G'day All,
We recently replaced APF with CSF and it's working perfectly with one weird exception.
We're unable to send mail to a particular server which has greylisting implemented, unless we drop the firewall. No matter how many times we retry while the firewall is up, we get...
Connecting to mta.xtra.co.nz [210.54.141.1]:25 ... connected
LOG: MAIN
mta.xtra.co.nz [210.54.141.1]: Connection reset by peer
LOG: MAIN
== *********@xtra.co.nz <*****@************.com> R=lookuphost T=remote_smtp defer (104): Connection reset by peer: mta.xtra.co.nz [210.54.141.1]
LOG: MAIN
== **********@xtra.co.nz <****@*************.com> R=lookuphost T=remote_smtp defer (104): Connection reset by peer: mta.xtra.co.nz [210.54.141.1]
However, If we drop the firewall, the mail will go on the second attempt as would be expected. This happens every time.
If you run a test on xtra.co.nz at...
http://www.dnsreport.com/tools/dnsreport.ch?domain=xtra.co.nz
...it's clear they're doing things a little oddly, but the fact remains that we should be able to work with them if we can figure out what CSF does to stop the greylisting negotiation they're using.
If anyone has any ideas, we'd love to hear them. A copy of our CSF config is below.
Thanks for any thoughts.
Best Regards,
LBJ
----------
TESTING = "0"
TESTING_INTERVAL = "5"
AUTO_UPDATES = "0"
ETH_DEVICE = ""
ETH_DEVICE_SKIP = ""
TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,2082,2083,2086,2087,2095,2096"
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703"
UDP_IN = "20,21,53,953,,33434:33523"
UDP_OUT = "20,21,53,113,123,873,953,6277,33434:33523"
ICMP_IN = "1"
ICMP_OUT = "1"
SMTP_BLOCK = "0"
SMTP_ALLOWLOCAL = "0"
MONOLITHIC_KERNEL = "0"
DROP_LOGGING = "1"
DROP_IP_LOGGING = "0"
DROP_ONLYRES = "0"
DROP_NOLOG = "67,68,111,113,135:139,445,513,520,1026,1027,1234,1433,1434,1524,3127"
PACKET_FILTER = "1"
DROP_PF_LOGGING = "0"
VERBOSE = "1"
DYNDNS = "0"
RELAYHOSTS = "0"
ALLOW_RES_PORTS = "1"
DENY_IP_LIMIT = "100"
GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
LF_GLOBAL = ""
LF_DAEMON = "1"
LF_TRIGGER = "20"
LF_SELECT = "0"
LF_SSHD = "1"
LF_FTPD = "1"
LF_POP3D = "0"
LF_IMAPD = "0"
LF_HTACCESS = "0"
LF_MODSEC = "0"
LF_CPANEL = "1"
LF_CSF = "1"
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
LF_SCRIPT_ALERT = "0"
LF_SCRIPT_LIMIT = "100"
LF_SCRIPT_PERM = "0"
LF_DIRWATCH = "60"
LF_DIRWATCH_DISABLE = "0"
LF_DIRWATCH_FILE = "0"
LF_INTERVAL = "300"
LF_PARSE = "5"
LF_EMAIL_ALERT = "1"
LT_EMAIL_ALERT = "1"
LT_POP3D = "60"
LT_IMAPD = "0"
LF_DSHIELD = "0"
LF_DSHIELD_URL = "http://feeds.dshield.org/block.txt"
LF_SPAMHAUS = "0"
LF_SPAMHAUS_URL = "http://www.spamhaus.org/drop/drop.lasso"
CT_LIMIT = "0"
CT_INTERVAL = "60"
CT_EMAIL_ALERT = "1"
CT_PERMANENT = "0"
CT_BLOCK_TIME = "1800"
PT_LIMIT = "60"
PT_INTERVAL = "60"
PT_SKIP_HTTP = "1"
PT_USERPROC = "0"
PT_SMTP = "0"
IPTABLES = "/sbin/iptables"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
NETSTAT = "/bin/netstat"
PS = "/bin/ps"
FUSER = "/sbin/fuser"
We recently replaced APF with CSF and it's working perfectly with one weird exception.
We're unable to send mail to a particular server which has greylisting implemented, unless we drop the firewall. No matter how many times we retry while the firewall is up, we get...
Connecting to mta.xtra.co.nz [210.54.141.1]:25 ... connected
LOG: MAIN
mta.xtra.co.nz [210.54.141.1]: Connection reset by peer
LOG: MAIN
== *********@xtra.co.nz <*****@************.com> R=lookuphost T=remote_smtp defer (104): Connection reset by peer: mta.xtra.co.nz [210.54.141.1]
LOG: MAIN
== **********@xtra.co.nz <****@*************.com> R=lookuphost T=remote_smtp defer (104): Connection reset by peer: mta.xtra.co.nz [210.54.141.1]
However, If we drop the firewall, the mail will go on the second attempt as would be expected. This happens every time.
If you run a test on xtra.co.nz at...
http://www.dnsreport.com/tools/dnsreport.ch?domain=xtra.co.nz
...it's clear they're doing things a little oddly, but the fact remains that we should be able to work with them if we can figure out what CSF does to stop the greylisting negotiation they're using.
If anyone has any ideas, we'd love to hear them. A copy of our CSF config is below.
Thanks for any thoughts.
Best Regards,
LBJ
----------
TESTING = "0"
TESTING_INTERVAL = "5"
AUTO_UPDATES = "0"
ETH_DEVICE = ""
ETH_DEVICE_SKIP = ""
TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,2082,2083,2086,2087,2095,2096"
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703"
UDP_IN = "20,21,53,953,,33434:33523"
UDP_OUT = "20,21,53,113,123,873,953,6277,33434:33523"
ICMP_IN = "1"
ICMP_OUT = "1"
SMTP_BLOCK = "0"
SMTP_ALLOWLOCAL = "0"
MONOLITHIC_KERNEL = "0"
DROP_LOGGING = "1"
DROP_IP_LOGGING = "0"
DROP_ONLYRES = "0"
DROP_NOLOG = "67,68,111,113,135:139,445,513,520,1026,1027,1234,1433,1434,1524,3127"
PACKET_FILTER = "1"
DROP_PF_LOGGING = "0"
VERBOSE = "1"
DYNDNS = "0"
RELAYHOSTS = "0"
ALLOW_RES_PORTS = "1"
DENY_IP_LIMIT = "100"
GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
LF_GLOBAL = ""
LF_DAEMON = "1"
LF_TRIGGER = "20"
LF_SELECT = "0"
LF_SSHD = "1"
LF_FTPD = "1"
LF_POP3D = "0"
LF_IMAPD = "0"
LF_HTACCESS = "0"
LF_MODSEC = "0"
LF_CPANEL = "1"
LF_CSF = "1"
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
LF_SCRIPT_ALERT = "0"
LF_SCRIPT_LIMIT = "100"
LF_SCRIPT_PERM = "0"
LF_DIRWATCH = "60"
LF_DIRWATCH_DISABLE = "0"
LF_DIRWATCH_FILE = "0"
LF_INTERVAL = "300"
LF_PARSE = "5"
LF_EMAIL_ALERT = "1"
LT_EMAIL_ALERT = "1"
LT_POP3D = "60"
LT_IMAPD = "0"
LF_DSHIELD = "0"
LF_DSHIELD_URL = "http://feeds.dshield.org/block.txt"
LF_SPAMHAUS = "0"
LF_SPAMHAUS_URL = "http://www.spamhaus.org/drop/drop.lasso"
CT_LIMIT = "0"
CT_INTERVAL = "60"
CT_EMAIL_ALERT = "1"
CT_PERMANENT = "0"
CT_BLOCK_TIME = "1800"
PT_LIMIT = "60"
PT_INTERVAL = "60"
PT_SKIP_HTTP = "1"
PT_USERPROC = "0"
PT_SMTP = "0"
IPTABLES = "/sbin/iptables"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
NETSTAT = "/bin/netstat"
PS = "/bin/ps"
FUSER = "/sbin/fuser"
