ASSP Relaying

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

ASSP Relaying

Post by wpsd.lauw » 2010-07-23 02:16

Hi All

Just finish and success installing ASSP, I would like to implement this normal method

Internet --(25)-->Firewall --(25)-->ASSP--(125)-->HMailServer--(125)-->Firewall--->Internet

Firewall = Win2003 with ISA 2006
ASSP & HMailServer = Win 2003 ( same computer )

After I deploy the ASSP and start the service outside email cannot arrive to my mail server

Gmail Return :
The error that the other server returned was: 530 530 Relaying not allowed (state 14)


From what I understand :
1. The relay from port 25 to 125 inside ASSP is not working cuz I set it wrong
2. If it possible to do relaying inside one computer ( same IP different Port ) ?

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-07-23 04:34

Hey wpsd.lauw,
I use ASSP & I wonder if you programmed in your domain names in the relaying section.. Keep in mind in a way ASSP in a mail server in itself that is filtering & relaying (via proxy method) to your mail server and as such you need to consider settings on each and view logs on each in order of flow to verify things are setup properly and diagnose issues. Dig into those logs & see which is doing what.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-23 04:42

Hi Bill

Relaying Section > Default Local Domain
I write my MX domain mail.xxxx.com.cn, is it wrong

What does "external clients" means in
Disable SMTP AUTH for External Clients Alltogether (DisableAuth)
If you have enabled SMTP AUTH on your MTA and you do not want external clients to use SMTP AUTH through ASSP - select t
Is it other smtp server or my including my mail client ? Could this cause the 530 prob.
-----------------------
Still checking the log

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-23 04:50

when i send from external ( gmail ) to my mail
this is what i get in the log ( directly )
Jul-22-10 20:35:10 02110-03314 [RelayAttempt] 192.168.2.1 <xxxx@gmail.com> relay attempt blocked for: xxxx@xxxx.com.cn;
192.168.2.1 is my firewall ISA Server 2006

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-07-23 04:54

Hey wpsd.lauw,
I suspect that is your issue.. Don't think you want mail. on there unless people email you user@mail.yourdomain.com.cn which I doubt.. So likely you want xxxx.com.cn because that is your domain name vs host name..

I'd get that domain fixed 1st before you mess with that AUTH option (keep in mind you can have more than 1 domain either in the text file or using the file method). I suspect you want that enabled (and in do not have ASSP auth) which should be default I think unless you have some way for ASSP to know your usernames & passwords (like LDAP) vs having it pass them thru to hmail to auth instead. Not messed with it much as I don't have ASSP authenticate users & rely on the mail server to do that.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-07-23 04:57

wpsd.lauw wrote:when i send from external ( gmail ) to my mail
this is what i get in the log ( directly )
Jul-22-10 20:35:10 02110-03314 [RelayAttempt] 192.168.2.1 <xxxx@gmail.com> relay attempt blocked for: xxxx@xxxx.com.cn;
192.168.2.1 is my firewall ISA Server 2006
Keep in mind since ASSP is proxy & not transparent all connections to hmail will appear to come from your ASSP IP (if on same server as hmail it will be same IP) so logs will show such and all IP-based testing in hmail will need to be disabled (like SPF and DNS blacklists) because you enable those in ASSP & rely on it to test the incoming IP..
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-23 05:11

Thanks for the info.

Have to wait 6 hours to try deploy it again. sucks when you don't have spare computer.

Yesterday after deploy and close down ASSP, hmailserver overload by error about asynchronus things.

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-25 03:27

Hey wpsd.lauw,
I suspect that is your issue.. Don't think you want mail. on there unless people email you user@mail.yourdomain.com.cn which I doubt.. So likely you want xxxx.com.cn because that is your domain name vs host name..
I change it to the correct address it's still not working and still return with :
The error that the other server returned was: 530 530 Relaying not allowed (state 14)

When sending from outside I check the SMTP Connection in ASSP it appears for a second
so it's mean ASSP already accept the mail ,no ?

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-25 03:53

Do I need additional SMTP server to relay from port 25 to 125 ?

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-07-25 04:05

You really need to check both the ASSP & hmail logs to see what is going on.. My guess is before it was ASSP stopping before it got to hmail but now hmail is stopping based on the server & receiver & IP range. But logs should tell you more.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-25 04:16

I got this logs in ASSP

Jul-25-10 10:05:39 *** 192.168.x.x:125 didn't work, trying others...; (125 is smtp destination )
Jul-25-10 10:05:39 Couldn't create server socket to 125 -- aborting connection;

three times than :
relay attempt blocked

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-25 04:29

hmail server logs
"TCPIP" 3628 "2010-07-25 10:24:30.625" "TCPConnection - Posting AcceptEx on 0.0.0.0:125"
"DEBUG" 3628 "2010-07-25 10:24:30.625" "Creating session 65"
"SMTPD" 3628 65 "2010-07-25 10:24:30.635" "127.0.0.1" "SENT: 220 wpsdnet.dynalias.org ESMTP"
"SMTPD" 3628 65 "2010-07-25 10:24:30.986" "127.0.0.1" "RECEIVED: EHLO ASSP.nospam"
"SMTPD" 3628 65 "2010-07-25 10:24:30.996" "127.0.0.1" "SENT: 250-wpsdnet.dynalias.org[nl]250-SIZE 20480000[nl]250 AUTH LOGIN"
"SMTPD" 3628 65 "2010-07-25 10:24:31.356" "127.0.0.1" "RECEIVED: MAIL FROM:<wpsd2006@gmail.com>"
"DEBUG" 3628 "2010-07-25 10:24:31.366" "Total spam score: 0"
"SMTPD" 3628 65 "2010-07-25 10:24:31.366" "127.0.0.1" "SENT: 250 OK"
"SMTPD" 3628 65 "2010-07-25 10:24:32.077" "127.0.0.1" "RECEIVED: QUIT"
"DEBUG" 3628 "2010-07-25 10:24:32.077" "Deleting message file"
"SMTPD" 3628 65 "2010-07-25 10:24:32.087" "127.0.0.1" "SENT: 221 goodbye"
"DEBUG" 3636 "2010-07-25 10:24:32.087" "Closing TCP/IP socket"
"DEBUG" 3636 "2010-07-25 10:24:32.128" "Ending session 65"
ASSP - Maillog Tail
Jul-25-10 10:24:31 24671-01892 [RelayAttempt] 74.125.83.178 <wpsd2006@gmail.com> relay attempt blocked for: admin@wpsdnet.dynalias.org;
*I change the environment using Virtual PC for testing purpose and reproduce the same error :D

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-07-25 05:01

wpsd.lauw wrote:I got this logs in ASSP

Jul-25-10 10:05:39 *** 192.168.x.x:125 didn't work, trying others...; (125 is smtp destination )
Jul-25-10 10:05:39 Couldn't create server socket to 125 -- aborting connection;

three times than :
relay attempt blocked
In ASSP how many servers do you have setup? Just the one 192.168.x.x:125 one or others? That log snippet is odd because it makes it appear ASSP is having trouble connecting to your hmail & nothing to do with blocking relaying of email.
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-07-25 05:05

wpsd.lauw wrote: ASSP - Maillog Tail
Jul-25-10 10:24:31 24671-01892 [RelayAttempt] 74.125.83.178 <wpsd2006@gmail.com> relay attempt blocked for: admin@wpsdnet.dynalias.org;
*I change the environment using Virtual PC for testing purpose and reproduce the same error :D
Based on your ASSP/hmail logs it appears hmail never gets a chance to reject the email because ASSP blocks it with the relaying denied message. (Notice how in your hmail log snip it says OK then QUIT without any reject by hmail? That is because ASSP blocked it.)

Based on your ASSP log that dynalias.org recipient is not the domain you mentioned earlier.. Is that yours too? If so that domain needs to be added to ASSP's domains list in the relay section otherwise ASSP is doing what it is supposed to since I doubt gmail.com is your domain..
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-25 05:08

One only

192.168.x.x
ASSP Listen 25, Destination 125
HMailServer SMTP port 125
Jul-25-10 10:05:39 *** 192.168.x.x:125 didn't work, trying others...; (125 is smtp destination )
Jul-25-10 10:05:39 Couldn't create server socket to 125 -- aborting connection;
Might be cause when I restarting the hmailserver

When I send the email again from gmail it's only appear
Jul-25-10 10:24:31 24671-01892 [RelayAttempt] 74.125.83.178 <wpsd2006@gmail.com> relay attempt blocked for: admin@wpsdnet.dynalias.org;

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-25 05:13

Sorry

I have two working environment

Office Server:
dns is xxx.com.cn

and Virtual Server in my Home Computer:
dns is the one with dynalias.org

It is seperate environment same settings, just different in the IP and dns name
I cant work with the office server since I have to be in the office to set it

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-25 05:29

OUch found the problem

Sorry for the trouble Bill
I suspect that is your issue.. Don't think you want mail. on there unless people email you user@mail.yourdomain.com.cn which I doubt.. So likely you want xxxx.com.cn because that is your domain name vs host name..
I thought I only need to change the default local domain in the relaying section
Based on your ASSP log that dynalias.org recipient is not the domain you mentioned earlier.. Is that yours too? If so that domain needs to be added to ASSP's domains list
I needed to add it in the Local Domains to ( haven't add it since the first time )

It works now

Thank you very much
next will be rebuilding db

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-07-25 06:26

Woo cool! Glad you got it working. No worries, we all have those days so be happy you got past it. :)

And yeah if you restart hmail server ASSP will show those connection errors, that'd be expected & normal in that case.

If you run into further problems always remember you need to keep in mind both ASSP & hmail are involved and as such be sure narrow down to which is the issue based on the logs. The good news is once you get them working together it should be pretty smooth but odds are there will be times you need to diagnose troubles getting emails or trace email arriving & often that requires going back & forth between ASSP & hmail logs to do that.
Cheers!
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-26 02:20

After yesterday settings the smtp look like this

Internet--(25)---> Firewall --(25)--->ASSP --(125)--->Mail Server
Mail Server --(125)--->Firewall--(125)--->Internet

So It's only filtering the incoming email from outside ( inbound ).
The outbound one. Here's the things the smtp settings in clients is go to a dns name mail.xxxx.com.cn so when they sending an email it should be like above process since they need to go out resolve the mail.xxxx.com.cn first and pass the mail to the mail.xxxx.com.cn so I don't need to create something like this

http://sourceforge.net/apps/mediawiki/a ... d_Workflow - Example with same IP and different ports

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-07-26 02:52

Not sure if I follow your outbound.. hmail will send out on port 25 (as that's the standard for SMTP) unless you setup an SMTP Relayer (like thru ISP as smarthost) or a special route. Are you having troubles sending with your current setup or are you just reporting how you have it?

Btw, something you might consider is setting up an extra port in firewall/router & hmail that is just for your own users to send email, bypassing ASSP.. Perhaps even enable SSL but definitely enable SMTP Authentication required. Maybe port 587 or 465 or any you choose that is not in use.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-07-26 03:22

Are you having troubles sending with your current setup or are you just reporting how you have it?
I just reporting what I have ,no trouble sending the mail.

My Outbound should be look like this ( ASSP catch it - I can see it in the SMTP Activity )
Local User ( my mail client ) behind FW:
User--(25)-->FW--(25)--->mail.xxxx.com.cn--(25)--->FW--(25)--->ASSP--(125)--->HMS--(125)--->FW--(125)--->Internet

Internet User ( my mail client ) outside FW:
Internet User--(25)--->mail.xxxx.com.cn--(25)--->FW--(25)--->ASSP--(125)--->HMS--(125)--->FW--(125)--->Internet
Not sure if I follow your outbound.. hmail will send out on port 25 (as that's the standard for SMTP) unless you setup an SMTP Relayer (like thru ISP as smarthost) or a special route.
Does that's mean hmail will always send using port 25 or I can change the port in the Advance -> TCP/IP Ports on HMS ?
Btw, something you might consider is setting up an extra port in firewall/router & hmail that is just for your own users to send email, bypassing ASSP.
I prefer to let them pass ASSP first, looks like there is some virus in the clients that sending spam.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-07-26 04:03

wpsd.lauw wrote: I just reporting what I have ,no trouble sending the mail.

Does that's mean hmail will always send using port 25 or I can change the port in the Advance -> TCP/IP Ports on HMS ?

I prefer to let them pass ASSP first, looks like there is some virus in the clients that sending spam.
Ahh OK good to hear you got it.

Advanced->TCP/IP ports is for INCOMING (what hmail listens on) not for OUTGOING/sending/source..
Don't confuse hmail source port with destination port.. The important part is that for hmail to be able to send to other public servers it must connect TO port 25 on their end, other than a few rare possible exceptions. (Generally only if you relay thru another server or if you know the other server wants a different port). Other than that I can't imagine why you'd want hmail to not connect using port 25.

Yes there are pros/cons of having users filtered but indeed pros likely outweigh the cons for many. ;)
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-08-02 11:40

Helpppp!!

What should I do I got blocked again by cbl ASSP is full on

Right I forget to tell I was in China and most of the email I received from china mail server such as 163 126
doesn't use utf8 charset they prefer to use gb2312 - most of them listed in assp bomb.

I delete one of them, to low their score but still out of spam range.

What about bayesian spam is it ok to open that , since the first installing its always in test mode

User avatar
katip
Senior user
Senior user
Posts: 1158
Joined: 2006-12-22 07:58
Location: Istanbul

Re: ASSP Relaying

Post by katip » 2010-08-02 13:57

Hi,

I would suggest to signup and open a thread on "assp-user" mailing list on sourceforge since this strarts to sound rather assp-specific meanwhile.
Katip
--
HMS 5.7, MariaDB 10.4.10, SA 4.0.0, ClamAV 0.103.8

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-08-02 16:15

wpsd.lauw wrote:Helpppp!!

What should I do I got blocked again by cbl ASSP is full on

Right I forget to tell I was in China and most of the email I received from china mail server such as 163 126
doesn't use utf8 charset they prefer to use gb2312 - most of them listed in assp bomb.

I delete one of them, to low their score but still out of spam range.

What about bayesian spam is it ok to open that , since the first installing its always in test mode
Blocking incoming or outgoing? If it's YOUR ASSP stopping it quick fix is to turn off CBL check or change it to score-only.. Then figure out best course of action when you're not in panic mode.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

wpsd.lauw
Normal user
Normal user
Posts: 108
Joined: 2009-12-08 07:07

Re: ASSP Relaying

Post by wpsd.lauw » 2010-08-06 02:08

Found the problem

But it's in the firewall looks like I forget to close other client port 25
It could be virus sending the mail without passing my ASSP

Just want to ask what is the errors > spam/notspam folder for ?

For now if I found good email on the spam folder I just move it to notspam folder and the other way around

Or should I move to the error folder ?

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: ASSP Relaying

Post by Bill48105 » 2010-08-09 13:48

I don't use that part of ASSP myself but I think the 'error' folders are where you put false positives (as in what was detected wrong) to help fix ASSP but you better read up a bit more on it to be sure because not sure if you put opposite or not.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

ObiWan
Senior user
Senior user
Posts: 281
Joined: 2010-07-21 14:30
Location: Halfway between Germany and Egypt

Re: ASSP Relaying

Post by ObiWan » 2010-08-23 15:52

wpsd.lauw wrote:Hi All

Just finish and success installing ASSP, I would like to implement this normal method

Internet --(25)-->Firewall --(25)-->ASSP--(125)-->HMailServer--(125)-->Firewall--->Internet

Firewall = Win2003 with ISA 2006
ASSP & HMailServer = Win 2003 ( same computer )

After I deploy the ASSP and start the service outside email cannot arrive to my mail server

Gmail Return :
The error that the other server returned was: 530 530 Relaying not allowed (state 14)


From what I understand :
1. The relay from port 25 to 125 inside ASSP is not working cuz I set it wrong
2. If it possible to do relaying inside one computer ( same IP different Port ) ?
Sorry for being late on this :(

My suggestion is to setup things as follows:

Install the "Microsoft Loopback adapter" and set it up with a private IP falling
inside a private subnet not used by you; for example 172.30.254.254/24

Install the Microsoft IIS SMTP service and bind it to 172.30.254.254:125

Install the hMailServer and bind it to 172.30.254.254:225

Install ASSP and bind it to your public/main IP on ports 25, 465 (listeportSSL)
and 587 (listenport2), set "smtpdestination" to 172.30.254.254:225, do the
same with "smtpdestinationSSL" and "smtpAuthServer" check it's working by
running a telnet against the port 25 of the box, you should get back your
hMailServer prompt

Now set ASSP "relayport" to 172.30.254.254:25 and also set the ASSP "relayhost"
to 172.30.254.254:125 (aka the IIS SMTP listen address); try running telnet against
172.30.254.254:25 and if all ok, you should see the IIS SMTP banner

Configure hMailServer to use 172.30.254.254:25 as the smarthost for all the outgoing
email messages

Now, ensure that both hMailServer and the IIS SMTP allow relaying from 172.30.254.254
also, edit the ASSP "localDomains" and enter all the domains you're handling locally

You're done; your mail flow will now look as follows

* Incoming
sender -> <public-ip>:25 (ASSP) -> 172.30.254.254:225 (hMailServer)

* outgoing
172.30.254.254 (hMailServer) -> 172.30.254.254:25 (ASSP relayport) -> 172.30.254.254:125 (IIS SMTP) -> external destination

HTH

Post Reply