[glux] Postfix

Michele Ripamonti michele@qualcosa.net
Lun 13 Apr 2015 16:12:21 CEST


Credo proprio sia il gateway che hai in ufficio che la filtra, perché il
tuo telnet falliva con un "connection refused", quindi al tuo stack tcp
tornava un RST, è un comportamento tipico di restrizioni in locale, in modo
che l'utente non debba aspettare il timeout sull'apertura del socket. I
firewall che filtrano lato wan invece in genere ignorano il SYN e ti
lasciano appeso finché il socket non va in timeout. In questo modo un port
scan dura molto più a lungo ed evita congestioni in caso di syn flood
Il 13/apr/2015 15:48, "Guerrisi Antonio" <guerrisi.antonio@gmail.com> ha
scritto:

> Ecco, sulla 587 funziona correttamente. Il fornitore non credo blocchi la
> 25, altrimenti sarebbe un delirio.
> A questo punto credo sia il firewall blindatissimo
>
>
> --
> Guerrisi Antonio
> sito: http://antonio.guerrisi.info
>
> Il giorno 13 aprile 2015 15:40, Michele Ripamonti <michele@qualcosa.net>
> ha scritto:
>
>> Hai dato tutte le informazioni necessarie, non serve altro.
>>
>> Metti postfix in ascolto sulla 587 (submission in master.cf se ricordo
>> bene) e ritenta la connect in telnet, se funziona è il tuo fornitore di
>> connettività che filtra il traffico smtp in uscita sulla 25
>>
>>
>>
>> Il giorno 13 aprile 2015 14:20, Guerrisi Antonio <
>> guerrisi.antonio@gmail.com> ha scritto:
>>
>>> Daje Michele, se non sono entrato nei dettagli prima, sarà che non
>>> posso, ti pare. La VM non è in ufficio, altrimenti non avrebbe senso
>>> parlare di IP dell'ufficio. Sarebbe in LAN in tal caso. E' una servizio
>>> offerto, tipo digitalocean...lato server non ci può essere nessun problema,
>>> altrimenti significa che è un servizio di merda, e a giudicare dalla
>>> dimensione del fornitore direi proprio che è da escludere. Escludo anche
>>> problemi di configurazione, altrimenti non si connetterebbe nessuna
>>> macchina da nessun ip.
>>>
>>> Il problema è l'ip dell'ufficio
>>>
>>>
>>>
>>> --
>>> Guerrisi Antonio
>>> sito: http://antonio.guerrisi.info
>>>
>>> Il giorno 13 aprile 2015 14:14, Michele Ripamonti <michele@qualcosa.net>
>>> ha scritto:
>>>
>>>> Se descrivi un po' la topologia di rete vediamo di risolvere. Questa
>>>> benedetta VM sta nel tuo ufficio? Ha un ip pubblico o è nascosta dietro un
>>>> dnat? La sua interfaccia di rete è in bridge o nat?
>>>> Il 13/apr/2015 13:46, "Guerrisi Antonio" <guerrisi.antonio@gmail.com>
>>>> ha scritto:
>>>>
>>>>> Concordo...ho provato a comfigurare l'smtp dal cellulare e riesce ad
>>>>> inviare correttamente. E' proprio l'ip del mio ufficio che sta sul cazzo
>>>>> alla rete.
>>>>>
>>>>> Non riesco a capire qual'è il problema però...routing non credo perchè
>>>>> la risoluzione dell'host è corretta. blacklist? porte chiuse dalla mia
>>>>> parte (il firewall dell'ufficio è abbastanza restrittivo in ingresso)?
>>>>>
>>>>>
>>>>> --
>>>>> Guerrisi Antonio
>>>>> sito: http://antonio.guerrisi.info
>>>>>
>>>>> Il giorno 13 aprile 2015 13:29, Michele Ripamonti <
>>>>> michele@qualcosa.net> ha scritto:
>>>>>
>>>>>> Al 99% il problema non è postfix. Direi che potrebbe essere un
>>>>>> problema di routing se la VM sta nel tuo ufficio
>>>>>>
>>>>>>
>>>>>>
>>>>>> Il giorno 13 aprile 2015 12:46, Guerrisi Antonio <
>>>>>> guerrisi.antonio@gmail.com> ha scritto:
>>>>>>
>>>>>>> Ho provato a connettermi in telnet da un server hostato da
>>>>>>> digitalocean e si connette correttamente in telnet, e riesco a dialogare
>>>>>>> con la macchina.
>>>>>>>
>>>>>>> con un server linux qui in ufficio telnet non riesce proprio a
>>>>>>> connettersi
>>>>>>>
>>>>>>> *root@support:~# telnet host 25*
>>>>>>> *Trying ip...*
>>>>>>> *telnet: Unable to connect to remote host: Connection refused*
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Guerrisi Antonio
>>>>>>> sito: http://antonio.guerrisi.info
>>>>>>>
>>>>>>> Il giorno 13 aprile 2015 12:43, Michele Ripamonti <
>>>>>>> michele@qualcosa.net> ha scritto:
>>>>>>>
>>>>>>>> E' stranissimo che non ci sia nulla nel mail.log, dovresti vedere
>>>>>>>> almeno che c'è un tentativo di connect.
>>>>>>>> Ma questa VM ha un ip pubblico? Sta dietro un destination nat? Come
>>>>>>>> è raggiungibile?
>>>>>>>> Con un telnet sulla 25 vedi almeno il banner di postfix o resta
>>>>>>>> appeso in "trying..."?
>>>>>>>>  Il 13/apr/2015 11:34, "Guerrisi Antonio" <
>>>>>>>> guerrisi.antonio@gmail.com> ha scritto:
>>>>>>>>
>>>>>>>>> mail.log e mail.err entrambi muti e non pare esserci nient'altro
>>>>>>>>> che faccia riferimento alle mail
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Guerrisi Antonio
>>>>>>>>> sito: http://antonio.guerrisi.info
>>>>>>>>>
>>>>>>>>> Il giorno 13 aprile 2015 11:16, Stefano Villa Polimi <
>>>>>>>>> stefano.villa@polimi.it> ha scritto:
>>>>>>>>>
>>>>>>>>>> Guarda in /var/log/maillog che cosa risulta quando cerchi di
>>>>>>>>>> collegarti via client, ci dovrebbero essere delle righe di log
>>>>>>>>>> taggate
>>>>>>>>>> con postfix/smtpd
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2015-04-13 11:03 GMT+02:00 Guerrisi Antonio <
>>>>>>>>>> guerrisi.antonio@gmail.com>:
>>>>>>>>>> > Eccomi,
>>>>>>>>>> >
>>>>>>>>>> > scusate il ritardo ma avevo la macchina virtuale spenta, ed era
>>>>>>>>>> necessario
>>>>>>>>>> > tornare in ufficio per prendere la configurazione.
>>>>>>>>>> >
>>>>>>>>>> > http://pastebin.com/gsVGcVei
>>>>>>>>>> >
>>>>>>>>>> > E' un main.cf abbastanza standard. Non ho apportato grosse
>>>>>>>>>> modifiche se non
>>>>>>>>>> > il relayhost (oscurato in questo caso) che ho già testato e
>>>>>>>>>> funziona, e l'ip
>>>>>>>>>> > autorizzato al relay. Ma il problema persiste. Riesco ad
>>>>>>>>>> inviare in telnet
>>>>>>>>>> > ma non riesco a configurare i browser di posta per usarlo come
>>>>>>>>>> server SMTP
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > --
>>>>>>>>>> > Guerrisi Antonio
>>>>>>>>>> > sito: http://antonio.guerrisi.info
>>>>>>>>>> >
>>>>>>>>>> > Il giorno 9 aprile 2015 19:35, Michele Ripamonti <
>>>>>>>>>> michele@qualcosa.net> ha
>>>>>>>>>> > scritto:
>>>>>>>>>> >>
>>>>>>>>>> >> Dovresti postare il main.cf, altrimenti è un po' difficile
>>>>>>>>>> aiutarti
>>>>>>>>>> >>
>>>>>>>>>> >> Il 09/apr/2015 17:30, "Guerrisi Antonio" <
>>>>>>>>>> guerrisi.antonio@gmail.com> ha
>>>>>>>>>> >> scritto:
>>>>>>>>>> >>>
>>>>>>>>>> >>> No, ok...ho fatto altre prove.
>>>>>>>>>> >>>
>>>>>>>>>> >>> Il telnet da un altro server funziona e riesco a mandare
>>>>>>>>>> correttamente
>>>>>>>>>> >>> anche dall'esterno, impostando le giuste relay auth, quindi
>>>>>>>>>> non è un
>>>>>>>>>> >>> problema di porta
>>>>>>>>>> >>>
>>>>>>>>>> >>> è con putty che non riesco a connettermici in telnet
>>>>>>>>>> sbattendomi fuori, e
>>>>>>>>>> >>> con SMTP Mail Sender non riesco a inviare. Mi torna un errore
>>>>>>>>>> abbastanza
>>>>>>>>>> >>> generico nei log e non mi dice per quale motivo non riesce a
>>>>>>>>>> mandare.
>>>>>>>>>> >>>
>>>>>>>>>> >>> boh, continuo a capire sempre di meno
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>> --
>>>>>>>>>> >>> Guerrisi Antonio
>>>>>>>>>> >>> sito: http://antonio.guerrisi.info
>>>>>>>>>> >>>
>>>>>>>>>> >>> Il giorno 9 aprile 2015 17:25, Stefano Villa Polimi
>>>>>>>>>> >>> <stefano.villa@polimi.it> ha scritto:
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> non e' che ci sono delle acl di selinux o qualcosa altro che
>>>>>>>>>> blocca la
>>>>>>>>>> >>>> porta 25 a livello di sistema?
>>>>>>>>>> >>>> prova a vedere se dalla macchina stessa facendo un telnet
>>>>>>>>>> sulla porta
>>>>>>>>>> >>>> 25 ma sull' IP pubblico invece che 127.0.0.1 risponde... se
>>>>>>>>>> no puo'
>>>>>>>>>> >>>> darsi che il postfix sia bloccato da qualche helper (per es.
>>>>>>>>>> la
>>>>>>>>>> >>>> verifica dell' IP del mittente)  e non ci riesce... boh
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> 2015-04-09 17:15 GMT+02:00 Guerrisi Antonio
>>>>>>>>>> >>>> <guerrisi.antonio@gmail.com>:
>>>>>>>>>> >>>> > Non è la stessa macchina.
>>>>>>>>>> >>>> >
>>>>>>>>>> >>>> > Io devo consentire il relay DA 81.208.96.45, che è il mio
>>>>>>>>>> ufficio,
>>>>>>>>>> >>>> > attraverso un'altra macchina che sto configurando.
>>>>>>>>>> >>>> > Ma non mi ci fa proprio attaccare in telnet, e non capisco
>>>>>>>>>> perchè
>>>>>>>>>> >>>> >
>>>>>>>>>> >>>> >
>>>>>>>>>> >>>> >
>>>>>>>>>> >>>> > --
>>>>>>>>>> >>>> > Guerrisi Antonio
>>>>>>>>>> >>>> > sito: http://antonio.guerrisi.info
>>>>>>>>>> >>>> >
>>>>>>>>>> >>>> > Il giorno 9 aprile 2015 17:12, Stefano Villa Polimi
>>>>>>>>>> >>>> > <stefano.villa@polimi.it> ha scritto:
>>>>>>>>>> >>>> >>
>>>>>>>>>> >>>> >> Funziona, ma devi mettere le regole di relay (ovvero
>>>>>>>>>> definisci tu i
>>>>>>>>>> >>>> >> set di IP della tua rete che possono inviare messaggi),
>>>>>>>>>> oppure devi
>>>>>>>>>> >>>> >> definire delle regole di autenticazione, gli utenti ed
>>>>>>>>>> allora puoi
>>>>>>>>>> >>>> >> inviare usando un protocollo SMTP autrenticato.
>>>>>>>>>> >>>> >> Stefano
>>>>>>>>>> >>>> >>
>>>>>>>>>> >>>> >> telnet  81.208.96.45 25
>>>>>>>>>> >>>> >> Trying 81.208.96.45...
>>>>>>>>>> >>>> >> Connected to 81.208.96.45.
>>>>>>>>>> >>>> >> Escape character is '^]'.
>>>>>>>>>> >>>> >> 220 ****************************************************
>>>>>>>>>> >>>> >> helo polimi.it
>>>>>>>>>> >>>> >> 250 postfixtest.netvisory.com
>>>>>>>>>> >>>> >> mail from:<pippuzzo@sdsdsd.nn>
>>>>>>>>>> >>>> >> 250 2.1.0 Ok
>>>>>>>>>> >>>> >> rcpt to:<willas69@gmail.com>
>>>>>>>>>> >>>> >> 554 5.7.1 <willas69@gmail.com>: Relay access denied
>>>>>>>>>> >>>> >> quit
>>>>>>>>>> >>>> >> 221 2.0.0 Bye
>>>>>>>>>> >>>> >> Connection closed by foreign host.
>>>>>>>>>> >>>> >>
>>>>>>>>>> >>>> >> 2015-04-09 17:04 GMT+02:00 Guerrisi Antonio
>>>>>>>>>> >>>> >> <guerrisi.antonio@gmail.com>:
>>>>>>>>>> >>>> >> > Salve ragazzi,
>>>>>>>>>> >>>> >> >
>>>>>>>>>> >>>> >> > scrivo per chiedere la mano di qualcuno che se la cava
>>>>>>>>>> con postfix.
>>>>>>>>>> >>>> >> >
>>>>>>>>>> >>>> >> > Sono riuscito ad installarlo e a configurarlo per
>>>>>>>>>> inviare mail, e
>>>>>>>>>> >>>> >> > ci
>>>>>>>>>> >>>> >> > riesco
>>>>>>>>>> >>>> >> > abbastanza bene con un telnet da locale sulla porta 25
>>>>>>>>>> inserendo i
>>>>>>>>>> >>>> >> > comandi a
>>>>>>>>>> >>>> >> > manina, però se lo configuro per accettare connessioni
>>>>>>>>>> su tutte le
>>>>>>>>>> >>>> >> > interfacce e autorizzare all'invio un determinato ip,
>>>>>>>>>> la cosa non
>>>>>>>>>> >>>> >> > funziona.
>>>>>>>>>> >>>> >> >
>>>>>>>>>> >>>> >> > inet_interfaces = all
>>>>>>>>>> >>>> >> > mynetworks = 127.0.0.0/8 10.0.0.0/27 81.208.96.45/32
>>>>>>>>>> >>>> >> >
>>>>>>>>>> >>>> >> >
>>>>>>>>>> >>>> >> > un netstat -na mi dice che è in ascolto 0.0.0.0:25,
>>>>>>>>>> quindi
>>>>>>>>>> >>>> >> > tecnicamente
>>>>>>>>>> >>>> >> > dovrebbe funzionare.
>>>>>>>>>> >>>> >> >
>>>>>>>>>> >>>> >> > Cosa diamine c'è che non va? :'(
>>>>>>>>>> >>>> >> >
>>>>>>>>>> >>>> >> > --
>>>>>>>>>> >>>> >> > Guerrisi Antonio
>>>>>>>>>> >>>> >> > sito: http://antonio.guerrisi.info
>>>>>>>>>> >>>> >> >
>>>>>>>>>> >>>> >> > _______________________________________________
>>>>>>>>>> >>>> >> > glux mailing list
>>>>>>>>>> >>>> >> > glux@lists.linux.it
>>>>>>>>>> >>>> >> > http://lists.linux.it/listinfo/glux
>>>>>>>>>> >>>> >> > http://www.lecco.linux.it
>>>>>>>>>> >>>> >> _______________________________________________
>>>>>>>>>> >>>> >> glux mailing list
>>>>>>>>>> >>>> >> glux@lists.linux.it
>>>>>>>>>> >>>> >> http://lists.linux.it/listinfo/glux
>>>>>>>>>> >>>> >> http://www.lecco.linux.it
>>>>>>>>>> >>>> >
>>>>>>>>>> >>>> >
>>>>>>>>>> >>>> >
>>>>>>>>>> >>>> > _______________________________________________
>>>>>>>>>> >>>> > glux mailing list
>>>>>>>>>> >>>> > glux@lists.linux.it
>>>>>>>>>> >>>> > http://lists.linux.it/listinfo/glux
>>>>>>>>>> >>>> > http://www.lecco.linux.it
>>>>>>>>>> >>>> _______________________________________________
>>>>>>>>>> >>>> glux mailing list
>>>>>>>>>> >>>> glux@lists.linux.it
>>>>>>>>>> >>>> http://lists.linux.it/listinfo/glux
>>>>>>>>>> >>>> http://www.lecco.linux.it
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>> _______________________________________________
>>>>>>>>>> >>> glux mailing list
>>>>>>>>>> >>> glux@lists.linux.it
>>>>>>>>>> >>> http://lists.linux.it/listinfo/glux
>>>>>>>>>> >>> http://www.lecco.linux.it
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >> _______________________________________________
>>>>>>>>>> >> glux mailing list
>>>>>>>>>> >> glux@lists.linux.it
>>>>>>>>>> >> http://lists.linux.it/listinfo/glux
>>>>>>>>>> >> http://www.lecco.linux.it
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > _______________________________________________
>>>>>>>>>> > glux mailing list
>>>>>>>>>> > glux@lists.linux.it
>>>>>>>>>> > http://lists.linux.it/listinfo/glux
>>>>>>>>>> > http://www.lecco.linux.it
>>>>>>>>>> _______________________________________________
>>>>>>>>>> glux mailing list
>>>>>>>>>> glux@lists.linux.it
>>>>>>>>>> http://lists.linux.it/listinfo/glux
>>>>>>>>>> http://www.lecco.linux.it
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> glux mailing list
>>>>>>>>> glux@lists.linux.it
>>>>>>>>> http://lists.linux.it/listinfo/glux
>>>>>>>>> http://www.lecco.linux.it
>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> glux mailing list
>>>>>>>> glux@lists.linux.it
>>>>>>>> http://lists.linux.it/listinfo/glux
>>>>>>>> http://www.lecco.linux.it
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> glux mailing list
>>>>>>> glux@lists.linux.it
>>>>>>> http://lists.linux.it/listinfo/glux
>>>>>>> http://www.lecco.linux.it
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> glux mailing list
>>>>>> glux@lists.linux.it
>>>>>> http://lists.linux.it/listinfo/glux
>>>>>> http://www.lecco.linux.it
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> glux mailing list
>>>>> glux@lists.linux.it
>>>>> http://lists.linux.it/listinfo/glux
>>>>> http://www.lecco.linux.it
>>>>>
>>>>
>>>> _______________________________________________
>>>> glux mailing list
>>>> glux@lists.linux.it
>>>> http://lists.linux.it/listinfo/glux
>>>> http://www.lecco.linux.it
>>>>
>>>
>>>
>>> _______________________________________________
>>> glux mailing list
>>> glux@lists.linux.it
>>> http://lists.linux.it/listinfo/glux
>>> http://www.lecco.linux.it
>>>
>>
>>
>> _______________________________________________
>> glux mailing list
>> glux@lists.linux.it
>> http://lists.linux.it/listinfo/glux
>> http://www.lecco.linux.it
>>
>
>
> _______________________________________________
> glux mailing list
> glux@lists.linux.it
> http://lists.linux.it/listinfo/glux
> http://www.lecco.linux.it
>
-------------- parte successiva --------------
Un allegato HTML è stato rimosso...
URL: <http://lists.linux.it/pipermail/glux/attachments/20150413/a2846fc8/attachment-0001.html>


Maggiori informazioni sulla lista glux