Hi all!
There seems to be a problem with inbound emails with addresses
in the form name@[ip_of_mailserver] (domain literal) not
getting through the firewall (Raptor 6.5 on NT4/SP5).
Other inbound/outbound email works fine with standard
email rules, but inbound email to user@[ip_number] doesn't.
According to RFC-1123 and RFC-822 this is a MUST for
mailsystems - and in this particular case our customer NEEDS
to have that working. When sending such email with standard
email rules defined on the firewall the sender gets an error
email returned (Error 553, but that may depend on the mailserver
involved) and two log entries are generated in firewall log:
firewall smtp[298]: 343 smtpd Warning: Sender
<sender_address> from sending_system_name ([sending_system_ip])
tried to send to '<user@[ip_of_firewall]>' - Bad command
format
firewall smtp[298]: 121 Statistics:
duration=0.59 user=<sender_address> id=fUkl1 sent=106
rcvd=192 srcif=Vpn3 src=sending_system_ip/port
cldst=ip_of_firewall/25 svsrc=fw_internal_ip/5104 dstif=Vpn4
dst=internal_mailserver_ip/25 op="To 1 recips" proto=smtp
rule=2 (Bad command format)
Modifying the rule for inbound email or using a new rule
without use of smtp* doesn't help. When using a generic service
instead of smtp* the sender doen't get a reply, but email doesn't
go through either. In this case only one warning is logged, similar
to the second one above, instead of "rule=2 (Bad command format)"
it says "rule=2 (User authentication not possible)".
Modifying the options for smtp* within the rule has no effect.
Has anybody any idea how to configure the Raptor firewall to get
that working ?
There seems to be a problem with inbound emails with addresses
in the form name@[ip_of_mailserver] (domain literal) not
getting through the firewall (Raptor 6.5 on NT4/SP5).
Other inbound/outbound email works fine with standard
email rules, but inbound email to user@[ip_number] doesn't.
According to RFC-1123 and RFC-822 this is a MUST for
mailsystems - and in this particular case our customer NEEDS
to have that working. When sending such email with standard
email rules defined on the firewall the sender gets an error
email returned (Error 553, but that may depend on the mailserver
involved) and two log entries are generated in firewall log:
firewall smtp[298]: 343 smtpd Warning: Sender
<sender_address> from sending_system_name ([sending_system_ip])
tried to send to '<user@[ip_of_firewall]>' - Bad command
format
firewall smtp[298]: 121 Statistics:
duration=0.59 user=<sender_address> id=fUkl1 sent=106
rcvd=192 srcif=Vpn3 src=sending_system_ip/port
cldst=ip_of_firewall/25 svsrc=fw_internal_ip/5104 dstif=Vpn4
dst=internal_mailserver_ip/25 op="To 1 recips" proto=smtp
rule=2 (Bad command format)
Modifying the rule for inbound email or using a new rule
without use of smtp* doesn't help. When using a generic service
instead of smtp* the sender doen't get a reply, but email doesn't
go through either. In this case only one warning is logged, similar
to the second one above, instead of "rule=2 (Bad command format)"
it says "rule=2 (User authentication not possible)".
Modifying the options for smtp* within the rule has no effect.
Has anybody any idea how to configure the Raptor firewall to get
that working ?