[SOLVED] Test result on mailraidar.com: Do I have a problem? Help me solve it?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
rjorodrigues
Posts: 7
Joined: Thu Feb 02, 2017 1:50 pm

[SOLVED] Test result on mailraidar.com: Do I have a problem? Help me solve it?

Postby rjorodrigues » Tue Feb 14, 2017 10:12 am

Hello guys,

Below is the result of open relay testing for my domain, I would like your help in the following:

1) Do all of these tests indicate that I have a problem?
2) If yes, how do I configure each of these tests to pass on the next attempt?

My scenario.
8.7.1_GA_1670.FOSS (build 2016102045114)

==> WAN [Public IP / Valid Domain / FW] LAN <----> LAN [Zimbra Server]

Zimbra Server: Trusted Networks 127.0.0.1/8 10.4.0.0/22

FW [Iptables] Rules (same rules for ports 587, 465, 995)
$ IPT -A FORWARD -p tcp -dport 25 -j LOG --log-prefix "Log_Zimbra_25:" --log-level debug
$ IPT -A FORWARD -p tcp -m tcp -dport 25 -j ACCEPT
$ IPT -A OUTPUT -p tcp -s "MyPublicIP" --sport 25 -d 0/0 --dport 1024: 65535 -m state --state ESTABLISHED -j ACCEPT
$ IPT -A PREROUTING -t nat -p tcp -dport 25 -d "MyPublicIP" -j DNAT --to-destination 10.4.2.47:25 <=== Zimbra Server Lan Address
$ IPT -A POSTROUTING -t nat -p tcp -dport 25 -d 10.4.2.47 -j MASQUERADE

Test results on mailradar.com:
Http://pastebin.com/DbPN3kNG


rjorodrigues
Posts: 7
Joined: Thu Feb 02, 2017 1:50 pm

Re: [SOLVED] Test result on mailraidar.com: Do I have a problem? Help me solve it?

Postby rjorodrigues » Tue Feb 14, 2017 1:47 pm

Solution:

$IPT -A POSTROUTING -t nat -p tcp -dport 25 -d 10.4.2.47 -j MASQUERADE

Don´t use MASQUERADE mode with NAT.

So...
$ IPT -A POSTROUTING -t nat -p tcp -dport 25 -d 10.4.2.47

rjorodrigues wrote:Hello guys,

Below is the result of open relay testing for my domain, I would like your help in the following:

1) Do all of these tests indicate that I have a problem?
2) If yes, how do I configure each of these tests to pass on the next attempt?

My scenario.
8.7.1_GA_1670.FOSS (build 2016102045114)

==> WAN [Public IP / Valid Domain / FW] LAN <----> LAN [Zimbra Server]

Zimbra Server: Trusted Networks 127.0.0.1/8 10.4.0.0/22

FW [Iptables] Rules (same rules for ports 587, 465, 995)
$ IPT -A FORWARD -p tcp -dport 25 -j LOG --log-prefix "Log_Zimbra_25:" --log-level debug
$ IPT -A FORWARD -p tcp -m tcp -dport 25 -j ACCEPT
$ IPT -A OUTPUT -p tcp -s "MyPublicIP" --sport 25 -d 0/0 --dport 1024: 65535 -m state --state ESTABLISHED -j ACCEPT
$ IPT -A PREROUTING -t nat -p tcp -dport 25 -d "MyPublicIP" -j DNAT --to-destination 10.4.2.47:25 <=== Zimbra Server Lan Address
$ IPT -A POSTROUTING -t nat -p tcp -dport 25 -d 10.4.2.47 -j MASQUERADE

Test results on mailradar.com:
Http://pastebin.com/DbPN3kNG

Return to “Administrators”

Who is online

Users browsing this forum: Bing [Bot] and 23 guests