Once again: Logs connection from lan to mail server: (iptables -t nat POSTROUTING -s 192.168.5.0/24 -d !IP_mail_server -o eth0 -j STAN --to-source IP_MY_WAN_NETWORK
exim -bd -q15m -d .... 18962 Listening... 18962 Connection request from 192.168.5.10 port 3308 18962 search_tidyup called 18962 1 SMTP accept process running 18962 Listening... 18965 host in rfc1413_hosts? yes (matched "*") 18965 doing ident callback 18965 ident connection to 192.168.5.10 failed: Connection timed out 18965 sender_fullhost = [192.168.5.10] 18965 sender_rcvhost = [192.168.5.10] 18965 Process 18965 is handling incoming connection from [192.168.5.10] 18965 checking for IP options 18965 no IP options found 18965 host in host_lookup? yes (matched "*") 18965 looking up host name for 192.168.5.10 18965 DNS lookup of 10.5.168.192.in-addr.arpa (PTR) succeeded 18965 IP address lookup yielded wr1.richter.net 18965 gethostbyname looked up these IP addresses: 18965 name=wr1.richter.net address=192.168.5.10 18965 checking addresses for wr1.richter.net 18965 192.168.5.10 OK 18965 sender_fullhost = wr1.richter.net [192.168.5.10] 18965 sender_rcvhost = wr1.richter.net ([192.168.5.10]) 18965 set_process_info: 18965 handling incoming connection from wr1.richter.net [192.168.5.10] 18965 host in host_reject_connection? no (option unset) 18965 host in sender_unqualified_hosts? no (option unset) 18965 host in recipient_unqualified_hosts? no (option unset) 18965 host in helo_verify_hosts? no (option unset) 18965 host in helo_try_verify_hosts? yes (matched "*") 18965 host in helo_accept_junk_hosts? no (option unset) 18965 using ACL "acl_check_connect" 18965 processing "defer" 18965 check ratelimit = 10 / 1m / per_conn / strict / conn_m_$sender_host_address 18965 = 10 / 1m / per_conn / strict / conn_m_192.168.5.10 18965 ratelimit condition limit=10 period=60 key=1m/per_conn/strict/conn_m_192.168.5.10 18965 locking /path/to/exim/db/ratelimit.lockfile 18965 locked /path/to/db/ratelimit.lockfile 18965 EXIM_DBOPEN(/path/to/exim/db/ratelimit) 18965 returned from EXIM_DBOPEN 18965 opened hints database /path/to/exim/db/ratelimit: flags=O_RDWR 18965 dbfn_read: key=1m/per_conn/strict/conn_m_192.168.5.10 18965 dbfn_write: key=1m/per_conn/strict/conn_m_192.168.5.10 18965 ratelimit db updated 18965 ratelimit computed rate 0.4 18965 defer: condition test failed 18965 processing "defer" 18965 check ratelimit = 70 / 20m / per_conn / strict / conn_h_$sender_host_address 18965 = 70 / 20m / per_conn / strict / conn_h_192.168.5.10 18965 ratelimit condition limit=70 period=1200 key=20m/per_conn/strict/conn_h_192.168.5.10 18965 locking /path/to/exim/db/ratelimit.lockfile 18965 locked /path/to/db/ratelimit.lockfile 18965 EXIM_DBOPEN(/path/to/exim/db/ratelimit) 18965 returned from EXIM_DBOPEN 18965 opened hints database /path/to/exim/db/ratelimit: flags=O_RDWR 18965 dbfn_read: key=20m/per_conn/strict/conn_h_192.168.5.10 18965 dbfn_write: key=20m/per_conn/strict/conn_h_192.168.5.10 18965 ratelimit db updated 18965 ratelimit computed rate 1.2 18965 defer: condition test failed 18965 processing "accept" 18965 accept: condition test succeeded 18965 SMTP>> 220-mail.server road to hell :) 18965 220------------------------------------------------- 18965 220-All activities are logged! 18965 220 ------------------------------------------------ 18965 Process 18965 is ready for new message 18965 smtp_setup_msg entered 18965 SMTP<< EHLO wr1 18965 sender_fullhost = wr.lan.net (wr) [192.168.5.10] 18965 sender_rcvhost = wr.lan.net ([192.168.5.10] helo=wr) 18965 set_process_info: 18965 handling incoming connection from wr.lan.net (wr) [192.168.5.10] 18965 verifying EHLO/HELO argument "wr" 18965 getting IP address for wr 18965 gethostbyname returned 1 (HOST_NOT_FOUND) 18965 no IP address found for host wr (during SMTP connection from wr.lan.net (wr) [192.168.5.10]) 18965 LOG: host_lookup_failed MAIN 18965 no IP address found for host wr (during SMTP connection from wr.lan.net (wr) [192.168.5.10]) 18965 EHLO verification failed but host is in helo_try_verify_hosts 18965 host in pipelining_advertise_hosts? yes (matched "*") 18965 host in auth_advertise_hosts? no (end of list) 18965 host in tls_advertise_hosts? yes (end of list) 18965 SMTP>> 250-mail.server Hello wr.lan.net [192.168.5.10] 18965 250-SIZE 104857600 18965 250-8BITMIME 18965 250-PIPELINING 18965 250-STARTTLS 18965 250 HELP 18965 SMTP<< STARTTLS 18965 Diffie-Hellman initialized from /path/to/exim.pem with 4096-bit key 18965 tls_certificate file /path/to/eximcs.crt 18965 tls_privatekey file /path/to/eximcs.key 18965 Initialized TLS 18965 host in tls_verify_hosts? no (option unset) 18965 host in tls_try_verify_hosts? no (option unset) 18965 SMTP>> 220 TLS go ahead 18965 Calling SSL_accept 18965 SSL info: before/accept initialization 18965 SSL info: before/accept initialization 18965 SSL info: SSLv3 read client hello A 18965 SSL info: SSLv3 write server hello A 18965 SSL info: SSLv3 write certificate A 18965 SSL info: SSLv3 write server done A 18965 SSL info: SSLv3 flush data 18965 SSL info: SSLv3 read client key exchange A 18965 SSL info: SSLv3 read finished A 18965 SSL info: SSLv3 write change cipher spec A 18965 SSL info: SSLv3 write finished A 18965 SSL info: SSLv3 flush data 18965 SSL info: SSL negotiation finished successfully 18965 SSL info: SSL negotiation finished successfully 18965 SSL_accept was successful 18965 Cipher: TLSv1:RC4-MD5:128 18965 Shared ciphers: RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA 18965 sender_fullhost = wr.lan.net [192.168.5.10] 18965 sender_rcvhost = wr.lan.net ([192.168.5.10]) 18965 set_process_info: 18965 handling incoming TLS connection from wr.lan.net [192.168.5.10] 18965 TLS active 18965 Calling SSL_read(81d800, 833b40, 4096) 18965 SMTP<< EHLO wr 18965 sender_fullhost = wr.lan.net (wr) [192.168.5.10] 18965 sender_rcvhost = wr.lan.net ([192.168.5.10] helo=wr) 18965 set_process_info: 18965 handling TLS incoming connection from wr.lan.net (wr) [192.168.5.10] 18965 verifying EHLO/HELO argument "wr" 18965 getting IP address for wr 18965 gethostbyname returned 1 (HOST_NOT_FOUND) 18965 no IP address found for host wr (during SMTP connection from wr.lan.net (wr) [192.168.5.10]) 18965 LOG: host_lookup_failed MAIN 18965 no IP address found for host wr (during SMTP connection from wr.lan.net (wr) [192.168.5.10]) 18965 EHLO verification failed but host is in helo_try_verify_hosts 18965 host in pipelining_advertise_hosts? yes (matched "*") 18965 host in auth_advertise_hosts? yes (matched "*") 18965 tls_do_write(801700, 149) 18965 SSL_write(SSL, 801700, 149) 18965 outbytes=149 error=0 18965 SMTP>> 250-mail.server Hello wr.lan.net [192.168.5.10] 18965 250-SIZE 104857600 18965 250-8BITMIME 18965 250-PIPELINING 18965 250-AUTH LOGIN 18965 250 HELP 18965 Calling SSL_read(81d800, 833b40, 4096) 18965 SMTP<< AUTH LOGIN 18965 SMTP>> 334 VXNlcm5hbWU6 18965 tls_do_write(7f1050, 18) 18965 SSL_write(SSL, 7f1050, 18) 18965 outbytes=18 error=0 18965 Calling SSL_read(81d800, 833b40, 4096) 18965 SMTP<< YnNrcnp5cGllYw== 18965 SMTP>> 334 UGFzc3dvcmQ6 18965 tls_do_write(7f1050, 18) 18965 SSL_write(SSL, 7f1050, 18) 18965 outbytes=18 error=0 18965 Calling SSL_read(81d800, 833b40, 4096) 18965 SMTP<< b2xpbXBpanNrYTE0 18965 LOGIN authenticator: 18965 $auth1 = user 18965 $auth2 = password 18965 $1 = user 18965 $2 = password 18965 LDAP parameters: user=uid=user,ou=Users,dc=lan,dc=net pass=password size=0 time=0 connect=0 dereference=0 referrals=on 18965 perform_ldap_search: ldapauth URL = etc. Logs connection from wan to mail server: exim -bd -q15m -d ...... 18983 Listening... 18983 Connection request from WAN_IP port 54303 18983 search_tidyup called 18983 1 SMTP accept process running 18983 Listening... 18991 host in rfc1413_hosts? yes (matched "*") 18991 doing ident callback 18991 ident connection to WAN_IP failed: Connection refused 18991 sender_fullhost = [WAN_IP] 18991 sender_rcvhost = [WAN_IP] 18991 Process 18991 is handling incoming connection from [WAN_IP] 18991 checking for IP options 18991 no IP options found 18991 host in host_lookup? yes (matched "*") 18991 looking up host name for WAN_IP 18991 DNS lookup of WAN_IP.in-addr.arpa (PTR) succeeded 18991 IP address lookup yielded WAN_FQDN 18991 gethostbyname looked up these IP addresses: 18991 name=WAN_FQDN address=WAN_IP 18991 checking addresses for WAN_FQDN 18991 WAN_IP OK 18991 sender_fullhost = WAN_FQDN [WAN_IP] 18991 sender_rcvhost = WAN_FQDN ([WAN_IP]) 18991 set_process_info: 18991 handling incoming connection from WAN_FQDN [WAN_IP] 18991 host in host_reject_connection? no (option unset) 18991 host in sender_unqualified_hosts? no (option unset) 18991 host in recipient_unqualified_hosts? no (option unset) 18991 host in helo_verify_hosts? no (option unset) 18991 host in helo_try_verify_hosts? yes (matched "*") 18991 host in helo_accept_junk_hosts? no (option unset) 18991 using ACL "acl_check_connect" 18991 processing "defer" 18991 check ratelimit = 10 / 1m / per_conn / strict / conn_m_$sender_host_address 18991 = 10 / 1m / per_conn / strict / conn_m_WAN_IP 18991 ratelimit condition limit=10 period=60 key=1m/per_conn/strict/conn_m_WAN_IP 18991 locking /path/tp/exim/db/ratelimit.lockfile 18991 locked /path/to/exim/db/ratelimit.lockfile 18991 EXIM_DBOPEN(/path/to/exim/db/ratelimit) 18991 returned from EXIM_DBOPEN 18991 opened hints database /path/to/exim/db/ratelimit: flags=O_RDWR 18991 dbfn_read: key=1m/per_conn/strict/conn_m_WAN_IP 18991 dbfn_write: key=1m/per_conn/strict/conn_m_WAN_IP 18991 ratelimit db updated 18991 ratelimit computed rate 0.0 18991 defer: condition test failed 18991 processing "defer" 18991 check ratelimit = 70 / 20m / per_conn / strict / conn_h_$sender_host_address 18991 = 70 / 20m / per_conn / strict / conn_h_WAN_IP 18991 ratelimit condition limit=70 period=1200 key=20m/per_conn/strict/conn_h_WAN_IP 18991 locking /path/to/exim/db/ratelimit.lockfile 18991 locked /path/to/exim/db/ratelimit.lockfile 18991 EXIM_DBOPEN(/path/to/exim/db/ratelimit) 18991 returned from EXIM_DBOPEN 18991 opened hints database /path/to/exim/db/ratelimit: flags=O_RDWR 18991 dbfn_read: key=20m/per_conn/strict/conn_h_WAN_IP 18991 dbfn_write: key=20m/per_conn/strict/conn_h_WAN_IP 18991 ratelimit db updated 18991 ratelimit computed rate 0.0 18991 defer: condition test failed 18991 processing "accept" 18991 accept: condition test succeeded 18991 SMTP>> 220-mail.server road to hell :) 18991 220------------------------------------------------- 18991 220-All activities are logged! 18991 220 ------------------------------------------------ 18991 Process 18991 is ready for new message 18991 smtp_setup_msg entered 18991 SMTP<< EHLO [IP] 18991 sender_fullhost = WAN_FQDN ([other IP]) [WAN_IP] 18991 sender_rcvhost = WAN_FQDN ([WAN_IP] helo=[other IP]) 18991 set_process_info: 18991 handling incoming connection from WAN_FQDN ([other IP]) [WAN_IP] 18991 verifying EHLO/HELO argument "[other IP]" 18991 EHLO verification failed but host is in helo_try_verify_hosts 18991 host in pipelining_advertise_hosts? yes (matched "*") 18991 host in auth_advertise_hosts? no (end of list) 18991 host in tls_advertise_hosts? yes (end of list) 18991 SMTP>> 250-mail.server Hello WAN_FQDN [WAN_IP] 18991 250-SIZE 104857600 18991 250-8BITMIME 18991 250-PIPELINING 18991 250-STARTTLS 18991 250 HELP 18991 SMTP<< STARTTLS 18991 Diffie-Hellman initialized from /path/to/exim.pem with 4096-bit key 18991 tls_certificate file /path/to/eximcs.crt 18991 tls_privatekey file /path/to/eximcs.key 18991 Initialized TLS 18991 host in tls_verify_hosts? no (option unset) 18991 host in tls_try_verify_hosts? no (option unset) 18991 SMTP>> 220 TLS go ahead 18991 Calling SSL_accept 18991 SSL info: before/accept initialization 18991 SSL info: before/accept initialization 18991 SSL info: SSLv3 read client hello A 18991 SSL info: SSLv3 write server hello A 18991 SSL info: SSLv3 write certificate A 18991 SSL info: SSLv3 write key exchange A 18991 SSL info: SSLv3 write server done A 18991 SSL info: SSLv3 flush data 18991 SSL info: SSLv3 read client certificate A 18991 LOG: MAIN 18991 TLS error on connection from WAN_FQDN ([other IP]) [WAN_IP] (SSL_accept): error:00000000:lib(0):func(0):reason(0) 18991 TLS failed to start 18991 LOG: smtp_connection MAIN 18991 SMTP connection from WAN_FQDN ([other IP]) [WAN_IP] closed by EOF 18991 search_tidyup called 18983 child 18991 ended: status=0x0 18983 0 SMTP accept processes now running 18983 Listening... Before upgrade etch to lenny was ok. It's a kind of magic? :( Bogdan ---------------------------------------------------- Podróżujemy, planujemy wyprawy, blogujemy Szukamy takich jak My w serwisie Navigeo! Marta i Tomek http://klik.wp.pl/?adr=http%3A%2F%2Fnavigeo.pl&sid=653 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
