1 Topic by ramanpp

  • ramanpp
  • Member
  • Offline
  • Registered: 2017-08-08
  • Posts: 1

Topic: iRedMail behind Firewall

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.97
- Linux/BSD distribution name and version: Ubuntu 14.x
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

I have setup iRedMail server in my datacenter server for business use.

Following is the setup structure:
I have iRedMail server running behind a firewall appliance. Firewall is doing the port forwarding to internet iRedMail server IP.

For Example:
----------------

Public IP and FQDN: 112.32.20.163 mail.mydomain.com
Public Gateway IP: 112.32.20.160
Private IP and FQDN: 192.168.0.110 mx.mydomain.com


I am seeing two issues when an email is sent out. All the email are being sent to junk:

Issue 1. When I look at the raw message I see

Received: from mx1.mydomain.com ([127.0.0.1])
    by mx1.mydomain.com (mx1.mydomain.com [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id qd_IwyDAMvpT for <raman@tdsols.com>;
    Tue,  8 Aug 2017 04:39:54 +0530 (IST)
Received: from 192.168.0.110 (localhost [127.0.0.1])
    by mx1.mydomain.com (Postfix) with ESMTPSA id 8B827442CD
    for <clientemailaccount@gmail.com>; Tue,  8 Aug 2017 04:39:54 +0530 (IST)

Issue 2.
Received-SPF: fail (google.com: domain of user1@mydoamin.com does not designate 112.32.20.160 as permitted sender) client-ip=112.32.20.160;

Please NOTE: I have added DKIM TXT record, SPF TXT to my DNS
TXT    @    v=spf1 mx mx:mydomain.com -all    1 Hour
TXT    dkim._domainkey    v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4G....    600 seconds


Please advice how to fix the two issues.

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by swejun

  • swejun
  • Member
  • Offline
  • Registered: 2017-07-26
  • Posts: 84

Re: iRedMail behind Firewall

Hi,
reply to Issue 2:
According to your conifguration, your external IP for the mailserver is "112.32.20.163 mail.mydomain.com",
but mail send out (to google mail) claimd "112.32.20.160" as unrecognized sender.

This means that your firewall is set up to use 112.32.20.160 as outgoing IPA for all internal NAT addresses.
And the SPF record is defined as " mx mx:mydomain.com -all"

Proposed solution:
1) depending on Your firewall make and model, set it to map internal mail server address to 112.32.20.163 for outgoing traffic. If You are using PFSense, it goes under "Firewall: NAT: 1:1" or "Firewall: NAT: Outbound"
2) and/or adjust your SPF record to include the current external IPA used when sending mail.
example:
spf1 mx mx:mydomain.com  a ip4:112.32.20.160  a ip4:112.32.20.163 ~all
It's also possible to set subnet, like a ip4:112.32.20.160/27 (or what ever You have)
NOTE the "tilde" character in fron of "all" instead of a dash "-". This means "soft fail" instead of "hard fail"
See https://www.spfwizard.net/  for more information

Regards,

ramanpp wrote:

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.97
- Linux/BSD distribution name and version: Ubuntu 14.x
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

I have setup iRedMail server in my datacenter server for business use.

Following is the setup structure:
I have iRedMail server running behind a firewall appliance. Firewall is doing the port forwarding to internet iRedMail server IP.

For Example:
----------------

Public IP and FQDN: 112.32.20.163 mail.mydomain.com
Public Gateway IP: 112.32.20.160
Private IP and FQDN: 192.168.0.110 mx.mydomain.com


I am seeing two issues when an email is sent out. All the email are being sent to junk:

Issue 1. When I look at the raw message I see

Received: from mx1.mydomain.com ([127.0.0.1])
    by mx1.mydomain.com (mx1.mydomain.com [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id qd_IwyDAMvpT for <raman@tdsols.com>;
    Tue,  8 Aug 2017 04:39:54 +0530 (IST)
Received: from 192.168.0.110 (localhost [127.0.0.1])
    by mx1.mydomain.com (Postfix) with ESMTPSA id 8B827442CD
    for <clientemailaccount@gmail.com>; Tue,  8 Aug 2017 04:39:54 +0530 (IST)

Issue 2.
Received-SPF: fail (google.com: domain of user1@mydoamin.com does not designate 112.32.20.160 as permitted sender) client-ip=112.32.20.160;

Please NOTE: I have added DKIM TXT record, SPF TXT to my DNS
TXT    @    v=spf1 mx mx:mydomain.com -all    1 Hour
TXT    dkim._domainkey    v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4G....    600 seconds


Please advice how to fix the two issues.

Thanks