1 (edited by maxleonca 2013-04-09 12:23:51)

Topic: [SOLVED] iRedMail+pf = cannot recieve mail

==== Required information ====
- iRedMail version: 0.8.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Linux/BSD distribution name and version: OpenBSD 5.1
- Related log if you're reporting an issue:
====

Hello,
I'm having a somewhat unexpected problem, I have everything working like a charm but if I don't route emails to spamd, if I do enable PF to route traffic to spamd then I never get any email.

What do you think the problem may be?,  the machine is behind a firewall but but is set for ports 25,587 and 993.

PF is set to route traffic from ports 25 to port 8025, so I guess my actual question is, shouldn't map also 587 to be routed to port 8025?

With the current configuration of PF I don't get any email:

# pfctl -sr                                                                                                   
block drop log all
pass out all flags S/SA
pass in on egress inet proto tcp from any to any port = 25 flags S/SA rdr-to 127.0.0.1 port 8025
pass in on egress proto tcp from <nospamd> to any port = 25 flags S/SA
pass in log on egress proto tcp from <spamd-white> to any port = 25 flags S/SA
pass in on egress proto tcp from any to any port = 80 flags S/SA
pass in on egress proto tcp from any to any port = 443 flags S/SA
pass in on egress proto tcp from any to any port = 587 flags S/SA
pass in on egress proto tcp from any to any port = 143 flags S/SA
pass in on egress proto tcp from any to any port = 993 flags S/SA
pass in on egress proto tcp from any to any port = 110 flags S/SA
pass in on egress proto tcp from any to any port = 995 flags S/SA
pass in on egress proto tcp from any to any port = 22 flags S/SA
pass in on egress proto tcp from any to any port = 25 flags S/SA


Any suggestions and ideas are welcome and sorry if the question is too basic.

Thank you

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: [SOLVED] iRedMail+pf = cannot recieve mail

1) The latest iRedMail-0.8.4 doesn't support OpenBSD 5.1, please use 5.2 instead. And 5.1 will be end-of-life when 5.3 released in one month. So if this is a test server or still not in production, it's really a good idea to re-install with OpenBSD 5.2.
2) Please check whether there's something different of PF rules between OpenBSD 5.1 and 5.2.
3) Do you have spamd service enabled in /etc/rc.conf.local? also spamd-setup in root's cron job?

Again, we have to drop support for old distribution releases to reduce workload, please choose the latest supported release (5.2) instead.

3

Re: [SOLVED] iRedMail+pf = cannot recieve mail

Thank you very much for your prompt answer, this is a test system so I'll just go ahead and redo it with 5.2, I didn't realized how long has it been.

I'll post the results.

And it will be illogical to keep supporting old distribution releases with newer releases.

Cheers

4 (edited by maxleonca 2013-04-09 09:17:22)

Re: [SOLVED] iRedMail+pf = cannot recieve mail

I have redone the server, but the problem persists, the rules are identical and spamd is running the port is open also I checked the rc.conf and is enabled.

Any other ideas about where can I check?

Thank you

5

Re: [SOLVED] iRedMail+pf = cannot recieve mail

OK here is something odd, I set the smapd on /etc/rc.d to NO and still starts, the port is open and is indeed listening, if I telnet to it I get the header for "ESMTP smapd IP-based SPAM blocker".
The pf rules are the same, but there is no mapping for submission port onto spamd and I wonder if that redirection is needed.
block drop log all
pass in on egress inet proto icmp from 172.16.10.0/24 to any
pass out all flags S/SA
pass in on egress inet proto tcp from any to any port = 25 flags S/SA rdr-to 127.0.0.1 port 8025
pass in on egress proto tcp from <nospamd> to any port = 25 flags S/SA
pass in log on egress proto tcp from <spamd-white> to any port = 25 flags S/SA
pass in on egress proto tcp from any to any port = 80 flags S/SA
pass in on egress proto tcp from any to any port = 443 flags S/SA
pass in on egress proto tcp from any to any port = 587 flags S/SA
pass in on egress proto tcp from any to any port = 143 flags S/SA
pass in on egress proto tcp from any to any port = 993 flags S/SA
pass in on egress proto tcp from any to any port = 110 flags S/SA
pass in on egress proto tcp from any to any port = 995 flags S/SA
pass in on egress proto tcp from any to any port = 22 flags S/SA

Thank you.

6

Re: [SOLVED] iRedMail+pf = cannot recieve mail

OK, sorry about this turns out is a Layer 8 issue, as most are.

It was the server time, ntp was configure during the instalation but is not working as expected, as soon as I figure it out and set the correct time all incoming emails start to be delivered.

Thank you very much for your support and kudos for the product it really simplifies the mail provisioning tasks a lot.


Cheers