Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Problem with Winroute Firewall and a mail server
  •  
mister_rom

Messages: 7

Karma: 0
Send a private message to this user
Hi !

I'have a big problem : in trying Winroute Firewall 6.0.8 in a network, on a host which already uses a mail server (SMTPBeamer 3.33), the mail server isn't able anymore to receive mail from their isp (who stores their mail). But when we send mail from a client (from outlook or from a webmail), there's no problem.
I have tried to change trafic policy many times without success.
I a m sure that the problem come from Winroute configuration, cause when we unistall it, every things becomes good.

Can someone help me ? It's very important and urgent please.
Thanks.
Confused
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Disable the protocol inspector at the traffic rule for SMTP.
  •  
mister_rom

Messages: 7

Karma: 0
Send a private message to this user
Thanks, but i don't afraid it's not enought Confused . I have deleted all trafic rules and use wizard (i have a cable connexion and a network card in the winroute firewall host). I have applied whatd you have said on SMTP rules (disable protocol inspector), but i lanch the mail server (its'not installed like a NT service), it arrive to download mail. If i leave it like this, and i send other mails (by yahoo by example) to a client, the mail server tells me that there's no mail (by using another little program Magic Mail Monitor, i can see that mail is arrived on the isp) even if wait more that 10 mn.

Please, what should i do again?
Again one time, thanks.
Smile
  •  
mister_rom

Messages: 7

Karma: 0
Send a private message to this user
Hi all, it's again me !

I'm really worried about this problem : i cannot make work correctly my mail server when winroute firewall is installed !
Even if i change all trafic rules and set protocol inspector to disabled, i does not work well (in receveing mail from isp mail server). When i close and run again the mail server (it doesn't run with NT service), it can download all messages easily. But if i let it on, it can't download mail even in waiting many hours ... Confused
Can someone can help me ? i'm really despiste and have a headache ...
Embarassed
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Is your mailserver on a machine inside the LAN or is it running on the internet gateway (same machine as KWF is running)?

If it is running on the internet gateway make a rule like this:

name: traffic out
source: firewall
dest: network connected to internet NIC
service: any
action: allow
logging: packets and connection
protocol inspector: none

check the filterlog for packets and try to find out what is happening

After that try to narrow down the rule to something like this:

name: SMTP/POP3 traffic
source: firewall
dest: ip address of isp mail server
source: SMPT and POP3
action: allow
logging: packets and connection
protocol instector: none

Make sure you leave the first rule inplace. The rule named SMTP/POP3 traffic should be the first in the list. That way it will catch all traffic that matches the rule. The secound rule allows alle other traffic going out not handled by the first. In the filter log you can see what packets (usings which protocol) are send.

Feite
  •  
mister_rom

Messages: 7

Karma: 0
Send a private message to this user
Thanks for your attention to my problem !

At last, it works good now ! I see clearly what was the problem now.
The network here was simply a lan with a mail server A (where was the internet coonection) which goes to a primary mail server B in us for downloading mails (by pop3). Clients in the lan connect to A with a pop3 client to read their mails. Another program, installed on the server A, can show me all the mail currently present in the server B (without moving them).
At first, i thought that was a new mail was received on B, by clicking Send/Receive in a pop3 client in the lan, the mail server A could directly download this new mail. But it's not like this. The mail server A schedules download of mails every 5 mn or 10 mn. So, even if a mail is arrived on the server B, we need to wait for a moment before a pop3 client could read it.
I think that a imap server instead of a pop3, we could have directly all new mails.

Thanks a lot.
Previous Topic: scenario - access to internet & unsafe corporate net?
Next Topic: Need to know client's MAC
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 17:59:58 CET 2017

Total time taken to generate the page: 0.00406 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.