Smtp monitor not working Relayd load balancer 2.0.2-RELEASE (i386)
-
Using the loadbalancer to direct mail to 2 smtp servers.
SMTP monitor will not work (always shows servers down).
I have followed the steps outlined here:
https://github.com/bsdperimeter/pfsense/commit/54d1a165d500225547337ddba7aa10e7e5f79c98
https://github.com/bsdperimeter/pfsense/commit/07c49a3698ab458ea7ad8c0501d394c09e48dc60My SMTP server logs report:
ME-I0069: (recv) socket [1384] was gracefully closed 192.168.X.X before any command received. Remote client closed the connection.
ME-I0074: [1384] (Debug) End of conversationSo it appears that the command is being sent.
the smtp monitor is still default:
Name SMTP
Description Generic SMTP
Type Send/Expect
Send string EHLO nosuchhost
Expect string 250-Anyone have any idea why the monitor will not work or what i am doing wrong?
Thank you in advance.
-
Sorry i forgot to include the pfsense log:
relayd[22665]: host 192.168.X.X, check send expect (1001ms), state unknown -> down, availability 0.00%
Let me know if there is any other info….
-
if you telnet to port 25 on the target host, and enter "EHLO nosuchhost" - what comes back?
It could be getting back an unexpected code (e.g. not the 250 it wants) or the server could be denying it using some kind of anti-spam controls.
-
Sorry I actually meant to include that in my original post.
When I telnet to the server(s) I get
250-mydomainname.com, this server offers 4 extensions.
250-AUTH LOGIN
250-SIZE 5120000
250-HELP
250 AUTH=LOGINThank you for your help.
-
Is there a log on pfsense that will tell me exactly what it is getting back from its EHLO request?
For testing - I built a brand new windows 2003 server (not what is in my production cluster) with No A/V no Firewall and SMTP as the only service running.
I can telnet to it, pass messages through it but still can’t get pfsense to monitor correctly. ??? ???I don’t claim in anyway to know all the ins and outs of pfsense but I have never had any problems getting anything else to work correctly.
Please HELP ME! ;)
Thanks again!
-
Not that it is a surprise but if I change the monitor to ICMP it works perfectly. BUT obviously this monitor will not be able to monitor SMTP failures….
-
When I telnet to the server(s) I get
250-mydomainname.com, this server offers 4 extensions.
250-AUTH LOGIN
250-SIZE 5120000
250-HELP
250 AUTH=LOGINSo if you telnet, and type in exactly this:
EHLO nosuchhostThat is the reply you receive?
If so, that should be working, unless the server is denying that after so many requests. Might be helpful to get a packet capture of the monitoring traffic. Ppacket capture filtered on the internal IP of the firewall, port 25, should be sufficient.
-
I am having the same problem. I grabbed a packet capture and attached it. I see the 220 for SMTP service ready, but nothing else. Could it be that relayd is not sending out the request
I am on pfsense 2.0.3
-
I noticed another thing. If I am on the local network I can not connect to my Virtual server. My Virtual server is a LAN IP and not the WAN IP, but if I am on a remote laptop that is VPN'd in it works fine. Any local server says no route to host.
-
is there something I need to do to get the traffic routed properly or is relayd not supposed to be used for LAN traffic?
-
If both servers and clients are on the same network, you will have problems.
For that you need to use a load balancer that proxies (e.h. HAproxy) or you must switch to manual outbound NAT and add rules to translate the traffic from client->server on LAN so that it appears to come from the firewall.
Otherwise the server tries to reply directly to the client and breaks the connection
