Open Relay

[quikmcw]

How do I setup an Open Relay on the ebox mail engine ?  I'm testing in a lab and need to have it be an open relay with user auth only.

[Javier Amor Garcia]

Forgive me but I dont understand fully your question. You really want an open relay (everybody can send email thru it without any restriction) or just allow to send email to any authenticate user?.

In the later case, just enable authentication and any authenticated user will be able to send email.

[quikmcw]

Yeah, open relay but require authentication to send....how do you setup the mail relay policy for network objects to permit that?  I have users that are remote and mobile so their IP's will always be changing.

[ctek]

Open relay means that no authentication is done for sending mails.
By default when a user connects to the smtp server, has to authenticate to be able to send mails.
either TLS/SSL or in PLAIN

Make sure that you have a firewall rule that permits access to mail system from outside the ebox.
This method should pose no problem for outside users (mobile, laptops, etc) if their client is set up properly to connect to ebox.

If this is not what you want please explain a little more.

Best regards
Bogdan

[quikmcw]

That's what I want to setup, is no restriction by sending IP because I will have many users that are mobile and coming in from the outside world.  I do want them to have to authenticate before sending and have those two items checked, but I'm having problems with the "Policy" for relay.  From the network work, I would like to put in 0.0.0.0/24 as the network object but it will not allow me to put that address in, it says it's invalid.....so what is the equivalent to that?

 

[Javier Amor Garcia]

The object policy is only needed if you want that anyone from thoe addresses could send between authorization. (open relay for the addresses in the object).

For the thing do you want jsut enable authentication, remove any object policy and allow the Mail ssytem in the firewall both for connection from external networks and from internal networks

[quikmcw]

Out of the box, there are no objects specified and the system will not allow "any IP" to make a connection.  I tried that first thing, checked both authentication boxes and did not specify anything in the relay policies and every attempt was denied relay.

Has anyone set this up to relay or permit connectivity from any IP and require user authentication for sending ?

[ctek]

Here are a few pointers to help you solve the problem i hope

Tell us your version of ebox
0. check that ebox has all the updates instaled.
1. Check that in the firewall you are permitting access to the mail system from LAN and from internet
2. Check that the mail module is activated and properly configured.
3. check that the ldap is able to be contacted by hosts. (i found that setting ldap to listen on 0.0.0.0 helped me - /etc/sldap.conf if i'm not mistaking this).
4. See that you have users added and they have a mail account.
5. Set up a computer with a email client from internet with port 465 for smtp server and authentication etc. (not from LAN) and after that if you still fail to send email try to telnet to port 25 and 465.
6. do some helo ehlo test and see the results. (even post the results here and the logs)

Hope this helps
Bogdan

[quikmcw]

That's still not working.  The laptop will send/receive inside the network but anywhere out side the internal network, it wont work.

Firewall logs say that it was dropping port 443 from my IP, so I put in any-any in the firewall policies and it's still not working.

[Javier Amor Garcia]

OK, in your case surely you need to enable mail system on external interfaces. Go to Firewall -> Packet filter, then to 'Traffic from external networks to ebox' and add a rule that allows the 'Mail system' service

[quikmcw]

I only have one NIC in this ebox.  I put accept mail services, pop, pop proxy, as well as "any" in all five of the firewall categories but systems that are not connected to the inhouse network are not able to send, looses connectivity with the server.  Can receive just fine.

[ctek]

did you ad an alias for the NIC  as the external nic ??
do you have the corect redirects from you primary router to your ebox ?

Your setup with 1 nic (and inside a lan behind firewall/router) is tricky and i think that you shoud do some more checks on the flow.

Best regards
Bogdan

[quikmcw]

The ebox is sitting in the DMZ with a static "real" IP address.  The router controls 5 valid real IP addresses for full operation on the internet.  The 2nd router controls the access to the inside network.  The ebox is working and seeing the outside world with the appropriate default gateway and routes and dns operational.  I can run the notebook on the inside network, sending and receiving emails to anywhere without any problems.  When I have the notebook at any location outside the "inside" network, I can receive emails but not send.  Is there a way to turn off the firewall to see if the firewall system is blocking the ability to send?

[quikmcw]

Can you give me more information about the alias?

[quikmcw]

Question, do I need to check the box for External on eth0 ?