Koozali.org: home of the SME Server

deny mail from <> ((helo) no rDNS for 192.168.1.1)

Offline pmulroney

  • 20
  • +0/-0
deny mail from <> ((helo) no rDNS for 192.168.1.1)
« on: July 07, 2022, 08:54:53 AM »
Hi there,

I have a setup where I have two subnets, and on the first subnet (eg 192.168.1.0) is my broadband modem, phone and security system, and on the other subnet (192.168.86.0) is my internal network.  Our mail server sits between them, with two network cards (192.168.1.35 and 192.168.86.100)

I want to send email from the phone and security system to myself whenever there's an alert. 

It's not working.  If you look at the mail server /var/log/qpsmtp/current file, you'll see entries like thi;

Code: [Select]
@4000000062c67fee076564fc 62466 (connect) dnsbl: pass
@4000000062c67fee076d5c0c 62466 220 mail.logicaldevelopments.com.au ESMTP
@4000000062c67fee0785125c 62466 dispatching EHLO freepbx.logicaldevelopments.com.au
@4000000062c67fee07b84ba4 62466 (ehlo) helo: forward network match
@4000000062c67fee07d26f0c 62466 (ehlo) helo: karma -1 (-1)
@4000000062c67fee07d3e9f4 62466 (ehlo) helo: fail, NAUGHTY, no rDNS
@4000000062c67fee07e0615c 62466 250-logicaldevelopments.com.au Hi Unknown [192.168.1.1]
@4000000062c67fee07e06544 62466 250-PIPELINING
@4000000062c67fee07e0c6ec 62466 250-8BITMIME
@4000000062c67fee07e0c6ec 62466 250-SIZE 35000000
@4000000062c67fee07e199dc 62466 250 STARTTLS
@4000000062c67fee07f5123c 62466 dispatching MAIL FROM:<> SIZE=2869
@4000000062c67fee0808e474 62466 (mail) resolvable_fromhost: pass, null sender
@4000000062c67fee080aa5ac 62466 (mail) rhsbl: pass, null sender
@4000000062c67fee080d070c 62466 (mail) sender_permitted_from: skip, null sender
@4000000062c67fee080eb4bc 62466 (mail) naughty: disconnecting
@4000000062c67fee0811ba2c 62466 (deny) logging::logterse: ` 192.168.1.1 Unknown freepbx.logicaldevelopments.com.au naughty 903 (helo) no rDNS for 192.168.1.1 msg denied before queued
@4000000062c67fee0813b5fc 62466 deny mail from <> ((helo) no rDNS for 192.168.1.1)
@4000000062c67fee081505ec 62466 550 (helo) no rDNS for 192.168.1.1
@4000000062c67fee0815ec64 62466 click, disconnecting
@4000000062c67fef04b6e6cc 1985 cleaning up after 62466

The strange thing is that 192.168.1.1 is the IP address of the broadband modem, not the phone system.

I've added hostnames to the mail server, that list the remote address (192.168.1.40), but it still doesn't work.

My network setup looks a bit like this:

Code: [Select]
(broadband modem) 192.168.1.1
|
+-freepbx.logicaldevelopments.com.au server (192.168.1.40)
+-security.logicaldevelopments.com.au server (192.168.1.50)
+-cameras and phones on this subnet
+-mail.logicaldevelopments.com.au server (192.168.1.35)
  (second network card) 192.168.86.100
  |
  +- internal network of servers and workstations

Where can I start looking to allow email to be sent from these specific 192.168.1.x addresses, and not allow the flood of spam etc from the broadband modem?

Offline Jean-Philippe Pialasse

  • *
  • 2,474
  • +10/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: deny mail from <> ((helo) no rDNS for 192.168.1.1)
« Reply #1 on: July 07, 2022, 01:56:40 PM »
update your server. 

after that if still occuring, you  need to fix your broadband to add a Mail from line which is not empty.   

Offline mmccarn

  • *
  • 2,602
  • +9/-0
Re: deny mail from <> ((helo) no rDNS for 192.168.1.1)
« Reply #2 on: July 07, 2022, 01:59:21 PM »
I suspect your SME is getting the email from "192.168.1.1" instead of "192.168.1.40" because:
* that's the default gateway on the FreePBX system
* The IP address of the SME - from FreePBX is remote instead of local, so the router is using some sort of hairpin NAT to re-source the traffic before sending it to the SME at 192.168.1.35

I've listed a bunch of options below for getting the email accepted by the SME server, but most of them assume that the FreePBX system at 192.168.1.40 is talking directly to the SME.  For those options, you need to get the FreePBX system to talk directly to the SME server.

This may require a static route on the FreePBX system to send traffic for 192.168.86.0/24 to 192.168.1.35.  Here is a howto on creating either temporary or persistent static routes (link seen at the freepbx community, so hopefully useful to you):
https://my.esecuredata.com/index.php?/knowledgebase/article/2/add-a-static-route-on-centos

...Or...

You may need to create a DNS or HOSTS file entry on FreePBX for mail.logicaldevelopments.com.au pointing to 192.168.1.35

Once the FreePBX system is talking directly to the SME server -

Option 1:
- Add the IP address of FreePBX as "local networks" in server-manager, eg "192.168.1.40/32"

Option 2:
- Configure FreePBX to use SMTP Auth (...but it looks like this either takes tricky manual configuration or a paid module...)

Option 3:
- Install smeserver-wbl and whitelist the FreePBX IP

Option 4:
- Install a second NIC into the FreePBX system that is connected on the SME server LAN segment, and configure FreePBX to deliver email to the SME LAN IP (that is, use 192.168.86.100 in the dns/hosts entry you create on FreePBX)

Option 5:
- Setup rDNS for 192.168.1.40 (details left as a frustrating excercise ;-) )

Option 6:
- Configure FreePBX to send notifications to a mailbox outside your network (gmail, hotmail, aol, etc), then configure that mailbox to forward the email back to your SME mailbox

(I can think of more options, but they get increasingly convoluted...)

Offline pmulroney

  • 20
  • +0/-0
Re: deny mail from <> ((helo) no rDNS for 192.168.1.1)
« Reply #3 on: July 11, 2022, 03:19:48 AM »
update your server. 

after that if still occuring, you  need to fix your broadband to add a Mail from line which is not empty.

Hi @Jean-Philippe,

That seems to have worked. I noticed that there was an smeserver-qpsmtpd update, which had only just appeared, so perfect timing!

I was going to investigate further today, but noticed that I'm already getting mail from the FreePBX box, so I think that the update has resolved it.

Thanks again for everyone's feedback - much appreciated!

Regards,
Paul.