SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002641: SMTP Proxy not responding from external - MantisBT
MantisBT - Endian Firewall
View Issue Details
0002641Endian FirewallProxy SMTPpublic2010-01-26 20:332010-11-22 12:08
aender 
luca-endian 
normalcrashalways
closedfixed 
2.3 
2.4.1 
0002641: SMTP Proxy not responding from external
i setup a smtp proxy configuration with red active. but a telnet to port 25 to red doesn´t work. absolutly no resonse. i checked again and again.

only solution to get the smtp proxy to accept mails from outside is to add a system access rule from any to red on port 25.

now all works fine.

could it be the the system rules are buggy.
show attached image
No tags attached.
png Bildschirmfoto 2010-01-26 um 21.30.44.png (102,369) 2010-01-26 20:33
https://bugs.endian.com/file_download.php?file_id=335&type=bug
png

? smtpscan.conf (115) 2010-05-01 16:10
https://bugs.endian.com/file_download.php?file_id=403&type=bug
? smtpscan.conf.tmpl (162) 2010-05-01 16:10
https://bugs.endian.com/file_download.php?file_id=404&type=bug
Issue History
2010-01-26 20:33aenderNew Issue
2010-01-26 20:33aenderFile Added: Bildschirmfoto 2010-01-26 um 21.30.44.png
2010-01-27 08:30luca-endianNote Added: 0003706
2010-01-27 09:56aenderNote Added: 0003710
2010-01-29 07:16aenderNote Added: 0003717
2010-01-29 08:34luca-endianNote Added: 0003718
2010-01-29 09:36aenderNote Added: 0003719
2010-01-29 10:12luca-endianNote Added: 0003721
2010-01-29 10:12luca-endianStatusnew => resolved
2010-01-29 10:12luca-endianFixed in Version => 2.3
2010-01-29 10:12luca-endianResolutionopen => fixed
2010-01-29 10:12luca-endianAssigned To => luca-endian
2010-04-24 06:08AnonymousNote Added: 0004176
2010-04-24 06:08AnonymousStatusresolved => feedback
2010-04-24 06:08AnonymousResolutionfixed => reopened
2010-04-24 06:11david_thistlethwaiteNote Added: 0004177
2010-05-01 16:10baldyNote Added: 0004198
2010-05-01 16:10baldyFile Added: smtpscan.conf
2010-05-01 16:10baldyFile Added: smtpscan.conf.tmpl
2010-05-05 05:52david_thistlethwaiteNote Added: 0004228
2010-05-09 09:52baldyNote Added: 0004241
2010-07-08 12:38luca-endianStatusfeedback => resolved
2010-07-08 12:38luca-endianResolutionreopened => fixed
2010-11-22 12:08peter-endianFixed in Version2.3 => 2.4.1
2010-11-22 12:08peter-endianStatusresolved => closed

Notes
(0003706)
luca-endian   
2010-01-27 08:30   
just checked it out, it doesn't happen on Enterprise version
(0003710)
aender   
2010-01-27 09:56   
Nice. But the Community has that problem. So there have to be anything different.

The Rule 11 from the rules of system services in "System access configuration" looks wrong for me:
See the attached image.

There is no Entry for "Source interface". All other rules have an entry.
Could this be the problem?

Where can i find the file for this setting?
(0003717)
aender   
2010-01-29 07:16   
Please tell me the location of the file with the system standard rules for dnat. So i can solve the problem for myself....
(0003718)
luca-endian   
2010-01-29 08:34   
you should have this template file:

root@kenny:/etc/firewall/inputfw # cat smtpscan.conf.tmpl
#if $SMTPSCAN_ENABLED == "on"
  #for $zone in $ENABLED_ZONES
tcp,,25,on,,$zone#if $zone == "GREEN" then "&VPN:ANY" else ""#,off,SMTPD,ACCEPT,,
  #end for
#end if

and these are the firewall rules:

root@kenny:/etc/firewall/inputfw # cat smtpscan.conf
tcp,,25,on,,GREEN&VPN:ANY,off,SMTPD,ACCEPT,,
tcp,,25,on,,RED,off,SMTPD,ACCEPT,,
(0003719)
aender   
2010-01-29 09:36   
OK.

On the Community Edition the first file smptscan.conf.tmpl looks like this:

#if $SMTPSCAN_ENABLED == "on" and $ENABLED_ZONES != []
tcp,,25,on,,${"&".join($INPUTFW_ZONES)}:ANY,off,SMTPD,ACCEPT,,
#end if

Second file smtpscan.conf.tmpl looks like this:

tcp,,25,on,,RED:ANY,off,SMTPD,ACCEPT,,


I changed both files to yours and now all works fine. Thanks a lot.
(0003721)
luca-endian   
2010-01-29 10:12   
it's enough to change the .tmpl only
(0004176)
Anonymous   
2010-04-24 06:08   
Hello folks.
I am also reporting the same smtp proxy issue on my community 2.3.0 version system

I have implemented the suggest changes/fixes to the smtpscan.conf.tmpl file and it has made no difference.

I would like to persue this issue.

David
(0004177)
david_thistlethwaite   
2010-04-24 06:11   
The above note (0004176) was me.
Just needed an account
thanks
(0004198)
baldy   
2010-05-01 16:10   
David,

From a working system :

smtpscan.conf :

tcp,,25,on,,GREEN&VPN:ANY,off,SMTPD,ACCEPT,,
tcp,,25,on,,RED,off,SMTPD,ACCEPT,,
tcp,,25,on,,VPN,off,SMTPD,ACCEPT,,

smtpscan.conf.tmpl :

#if $SMTPSCAN_ENABLED == "on"
  #for $zone in $ENABLED_ZONES
tcp,,25,on,,$zone#if $zone == "GREEN" then "&VPN:ANY" else ""#,off,SMTPD,ACCEPT,
,
  #end for
#end if

I have also added both files to this issue.

Can you test and post back ?
Also verify in the GUI that the proxy is enabled.

Regards,

Klaas-Jan
(0004228)
david_thistlethwaite   
2010-05-05 05:52   
Klaas-Jan
I have confirmed that my system has the above entries in the smtpscan.conf and .tmpl files and that the gui reports that the smtp proxy is activated.

Still no email flow unless the NAT rule is active.

Strange.

David
(0004241)
baldy   
2010-05-09 09:52   
Hi David,

Did you telnet from internal to RED or from an external location ?

There is an issue with 2.3 when trying to telnet to RED from internal.

Also, have you tried a clean install ?
I have already deployed a dozen or so 2.3 machines and they all accepted mail after changing the files in question.

When enabling the smtp proxy on RED there should be no neesd to open port 25 with a new NAT rule.

Regards,

Klaas-Jan