Smtp monitor not working Relayd load balancer 2.0.2-RELEASE (i386)



  • Using the loadbalancer to direct mail to 2 smtp servers.

    SMTP monitor will not work (always shows servers down).

    I have followed the steps outlined here:

    https://github.com/bsdperimeter/pfsense/commit/54d1a165d500225547337ddba7aa10e7e5f79c98
    https://github.com/bsdperimeter/pfsense/commit/07c49a3698ab458ea7ad8c0501d394c09e48dc60

    My SMTP server logs report:

    ME-I0069: (recv) socket [1384] was gracefully closed 192.168.X.X before any command received. Remote client closed the connection.
    ME-I0074: [1384] (Debug) End of conversation

    So it appears that the command is being sent.

    the smtp monitor is still default:

    Name    SMTP
    Description    Generic SMTP
    Type     Send/Expect    
    Send string   EHLO nosuchhost  
    Expect string    250-

    Anyone have any idea why the monitor will not work or what i am doing wrong?

    Thank you in advance.



  • Sorry i forgot to include the pfsense log:

    relayd[22665]: host 192.168.X.X, check send expect (1001ms), state unknown -> down, availability 0.00%

    Let me know if there is any other info….


  • Rebel Alliance Developer Netgate

    if you telnet to port 25 on the target host, and enter "EHLO nosuchhost" - what comes back?

    It could be getting back an unexpected code (e.g. not the 250 it wants) or the server could be denying it using some kind of anti-spam controls.



  • Sorry I actually meant to include that in my original post.

    When I telnet to the server(s) I get

    250-mydomainname.com, this server offers 4 extensions.
    250-AUTH LOGIN
    250-SIZE 5120000
    250-HELP
    250 AUTH=LOGIN

    Thank you for your help.



  • Is there a log on pfsense that will tell me exactly what it is getting back from its EHLO request?

    For testing - I built a brand new windows 2003 server (not what is in my production cluster) with No A/V no Firewall and SMTP as the only service running.
    I can telnet to it, pass messages through it but still can’t get pfsense to monitor correctly.  ??? ???

    I don’t claim in anyway to know all the ins and outs of pfsense but I have never had any problems getting anything else to work correctly.

    Please HELP ME!  ;)

    Thanks again!



  • Not that it is a surprise but if I change the monitor to ICMP it works perfectly. BUT obviously this monitor will not be able to monitor SMTP failures….


  • Rebel Alliance Developer Netgate

    @Orange:

    When I telnet to the server(s) I get

    250-mydomainname.com, this server offers 4 extensions.
    250-AUTH LOGIN
    250-SIZE 5120000
    250-HELP
    250 AUTH=LOGIN

    So if you telnet, and type in exactly this:

    EHLO nosuchhost
    

    That is the reply you receive?

    If so, that should be working, unless the server is denying that after so many requests. Might be helpful to get a packet capture of the monitoring traffic. Ppacket capture filtered on the internal IP of the firewall, port 25, should be sufficient.



  • I am having the same problem.  I grabbed a packet capture and attached it.  I see the 220 for SMTP service ready, but nothing else.  Could it be that relayd is not sending out the request

    I am on pfsense 2.0.3

    packetcapture.cap.txt



  • I noticed another thing.  If I am on the local network I can not connect to my Virtual server.  My Virtual server is a LAN IP and not the WAN IP, but if I am on a remote laptop that is VPN'd in it works fine.  Any local server says no route to host.



  • is there something I need to do to get the traffic routed properly or is relayd not supposed to be used for LAN traffic?


  • Rebel Alliance Developer Netgate

    If both servers and clients are on the same network, you will have problems.

    For that you need to use a load balancer that proxies (e.h. HAproxy) or you must switch to manual outbound NAT and add rules to translate the traffic from client->server on LAN so that it appears to come from the firewall.

    Otherwise the server tries to reply directly to the client and breaks the connection


Log in to reply