Once again:
Logs connection from lan to mail server:
(iptables -t nat POSTROUTING -s 192.168.5.0/24 -d !IP_mail_server -o
eth0 -j STAN --to-source IP_MY_WAN_NETWORK
exim -bd -q15m -d
....
18962 Listening...
18962 Connection request from 192.168.5.10 port 3308
18962 search_tidyup called
18962 1 SMTP accept process running
18962 Listening...
18965 host in rfc1413_hosts? yes (matched "*")
18965 doing ident callback
18965 ident connection to 192.168.5.10 failed: Connection timed out
18965 sender_fullhost = [192.168.5.10]
18965 sender_rcvhost = [192.168.5.10]
18965 Process 18965 is handling incoming connection from [192.168.5.10]
18965 checking for IP options
18965 no IP options found
18965 host in host_lookup? yes (matched "*")
18965 looking up host name for 192.168.5.10
18965 DNS lookup of 10.5.168.192.in-addr.arpa (PTR) succeeded
18965 IP address lookup yielded wr1.richter.net
18965 gethostbyname looked up these IP addresses:
18965 name=wr1.richter.net address=192.168.5.10
18965 checking addresses for wr1.richter.net
18965 192.168.5.10 OK
18965 sender_fullhost = wr1.richter.net [192.168.5.10]
18965 sender_rcvhost = wr1.richter.net ([192.168.5.10])
18965 set_process_info: 18965 handling incoming connection from
wr1.richter.net [192.168.5.10]
18965 host in host_reject_connection? no (option unset)
18965 host in sender_unqualified_hosts? no (option unset)
18965 host in recipient_unqualified_hosts? no (option unset)
18965 host in helo_verify_hosts? no (option unset)
18965 host in helo_try_verify_hosts? yes (matched "*")
18965 host in helo_accept_junk_hosts? no (option unset)
18965 using ACL "acl_check_connect"
18965 processing "defer"
18965 check ratelimit = 10 / 1m / per_conn / strict /
conn_m_$sender_host_address
18965 = 10 / 1m / per_conn / strict / conn_m_192.168.5.10
18965 ratelimit condition limit=10 period=60
key=1m/per_conn/strict/conn_m_192.168.5.10
18965 locking /path/to/exim/db/ratelimit.lockfile
18965 locked /path/to/db/ratelimit.lockfile
18965 EXIM_DBOPEN(/path/to/exim/db/ratelimit)
18965 returned from EXIM_DBOPEN
18965 opened hints database /path/to/exim/db/ratelimit: flags=O_RDWR
18965 dbfn_read: key=1m/per_conn/strict/conn_m_192.168.5.10
18965 dbfn_write: key=1m/per_conn/strict/conn_m_192.168.5.10
18965 ratelimit db updated
18965 ratelimit computed rate 0.4
18965 defer: condition test failed
18965 processing "defer"
18965 check ratelimit = 70 / 20m / per_conn / strict /
conn_h_$sender_host_address
18965 = 70 / 20m / per_conn / strict / conn_h_192.168.5.10
18965 ratelimit condition limit=70 period=1200
key=20m/per_conn/strict/conn_h_192.168.5.10
18965 locking /path/to/exim/db/ratelimit.lockfile
18965 locked /path/to/db/ratelimit.lockfile
18965 EXIM_DBOPEN(/path/to/exim/db/ratelimit)
18965 returned from EXIM_DBOPEN
18965 opened hints database /path/to/exim/db/ratelimit: flags=O_RDWR
18965 dbfn_read: key=20m/per_conn/strict/conn_h_192.168.5.10
18965 dbfn_write: key=20m/per_conn/strict/conn_h_192.168.5.10
18965 ratelimit db updated
18965 ratelimit computed rate 1.2
18965 defer: condition test failed
18965 processing "accept"
18965 accept: condition test succeeded
18965 SMTP>> 220-mail.server road to hell :)
18965 220-------------------------------------------------
18965 220-All activities are logged!
18965 220 ------------------------------------------------
18965 Process 18965 is ready for new message
18965 smtp_setup_msg entered
18965 SMTP<< EHLO wr1
18965 sender_fullhost = wr.lan.net (wr) [192.168.5.10]
18965 sender_rcvhost = wr.lan.net ([192.168.5.10] helo=wr)
18965 set_process_info: 18965 handling incoming connection from
wr.lan.net (wr) [192.168.5.10]
18965 verifying EHLO/HELO argument "wr"
18965 getting IP address for wr
18965 gethostbyname returned 1 (HOST_NOT_FOUND)
18965 no IP address found for host wr (during SMTP connection from
wr.lan.net (wr) [192.168.5.10])
18965 LOG: host_lookup_failed MAIN
18965 no IP address found for host wr (during SMTP connection from
wr.lan.net (wr) [192.168.5.10])
18965 EHLO verification failed but host is in helo_try_verify_hosts
18965 host in pipelining_advertise_hosts? yes (matched "*")
18965 host in auth_advertise_hosts? no (end of list)
18965 host in tls_advertise_hosts? yes (end of list)
18965 SMTP>> 250-mail.server Hello wr.lan.net [192.168.5.10]
18965 250-SIZE 104857600
18965 250-8BITMIME
18965 250-PIPELINING
18965 250-STARTTLS
18965 250 HELP
18965 SMTP<< STARTTLS
18965 Diffie-Hellman initialized from /path/to/exim.pem with 4096-bit key
18965 tls_certificate file /path/to/eximcs.crt
18965 tls_privatekey file /path/to/eximcs.key
18965 Initialized TLS
18965 host in tls_verify_hosts? no (option unset)
18965 host in tls_try_verify_hosts? no (option unset)
18965 SMTP>> 220 TLS go ahead
18965 Calling SSL_accept
18965 SSL info: before/accept initialization
18965 SSL info: before/accept initialization
18965 SSL info: SSLv3 read client hello A
18965 SSL info: SSLv3 write server hello A
18965 SSL info: SSLv3 write certificate A
18965 SSL info: SSLv3 write server done A
18965 SSL info: SSLv3 flush data
18965 SSL info: SSLv3 read client key exchange A
18965 SSL info: SSLv3 read finished A
18965 SSL info: SSLv3 write change cipher spec A
18965 SSL info: SSLv3 write finished A
18965 SSL info: SSLv3 flush data
18965 SSL info: SSL negotiation finished successfully
18965 SSL info: SSL negotiation finished successfully
18965 SSL_accept was successful
18965 Cipher: TLSv1:RC4-MD5:128
18965 Shared ciphers:
RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA
18965 sender_fullhost = wr.lan.net [192.168.5.10]
18965 sender_rcvhost = wr.lan.net ([192.168.5.10])
18965 set_process_info: 18965 handling incoming TLS connection from
wr.lan.net [192.168.5.10]
18965 TLS active
18965 Calling SSL_read(81d800, 833b40, 4096)
18965 SMTP<< EHLO wr
18965 sender_fullhost = wr.lan.net (wr) [192.168.5.10]
18965 sender_rcvhost = wr.lan.net ([192.168.5.10] helo=wr)
18965 set_process_info: 18965 handling TLS incoming connection from
wr.lan.net (wr) [192.168.5.10]
18965 verifying EHLO/HELO argument "wr"
18965 getting IP address for wr
18965 gethostbyname returned 1 (HOST_NOT_FOUND)
18965 no IP address found for host wr (during SMTP connection from
wr.lan.net (wr) [192.168.5.10])
18965 LOG: host_lookup_failed MAIN
18965 no IP address found for host wr (during SMTP connection from
wr.lan.net (wr) [192.168.5.10])
18965 EHLO verification failed but host is in helo_try_verify_hosts
18965 host in pipelining_advertise_hosts? yes (matched "*")
18965 host in auth_advertise_hosts? yes (matched "*")
18965 tls_do_write(801700, 149)
18965 SSL_write(SSL, 801700, 149)
18965 outbytes=149 error=0
18965 SMTP>> 250-mail.server Hello wr.lan.net [192.168.5.10]
18965 250-SIZE 104857600
18965 250-8BITMIME
18965 250-PIPELINING
18965 250-AUTH LOGIN
18965 250 HELP
18965 Calling SSL_read(81d800, 833b40, 4096)
18965 SMTP<< AUTH LOGIN
18965 SMTP>> 334 VXNlcm5hbWU6
18965 tls_do_write(7f1050, 18)
18965 SSL_write(SSL, 7f1050, 18)
18965 outbytes=18 error=0
18965 Calling SSL_read(81d800, 833b40, 4096)
18965 SMTP<< YnNrcnp5cGllYw==
18965 SMTP>> 334 UGFzc3dvcmQ6
18965 tls_do_write(7f1050, 18)
18965 SSL_write(SSL, 7f1050, 18)
18965 outbytes=18 error=0
18965 Calling SSL_read(81d800, 833b40, 4096)
18965 SMTP<< b2xpbXBpanNrYTE0
18965 LOGIN authenticator:
18965 $auth1 = user
18965 $auth2 = password
18965 $1 = user
18965 $2 = password
18965 LDAP parameters: user=uid=user,ou=Users,dc=lan,dc=net
pass=password size=0 time=0 connect=0 dereference=0 referrals=on
18965 perform_ldap_search: ldapauth URL =
etc.
Logs connection from wan to mail server:
exim -bd -q15m -d
......
18983 Listening...
18983 Connection request from WAN_IP port 54303
18983 search_tidyup called
18983 1 SMTP accept process running
18983 Listening...
18991 host in rfc1413_hosts? yes (matched "*")
18991 doing ident callback
18991 ident connection to WAN_IP failed: Connection refused
18991 sender_fullhost = [WAN_IP]
18991 sender_rcvhost = [WAN_IP]
18991 Process 18991 is handling incoming connection from [WAN_IP]
18991 checking for IP options
18991 no IP options found
18991 host in host_lookup? yes (matched "*")
18991 looking up host name for WAN_IP
18991 DNS lookup of WAN_IP.in-addr.arpa (PTR) succeeded
18991 IP address lookup yielded WAN_FQDN
18991 gethostbyname looked up these IP addresses:
18991 name=WAN_FQDN address=WAN_IP
18991 checking addresses for WAN_FQDN
18991 WAN_IP OK
18991 sender_fullhost = WAN_FQDN [WAN_IP]
18991 sender_rcvhost = WAN_FQDN ([WAN_IP])
18991 set_process_info: 18991 handling incoming connection from
WAN_FQDN [WAN_IP]
18991 host in host_reject_connection? no (option unset)
18991 host in sender_unqualified_hosts? no (option unset)
18991 host in recipient_unqualified_hosts? no (option unset)
18991 host in helo_verify_hosts? no (option unset)
18991 host in helo_try_verify_hosts? yes (matched "*")
18991 host in helo_accept_junk_hosts? no (option unset)
18991 using ACL "acl_check_connect"
18991 processing "defer"
18991 check ratelimit = 10 / 1m / per_conn / strict /
conn_m_$sender_host_address
18991 = 10 / 1m / per_conn / strict / conn_m_WAN_IP
18991 ratelimit condition limit=10 period=60
key=1m/per_conn/strict/conn_m_WAN_IP
18991 locking /path/tp/exim/db/ratelimit.lockfile
18991 locked /path/to/exim/db/ratelimit.lockfile
18991 EXIM_DBOPEN(/path/to/exim/db/ratelimit)
18991 returned from EXIM_DBOPEN
18991 opened hints database /path/to/exim/db/ratelimit: flags=O_RDWR
18991 dbfn_read: key=1m/per_conn/strict/conn_m_WAN_IP
18991 dbfn_write: key=1m/per_conn/strict/conn_m_WAN_IP
18991 ratelimit db updated
18991 ratelimit computed rate 0.0
18991 defer: condition test failed
18991 processing "defer"
18991 check ratelimit = 70 / 20m / per_conn / strict /
conn_h_$sender_host_address
18991 = 70 / 20m / per_conn / strict / conn_h_WAN_IP
18991 ratelimit condition limit=70 period=1200
key=20m/per_conn/strict/conn_h_WAN_IP
18991 locking /path/to/exim/db/ratelimit.lockfile
18991 locked /path/to/exim/db/ratelimit.lockfile
18991 EXIM_DBOPEN(/path/to/exim/db/ratelimit)
18991 returned from EXIM_DBOPEN
18991 opened hints database /path/to/exim/db/ratelimit: flags=O_RDWR
18991 dbfn_read: key=20m/per_conn/strict/conn_h_WAN_IP
18991 dbfn_write: key=20m/per_conn/strict/conn_h_WAN_IP
18991 ratelimit db updated
18991 ratelimit computed rate 0.0
18991 defer: condition test failed
18991 processing "accept"
18991 accept: condition test succeeded
18991 SMTP>> 220-mail.server road to hell :)
18991 220-------------------------------------------------
18991 220-All activities are logged!
18991 220 ------------------------------------------------
18991 Process 18991 is ready for new message
18991 smtp_setup_msg entered
18991 SMTP<< EHLO [IP]
18991 sender_fullhost = WAN_FQDN ([other IP]) [WAN_IP]
18991 sender_rcvhost = WAN_FQDN ([WAN_IP] helo=[other IP])
18991 set_process_info: 18991 handling incoming connection from
WAN_FQDN ([other IP]) [WAN_IP]
18991 verifying EHLO/HELO argument "[other IP]"
18991 EHLO verification failed but host is in helo_try_verify_hosts
18991 host in pipelining_advertise_hosts? yes (matched "*")
18991 host in auth_advertise_hosts? no (end of list)
18991 host in tls_advertise_hosts? yes (end of list)
18991 SMTP>> 250-mail.server Hello WAN_FQDN [WAN_IP]
18991 250-SIZE 104857600
18991 250-8BITMIME
18991 250-PIPELINING
18991 250-STARTTLS
18991 250 HELP
18991 SMTP<< STARTTLS
18991 Diffie-Hellman initialized from /path/to/exim.pem with 4096-bit key
18991 tls_certificate file /path/to/eximcs.crt
18991 tls_privatekey file /path/to/eximcs.key
18991 Initialized TLS
18991 host in tls_verify_hosts? no (option unset)
18991 host in tls_try_verify_hosts? no (option unset)
18991 SMTP>> 220 TLS go ahead
18991 Calling SSL_accept
18991 SSL info: before/accept initialization
18991 SSL info: before/accept initialization
18991 SSL info: SSLv3 read client hello A
18991 SSL info: SSLv3 write server hello A
18991 SSL info: SSLv3 write certificate A
18991 SSL info: SSLv3 write key exchange A
18991 SSL info: SSLv3 write server done A
18991 SSL info: SSLv3 flush data
18991 SSL info: SSLv3 read client certificate A
18991 LOG: MAIN
18991 TLS error on connection from WAN_FQDN ([other IP]) [WAN_IP]
(SSL_accept): error:00000000:lib(0):func(0):reason(0)
18991 TLS failed to start
18991 LOG: smtp_connection MAIN
18991 SMTP connection from WAN_FQDN ([other IP]) [WAN_IP] closed by EOF
18991 search_tidyup called
18983 child 18991 ended: status=0x0
18983 0 SMTP accept processes now running
18983 Listening...
Before upgrade etch to lenny was ok.
It's a kind of magic? :(
Bogdan
----------------------------------------------------
Podróżujemy, planujemy wyprawy, blogujemy
Szukamy takich jak My w serwisie Navigeo!
Marta i Tomek
http://klik.wp.pl/?adr=http%3A%2F%2Fnavigeo.pl&sid=653