hiper-strange routing

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
rodolfor
Senior user
Senior user
Posts: 282
Joined: 2005-06-30 09:05
Location: Gubbio - Italy

hiper-strange routing

Post by rodolfor » 2008-04-01 08:16

Before:
- hmail server with public ip address and IIS6 with webmail.
- I addedd 2 ip ranges (127.0.0.1 and the public ip address) avoiding SPAM and authentication (for users using webmail)

After:
- hmail server after a nat with private ip address and IIS6 with webmail.
- I addedd 1 ip ranges (private ip address) avoiding SPAM and authentication (for users using webmail)

Form a certain version of Hmail (I dont remember from when...3 o 4 months) started some problems with firewall/nat (a Zywall 35 utm): CPU 100%.
I have searched for month (yes, I am not a big detective) and finally I discovered that every 10 or 15 seconds, hmail sends a big amount of traffic to/from port 25 between old public ip address to new ip address (passing inside firewall/nat and stoning him).
Other tracks:
- the host name in hmail points to public ip address
- I have only one ip address in the server
- local users use IMAP
- I use clamDscan
- I use dns blacklist (with local dns server)
- I use graylist
- I use one surbl server
- If I detach hamilserver from the firewall, it waits about 30min before start to send/receive data again

After deleting unnecessary ip ranges it is returned all ok but my question is: why hmail send/receive data between its private and public ip address only if these address are in the ip ranges ?

thanks
Hmailserver [lastversion] + MSSQL

redrummy
Senior user
Senior user
Posts: 370
Joined: 2007-06-21 06:52
Location: Alaska

Re: hiper-strange routing

Post by redrummy » 2008-04-01 09:11

What priority are your IP ranges? 127.0.0.1 should be highest. Also, since you have a local DNS server you should mirror your public records with your server(s) IP addresses so LAN clients don't hit the firewall.

rodolfor
Senior user
Senior user
Posts: 282
Joined: 2005-06-30 09:05
Location: Gubbio - Italy

Re: hiper-strange routing

Post by rodolfor » 2008-04-01 11:54

127.0.0.1 have the highest priority
Then I have added an ip for the public address of the hamail server and an ip for the private address.
The DNS is in the same server as hmail.
Tons of traffic occours in port 25 between private and public ip address of hmailserver.
After removing this ip ranges, the traffic stops.
Hmailserver [lastversion] + MSSQL

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: hiper-strange routing

Post by martin » 2008-04-01 18:54

> Tons of traffic occours in port 25 between private and public ip address of hmailserver.

Have you enabled logging in hMailServer to see what's going on..?

Post Reply