Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: Catton on February 22, 2020, 07:25:25 PM
-
Lets say you only want to allow users to have access to their email accounts from the US.
I have added in XTABLES-ADDONS ssmtpd Reject if != US.
Then I log in to Rouncube and attempt to send a message, I get an SMTP error.
From var/log/iptables -- grep GeoIP current |tai64nlocal
2020-02-21 16:41:13.764761500 Feb 21 16:41:13 Mysvr01 GeoIP BAN: ssmtpd IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=00 PREC=0x00 TTL=64 ID=33772 CE DFTO=TCP SPT=49108 DPT=465 SEQ=3527349124 ACK=0 WINDOW=65495 SYN URGP=0
Then I checked, on the off-chance, Maxmind might have a country code for loopback..
geoiplook-country 127.0.0.1
Could not find an entry for this IP address (127.0.0.1)
Any Solutions?
Sending emails does still work from email clients - Thunderbird, Outlook, Mobile Phones.etc.
But of course, those are configured to use DNS names.
-
You can't have a lookup for a private/reserved address as they could be used anywhere.... think - 127.0.0.1 is in every computer....
Please open a bug and I'm sure Michel will look at it
-
Thank you ReetP,
I submitted Bug 10881.
Understood on loopback. But Maxmind has other strange codes listed like JOBS INFO MUSEUM. It was just an Off-Chance that there was already a solution for local/private addresses.
-
NP. Yes I saw the bug thanks. Sure Michel will follow up.
My guess is local addresses should be excluded by default as they are not resolvable on the internet in general so can't have a geo location either.
-
Sending Also works ok from Horde with ssmtpd Reject if != US
If we are asking XTABLES to exclude loopback.
iptables -nL |grep 127.0.0.1 = no results
I wanted to figure out why Roundcube and not Horde were affected.
A bit of research and grepping around.
/etc/e-smith/templates/etc/roundcubemail/config.inc.php/30IMAP: {$OUT .= " \$config['default_host'] = 'ssl://$DomainName';\n";}
/etc/e-smith/templates/etc/roundcubemail/config.inc.php/40SMTP:// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
/etc/e-smith/templates/etc/roundcubemail/config.inc.php/40SMTP: {$OUT .= " \$config['smtp_server'] = 'ssl://localhost';\n";}
Why is 30imap using $DomainName
And Why is 40SMTP using localhost.
Why not just have both use $DomainName
So I did that .
/etc/e-smith/templates-custom/etc/roundcubemail/config.inc.php/40SMTP
And changed line to
{$OUT .= " \$config['smtp_server'] = 'ssl://$DomainName';\n";}
Reloaded roundcube
signal-event roundcube-update
And Walla! It Works!
-
That should go on the bug really.
Localhost... because the application (not user) is local.
It depends how the application utilises the setting.
If it is strictly for the mail server then both could use localhost.
If it is also used to say setup some other parts if the applucation then it may need the local domain name.
Needs some closer inspection most likely.
-
ReetP,
I copied this on the xtables bug 10881, but this also is a Roundcube issue.
Should I start a second bug for Roundcube and reference 10881 ?
-
Try to be careful and don't conflate issues.
Work out what's happening with xtables first.
Remember, you need a login with IMAP wherever you are, but sending SMTP doesn't if you are 'local'.
They are not the same thing.
-
Hi,
I answered in bugzilla.
I am not sure we have to handle packets of localhost there in xt_geoip.