Maged Shaker
2006-12-03 11:53:45 UTC
Dear all
The banners is different with the telnet command from diffirent
locations,That I was try to telnet from the dmz zone on port 25 of the
Qmail Server ,
and telnet on port 25 of the Qmail server from internet "Dailup Users" , so
i check smtp proxy feature is enable in the firewall but is disabled by
default , what possible reason for this problem other firewall .
Thanks
Maged Shaker
banner. on a qmail server, this banner is the number "221" followed
by ( the contents of /var/qmail/control/smtpgreeting, or /var/qmail/
control/me if there is no smtpgreeting file ) , followed by "ESMTP".
try this: telnet to the server's port 25 from a machine in the same
DMZ segment, and then telnet to the server's port 25 from a machine
"outside" (i.e. from a dialup session.)
first, are the banners the same?
second, watch the logs from your SMTP service (using a "tail -F" or
"tail --follow=name" command.) when the machine in your DMZ connects,
you will see log entries about the connection. are you also seeing
these log entries when an outside machine connects?
if the banners are not the same and the logs don't appear when an
outside machine tries to connect, then the outside machines are not
actually connecting to your server in the first place- probably
because your firewall is intercepting incoming SMTP traffic.
many firewalls include an SMTP proxy, where the firewall accepts
incoming mail from the outside world as if it were a mail server, and
then forwards it on to your real mail server inside the firewall.
this can be a good thing, but if you are trying to configure qmail to
do anything special (such as TLS or AUTH) then it's a bad thing, as
outside clients can't get to your qmail server in the first place.
--------------------------------------------------
| John M. Simpson - KG4ZOW - Programmer At Large |
--------------------------------------------------
| Mac OS X proves that it's easier to make UNIX |
| pretty than it is to make Windows secure. |
--------------------------------------------------
--
Regards,
maged mahmod
Technical consultant
ValueSYS
Mobile:(012)3858696
Tel: +2 02 2682887 / 2682552
Fax: +2 02 2674346
Web: www.ValueSYS.net
www.parameg.net
The banners is different with the telnet command from diffirent
locations,That I was try to telnet from the dmz zone on port 25 of the
Qmail Server ,
and telnet on port 25 of the Qmail server from internet "Dailup Users" , so
i check smtp proxy feature is enable in the firewall but is disabled by
default , what possible reason for this problem other firewall .
Thanks
Maged Shaker
The Qmail system is installed in DMZ zone and has private IP
address ,so when i test the qmail from The same subnet with telnet
command when i typed EHLO command the output listed what qmail
authentication method Support , the strange case when try to test the
qmail server from Internet with telnet command when typed EHLO the
output display 502 unimplemented (#5.5.1)
when you telnet to port 25, the first thing the server sends is aaddress ,so when i test the qmail from The same subnet with telnet
command when i typed EHLO command the output listed what qmail
authentication method Support , the strange case when try to test the
qmail server from Internet with telnet command when typed EHLO the
output display 502 unimplemented (#5.5.1)
banner. on a qmail server, this banner is the number "221" followed
by ( the contents of /var/qmail/control/smtpgreeting, or /var/qmail/
control/me if there is no smtpgreeting file ) , followed by "ESMTP".
try this: telnet to the server's port 25 from a machine in the same
DMZ segment, and then telnet to the server's port 25 from a machine
"outside" (i.e. from a dialup session.)
first, are the banners the same?
second, watch the logs from your SMTP service (using a "tail -F" or
"tail --follow=name" command.) when the machine in your DMZ connects,
you will see log entries about the connection. are you also seeing
these log entries when an outside machine connects?
if the banners are not the same and the logs don't appear when an
outside machine tries to connect, then the outside machines are not
actually connecting to your server in the first place- probably
because your firewall is intercepting incoming SMTP traffic.
many firewalls include an SMTP proxy, where the firewall accepts
incoming mail from the outside world as if it were a mail server, and
then forwards it on to your real mail server inside the firewall.
this can be a good thing, but if you are trying to configure qmail to
do anything special (such as TLS or AUTH) then it's a bad thing, as
outside clients can't get to your qmail server in the first place.
--------------------------------------------------
| John M. Simpson - KG4ZOW - Programmer At Large |
--------------------------------------------------
| Mac OS X proves that it's easier to make UNIX |
| pretty than it is to make Windows secure. |
--------------------------------------------------
Regards,
maged mahmod
Technical consultant
ValueSYS
Mobile:(012)3858696
Tel: +2 02 2682887 / 2682552
Fax: +2 02 2674346
Web: www.ValueSYS.net
www.parameg.net