Firewall/NAT

I need some help with NAT and email servers...  Seems that I am getting a error of

The listing of this IP is because it HELOs as 192.168.3.106. Not only is this a violation of RFC2821/5321 section 4.1.1.1, it's even more frequently a sign of infection.  In all probability this IP address is a NAT gateway, and the machine at 192.168.3.106 in your local LAN is either infected, or if it's a server, badly misconfigured.

The servers HELO is set right telnet in locally ip shows its right so all i can think is its something in the M0N0 that is doing this any ideas.  I have scanned and set everything I can think of to figure out what is doing this.

Is there a way to set the port 25 to display the mail servers HELO instead of its IP when it talks to other servers?  Some how its done as these MX sites are reading the local IP and not just the public ip.

Thanks

Hi ??

the HELO or EHLO command has nothing to do with monowall or your NAT configuration. You have to set the proper mailserver domain name in the mailserver software for the server.

From the information you gave, it looks that the mailserver's domain name is the IP you mentioned.

Johannes

If your e-mail server is inside the firewall and on NAT, it will helo from the private IP address.  You need it to helo from the public IP address outside your NAT.  This can be configured in your mail server.

So this is a failure of M0N0 then to not pass the hellp which is setup properly in the mail server?

Has anyone figured out how to make M0N0 loop back on its self so that I can browse my Public IP or Domain from the private IP inside the Router so I can test this to get things setup?

As explained, you need to properly configure your mail server to helo with its fully qualified host name, and not its IP address. This is not something that m0n0wall can do or should do.

If you want to test how your mail server helos,  get a free shell account somewhere such as http://www.cjb.net/ and then telnet  to your mail server's fully qualified host name port 25.

So this is a failure of M0N0 then to not pass the hellp which is setup properly in the mail server?

Has anyone figured out how to make M0N0 loop back on its self so that I can browse my Public IP or Domain from the private IP inside the Router so I can test this to get things setup?

Here is what is happening.  You are receiving a gmail.

Gmail:  Helo mail server!  I am smtp.gmail.com!  Who are you?

Yourmail:  Well hi there gmail!  I am 192.168.3.106!  I speak three languages!

Gmail:  Oops!  Sorry, 192.168.3.106.  I was trying to call smtp.yourplace.com which is 33.44.55.66.  I must have a wrong number.

Yourmail:  No problem Gmail.  Take care.

<click>


You need to tell your server to not identify itself with it's local ip, but with it's FQDN.  The is not a firewall problem, but an e-mail problem.  The firewall is doing everything correctly, it the failure would not have happened like that.