On 1/30/2013 12:11 AM, Mark Casey wrote: > Sorry if this is beating a dead horse as I'm aware this is supposed to > just work, but I'm no longer able to relay through my ASSP server (ASSP > version 2.2.2(12343) running on perl 5.12.5). It was working before and > I'm not sure what has changed. I have our local domains filled in on the > Recipients/Local Domains page (they are filled in on localDomains, but > LocalAddresses_Flat is blank, as it always was). > > I do not have ASSP configured to allow relay from the IP range I'm in > but I have set my client to use auth. I've tried both Thunderbird and > Outlook and set the outgoing server to use SSL on ASSP's listenPortSSL; > smtpDestinationSSL is blank. Emails coming in from 3rd parties arriving > to ASSP on port 25 are seeing no problems, but I get relaying errors > when I try to send offsite with or without SSL (to the coordinating, > appropriate port, of course). > > The maillog shows (note: I've lightly sanitized the email addresses): > Jan-29-13 23:16:14 m1-22974-09671 [Worker_1] [SSL-in] 172.10.0.201 > <markc <at> unifiedgroup.com> info: found message size announcement: 399 > Byte > Jan-29-13 23:16:14 m1-22974-09671 [Worker_1] [SSL-in] 172.10.0.201 > <markc <at> unifiedgroup.com> Message-Score: added -10 (tlsValencePB) > for SSL-TLS-connection-OK, total score for this message is now -10 > Jan-29-13 23:16:14 m1-22974-09671 [Worker_1] [SSL-in] 172.10.0.201 > <markc <at> unifiedgroup.com> Message-Score: added 5 (fiphValencePB) for > Suspicious HELO - contains IP: '[172.10.0.201]', total score for this > message is now -5 > Jan-29-13 23:16:14 m1-22974-09671 [Worker_1] [SSL-in] 172.10.0.201 > <markc <at> unifiedgroup.com> [scoring] (Suspicious HELO - contains IP: > '[172.10.0.201]') > Jan-29-13 23:16:14 [Worker_1] LDAP - found markc <at> unifiedgroup.com > in LDAPlist > Jan-29-13 23:16:14 m1-22974-09671 [Worker_1] [SSL-in] [SpoofedSender] > 172.10.0.201 <markc <at> unifiedgroup.com> [monitoring] (No Spoofing > Allowed 'markc <at> unifiedgroup.com' in 'mailfrom') > Jan-29-13 23:16:14 m1-22974-09671 [Worker_1] [SSL-in] [RelayAttempt] > 172.10.0.201 <markc <at> unifiedgroup.com> relay attempt blocked for: > markc4 <@> gmail.com > Jan-29-13 23:16:14 m1-22974-09671 [Worker_1] [SSL-in] 172.10.0.201 > <markc <at> unifiedgroup.com> Message-Score: added 10 (rlValencePB) for > relay attempt blocked for: markc4 <@> gmail.com, total score for this > message is now 5 > Jan-29-13 23:16:14 m1-22974-09671 [Worker_1] [SSL-in] 172.10.0.201 > <markc <at> unifiedgroup.com> [SMTP Error] 530 Relaying not allowed > > I have two ASSP hosts (independent of one another) running now that are > behaving the same way. One is prod (and running local on the mail > server) and one I'm just testing with and trying to relay through (it is > in a VM). > > Also, two quick questions. > -What IS the difference between localDomains and LocalAddresses_Flat? > -Can smtpDestinationSSL be set to point at our server's SSL port? That > is, have ASSP use SSL when relaying my SSL connection, or must > smtpDestinationSSL point at a plaintext port? I currently get noting at > all when I point it at the mail server's SSL port, which I was sure > worked before. > > Thank you in advance for any insight, > Mark > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_jan > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user
Wow that was dumb... Apparently several versions back my mail distro switched to requiring TLS before AUTH on port 25. That part of the change to their config template simply didn't take when I upgraded, until recently when I had to remove the server's external IPs from the relayclients list (because it was verifying any and all addresses and then causing bounces). I think I'm all set now, as I'll look into whether ASSP can do the requested tls before auth later on. I'll re-state those earlier questions though in case anyone can clue me in on those. -What IS the difference between localDomains and LocalAddresses_Flat? -Can smtpDestinationSSL be set to point at our server's SSL port? That is, have ASSP use SSL when relaying my SSL connection, or must smtpDestinationSSL point at a plaintext port? I currently get noting at all when I point it at the mail server's SSL port, which I was sure worked before. Thanks, Mark ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
