1 Topic by stefan.perovic

  • stefan.perovic
  • Member
  • Offline
  • Registered: 2018-07-12
  • Posts: 17

Topic: Send over SMTP by connecting to Private IP of mail server

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  2020122801 (Backend: mariadb, Date: 2021-01-18 15:56:44)
- Deployed with iRedMail Easy or the downloadable installer? Easy
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello, I have a scenario where:

Private Network 1 ( 10.0.0.0 ) hosts development server , Public IP of gateway 1.1.1.1 (example).

Private Network 2 ( 10.1.0.0 ) hosts Mail servers where Mail servers have their own Public IP's, but also are part of the network. Network Gateway is 2.2.2.2

There is IPSec between 1.1.1.1 and 2.2.2.2 routers.

How can I allow application on the Server from Network 1 ( 10.0.0.10) to send emails from the private IP of mail server (10.1.0.10) ? It can reach the IP but the server only allows to send by connecting to its public IP?

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Send over SMTP by connecting to Private IP of mail server

It should work if you can connect to the server.

3 Reply by stefan.perovic

  • stefan.perovic
  • Member
  • Offline
  • Registered: 2018-07-12
  • Posts: 17

Re: Send over SMTP by connecting to Private IP of mail server

Doesn't seem to be working. I am trying to send from Passbolt Password manager, if I use domain name:

Email configuration
---------------------------------------------------------------
Host: mail.example.com
Port: 587
Username: accounts@example.com
Password: *********
TLS: true

Sending email from: Accounts <accounts@example.com>
Sending email to: postmaster@example.com
---------------------------------------------------------------

Trace
[220] mail.example.com ESMTP Postfix
> EHLO localhost
[250] mail.example.com
[250] PIPELINING
[250] SIZE 15728640
[250] ETRN
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
> STARTTLS
[220] 2.0.0 Ready to start TLS
> EHLO localhost
[250] mail.example.com
[250] PIPELINING
[250] SIZE 15728640
[250] ETRN
[250] AUTH PLAIN LOGIN
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
> AUTH LOGIN
[334] VXNlcm5hbWU6
> *****
[334] UGFzc3dvcmQ6
> *****
[235] 2.7.0 Authentication successful
> MAIL FROM:<*****>
[250] 2.1.0 Ok
> RCPT TO:<postmaster@example.com>
[250] 2.1.5 Ok
> DATA
[354] End data with <CR><LF>.<CR><LF>
> From: Accounts <*****>
To: postmaster@example.com
Date: Fri, 16 Apr 2021 10:00:43 +0000
Message-ID: <5d271468c83c4e5fa17c927e54795c87@passbolt>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.


However if I change configuration to local IP I get:

Email configuration
---------------------------------------------------------------
Host: 10.1.0.4
Port: 587
Username: accounts@example.com
Password: *********
TLS: true

Sending email from: Accounts <accounts@example.com>
Sending email to: postmaster@example.com
---------------------------------------------------------------
Warning Error: stream_socket_enable_crypto(): Peer certificate CN=`mail.example.com' did not match expected CN=`10.1.0.4' in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Socket.php, line 479]

2021-04-16 10:05:06 Warning: Warning (2): stream_socket_enable_crypto(): Peer certificate CN=`mail.example.com' did not match expected CN=`10.1.0.4' in [/var/www/passbolt/vendor/cakephp/cakephp/src/Network/Socket.php, line 479]



Trace
[220] mail.example.com ESMTP Postfix
> EHLO localhost
[250] mail.example.com
[250] PIPELINING
[250] SIZE 15728640
[250] ETRN
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
> STARTTLS
[220] 2.0.0 Ready to start TLS

A test email could not be sent.
Error: SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS.



It seems that certificate is the issue? Because I cannot issue a certificate for the IP with let's encrypt.
Thanks for the help

4 Reply by stefan.perovic

  • stefan.perovic
  • Member
  • Offline
  • Registered: 2018-07-12
  • Posts: 17

Re: Send over SMTP by connecting to Private IP of mail server

Any ideas on how I could solve this issue? Thanks

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Send over SMTP by connecting to Private IP of mail server

The ssl cert is for domain name, not for IP address, so you will always get this ssl cert warning when connecting to an IP address directly.

You can try to disable ssl cert verification in your mail client, then it should work.