Allowing email server outside LAN

[xzased]

Its me again! Ok, Our mail server is outside our LAN. I checked to see if the Mail System service was allowed in Firewall>Packet Filter> Filtering rules for int. networks. It is. I checked with nmap to see if ports 25 and 110 were open, they are. Port 80 is also open. But still I cant connect to e email server (it isnt down btw, I checked). So just for fun I set up ebox's mail server and it does work (send & receive). So, any ideas why it doesnt allow me to connect to the outside server?
Does it have something to do with the config.? (like SSL and all that). Any help is appreciated. Thanks 

[sixstone]

Hi xzased again! 

If you are trying to connect to the mail server from eBox, you must set the rule in "Firewall->Packet Filter->Filtering rules for traffic coming out from eBox".

Hope this helps you a little.

PD: SMTP over SSL is listening on 465/tcp

[HANNES1985]

Sorry for hijacking your post but Ive got exactly the same problem I'm getting my mail from my isp`s server and ebox does send my mails but does not receive any here is what Ive done so far
Ive created a rule in all the packet filter rules to except pop3 witch is on port 110 and smtp witch is 25 I also enabled the mail module and placed the smart host`s ip in .

if i connect with outlook directly to my router i simply have to put in pop3 server and smtp sever and the rest by default is working on port 25  and 110

What could my problem be?

[hortimech]

Hi, I was testing ebox and think that I did, what you are trying to do, relay mail through your isp that is.
Firstly, do you have
a) a fixed ip
b) an MX record pointing at that fixed ip
If not you will have to relay through your isp. If you have both you do not need to relay anything.

If you have to relay through your isp, you will manually have to edit /etc/postfix/main.conf, add three lines and then create a password file in /etc/postfix/sasl/. The three lines you add, have to be re added every time you update or if you turn on the mailfilter.

You will also have to install Fetchmail and set this up.

I have, as I said, been testing ebox, and due to the fact that I spent as much time altering things from the command line as from the ebox webpage, I personally at this time cannot recommend ebox for serious use. I will probably get flamed for saying this, but that is my opinion. This opinion may change in the future, if the developers stop trying to get ebox to be the jack-of-all-trades and also stop trying to re-invent the wheel, I repeat, this is my opinion for what it is worth.
 
 

[HANNES1985]

Thanx hortimech and everyone has his/her own right to express themselfes as to what you just said about fetch mail it does not sound like ill be needing any of those because my mail is on the server that my isp uses to give me the internet connection so i simply need a port ar few to be opened in order for my pc to (outlook) to get my mail . like I said if i bypass my server and go directly throuhg my router i can get all my emails from my isp I think some of the ports on the proxy does not open at all !!!! but Im no genius so ill rater ask the people who know?

[hortimech]

Ah right, you just want to collect your mail from your isp, thats easy, turn off your ebox and connect through your router, once you are sure that everything works, reconnect your ebox, restart and then turn off dns, the mailserver etc open the required ports on the firewall and you should be good to go. But if all you want is a fileserver, dhcp and a firewall, use dhcp from router and just install samba and some form of iptables  gui, but it sounds to me you do not need anything like ebox, you just need an old computer running smoothwall ( believe me for a firewall, it is better than ebox) and a fileserver running samba, you will find these a lot more configurable from the CLI .
I repeat these are my opinions and I have removed ebox from my test server as I think it is trying to do too much and non of it brilliantly, for instance, virtual domains, anybody care to tell me how you set up a virtual user without making him/her an actual ebox user?   

[HANNES1985]

Okay what you've just said is changing everything on my main server coz I'm running a wisp and i need vpn and proxy with the firewall and just a few ports for mail server admin and of coarse http through my server so if you think there is a better program for al of that i would really like to know what it is coz that would be the perfect package for any wisp

[javi]

I repeat these are my opinions and I have removed ebox from my test server as I think it is trying to do too much and non of it brilliantly, for instance, virtual domains, anybody care to tell me how you set up a virtual user without making him/her an actual ebox user? 

I'm not following you here. You would like to have a user with a mail  account in a virtual domain and you want this user to only use the mail system and nothing else?

[hortimech]

I'm not following you here. You would like to have a user with a mail  account in a virtual domain and you want this user to only use the mail system and nothing else?

What is a 'virtual user'? by the very name this is a user that does not actually exist on the server, but is a mail user.  By the way ebox is setup, every mail user will have to be an ebox user as well and will take up space on the server. If you are not sure what I am getting at, think about an isp, they give their users email addresses but not access to any other part of the server because they are all 'Virtual Users', they cannot login to the server because they are not Unix users.

As for the 'wisp' guy, you probably would be better off using Smoothwall with 3 network cards, one to connect to the network, one as a 'DMZ' connected to your wireless and the other to connect to your network. Set Smoothwall up to allow only the ports open you require, this will also do DHCP and VPN and allow you to set up a webserver and/or mailserver on your network. 

[javi]

What is a 'virtual user'? by the very name this is a user that does not actually exist on the server, but is a mail user.  By the way ebox is setup, every mail user will have to be an ebox user as well and will take up space on the server. If you are not sure what I am getting at, think about an isp, they give their users email addresses but not access to any other part of the server because they are all 'Virtual Users', they cannot login to the server because they are not Unix users.

Then you got it wrong. If you just want to have virtual users, you should only install ebox-mail. Users in eBox  *cannot* log into the machine. They only can use the jabber or samba service if you have them installed or enabled.

[javi]

Hi HANNES1985,

Can you clarify a little bit more what you are doing and what your issue is?

Do you want to connect your client behind eBox to your ISP server or you want to use eBox as a mail server?

[hortimech]

Yes, I will hold my hand up, I got it wrong an ebox user cannot log into the server, but the email user still needs to be an ebox user first. A better way would be to create email domains first, then add users to this. The reason I am investigating email servers is because we run Mdaemon at present with two domains and have maxed out on users. Several users have email addresses in both domains and want to use the same username in both domains and when one of them is the boss, I am not going to argue with him. We also need to add another domain, with the present ebox setup it would seem you can have one email address and aliases for this but not as I need, separate domains with the same users, unless I am missing something.

[javi]

So if I understand you correctly. You want to have a user with account in two different virtual domains, but these accounts need to be independent from each other?

Something like:

a@foo.org
a@bar.org

And you dont want user a@foo.org to check or send using a@bar.org and vice verse. is that right?

[hortimech]

As I said, we use Mdaemon at the moment running on windoze. We run an internal workgroup and two virtual domains, neither of which has any connection with the workgroup. The mail is collected from two multidrop boxes at our isp and Mdaemon sorts it into user mailboxes ready for collection.

The way users are added (and on just about every other mailserver I have looked at) is this:

You first create the mail domain and then add the users to this.
 a@foo.org and a@bar.org could be the same person, but the emails never get mixed.
The user downloads the mail with a client (outlook, thunderbird, whatever) and the mail would then end up in separate folders, if you get my drift.
The virtual users would not have any other contact with the server other than for downloading mail, unless they were also setup (completely separately) as fileusers.

As I said, this is virtually standard practise, your way of doing things, seems to be:
1) create maildomains
2) create user
3) add user  to foo.org, i.e. a@foo.org
4) create alias a@bar.org to a@foo.org

This to me, would mix all the mail into a@foo.org, and would not work for us.

   

[xzased]

Hiya. Just say it kinda worked  But now it seems Im having a problem with the firewall. Dunno if I should make a separate post  So, I set the 'MailSystem' service (which is not internal) in Fw>Packet Filter>Rules for traffic coming out from ebox  right? Well, after a few restarts it worked. then I added  the http proxy module and enabled it, and internet worked but not the email. So I disabled the proxy module, restarted the computer and the mail still wasnt working. Now, here is the weird part: I removed the 'MailSystem' service and email started working  how can I stop this behavior ? Do I need to reinstall?

----Nevermind, reconfiguring the module worked