Function of relayPort

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Function of relayPort

m.huijgen
Hi,

I have a question about the function of the relayPort variable. I
apologize for the long text ;)

I'm running a test setup using two servers, both running Debian 8.6 and
Postfix. One is the 'end user' mail server (192.168.1.3), the other
Postfix + ASSP (192.168.1.2).

"Normally", a server on the lan that needs to be able to relay mail to the
internet would be placed in acceptAllMail. By default ASSP listens on port
25 for mail from the lan to the internet (Postfix runs on port 125 on the
ASSP machine). So in my end user mail server I have "relayhost =
192.168.1.2" and that works fine: if I send out a mail I see it passing
through ASSP (not running as a daemon but showing everything in the
console). So far so good.

On my production server however I have relayPort set to 225 and my IBM
Domino mailservers use *that* port to relay outgoing mail through ASSP.
The production ASSP server also runs Postfix on port 225.

Now as I understood it, relayPort is meant to be an extra port, sort of
like security through obscurity, that allows you to relay outgoing mail on
a non-standard port. The fact that this is working in my production
environment corroberates that.

Now, if I set relayPort to 225 in my test setup and put 192.168.1.3 (the
'end user' mail server) in allowRelayCon (it is also still in
acceptAllMail) and on my mail server change relayhost to 192.168.1.2:225
(and reload or even restart Postfix) then mail is not relayed by ASSP. It
leaves the mail server but it doesn't get picked up by ASSP. Restarting
ASSP or rebooting the ASSP server does not change this. If I do netstat
-tulpn | grep 225 on the server I can see that port 225 is not open.
(Interestingly it also seems not to be open on my production ASSP machine
while I'm pretty sure that *does* work.) If I change things back the mail
gets delivered.

Here comes the part where it gets confusing: when changing the relayPort
value, a green line underneath the value box is shown reading: "relayHost
() and relayPort (225) must be defined to enable relaying". Aha.
relayHost, if I am not mistaken, has to do with mailservers upstream from
ASSP: your isp's relay server. Suddenly we go from relaying mail
internally to relaying mail to an outside server. We go from within the
lan to outside.

My question here is: why do I need to set up relaying to a server at my
isp's (which they haven't) when I all I want to do is set up relaying from
my 'end user' mail server to my ASSP box? Those have got nothing to do
with each other.

Thank you in advance for any enlightenment you can bring me on this
subject!

Have a great day :)

Martin

------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Function of relayPort

Thomas Eckardt/eck
>"Normally", a server on the lan that needs to be able to relay mail to
the
>internet would be placed in acceptAllMail.

No, the usage of the relayPort and relayHost is recommended.

incoming:

internet -> ASSP(25) -> domain based mail router (may be not required) ->
domino

outgoing:

domino -> domain based mail router (may be not required) -> ASSP(225 -
relayPort) -> ISP or your own mail relay (relayHost) -> internet

Thomas



Von:    [hidden email]
An:     [hidden email]
Datum:  22.09.2016 09:53
Betreff:        [Assp-user] Function of relayPort



Hi,

I have a question about the function of the relayPort variable. I
apologize for the long text ;)

I'm running a test setup using two servers, both running Debian 8.6 and
Postfix. One is the 'end user' mail server (192.168.1.3), the other
Postfix + ASSP (192.168.1.2).

"Normally", a server on the lan that needs to be able to relay mail to the

internet would be placed in acceptAllMail. By default ASSP listens on port

25 for mail from the lan to the internet (Postfix runs on port 125 on the
ASSP machine). So in my end user mail server I have "relayhost =
192.168.1.2" and that works fine: if I send out a mail I see it passing
through ASSP (not running as a daemon but showing everything in the
console). So far so good.

On my production server however I have relayPort set to 225 and my IBM
Domino mailservers use *that* port to relay outgoing mail through ASSP.
The production ASSP server also runs Postfix on port 225.

Now as I understood it, relayPort is meant to be an extra port, sort of
like security through obscurity, that allows you to relay outgoing mail on

a non-standard port. The fact that this is working in my production
environment corroberates that.

Now, if I set relayPort to 225 in my test setup and put 192.168.1.3 (the
'end user' mail server) in allowRelayCon (it is also still in
acceptAllMail) and on my mail server change relayhost to 192.168.1.2:225
(and reload or even restart Postfix) then mail is not relayed by ASSP. It
leaves the mail server but it doesn't get picked up by ASSP. Restarting
ASSP or rebooting the ASSP server does not change this. If I do netstat
-tulpn | grep 225 on the server I can see that port 225 is not open.
(Interestingly it also seems not to be open on my production ASSP machine
while I'm pretty sure that *does* work.) If I change things back the mail
gets delivered.

Here comes the part where it gets confusing: when changing the relayPort
value, a green line underneath the value box is shown reading: "relayHost
() and relayPort (225) must be defined to enable relaying". Aha.
relayHost, if I am not mistaken, has to do with mailservers upstream from
ASSP: your isp's relay server. Suddenly we go from relaying mail
internally to relaying mail to an outside server. We go from within the
lan to outside.

My question here is: why do I need to set up relaying to a server at my
isp's (which they haven't) when I all I want to do is set up relaying from

my 'end user' mail server to my ASSP box? Those have got nothing to do
with each other.

Thank you in advance for any enlightenment you can bring me on this
subject!

Have a great day :)

Martin
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Function of relayPort

m.huijgen
Hi Thomas,

Thanks for your response.  We send out mail directly to the internet, not
through a relay server at out ISP's.

In our case: Domino mail server -> ASSP (relayPort 225) -> internet

I would like to be able to use relayPort without setting up relaying to an
upstream server. Is that possible with the current version of ASSP?

Martin



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 10:50
Subject:        Re: [Assp-user] Function of relayPort



>"Normally", a server on the lan that needs to be able to relay mail to
the
>internet would be placed in acceptAllMail.

No, the usage of the relayPort and relayHost is recommended.

incoming:

internet -> ASSP(25) -> domain based mail router (may be not required) ->
domino

outgoing:

domino -> domain based mail router (may be not required) -> ASSP(225 -
relayPort) -> ISP or your own mail relay (relayHost) -> internet

Thomas



Von:    [hidden email]
An:     [hidden email]
Datum:  22.09.2016 09:53
Betreff:        [Assp-user] Function of relayPort



Hi,

I have a question about the function of the relayPort variable. I
apologize for the long text ;)

I'm running a test setup using two servers, both running Debian 8.6 and
Postfix. One is the 'end user' mail server (192.168.1.3), the other
Postfix + ASSP (192.168.1.2).

"Normally", a server on the lan that needs to be able to relay mail to the


internet would be placed in acceptAllMail. By default ASSP listens on port


25 for mail from the lan to the internet (Postfix runs on port 125 on the
ASSP machine). So in my end user mail server I have "relayhost =
192.168.1.2" and that works fine: if I send out a mail I see it passing
through ASSP (not running as a daemon but showing everything in the
console). So far so good.

On my production server however I have relayPort set to 225 and my IBM
Domino mailservers use *that* port to relay outgoing mail through ASSP.
The production ASSP server also runs Postfix on port 225.

Now as I understood it, relayPort is meant to be an extra port, sort of
like security through obscurity, that allows you to relay outgoing mail on


a non-standard port. The fact that this is working in my production
environment corroberates that.

Now, if I set relayPort to 225 in my test setup and put 192.168.1.3 (the
'end user' mail server) in allowRelayCon (it is also still in
acceptAllMail) and on my mail server change relayhost to 192.168.1.2:225
(and reload or even restart Postfix) then mail is not relayed by ASSP. It
leaves the mail server but it doesn't get picked up by ASSP. Restarting
ASSP or rebooting the ASSP server does not change this. If I do netstat
-tulpn | grep 225 on the server I can see that port 225 is not open.
(Interestingly it also seems not to be open on my production ASSP machine
while I'm pretty sure that *does* work.) If I change things back the mail
gets delivered.

Here comes the part where it gets confusing: when changing the relayPort
value, a green line underneath the value box is shown reading: "relayHost
() and relayPort (225) must be defined to enable relaying". Aha.
relayHost, if I am not mistaken, has to do with mailservers upstream from
ASSP: your isp's relay server. Suddenly we go from relaying mail
internally to relaying mail to an outside server. We go from within the
lan to outside.

My question here is: why do I need to set up relaying to a server at my
isp's (which they haven't) when I all I want to do is set up relaying from


my 'end user' mail server to my ASSP box? Those have got nothing to do
with each other.

Thank you in advance for any enlightenment you can bring me on this
subject!

Have a great day :)

Martin
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the


individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Function of relayPort

Thomas Eckardt/eck
ASSP is a PROXY not a mail server. It requires SMTP mail servers at both
communication (in and out) ends.

Thomas





Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 11:48
Betreff:        Re: [Assp-user] Function of relayPort



Hi Thomas,

Thanks for your response.  We send out mail directly to the internet, not
through a relay server at out ISP's.

In our case: Domino mail server -> ASSP (relayPort 225) -> internet

I would like to be able to use relayPort without setting up relaying to an

upstream server. Is that possible with the current version of ASSP?

Martin



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 10:50
Subject:        Re: [Assp-user] Function of relayPort



>"Normally", a server on the lan that needs to be able to relay mail to
the
>internet would be placed in acceptAllMail.

No, the usage of the relayPort and relayHost is recommended.

incoming:

internet -> ASSP(25) -> domain based mail router (may be not required) ->
domino

outgoing:

domino -> domain based mail router (may be not required) -> ASSP(225 -
relayPort) -> ISP or your own mail relay (relayHost) -> internet

Thomas



Von:    [hidden email]
An:     [hidden email]
Datum:  22.09.2016 09:53
Betreff:        [Assp-user] Function of relayPort



Hi,

I have a question about the function of the relayPort variable. I
apologize for the long text ;)

I'm running a test setup using two servers, both running Debian 8.6 and
Postfix. One is the 'end user' mail server (192.168.1.3), the other
Postfix + ASSP (192.168.1.2).

"Normally", a server on the lan that needs to be able to relay mail to the



internet would be placed in acceptAllMail. By default ASSP listens on port



25 for mail from the lan to the internet (Postfix runs on port 125 on the
ASSP machine). So in my end user mail server I have "relayhost =
192.168.1.2" and that works fine: if I send out a mail I see it passing
through ASSP (not running as a daemon but showing everything in the
console). So far so good.

On my production server however I have relayPort set to 225 and my IBM
Domino mailservers use *that* port to relay outgoing mail through ASSP.
The production ASSP server also runs Postfix on port 225.

Now as I understood it, relayPort is meant to be an extra port, sort of
like security through obscurity, that allows you to relay outgoing mail on



a non-standard port. The fact that this is working in my production
environment corroberates that.

Now, if I set relayPort to 225 in my test setup and put 192.168.1.3 (the
'end user' mail server) in allowRelayCon (it is also still in
acceptAllMail) and on my mail server change relayhost to 192.168.1.2:225
(and reload or even restart Postfix) then mail is not relayed by ASSP. It
leaves the mail server but it doesn't get picked up by ASSP. Restarting
ASSP or rebooting the ASSP server does not change this. If I do netstat
-tulpn | grep 225 on the server I can see that port 225 is not open.
(Interestingly it also seems not to be open on my production ASSP machine
while I'm pretty sure that *does* work.) If I change things back the mail
gets delivered.

Here comes the part where it gets confusing: when changing the relayPort
value, a green line underneath the value box is shown reading: "relayHost
() and relayPort (225) must be defined to enable relaying". Aha.
relayHost, if I am not mistaken, has to do with mailservers upstream from
ASSP: your isp's relay server. Suddenly we go from relaying mail
internally to relaying mail to an outside server. We go from within the
lan to outside.

My question here is: why do I need to set up relaying to a server at my
isp's (which they haven't) when I all I want to do is set up relaying from



my 'end user' mail server to my ASSP box? Those have got nothing to do
with each other.

Thank you in advance for any enlightenment you can bring me on this
subject!

Have a great day :)

Martin
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the



individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Function of relayPort

m.huijgen
I understand. That's why I use Postfix as a mailserver on my ASSP box.
Postfix does SMTP on port 125, which is also the value of smtpDestination.
So: if relayPort has a value that means relayHost must also have a value,
and if it hasn't it will use smtpDestination. Which should use Postfix
local relative to ASSP.

So in the logical sense this means:

[ physical server 1: Domino mail server ] --> [ physical server 2: ASSP
(port 225) --> Postfix ] --> internet

As I understand it, ASSP's logic goes like this:
1. Mail is sent from the mail server (in this test setup a Postfix server,
but in my production setup a bunch of Domino servers) to the ASSP machine
on port 225.
2. ASSP receives the mail, does whitelist additions if so instructed, and
passes it on to Postfix on to relayHost.
3. relayHost is blank so it looks to smtpDestination for further
instructions.
4. smtpDestination is set to value 125, which means "use the address on
which the connection was received with port 125". This is Postfix on that
same machine.
5. Postfix sends out the mail to the internet, what with it being a mail
server and all.

At step #2 this process ends. ASSP does not receive the mail and the
sending mail server logs this message: connect to [192.168.1.2]:225:
Connection refused.

If the above logic (the five steps) is correct then the question is: why
is ASSP not listening on port 225 as instructed?
If my logic is flawed the question is: what am I doing wrong?

Thank you for your time!

Martin




From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 12:03
Subject:        Re: [Assp-user] Function of relayPort



ASSP is a PROXY not a mail server. It requires SMTP mail servers at both
communication (in and out) ends.

Thomas





Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 11:48
Betreff:        Re: [Assp-user] Function of relayPort



Hi Thomas,

Thanks for your response.  We send out mail directly to the internet, not
through a relay server at out ISP's.

In our case: Domino mail server -> ASSP (relayPort 225) -> internet

I would like to be able to use relayPort without setting up relaying to an


upstream server. Is that possible with the current version of ASSP?

Martin



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 10:50
Subject:        Re: [Assp-user] Function of relayPort



>"Normally", a server on the lan that needs to be able to relay mail to
the
>internet would be placed in acceptAllMail.

No, the usage of the relayPort and relayHost is recommended.

incoming:

internet -> ASSP(25) -> domain based mail router (may be not required) ->
domino

outgoing:

domino -> domain based mail router (may be not required) -> ASSP(225 -
relayPort) -> ISP or your own mail relay (relayHost) -> internet

Thomas



Von:    [hidden email]
An:     [hidden email]
Datum:  22.09.2016 09:53
Betreff:        [Assp-user] Function of relayPort



Hi,

I have a question about the function of the relayPort variable. I
apologize for the long text ;)

I'm running a test setup using two servers, both running Debian 8.6 and
Postfix. One is the 'end user' mail server (192.168.1.3), the other
Postfix + ASSP (192.168.1.2).

"Normally", a server on the lan that needs to be able to relay mail to the




internet would be placed in acceptAllMail. By default ASSP listens on port




25 for mail from the lan to the internet (Postfix runs on port 125 on the
ASSP machine). So in my end user mail server I have "relayhost =
192.168.1.2" and that works fine: if I send out a mail I see it passing
through ASSP (not running as a daemon but showing everything in the
console). So far so good.

On my production server however I have relayPort set to 225 and my IBM
Domino mailservers use *that* port to relay outgoing mail through ASSP.
The production ASSP server also runs Postfix on port 225.

Now as I understood it, relayPort is meant to be an extra port, sort of
like security through obscurity, that allows you to relay outgoing mail on




a non-standard port. The fact that this is working in my production
environment corroberates that.

Now, if I set relayPort to 225 in my test setup and put 192.168.1.3 (the
'end user' mail server) in allowRelayCon (it is also still in
acceptAllMail) and on my mail server change relayhost to 192.168.1.2:225
(and reload or even restart Postfix) then mail is not relayed by ASSP. It
leaves the mail server but it doesn't get picked up by ASSP. Restarting
ASSP or rebooting the ASSP server does not change this. If I do netstat
-tulpn | grep 225 on the server I can see that port 225 is not open.
(Interestingly it also seems not to be open on my production ASSP machine
while I'm pretty sure that *does* work.) If I change things back the mail
gets delivered.

Here comes the part where it gets confusing: when changing the relayPort
value, a green line underneath the value box is shown reading: "relayHost
() and relayPort (225) must be defined to enable relaying". Aha.
relayHost, if I am not mistaken, has to do with mailservers upstream from
ASSP: your isp's relay server. Suddenly we go from relaying mail
internally to relaying mail to an outside server. We go from within the
lan to outside.

My question here is: why do I need to set up relaying to a server at my
isp's (which they haven't) when I all I want to do is set up relaying from




my 'end user' mail server to my ASSP box? Those have got nothing to do
with each other.

Thank you in advance for any enlightenment you can bring me on this
subject!

Have a great day :)

Martin
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the




individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the


individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Function of relayPort

Thomas Eckardt/eck
>If my logic is flawed the question is: what am I doing wrong?

The maillog.txt at startup will show the reason.

- the user must be allowed to use lower ports
- the IP:port must be unused - if only the port is defined, the port must
be unused at all IP's

Thomas



Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 12:35
Betreff:        Re: [Assp-user] Function of relayPort



I understand. That's why I use Postfix as a mailserver on my ASSP box.
Postfix does SMTP on port 125, which is also the value of smtpDestination.

So: if relayPort has a value that means relayHost must also have a value,
and if it hasn't it will use smtpDestination. Which should use Postfix
local relative to ASSP.

So in the logical sense this means:

[ physical server 1: Domino mail server ] --> [ physical server 2: ASSP
(port 225) --> Postfix ] --> internet

As I understand it, ASSP's logic goes like this:
1. Mail is sent from the mail server (in this test setup a Postfix server,

but in my production setup a bunch of Domino servers) to the ASSP machine
on port 225.
2. ASSP receives the mail, does whitelist additions if so instructed, and
passes it on to Postfix on to relayHost.
3. relayHost is blank so it looks to smtpDestination for further
instructions.
4. smtpDestination is set to value 125, which means "use the address on
which the connection was received with port 125". This is Postfix on that
same machine.
5. Postfix sends out the mail to the internet, what with it being a mail
server and all.

At step #2 this process ends. ASSP does not receive the mail and the
sending mail server logs this message: connect to [192.168.1.2]:225:
Connection refused.

If the above logic (the five steps) is correct then the question is: why
is ASSP not listening on port 225 as instructed?
If my logic is flawed the question is: what am I doing wrong?

Thank you for your time!

Martin




From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 12:03
Subject:        Re: [Assp-user] Function of relayPort



ASSP is a PROXY not a mail server. It requires SMTP mail servers at both
communication (in and out) ends.

Thomas





Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 11:48
Betreff:        Re: [Assp-user] Function of relayPort



Hi Thomas,

Thanks for your response.  We send out mail directly to the internet, not
through a relay server at out ISP's.

In our case: Domino mail server -> ASSP (relayPort 225) -> internet

I would like to be able to use relayPort without setting up relaying to an



upstream server. Is that possible with the current version of ASSP?

Martin



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 10:50
Subject:        Re: [Assp-user] Function of relayPort



>"Normally", a server on the lan that needs to be able to relay mail to
the
>internet would be placed in acceptAllMail.

No, the usage of the relayPort and relayHost is recommended.

incoming:

internet -> ASSP(25) -> domain based mail router (may be not required) ->
domino

outgoing:

domino -> domain based mail router (may be not required) -> ASSP(225 -
relayPort) -> ISP or your own mail relay (relayHost) -> internet

Thomas



Von:    [hidden email]
An:     [hidden email]
Datum:  22.09.2016 09:53
Betreff:        [Assp-user] Function of relayPort



Hi,

I have a question about the function of the relayPort variable. I
apologize for the long text ;)

I'm running a test setup using two servers, both running Debian 8.6 and
Postfix. One is the 'end user' mail server (192.168.1.3), the other
Postfix + ASSP (192.168.1.2).

"Normally", a server on the lan that needs to be able to relay mail to the





internet would be placed in acceptAllMail. By default ASSP listens on port





25 for mail from the lan to the internet (Postfix runs on port 125 on the
ASSP machine). So in my end user mail server I have "relayhost =
192.168.1.2" and that works fine: if I send out a mail I see it passing
through ASSP (not running as a daemon but showing everything in the
console). So far so good.

On my production server however I have relayPort set to 225 and my IBM
Domino mailservers use *that* port to relay outgoing mail through ASSP.
The production ASSP server also runs Postfix on port 225.

Now as I understood it, relayPort is meant to be an extra port, sort of
like security through obscurity, that allows you to relay outgoing mail on





a non-standard port. The fact that this is working in my production
environment corroberates that.

Now, if I set relayPort to 225 in my test setup and put 192.168.1.3 (the
'end user' mail server) in allowRelayCon (it is also still in
acceptAllMail) and on my mail server change relayhost to 192.168.1.2:225
(and reload or even restart Postfix) then mail is not relayed by ASSP. It
leaves the mail server but it doesn't get picked up by ASSP. Restarting
ASSP or rebooting the ASSP server does not change this. If I do netstat
-tulpn | grep 225 on the server I can see that port 225 is not open.
(Interestingly it also seems not to be open on my production ASSP machine
while I'm pretty sure that *does* work.) If I change things back the mail
gets delivered.

Here comes the part where it gets confusing: when changing the relayPort
value, a green line underneath the value box is shown reading: "relayHost
() and relayPort (225) must be defined to enable relaying". Aha.
relayHost, if I am not mistaken, has to do with mailservers upstream from
ASSP: your isp's relay server. Suddenly we go from relaying mail
internally to relaying mail to an outside server. We go from within the
lan to outside.

My question here is: why do I need to set up relaying to a server at my
isp's (which they haven't) when I all I want to do is set up relaying from





my 'end user' mail server to my ASSP box? Those have got nothing to do
with each other.

Thank you in advance for any enlightenment you can bring me on this
subject!

Have a great day :)

Martin
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the





individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the



individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Function of relayPort

m.huijgen
Nothing is logged about the refused connection in maillog.txt (I checked)
because the port is not in use. I'm doing watch -n 1 netstat -tulpn | grep
225 to monitor for that port and the output remains empty. Searching for
port 125 nicely shows the Postfix process though.

Yes, the user must be allowed to use the lower ports. So I tried with port
2250, which should work for any user. Unfortunately this produced the same
results. Running the script as root, same thing.

I'm out of ideas. It's no great problem because port 25 works just fine,
it's just that I'd like to understand the fault in my reasoning.

Of the five steps I described earlier, would you please point out to me
which one is erroneous? I hope I'm not taking too much of your time but if
I am perhaps someone else on this mailing list would like to share their
thoughts.

Thanks!

Martin



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 13:06
Subject:        Re: [Assp-user] Function of relayPort



>If my logic is flawed the question is: what am I doing wrong?

The maillog.txt at startup will show the reason.

- the user must be allowed to use lower ports
- the IP:port must be unused - if only the port is defined, the port must
be unused at all IP's

Thomas



Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 12:35
Betreff:        Re: [Assp-user] Function of relayPort



I understand. That's why I use Postfix as a mailserver on my ASSP box.
Postfix does SMTP on port 125, which is also the value of smtpDestination.


So: if relayPort has a value that means relayHost must also have a value,
and if it hasn't it will use smtpDestination. Which should use Postfix
local relative to ASSP.

So in the logical sense this means:

[ physical server 1: Domino mail server ] --> [ physical server 2: ASSP
(port 225) --> Postfix ] --> internet

As I understand it, ASSP's logic goes like this:
1. Mail is sent from the mail server (in this test setup a Postfix server,


but in my production setup a bunch of Domino servers) to the ASSP machine
on port 225.
2. ASSP receives the mail, does whitelist additions if so instructed, and
passes it on to Postfix on to relayHost.
3. relayHost is blank so it looks to smtpDestination for further
instructions.
4. smtpDestination is set to value 125, which means "use the address on
which the connection was received with port 125". This is Postfix on that
same machine.
5. Postfix sends out the mail to the internet, what with it being a mail
server and all.

At step #2 this process ends. ASSP does not receive the mail and the
sending mail server logs this message: connect to [192.168.1.2]:225:
Connection refused.

If the above logic (the five steps) is correct then the question is: why
is ASSP not listening on port 225 as instructed?
If my logic is flawed the question is: what am I doing wrong?

Thank you for your time!

Martin




From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 12:03
Subject:        Re: [Assp-user] Function of relayPort



ASSP is a PROXY not a mail server. It requires SMTP mail servers at both
communication (in and out) ends.

Thomas





Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 11:48
Betreff:        Re: [Assp-user] Function of relayPort



Hi Thomas,

Thanks for your response.  We send out mail directly to the internet, not
through a relay server at out ISP's.

In our case: Domino mail server -> ASSP (relayPort 225) -> internet

I would like to be able to use relayPort without setting up relaying to an




upstream server. Is that possible with the current version of ASSP?

Martin



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 10:50
Subject:        Re: [Assp-user] Function of relayPort



>"Normally", a server on the lan that needs to be able to relay mail to
the
>internet would be placed in acceptAllMail.

No, the usage of the relayPort and relayHost is recommended.

incoming:

internet -> ASSP(25) -> domain based mail router (may be not required) ->
domino

outgoing:

domino -> domain based mail router (may be not required) -> ASSP(225 -
relayPort) -> ISP or your own mail relay (relayHost) -> internet

Thomas



Von:    [hidden email]
An:     [hidden email]
Datum:  22.09.2016 09:53
Betreff:        [Assp-user] Function of relayPort



Hi,

I have a question about the function of the relayPort variable. I
apologize for the long text ;)

I'm running a test setup using two servers, both running Debian 8.6 and
Postfix. One is the 'end user' mail server (192.168.1.3), the other
Postfix + ASSP (192.168.1.2).

"Normally", a server on the lan that needs to be able to relay mail to the






internet would be placed in acceptAllMail. By default ASSP listens on port






25 for mail from the lan to the internet (Postfix runs on port 125 on the
ASSP machine). So in my end user mail server I have "relayhost =
192.168.1.2" and that works fine: if I send out a mail I see it passing
through ASSP (not running as a daemon but showing everything in the
console). So far so good.

On my production server however I have relayPort set to 225 and my IBM
Domino mailservers use *that* port to relay outgoing mail through ASSP.
The production ASSP server also runs Postfix on port 225.

Now as I understood it, relayPort is meant to be an extra port, sort of
like security through obscurity, that allows you to relay outgoing mail on






a non-standard port. The fact that this is working in my production
environment corroberates that.

Now, if I set relayPort to 225 in my test setup and put 192.168.1.3 (the
'end user' mail server) in allowRelayCon (it is also still in
acceptAllMail) and on my mail server change relayhost to 192.168.1.2:225
(and reload or even restart Postfix) then mail is not relayed by ASSP. It
leaves the mail server but it doesn't get picked up by ASSP. Restarting
ASSP or rebooting the ASSP server does not change this. If I do netstat
-tulpn | grep 225 on the server I can see that port 225 is not open.
(Interestingly it also seems not to be open on my production ASSP machine
while I'm pretty sure that *does* work.) If I change things back the mail
gets delivered.

Here comes the part where it gets confusing: when changing the relayPort
value, a green line underneath the value box is shown reading: "relayHost
() and relayPort (225) must be defined to enable relaying". Aha.
relayHost, if I am not mistaken, has to do with mailservers upstream from
ASSP: your isp's relay server. Suddenly we go from relaying mail
internally to relaying mail to an outside server. We go from within the
lan to outside.

My question here is: why do I need to set up relaying to a server at my
isp's (which they haven't) when I all I want to do is set up relaying from






my 'end user' mail server to my ASSP box? Those have got nothing to do
with each other.

Thank you in advance for any enlightenment you can bring me on this
subject!

Have a great day :)

Martin
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the






individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the




individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the


individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Function of relayPort

m.huijgen
Fixed it by setting relayHost to 127.0.0.1:125. 192.168.1.2:125 also
works. relayPort is set to 225.

Apparently the explanation "Blank means no relayhost and the
smtpDestination will be used. " is no longer true since that would mean
192.168.1.2:125 would be used.

Still it is interesting that netstat shows no open port 225. But it works!
I'm going to finish my documentation now :)

Martin



From:   [hidden email]
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 15:17
Subject:        Re: [Assp-user] Function of relayPort



Nothing is logged about the refused connection in maillog.txt (I checked)
because the port is not in use. I'm doing watch -n 1 netstat -tulpn | grep

225 to monitor for that port and the output remains empty. Searching for
port 125 nicely shows the Postfix process though.

Yes, the user must be allowed to use the lower ports. So I tried with port

2250, which should work for any user. Unfortunately this produced the same

results. Running the script as root, same thing.

I'm out of ideas. It's no great problem because port 25 works just fine,
it's just that I'd like to understand the fault in my reasoning.

Of the five steps I described earlier, would you please point out to me
which one is erroneous? I hope I'm not taking too much of your time but if

I am perhaps someone else on this mailing list would like to share their
thoughts.

Thanks!

Martin



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 13:06
Subject:        Re: [Assp-user] Function of relayPort



>If my logic is flawed the question is: what am I doing wrong?

The maillog.txt at startup will show the reason.

- the user must be allowed to use lower ports
- the IP:port must be unused - if only the port is defined, the port must
be unused at all IP's

Thomas



Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 12:35
Betreff:        Re: [Assp-user] Function of relayPort



I understand. That's why I use Postfix as a mailserver on my ASSP box.
Postfix does SMTP on port 125, which is also the value of smtpDestination.



So: if relayPort has a value that means relayHost must also have a value,
and if it hasn't it will use smtpDestination. Which should use Postfix
local relative to ASSP.

So in the logical sense this means:

[ physical server 1: Domino mail server ] --> [ physical server 2: ASSP
(port 225) --> Postfix ] --> internet

As I understand it, ASSP's logic goes like this:
1. Mail is sent from the mail server (in this test setup a Postfix server,



but in my production setup a bunch of Domino servers) to the ASSP machine
on port 225.
2. ASSP receives the mail, does whitelist additions if so instructed, and
passes it on to Postfix on to relayHost.
3. relayHost is blank so it looks to smtpDestination for further
instructions.
4. smtpDestination is set to value 125, which means "use the address on
which the connection was received with port 125". This is Postfix on that
same machine.
5. Postfix sends out the mail to the internet, what with it being a mail
server and all.

At step #2 this process ends. ASSP does not receive the mail and the
sending mail server logs this message: connect to [192.168.1.2]:225:
Connection refused.

If the above logic (the five steps) is correct then the question is: why
is ASSP not listening on port 225 as instructed?
If my logic is flawed the question is: what am I doing wrong?

Thank you for your time!

Martin




From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 12:03
Subject:        Re: [Assp-user] Function of relayPort



ASSP is a PROXY not a mail server. It requires SMTP mail servers at both
communication (in and out) ends.

Thomas





Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 11:48
Betreff:        Re: [Assp-user] Function of relayPort



Hi Thomas,

Thanks for your response.  We send out mail directly to the internet, not
through a relay server at out ISP's.

In our case: Domino mail server -> ASSP (relayPort 225) -> internet

I would like to be able to use relayPort without setting up relaying to an





upstream server. Is that possible with the current version of ASSP?

Martin



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 10:50
Subject:        Re: [Assp-user] Function of relayPort



>"Normally", a server on the lan that needs to be able to relay mail to
the
>internet would be placed in acceptAllMail.

No, the usage of the relayPort and relayHost is recommended.

incoming:

internet -> ASSP(25) -> domain based mail router (may be not required) ->
domino

outgoing:

domino -> domain based mail router (may be not required) -> ASSP(225 -
relayPort) -> ISP or your own mail relay (relayHost) -> internet

Thomas



Von:    [hidden email]
An:     [hidden email]
Datum:  22.09.2016 09:53
Betreff:        [Assp-user] Function of relayPort



Hi,

I have a question about the function of the relayPort variable. I
apologize for the long text ;)

I'm running a test setup using two servers, both running Debian 8.6 and
Postfix. One is the 'end user' mail server (192.168.1.3), the other
Postfix + ASSP (192.168.1.2).

"Normally", a server on the lan that needs to be able to relay mail to the







internet would be placed in acceptAllMail. By default ASSP listens on port







25 for mail from the lan to the internet (Postfix runs on port 125 on the
ASSP machine). So in my end user mail server I have "relayhost =
192.168.1.2" and that works fine: if I send out a mail I see it passing
through ASSP (not running as a daemon but showing everything in the
console). So far so good.

On my production server however I have relayPort set to 225 and my IBM
Domino mailservers use *that* port to relay outgoing mail through ASSP.
The production ASSP server also runs Postfix on port 225.

Now as I understood it, relayPort is meant to be an extra port, sort of
like security through obscurity, that allows you to relay outgoing mail on







a non-standard port. The fact that this is working in my production
environment corroberates that.

Now, if I set relayPort to 225 in my test setup and put 192.168.1.3 (the
'end user' mail server) in allowRelayCon (it is also still in
acceptAllMail) and on my mail server change relayhost to 192.168.1.2:225
(and reload or even restart Postfix) then mail is not relayed by ASSP. It
leaves the mail server but it doesn't get picked up by ASSP. Restarting
ASSP or rebooting the ASSP server does not change this. If I do netstat
-tulpn | grep 225 on the server I can see that port 225 is not open.
(Interestingly it also seems not to be open on my production ASSP machine
while I'm pretty sure that *does* work.) If I change things back the mail
gets delivered.

Here comes the part where it gets confusing: when changing the relayPort
value, a green line underneath the value box is shown reading: "relayHost
() and relayPort (225) must be defined to enable relaying". Aha.
relayHost, if I am not mistaken, has to do with mailservers upstream from
ASSP: your isp's relay server. Suddenly we go from relaying mail
internally to relaying mail to an outside server. We go from within the
lan to outside.

My question here is: why do I need to set up relaying to a server at my
isp's (which they haven't) when I all I want to do is set up relaying from







my 'end user' mail server to my ASSP box? Those have got nothing to do
with each other.

Thank you in advance for any enlightenment you can bring me on this
subject!

Have a great day :)

Martin
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the







individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the





individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the



individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Function of relayPort

Thomas Eckardt/eck
In reply to this post by m.huijgen
>Nothing is logged about the refused connection in maillog.txt (I checked

This is simply not possible!!!

Aug-25-16 15:24:39 [init] Listening for SMTP connections on 0.0.0.0:25
Aug-25-16 15:24:39 [init] Listening for SMTPS (SSL) connections on
1.1.1.1:465
Aug-25-16 15:24:39 [init] Listening for admin HTTP connections on
0.0.0.0:55555
Aug-25-16 15:24:39 [init] Listening for stat HTTP connections on
0.0.0.0:55553
Aug-25-16 15:24:39 [init] Listening for additional SMTP connections on
0.0.0.0:2525
Aug-25-16 15:24:39 [init] Error: couldn't create server socket on port
'225' -- maybe another service uses this listener or I'm not root (uid=0)?
-- or a wrong IP address is defined? -- Der Zugriff auf einen Socket war
aufgrund der Zugriffsrechte des Sockets unzulässig.
Aug-25-16 15:24:39 [init] Listening for SMTP relay connections on
0.0.0.0:625
Aug-25-16 15:24:39 [init] Proxy started: listening on 2.2.2.2:22 forwarded
to 4.4.4.4:22
Aug-25-16 15:24:39 [init] Proxy started: listening on 3.3.3.3:22 forwarded
to 5.5.5.5:22

This is an example of a possible startup log.

Thomas




Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 14:57
Betreff:        Re: [Assp-user] Function of relayPort



Nothing is logged about the refused connection in maillog.txt (I checked)
because the port is not in use. I'm doing watch -n 1 netstat -tulpn | grep

225 to monitor for that port and the output remains empty. Searching for
port 125 nicely shows the Postfix process though.

Yes, the user must be allowed to use the lower ports. So I tried with port

2250, which should work for any user. Unfortunately this produced the same

results. Running the script as root, same thing.

I'm out of ideas. It's no great problem because port 25 works just fine,
it's just that I'd like to understand the fault in my reasoning.

Of the five steps I described earlier, would you please point out to me
which one is erroneous? I hope I'm not taking too much of your time but if

I am perhaps someone else on this mailing list would like to share their
thoughts.

Thanks!

Martin



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 13:06
Subject:        Re: [Assp-user] Function of relayPort



>If my logic is flawed the question is: what am I doing wrong?

The maillog.txt at startup will show the reason.

- the user must be allowed to use lower ports
- the IP:port must be unused - if only the port is defined, the port must
be unused at all IP's

Thomas



Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 12:35
Betreff:        Re: [Assp-user] Function of relayPort



I understand. That's why I use Postfix as a mailserver on my ASSP box.
Postfix does SMTP on port 125, which is also the value of smtpDestination.



So: if relayPort has a value that means relayHost must also have a value,
and if it hasn't it will use smtpDestination. Which should use Postfix
local relative to ASSP.

So in the logical sense this means:

[ physical server 1: Domino mail server ] --> [ physical server 2: ASSP
(port 225) --> Postfix ] --> internet

As I understand it, ASSP's logic goes like this:
1. Mail is sent from the mail server (in this test setup a Postfix server,



but in my production setup a bunch of Domino servers) to the ASSP machine
on port 225.
2. ASSP receives the mail, does whitelist additions if so instructed, and
passes it on to Postfix on to relayHost.
3. relayHost is blank so it looks to smtpDestination for further
instructions.
4. smtpDestination is set to value 125, which means "use the address on
which the connection was received with port 125". This is Postfix on that
same machine.
5. Postfix sends out the mail to the internet, what with it being a mail
server and all.

At step #2 this process ends. ASSP does not receive the mail and the
sending mail server logs this message: connect to [192.168.1.2]:225:
Connection refused.

If the above logic (the five steps) is correct then the question is: why
is ASSP not listening on port 225 as instructed?
If my logic is flawed the question is: what am I doing wrong?

Thank you for your time!

Martin




From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 12:03
Subject:        Re: [Assp-user] Function of relayPort



ASSP is a PROXY not a mail server. It requires SMTP mail servers at both
communication (in and out) ends.

Thomas





Von:    [hidden email]
An:     For Users of ASSP <[hidden email]>
Datum:  22.09.2016 11:48
Betreff:        Re: [Assp-user] Function of relayPort



Hi Thomas,

Thanks for your response.  We send out mail directly to the internet, not
through a relay server at out ISP's.

In our case: Domino mail server -> ASSP (relayPort 225) -> internet

I would like to be able to use relayPort without setting up relaying to an





upstream server. Is that possible with the current version of ASSP?

Martin



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   22-09-2016 10:50
Subject:        Re: [Assp-user] Function of relayPort



>"Normally", a server on the lan that needs to be able to relay mail to
the
>internet would be placed in acceptAllMail.

No, the usage of the relayPort and relayHost is recommended.

incoming:

internet -> ASSP(25) -> domain based mail router (may be not required) ->
domino

outgoing:

domino -> domain based mail router (may be not required) -> ASSP(225 -
relayPort) -> ISP or your own mail relay (relayHost) -> internet

Thomas



Von:    [hidden email]
An:     [hidden email]
Datum:  22.09.2016 09:53
Betreff:        [Assp-user] Function of relayPort



Hi,

I have a question about the function of the relayPort variable. I
apologize for the long text ;)

I'm running a test setup using two servers, both running Debian 8.6 and
Postfix. One is the 'end user' mail server (192.168.1.3), the other
Postfix + ASSP (192.168.1.2).

"Normally", a server on the lan that needs to be able to relay mail to the







internet would be placed in acceptAllMail. By default ASSP listens on port







25 for mail from the lan to the internet (Postfix runs on port 125 on the
ASSP machine). So in my end user mail server I have "relayhost =
192.168.1.2" and that works fine: if I send out a mail I see it passing
through ASSP (not running as a daemon but showing everything in the
console). So far so good.

On my production server however I have relayPort set to 225 and my IBM
Domino mailservers use *that* port to relay outgoing mail through ASSP.
The production ASSP server also runs Postfix on port 225.

Now as I understood it, relayPort is meant to be an extra port, sort of
like security through obscurity, that allows you to relay outgoing mail on







a non-standard port. The fact that this is working in my production
environment corroberates that.

Now, if I set relayPort to 225 in my test setup and put 192.168.1.3 (the
'end user' mail server) in allowRelayCon (it is also still in
acceptAllMail) and on my mail server change relayhost to 192.168.1.2:225
(and reload or even restart Postfix) then mail is not relayed by ASSP. It
leaves the mail server but it doesn't get picked up by ASSP. Restarting
ASSP or rebooting the ASSP server does not change this. If I do netstat
-tulpn | grep 225 on the server I can see that port 225 is not open.
(Interestingly it also seems not to be open on my production ASSP machine
while I'm pretty sure that *does* work.) If I change things back the mail
gets delivered.

Here comes the part where it gets confusing: when changing the relayPort
value, a green line underneath the value box is shown reading: "relayHost
() and relayPort (225) must be defined to enable relaying". Aha.
relayHost, if I am not mistaken, has to do with mailservers upstream from
ASSP: your isp's relay server. Suddenly we go from relaying mail
internally to relaying mail to an outside server. We go from within the
lan to outside.

My question here is: why do I need to set up relaying to a server at my
isp's (which they haven't) when I all I want to do is set up relaying from







my 'end user' mail server to my ASSP box? Those have got nothing to do
with each other.

Thank you in advance for any enlightenment you can bring me on this
subject!

Have a great day :)

Martin
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the







individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the





individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the



individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user