Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Help! Can't send mail between hMailServers over VPN
PostPosted: 2007-06-06 10:01 
New user
New user

Joined: 2005-11-21 12:39
Posts: 13
Location: Sydney, Australia
My 2 hMailServers are connected via a VPN and in isolation work well as mail servers from the internet. Mail server 1 can send mail to mail server 2 but mail server 2 can't send to mail server 1.

Sounds like an IP ranges problem or a SMTP route problem, but the SMTP route is set up as opposites and I've turned off authentication for smtp and relaying for all ranges on server 1 for testing.

Log from Server 2 when sending:
Code:
Relaying to host mail.medalist.com.au."
"TCPIP"   2224   "2007-06-06 17:43:07.703"   "Created accept socket 2020 on listening socket 1176"
"TCPIP"   2256   "2007-06-06 17:43:07.718"   "Disconnecting socket 1592 for session 3893"

Log from Server 1 at the same time:
Code:
"TCPIP"   460   "2007-06-06 17:40:54.420"   "Created accept socket 1568 on listening socket 1228"
"TCPIP"   460   "2007-06-06 17:41:54.960"   "Disconnecting socket 1388 for session 13"
"TCPIP"   460   "2007-06-06 17:44:13.580"   "Created accept socket 1704 on listening socket 1228"
"TCPIP"   460   "2007-06-06 17:46:35.766"   "Created accept socket 1624 on listening socket 1168"

If I go back the other way, there are no problems

Server 1 log:
Code:
"SMTPC"   460   19   "2007-06-06 17:50:40.924"   "192.168.0.4"   "RECEIVED: 220 mail.test-rite.com.au. Welcome to the Test-Rite mail server.  Unauthorised relaying prohibitted"
"SMTPC"   460   19   "2007-06-06 17:50:40.924"   "192.168.0.4"   "SENT: HELO mail.medalist.com.au"
"SMTPC"   460   19   "2007-06-06 17:50:41.003"   "192.168.0.4"   "RECEIVED: 250 Hello."
"SMTPC"   460   19   "2007-06-06 17:50:41.003"   "192.168.0.4"   "SENT: MAIL FROM:<[email protected]>"
"SMTPC"   460   19   "2007-06-06 17:50:41.065"   "192.168.0.4"   "RECEIVED: 250 OK"
"SMTPC"   460   19   "2007-06-06 17:50:41.065"   "192.168.0.4"   "SENT: RCPT TO:<[email protected]>"
"SMTPC"   460   19   "2007-06-06 17:50:41.143"   "192.168.0.4"   "RECEIVED: 250 OK"
"SMTPC"   460   19   "2007-06-06 17:50:41.143"   "192.168.0.4"   "SENT: DATA"
"SMTPC"   460   19   "2007-06-06 17:50:41.206"   "192.168.0.4"   "RECEIVED: 354 OK, send."
"SMTPC"   460   19   "2007-06-06 17:50:41.206"   "192.168.0.4"   "SENT: [nl]."
"SMTPC"   460   19   "2007-06-06 17:50:41.503"   "192.168.0.4"   "RECEIVED: 250 Queued (0.296 seconds)"
"SMTPC"   460   19   "2007-06-06 17:50:41.503"   "192.168.0.4"   "SENT: QUIT"
"SMTPC"   460   19   "2007-06-06 17:50:41.581"   "192.168.0.4"   "RECEIVED: 221 goodbye"
"TCPIP"   460   "2007-06-06 17:50:41.581"   "Disconnecting socket 1728 for session 19"
"APPLICATION"   1352   "2007-06-06 17:50:41.581"   "SMTPDeliverer - Message 38945: Message delivery thread completed."
"TCPIP"   460   "2007-06-06 17:50:55.653"   "Created accept socket 1712 on listening socket 1228"

Server 2 Log:
Code:
"TCPIP"   2256   "2007-06-06 17:50:35.937"   "Created accept socket 1868 on listening socket 1144"
"SMTPD"   2256   3907   "2007-06-06 17:50:35.937"   "192.168.2.14"   "SENT: 220 mail.test-rite.com.au. Welcome to the Test-Rite mail server.  Unauthorised relaying prohibitted"
"SMTPD"   2256   3907   "2007-06-06 17:50:36.000"   "192.168.2.14"   "RECEIVED: HELO mail.medalist.com.au"
"SMTPD"   2256   3907   "2007-06-06 17:50:36.000"   "192.168.2.14"   "SENT: 250 Hello."
"SMTPD"   2256   3907   "2007-06-06 17:50:36.078"   "192.168.2.14"   "RECEIVED: MAIL FROM:<[email protected]>"
"SMTPD"   2256   3907   "2007-06-06 17:50:36.078"   "192.168.2.14"   "SENT: 250 OK"
"SMTPD"   2256   3907   "2007-06-06 17:50:36.140"   "192.168.2.14"   "RECEIVED: RCPT TO:<[email protected]>"
"SMTPD"   2256   3907   "2007-06-06 17:50:36.140"   "192.168.2.14"   "SENT: 250 OK"
"SMTPD"   2256   3907   "2007-06-06 17:50:36.218"   "192.168.2.14"   "RECEIVED: DATA"
"SMTPD"   2256   3907   "2007-06-06 17:50:36.218"   "192.168.2.14"   "SENT: 354 OK, send."
"SMTPD"   2224   3907   "2007-06-06 17:50:36.515"   "192.168.2.14"   "SENT: 250 Queued (0.296 seconds)"
"APPLICATION"   2168   "2007-06-06 17:50:36.515"   "SMTPDeliverer - Message 50255: Delivering message from [email protected] to [email protected] File: D:\eMail\Data\{2DB2FEC4-FB6C-4755-9CC1-4FC5A69385DB}.eml"
"APPLICATION"   2168   "2007-06-06 17:50:36.562"   "SMTPDeliverer - Message 50255: Message delivery thread completed."
"SMTPD"   2256   3907   "2007-06-06 17:50:36.578"   "192.168.2.14"   "RECEIVED: QUIT"
"SMTPD"   2256   3907   "2007-06-06 17:50:36.578"   "192.168.2.14"   "SENT: 221 goodbye"
"TCPIP"   2224   "2007-06-06 17:50:36.578"   "Disconnecting socket 1692 for session 3907"


Notice that this is all going over the VPN, so there is no possible firewall. To make matters worse, it all worked fine until today and I was stuffing around trying to get SquirrelMail to send properly and somehow stuffed it up, but I don't know where.

Incidentally, SquirrelMail can't send when connected to Server 1, I am pretty sure this is an authentication issue with Squirrel because it located on Server 2 and can send mail from accounts on Server 2.

Please help, I'm pulling out my hair!


Mark :!: :!:

EDIT I can get it to send mail if I change the SMTP Route on Server 2 to use Server 1 internet address and not the VPN. It's got to be something in the routes, but I've set up a route in the Server 1 with the IP address of Server 2 with no SMTP authentication and it has the highest priority next to My Computer.

_________________
Regards,

Mark


Last edited by gtr33m on 2007-06-06 10:19, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: 2007-06-06 10:14 
Developer
Developer

Joined: 2003-11-21 01:09
Posts: 6317
Location: Sweden
Quote:
Notice that this is all going over the VPN, so there is no possible firewall.


Right, because computers can't have firewalls? :) Have you checked the built-in firewall in Windows?

Have you done any modifications to IP ranges on the server you cannot send to? For example modified the IP addresses in them?


Top
 Profile  
 
 Post subject:
PostPosted: 2007-06-06 11:12 
New user
New user

Joined: 2005-11-21 12:39
Posts: 13
Location: Sydney, Australia
Your right, but I've checked and the firewall and it's definitively not on.

I have definitively mucked around with the IP ranges on the non receiving server, and I'm sure that this is the cause of the problem, but I can't figure out what the problem is because the IP range for the internet address has exactly the same settings as the ip range for the VPN based address.

To confirm it further, I change the DNS record for the server having problems receiving to be it's internet address, flushed the DNS cache, changed the smtp route back to using the name instead of the ip address and mail gets through.

This also fixes the Squirrelmail problem, which means they are one and the same, this does not however fix my problem, because I really would like to put the DNS back to the VPN address.

Is there some way that I can test the traffic to see where it falls down. What if I change the ip range for My computer to 0.0.0.0 - 255.255.255.255 to test it and see?


Top
 Profile  
 
 Post subject:
PostPosted: 2007-06-06 11:18 
Developer
Developer

Joined: 2003-11-21 01:09
Posts: 6317
Location: Sweden
Without knowing the details of all your IP ranges, it's hard to say where the problem is and whether modifying "My computer" would help you. :-\

Why did you modify the configuration to start with? The default config works fine in almost all cases. Have you removed the Internet IP range?


Top
 Profile  
 
 Post subject:
PostPosted: 2007-06-06 11:42 
New user
New user

Joined: 2005-11-21 12:39
Posts: 13
Location: Sydney, Australia
This may help (me). Database resultset from select * from hm_securityranges

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE ROOT (View Source for full doctype...)>
- <ROOT>
- <row>
<field name="rangeid">1</field>
<field name="rangepriorityid">10</field>
<field name="rangelowerip">0</field>
<field name="rangeupperip">4294967295</field>
<field name="rangeoptions">1515</field>
<field name="rangename">Internet</field>
</row>
- <row>
<field name="rangeid">2</field>
<field name="rangepriorityid">17</field>
<field name="rangelowerip">2130706433</field>
<field name="rangeupperip">2130706433</field>
<field name="rangeoptions">459</field>
<field name="rangename">My computer</field>
</row>
- <row>
<field name="rangeid">3</field>
<field name="rangepriorityid">15</field>
<field name="rangelowerip">3232235521</field>
<field name="rangeupperip">3232236543</field>
<field name="rangeoptions">491</field>
<field name="rangename">Local Network</field>
</row>
- <row>
<field name="rangeid">4</field>
<field name="rangepriorityid">14</field>
<field name="rangelowerip">3389480705</field>
<field name="rangeupperip">3389480705</field>
<field name="rangeoptions">2539</field>
<field name="rangename">Test-Rite</field>
</row>
- <row>
<field name="rangeid">5</field>
<field name="rangepriorityid">14</field>
<field name="rangelowerip">3706305112</field>
<field name="rangeupperip">3706305112</field>
<field name="rangeoptions">2539</field>
<field name="rangename">Test-Rite 2</field>
</row>
- <row>
<field name="rangeid">6</field>
<field name="rangepriorityid">14</field>
<field name="rangelowerip">3411202569</field>
<field name="rangeupperip">3411202570</field>
<field name="rangeoptions">3563</field>
<field name="rangename">moan.bur.st</field>
</row>
- <row>
<field name="rangeid">7</field>
<field name="rangepriorityid">14</field>
<field name="rangelowerip">1023934544</field>
<field name="rangeupperip">1023934545</field>
<field name="rangeoptions">3563</field>
<field name="rangename">Pacific Internet</field>
</row>
- <row>
<field name="rangeid">9</field>
<field name="rangepriorityid">16</field>
<field name="rangelowerip">3232235524</field>
<field name="rangeupperip">3232235524</field>
<field name="rangeoptions">2539</field>
<field name="rangename">Test-Rite Local</field>
</row>
</ROOT>

rangeid 9 is the VPN one and has an upper and lower of 192.168.0.4 which is the sending servers ip.

rangeid 4 and 5 are the 2 that work if I force the sending server to use the internet and not VPN (the sending server has 2 internet connections).

_________________
Regards,

Mark


Top
 Profile  
 
 Post subject:
PostPosted: 2007-06-06 13:04 
Developer
Developer

Joined: 2003-11-21 01:09
Posts: 6317
Location: Sweden
Out of good ideas. You probably need to increase the "scope" of the IP ranges until you figure out where it goes wrong. For example, you could increase the range of range 9 and see if it's possible then.

Are you sure that the sending servers IP address really matches the IP address you think of? Often servers can have multiple IP addresses for example.


Top
 Profile  
 
 Post subject:
PostPosted: 2007-06-06 13:16 
New user
New user

Joined: 2005-11-21 12:39
Posts: 13
Location: Sydney, Australia
I'm going to start by removing all ranges and just having the my computer range and see what happens. Then I'll start adding ranges until it breaks. I'm sure I'll get it going.

Had a thought that it might be an MTU issue. Have seen it cause problems before, but not usually a complete traffic block.

Thanks for the help.

_________________
Regards,

Mark


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 


Who is online

Users browsing this forum: No registered users and 5 guests



Search for:
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group