Hello all
I've been using Ebox for several time on version 0.11.101 and recently I have successfully run and configure the mail module, but i have one "little" problem... Let me explain:
My environment:
| |-eth1(ext)->IP1->myexternaldomain.com---------------------> Gateway1
eth0 (int) -|EBOX|
| |-eth2(ext)->IP2 (without a domain)------------------------------>Gateway2
In this environment I have succesfully configured firewall rules, two gateways (Gateway1 & Gateway2) and also load balancing for my internal network to use both external lines. All is working as desired
but...
Problem description:
I have configured a mail server on the EBOX box. I have succesfully configured the DNS to point myexternaldomain.com to point to IP1 and I'm able to get messages sent to my domain. The problem comes when I try to send message from the box to an external domain (for example gmail). It seems when an email must be sent, EBOX select one external interface randomly (load balancing) and send the email over this interface. If EBOX select where the externaldomain.com is binded there is no problem. The problem arrives when EBOX selects eth2 and gmail reject the message with the following message:
<
xxxxxxx@gmail.com>: host gmail-smtp-in.l.google.com[74.125.79.114]
said: 550-5.7.1 [IP2] The IP you're using to send mail is not
authorized to 550-5.7.1 send email directly to our servers. Please use the
SMTP relay at your 550-5.7.1 service provider instead. Learn more at
http://mail.google 550 5.7.1 .com/support/bin/answer.py?answer=10336
5si126839eyf.38 (in reply to end of DATA command)
Troubleshooting so far:
I have tried to add a multigatewayrule for all the outgoing SNMP traffic (port 25), but it seems this rule doesn't affect the traffic generated on the box itself (feature/bug?)
Also I have figured that on the "Filtering rules for traffic coming out from eBox" firewall rule you could specify a gateway in each rule, but it seems there is no way to achieve it
Also I have been searching in the forums and I have found the following thread:
http://forum.ebox-platform.com/index.php?topic=599.0 which seems similar to my problem but in the solution it uses:
pf "-t nat -I POSTROUTING -s IP_OF_SERVER -o OUT_IF -j SNAT --to SOURCE_IP";
but as far as I understand my problem is not related with NAT table.
Any idea would be really appreciated
Thanks you very much in advance.