I've been working on a mail server behind iptables masquerade for some days, and it just didn't work, but I found the solution, it may help you.
If you use SMTP server behind NAT, and you get the following errors:
- mail postfix/smtp[7854]: warning: host gmail-smtp-in.l.google.com[173.194.70.26]:25 greeted me with my own hostname mail.example.com
- mail for gmail.com loops back to myself
you should check your iptables configuration. A proper port-forward config:
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d PUBLICIP --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to MAILSERVERPRIVATEIP:25
(Only forward packets from port 25 to your mail server's private IP port 25, if it comes from the outside.)
(Only forward packets from port 25 to your mail server's private IP port 25, if it comes from the outside.)
You can test it on your mail server by telnetting to a foreign smtp server for example:
telnet smtp.gmail.com 25
It should show:
Trying 173.194.70.108...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP r54sm45040303eev.8 - gsmtp
If you see
220- mail.yourdomain.com gsmtp
you config is not good yet.
Én elé raktam egy mail gateway-t. Be dnatoltam az smtps és imapst így a levelező kliensek mennek :)
ReplyDeleteA linket mentettem köszi