Nothing is logged about the refused connection in maillog.txt (I checked) because the port is not in use. I'm doing watch -n 1 netstat -tulpn | grep 225 to monitor for that port and the output remains empty. Searching for port 125 nicely shows the Postfix process though.
Yes, the user must be allowed to use the lower ports. So I tried with port 2250, which should work for any user. Unfortunately this produced the same results. Running the script as root, same thing. I'm out of ideas. It's no great problem because port 25 works just fine, it's just that I'd like to understand the fault in my reasoning. Of the five steps I described earlier, would you please point out to me which one is erroneous? I hope I'm not taking too much of your time but if I am perhaps someone else on this mailing list would like to share their thoughts. Thanks! Martin From: Thomas Eckardt <thomas.ecka...@thockar.com> To: For Users of ASSP <assp-user@lists.sourceforge.net> Date: 22-09-2016 13:06 Subject: Re: [Assp-user] Function of relayPort >If my logic is flawed the question is: what am I doing wrong? The maillog.txt at startup will show the reason. - the user must be allowed to use lower ports - the IP:port must be unused - if only the port is defined, the port must be unused at all IP's Thomas Von: m.huij...@evergreen-shipping.nl An: For Users of ASSP <assp-user@lists.sourceforge.net> Datum: 22.09.2016 12:35 Betreff: Re: [Assp-user] Function of relayPort I understand. That's why I use Postfix as a mailserver on my ASSP box. Postfix does SMTP on port 125, which is also the value of smtpDestination. So: if relayPort has a value that means relayHost must also have a value, and if it hasn't it will use smtpDestination. Which should use Postfix local relative to ASSP. So in the logical sense this means: [ physical server 1: Domino mail server ] --> [ physical server 2: ASSP (port 225) --> Postfix ] --> internet As I understand it, ASSP's logic goes like this: 1. Mail is sent from the mail server (in this test setup a Postfix server, but in my production setup a bunch of Domino servers) to the ASSP machine on port 225. 2. ASSP receives the mail, does whitelist additions if so instructed, and passes it on to Postfix on to relayHost. 3. relayHost is blank so it looks to smtpDestination for further instructions. 4. smtpDestination is set to value 125, which means "use the address on which the connection was received with port 125". This is Postfix on that same machine. 5. Postfix sends out the mail to the internet, what with it being a mail server and all. At step #2 this process ends. ASSP does not receive the mail and the sending mail server logs this message: connect to [192.168.1.2]:225: Connection refused. If the above logic (the five steps) is correct then the question is: why is ASSP not listening on port 225 as instructed? If my logic is flawed the question is: what am I doing wrong? Thank you for your time! Martin From: Thomas Eckardt <thomas.ecka...@thockar.com> To: For Users of ASSP <assp-user@lists.sourceforge.net> Date: 22-09-2016 12:03 Subject: Re: [Assp-user] Function of relayPort ASSP is a PROXY not a mail server. It requires SMTP mail servers at both communication (in and out) ends. Thomas Von: m.huij...@evergreen-shipping.nl An: For Users of ASSP <assp-user@lists.sourceforge.net> Datum: 22.09.2016 11:48 Betreff: Re: [Assp-user] Function of relayPort Hi Thomas, Thanks for your response. We send out mail directly to the internet, not through a relay server at out ISP's. In our case: Domino mail server -> ASSP (relayPort 225) -> internet I would like to be able to use relayPort without setting up relaying to an upstream server. Is that possible with the current version of ASSP? Martin From: Thomas Eckardt <thomas.ecka...@thockar.com> To: For Users of ASSP <assp-user@lists.sourceforge.net> Date: 22-09-2016 10:50 Subject: Re: [Assp-user] Function of relayPort >"Normally", a server on the lan that needs to be able to relay mail to the >internet would be placed in acceptAllMail. No, the usage of the relayPort and relayHost is recommended. incoming: internet -> ASSP(25) -> domain based mail router (may be not required) -> domino outgoing: domino -> domain based mail router (may be not required) -> ASSP(225 - relayPort) -> ISP or your own mail relay (relayHost) -> internet Thomas Von: m.huij...@evergreen-shipping.nl An: assp-user@lists.sourceforge.net Datum: 22.09.2016 09:53 Betreff: [Assp-user] Function of relayPort Hi, I have a question about the function of the relayPort variable. I apologize for the long text ;) I'm running a test setup using two servers, both running Debian 8.6 and Postfix. One is the 'end user' mail server (192.168.1.3), the other Postfix + ASSP (192.168.1.2). "Normally", a server on the lan that needs to be able to relay mail to the internet would be placed in acceptAllMail. By default ASSP listens on port 25 for mail from the lan to the internet (Postfix runs on port 125 on the ASSP machine). So in my end user mail server I have "relayhost = 192.168.1.2" and that works fine: if I send out a mail I see it passing through ASSP (not running as a daemon but showing everything in the console). So far so good. On my production server however I have relayPort set to 225 and my IBM Domino mailservers use *that* port to relay outgoing mail through ASSP. The production ASSP server also runs Postfix on port 225. Now as I understood it, relayPort is meant to be an extra port, sort of like security through obscurity, that allows you to relay outgoing mail on a non-standard port. The fact that this is working in my production environment corroberates that. Now, if I set relayPort to 225 in my test setup and put 192.168.1.3 (the 'end user' mail server) in allowRelayCon (it is also still in acceptAllMail) and on my mail server change relayhost to 192.168.1.2:225 (and reload or even restart Postfix) then mail is not relayed by ASSP. It leaves the mail server but it doesn't get picked up by ASSP. Restarting ASSP or rebooting the ASSP server does not change this. If I do netstat -tulpn | grep 225 on the server I can see that port 225 is not open. (Interestingly it also seems not to be open on my production ASSP machine while I'm pretty sure that *does* work.) If I change things back the mail gets delivered. Here comes the part where it gets confusing: when changing the relayPort value, a green line underneath the value box is shown reading: "relayHost () and relayPort (225) must be defined to enable relaying". Aha. relayHost, if I am not mistaken, has to do with mailservers upstream from ASSP: your isp's relay server. Suddenly we go from relaying mail internally to relaying mail to an outside server. We go from within the lan to outside. My question here is: why do I need to set up relaying to a server at my isp's (which they haven't) when I all I want to do is set up relaying from my 'end user' mail server to my ASSP box? Those have got nothing to do with each other. Thank you in advance for any enlightenment you can bring me on this subject! Have a great day :) Martin ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
------------------------------------------------------------------------------
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
