1

Topic: Allow internal network devices to send email with insecure connection

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  1.4.0 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer? NO
- Linux/BSD distribution name and version:  Ubuntu 20.04.2 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I have followed those instructions https://docs.iredmail.org/additional.smtp.port.html and I can see that port 2525 is up and working. Firewall and fail2ban is disabled:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

When I try to connect to the mail server on the port 2525 from a machine, which sits in the same network as the mail server I cannot. When I scan the mail server from the machine, which is in the same network as the mail server, I cannot see the port 2525 available. When I scan the machine locally i see this:
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
2525/tcp open  ms-v-worlds

From the machine, which is in the same network as mail server I see this:

PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https
587/tcp open  submission
993/tcp open  imaps
995/tcp open  pop3s

If I disable nginx and change in master.cf the port from 2525 to 80 for example, it work directly.
There is no firewall between both machines.
The only difference is that the mail server and other machine is that they are on different VMWare hosts.

Please advise, what can be the problem.

BR,
Stan

2

Re: Allow internal network devices to send email with insecure connection

Hi,

After digging into the setup if turns out that the problem come from nftables.
Once disabled, everything has returned to normal operation.

BR,
Stan