Topic: SME taking all mail handling hostage ?

[Reinhold]

SME taking all mail handling hostage ?

- I moved to a new location and provider - retired an old firewall.
- My home SME 7.1.3 "server-only" was promoted "servergateway"
- All working fine however:
quite a bit of Email get's rejected now as coming directly from a dynamically assigned address.

- Mailer (Thunderbird) is however setup to use Fixed external Domain(s) SMTP directly (Outgoing domain SMTP _not_ on local domain)
...so SME should not bother with handling any of those mails...

- Setting the SME E-Mail in server-manager to the providers smtp

Address of Internet provider's mail server    smtp.ish.de

...does not change the above rejections...
(Looking into var/log/qmail/current it seemed there is no difference in handling ... (but I am dabbling there))

Finally telnet-ing from a local machine via the SME into _any_ external smtp
does seemingly show that the local sme qmail indeed grabs all mail traffic...
Whatever external smtp I try to connect ... tera.vrun.ath.cx ... the local sme answers all ...as shown below

ru@ru-hp:~$ telnet smtp.ish.de 25
Trying 80.69.98.100...
Connected to mail.ish.de.
Escape character is '^]'.
220 tera.vrun.ath.cx ESMTP
EHLO smtp.ish.de
250-vrun.ath.cx Hi pc-00105.vrun.ath.cx [192.168.1.105]
250-PIPELINING
250-8BITMIME
250 SIZE 15000000

What am I doing wrong ? - What went astray ?  
Where to look (except /var/log/qmail) ?
(Note: SME is 7.1.3 current - and this seems too strange for a bugtracker report)

Regards
Reinhold

P.S.: Yes I did search the forum - only old info
P.P.S.: Could someone please explain what "remote" "done" really says
(done does not mean successful delivery :-/ )

Code: [Select]

Mail Log File Analysis

21 Jul 2007 19:58:26 GMT  #21038638  3413  
remote Hermann@Bxyzrmann.com
  done remote reinhold@xyzng.de
21 Jul 2007 18:44:10 GMT  #21038178  1114  
remote hei.xyz@T-Online.de
20 Jul 2007 09:31:54 GMT  #21038732  3901    bouncing
  done remote Dxyz@lycos.de
remote sanxyz8@gmx.de

[kruhm]

http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#Proxy_settings

[Reinhold]

Thanks kruhm !  

- problem solved -
Any idea how the proxy can be made really "transparent" ?
(so that the local dyn-ip does not show as -originating ip -  ?)
...the function itself seems really useful (well maybe not at home .-)

Regards
Reinhold

[CharlieBrady]

Any idea how the proxy can be made really "transparent" ?
(so that the local dyn-ip does not show as -originating ip -  ?)

No.

Why do you want to do that anyway? Your LAN needs to be secure whether or not outside people know what your LAN IP addresses are. None of the security protections SME server provides to your LAN depend on keeping your LAN addresses secret.

[Reinhold]

Why do you want to do that anyway? Your LAN needs to be secure whether or not outside people know what your LAN IP addresses are

Charlie,

Small misunderstanding.
- I do not (really) care about my (dynamic) IP address   (just cannot afford a fixed one at home) -

The SME-built-in-smtp-proxy however gives its address as "originating smtp-server-address" ...
...which kicks my mail out of almost any "dynip allergic" mail filter... iow: "spamhouse doesn't like it".

THEREFORE it would be helpful if (virus-)checking is done by SME (proxy)
BUT the external smtp is published as being "originator".

Hope I made myself clear

Regards
Reinhold

P.S.:
(Thanks for that new feature! to you and Gordon(?!))

P.P.S.:
Since I am still sorting things out I'd like to add the (most funny) hotmail response here....
in short: hotmail says .... (my) SME "has got a reputation problem"    

1185127479.717709500 qp 19765: to=remote.xyz@hotmail.com, uid=453, ddelay=3602.044709, xdelay=0.872481, stat=Failed (Connected_to_65.54.245.40_but_sender_was_rejected./Remote_host_said:_550_Your_e-mail_was_rejected_for_policy_reasons_on_this_gateway.
_Reasons_for_rejection_may_be_related_to_content_such_as_obscene_language,_graphics,_or_spam-like_characteristics_(or)_other_reputation_problems._For_sender_troubleshooting_information,_please_go_to_http://postmaster.msn.com.__Please_note:_if_you_are_an_end-user_please_contact_your_E-mail/Internet_Service_Provider_for_assistance./)
? 1185127479.910897500 bounce msg 21038588 qp 24521

[/size]

[judgej]

Any idea how the proxy can be made really "transparent" ?

I believe the transparent SMTP proxy can simply be disabled. Can't remember how to do it, but there are a few command-line statements to set the option then rebuild the templates to do this.

-- JJ

[Reinhold]

judgej,

Yes - a simple (new) option selection in server-manager and SMTP Proxy is disabled.
 I DID (finally) read the (new) manual from kruhms link  
(even an old SME-dog needs to learn new tricks)

Regards
Reinhold

[raem]

Reinhold

> ...which kicks my mail out of almost any "dynip allergic" mail filter... iow: "spamhouse doesn't like it".
> .... (my) SME "has got a reputation problem"

The real fix for your situation is to enter your ISP's mail server in the Email panel in the field "Address of Internet provider's mail server".

Other mail servers will see your ISP as having a "good reputation" and accept all mail coming from your dynamic IP (via your ISP's fixed IP).
You can then turn your smtp proxy back on and have greater protection from rampant viruses on your network, that try to send using a smtp mail server but can't get past the sme's smtp proxy.

[CharlieBrady]

The SME-built-in-smtp-proxy however gives its address as "originating smtp-server-address" ...
...which kicks my mail out of almost any "dynip allergic" mail filter... iow: "spamhouse doesn't like it".

It doesn't matter whether the transparent SMTP proxy is enabled or not - your WAN address will be seen as the source address of the outbound SMTP connection, whether it be from from a client on your LAN (masqueraded) or qmail running on the server.

Ray is correct - you should relay via your ISP's SMTP server if you have blacklist issues.

[Reinhold]

The real fix for your situation is to enter your ISP's mail server in the Email panel in the field "Address of Internet provider's mail server".

Other mail servers will see your ISP as having a "good reputation" and accept all mail coming from your dynamic IP (via your ISP's fixed IP).

Ray, Charlie,

Thanks for the answers...

I'm afraid I have tested the above case...i.e. turning on my ISP's smtp (as I briefly mentioned in my first post)

Nope it does not allow me to keep the sme-smtp-proxy turned on

Ray: Several final recipients are still able to detect my wan dyn-ip SME-proxy "up front" ... (as Charlie said)
Now even when the ISP-smtp is (of course) ACCEPTING and relaying my sme-proxied mail, the situation is NOT HEALED - my mail still get's rejected due to "origin from dynip smtp". - (fwiw: "aol" "t-online" "msn" everyone on spamhouse...)

Charlie: Originating from my wan-ip mailer(Thunderbird)  seems ok... whereas via wan-ip smtp seems to make "all the difference".

I CAN live without the smtp proxy  - it is just a waste of a good piece of (your) work...

Regards
Reinhold

[raem]

Reinhold

Now even when the ISP-smtp is (of course) ACCEPTING and relaying my sme-proxied mail, the situation is NOT HEALED - my mail still get's rejected due to "origin from dynip smtp". - (fwiw: "aol" "t-online" "msn" everyone on spamhouse...)

That suggests that your ISP's IP or block of IP's are listed in spamhaus lists.
You need to request your ISP to get itself de-listed.

It may even be that your ISP is "marking" your emails as coming from a dynamic IP even though they are coming from the ISP's static IP.
I have seen this happen where I had a static IP and the ISP labelled it as a dynamic IP, not nice ! You need to get the ISP to change that, if so.

Charlie: Originating from my wan-ip mailer(Thunderbird)  seems ok... whereas via wan-ip smtp seems to make "all the difference".

Is the ISP's mail server name identical in your Thunderbird client to that you enter in sme server manager email panel ?

If your mail is being delivered OK when it comes from your email client (using the ISP's smtp server details), then it should also be delivered OK when coming from your sme servers smtp proxy, if configured to use the same ISP's smtp mail server.