAP ports to Server IP.



    Server is Debian 6.0, only on eth interface, DHCP Client.

  • Oh I think that might be due to limitations of the router. I am not sure it supports advanced NATing. I've never heard of the product.


    Sorry, but I can't help you further then this. Hope you can live with the internal IP showing, the mail should still come through.