Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
venara2015-11-25 11:40:02
postfix
venara, 2015-11-25 11:40:02

Postfix server behind NAT?

Hello dear colleagues,
I want to protect Postfix from the evil outside world with
NAT NAT on CISCO ASA 5005
Forwarded port 25,
Made the basic settings,
The test email is successfully sent from the local network (via telnet),
However,
when I try to send a test email via the telnet console from the Internet, I get the following -

220 ***************************************
helo TESTUS
502 5.5.2 Error: command not recognized
mail from: [email protected]
502 5.5.2 Error: command not recognized
421 4.4.2 smtp.contoso.loc Error: timeout exceeded

At the same time, the logs are empty -
[email protected]:~$ cat /var/log/mail.log
Nov 25 10:27:19 smtp postfix/smtpd[2825]: connect from unknown[xxx.xxx.82.133]
Nov 25 10:32:58 smtp postfix/smtpd[2825]: timeout after UNKNOWN from unknown[xxx.xxx.82.133]
Nov 25 10:32:58 smtp postfix/smtpd[2825]: disconnect from unknown[xxx.xxx.82.133]

The correctness of port forwarding is beyond doubt,
made by analogy with SSH, RDP, http which work successfully.
Changed settings
mynetworks = 0.0.0.0/0
smtpd_delay_reject = no
mynetworks_style = class

IT DID NOT HELP
Dear colleagues! Please tell me where to dig
:(
The contents of the conf file -
[email protected]:~$ sudo cat /etc/postfix/main.cf | grep -v '^#'

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = smtp.contoso.loc
mydomain = contoso.loc
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
myorigin = /etc/mailname
mydestination = $mydomain, $myhostname, localhost.contoso.loc, localhost
relayhost =
mynetworks = 0.0.0.0/0
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

smtpd_delay_reject = no
mynetworks_style = class
debug_peer_level = 2

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Andrey Burov, 2015-11-25
@BuriK666

mynetworks=0.0.0.0/0
This is an open relay. it's not worth doing that.
turn on debug log there it will most likely be clear what is wrong.

Report
V
venara, 2015-11-25
@venara

Andrey thanks for the answer
mynetworks = 0.0.0.0/0 - This is for the setup period, I opened everything to the maximum
Now I smoke the official manual on Debug , as it turned out, the task is not trivial

Report
D
Dmitry, 2015-11-25
@Tabletko

Maybe the fact is that "HELO", "MAIL FROM;" and other control commands must be in uppercase?
upd:
server response "502" hints that there is no such command.

Similar questions
S
Stanislav Oskolkov2016-08-28 17:59:46
OpenWRT - Domain filtering / WhiteList with a web interface. Whether there is a? 2Reply
R
Roman2018-12-05 09:51:38
How to make an auto-reply with an attachment of the body of the original letter and the attached file? 0Reply
A
Alexey_Shalin2014-06-18 14:20:51
Postfix 2.6.6 when you specify "Send copies of letters to e-mail" mail does not come. Where to look ? 0Reply
A
avp2019-01-04 10:37:38
How to solve problems with the pickup service? 1Reply
I
Ivan2016-08-15 18:32:19
Why don't NDR beats come? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question