ahennessy Absent Member.
Absent Member.
2089 views

Postfix Mail and Filr firewall

I have a small installation of Filr (all on one box for 50 users max). Trying to set up postfix mail is causing a problem as port 25 outbound from filr appliance is blocked on it's firewall. BUT I cannot find where to change it.

As it is in our DMZ I am reluctant to open more ports inbound to relay off our groupWise server. Any ideas as to how to open the port on the Filr firewall?

Thanks
0 Likes
13 Replies
jmarton2 Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

ahennessy wrote:

>
> I have a small installation of Filr (all on one box for 50 users max).
> Trying to set up postfix mail is causing a problem as port 25 outbound
> from filr appliance is blocked on it's firewall. BUT I cannot find
> where to change it.
>
> As it is in our DMZ I am reluctant to open more ports inbound to relay
> off our groupWise server. Any ideas as to how to open the port on the
> Filr firewall?


We don't really provide any way to change the Postfix configuration.
It doesn't mean you couldn't manually do it, but it wouldn't be
supported. If you need more flexibility your best bet is to configure
Filr to relay through whatever e-mail system you have there. I would
imagine it's configured to listen for connections on 25 so Filr
shouldn't have any issues relaying through it.

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
ahennessy Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

Thanks for the reply john,

I'm not trying to change the Postfix config but the firewall on the Filr box which is blocking port 25?

Cheers
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

ahennessy wrote:

> I'm not trying to change the Postfix config but the firewall on the
> Filr box which is blocking port 25?


Oh, I misunderstood your question. In that case, the firewall on the
Filr appliance shouldn't be blocking port 25. If you log into the
appliance admin interface on port 9443, Appliance Configuration,
Firewall, what's the status of port 25?

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
ahennessy Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

Port 25 is blocked. However as the firewall config page is just informational I cannot change it.

I guess that will block either Postfix mail or port 25 inbound to my GroupWise server.?
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

ahennessy wrote:

>
> Port 25 is blocked. However as the firewall config page is just
> informational I cannot change it.


Yeah, it's just information, but I'm not sure why it's blocked in the
first place. That's odd. I take it in the appliance config, outbound
e-mail, "Use Local POstfix Mail Server" is checked?

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
ahennessy Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

It is indeed, (sorry for calling you john in the earlier post). Any files I try to share out are showing as shared in the shared files but the emails never get to the recipients. They don't look like they even reached our corporate firewall (nothing in firewall logs).

I had this working in filr 1.01 with these exact settings. I rebuilt instead of upgrading as 1.01 was a test only. Of course now we want to go live we get this stumbling block.
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

ahennessy wrote:

>
> It is indeed, (sorry for calling you john in the earlier post). Any
> files I try to share out are showing as shared in the shared files but
> the emails never get to the recipients. They don't look like they even
> reached our corporate firewall (nothing in firewall logs).
>
> I had this working in filr 1.01 with these exact settings. I rebuilt
> instead of upgrading as 1.01 was a test only. Of course now we want to
> go live we get this stumbling block.


Ok, I've asked internally why this is as I haven't seen this
previously. My small deployment at home shows port 25 as open and I
didn't do anything special to open the port. If I don't get a response
you may have to open an SR. I'll let you know what I find out.

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

Joseph Marton wrote:

> Ok, I've asked internally why this is as I haven't seen this
> previously. My small deployment at home shows port 25 as open and I
> didn't do anything special to open the port. If I don't get a
> response you may have to open an SR. I'll let you know what I find
> out.


Ok, so I was slightly off-base. I thought port 25 was open on my
server but actually it's not, and that's because Postfix doesn't
receive any e-mails--only send. I wonder if the issue could be
something like SPF not definining Filr as a mail host and thus
receivers are marking the e-mails as spam? If you monitor your
firewall, do you see Filr ever make outbound SMTP requests to the
destination mail servers for notifications? Maybe a LAN trace? There
shouldn't be anything you need to configure on Filr to make this work
other than basic DNS resolution.

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
vtodorovelatec Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

Hi,

i have the large installation but probably it is the same.
Login to the console on the filr appliance. login with root and execute the command yast
then in the interface "security and Users" > "Firewall" > "allowed service" > "advanced", there you can add the port
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

vtodorovelatec wrote:

> i have the large installation but probably it is the same.
> Login to the console on the filr appliance. login with root and
> execute the command yast
> then in the interface "security and Users" > "Firewall" > "allowed
> service" > "advanced", there you can add the port


There should be no need, however. That is for accepting connections on
port 25 which is something Filr doesn't do as it doesn't receive mail.
It only sends.

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
ahennessy Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

Thanks for coming back to me. I will monitor corporate firewall to see what is happening but my initial glances at it would indicate that there is no traffic reaching it at all from Filr outbound. My LDAP and File shares are working ok it seems inbound. Port 25 is open outbound from Filr on Corporate FW.

I'll revert if I get it sorted. I can't open an SR as we are not in contract, it's a try before you buy. Hopefully we can get it working ok as it does look like a great product.
0 Likes
ahennessy Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

OK, the problem was DNS

The DNS settings on the Filr box were pointing internally to our internal DNS servers for LDAP and fileshare etc. which of course were not going to resolve mail domains for sending mail.

I added another 2 DNS servers (external and set the FW internal ip as a DNS server too) to the Network configuration and sending a mail worked instantly.

Thanks for all the assistance and suggestions.

AH
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: Postfix Mail and Filr firewall

ahennessy wrote:

>
> OK, the problem was DNS
>
> The DNS settings on the Filr box were pointing internally to our
> internal DNS servers for LDAP and fileshare etc. which of course were
> not going to resolve mail domains for sending mail.
>
> I added another 2 DNS servers (external and set the FW internal ip as
> a DNS server too) to the Network configuration and sending a mail
> worked instantly.


Ah ha! That makes sense. Thanks for reporting back!

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.