Kaspersky
Question

KSMG Mail Gateway External MTA connection timed out

  • 27 July 2019
  • 0 replies
  • 200 views

Hello, i'm testing KSMG. Seems a great product but as the topic, i can't relay to any external mailserver

I want to accomplish a direct integration (Internet -> KSMG -> Mailserver -> Client) using the mailserver of my clients (more than one like gsuite, rackspace, custom, etc). Message remain in queue with the connection error

Any hint to get this configuration working?
Any help appreciated, best regards!

Trusted network set to 0.0.0.0/0

Postfix Log
code:
Jul 27 06:01:19 kmg1 postfix/smtp[11589]: connect to mx.mailserver.it[212.97.32.101]:25: Connection timed out
Jul 27 06:01:19 kmg1 postfix/smtp[11589]: A063B1FF04: to=, relay=none, delay=42369, delays=42339/0.01/30/0, dsn=4.4.1, status=deferred (connect to mx.mailserver.it[212.97.32.101]:25: Connection timed out)
Jul 27 06:01:19 kmg1 postfix/smtp[11588]: connect to return0.emarsys.net[185.4.123.140]:25: Connection timed out
Jul 27 06:01:49 kmg1 postfix/smtp[11588]: connect to return1.emarsys.net[217.175.192.143]:25: Connection timed out
Jul 27 06:01:49 kmg1 postfix/smtp[11588]: 8F9461FF03: to=, relay=none, delay=7118, delays=7058/0.01/60/0, dsn=4.4.1, status=deferred (connect to return1.emarsys.net[217.175.192.143]:25: Connection timed out)


Iptables (tried to add an output rule)
code:
Chain INPUT (policy DROP)
target prot opt source destination
f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
input_defaults all -- 0.0.0.0/0 0.0.0.0/0
input_root_app all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
output_defaults all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25

Chain f2b-sshd (3 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain input_app_nagent (1 references)
target prot opt source destination
DROP udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:15000
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:15000

Chain input_app_postfix (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25

Chain input_app_snmp (1 references)
target prot opt source destination
DROP udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:161

Chain input_app_ssh (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22

Chain input_app_update_agent (1 references)
target prot opt source destination

Chain input_app_web_ui (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

Chain input_defaults (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

Chain input_root_app (1 references)
target prot opt source destination
input_app_web_ui all -- 0.0.0.0/0 0.0.0.0/0
input_app_ssh all -- 0.0.0.0/0 0.0.0.0/0
input_app_nagent all -- 0.0.0.0/0 0.0.0.0/0
input_app_snmp all -- 0.0.0.0/0 0.0.0.0/0
input_app_update_agent all -- 0.0.0.0/0 0.0.0.0/0
input_app_postfix all -- 0.0.0.0/0 0.0.0.0/0

Chain output_defaults (1 references)
target prot opt source destination


Some test (telnet and traceroute)
code:
[root@kmg1 ~]# telnet mx.mailserver.it 25
Trying 212.97.32.101...
telnet: connect to address 212.97.32.101: Connection timed out


code:
[root@kmg1 ~]# traceroute -n -T -p 25 mx.mailserver.it
traceroute to mx.mailserver.it (212.97.32.101), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 *^C

[root@kmg1 ~]# traceroute mx.mailserver.it
traceroute to mx.mailserver.it (212.97.32.101), 30 hops max, 60 byte packets
1 * * *
2 45.76.41.193 (45.76.41.193) 0.284 ms 0.307 ms 0.326 ms
3 * * *
4 5-1-40.ear3.Amsterdam1.Level3.net (213.19.196.241) 1.138 ms 1.413 ms adm-b3-link.telia.net (62.115.58.193) 0.254 ms
5 adm-bb4-link.telia.net (62.115.122.190) 29.624 ms ae-3-3.bar1.Milan1.Level3.net (4.69.133.226) 16.038 ms adm-bb3-link.telia.net (62.115.122.178) 26.711 ms
6 KPNQWEST-IT.bar1.Milan1.Level3.net (212.73.241.46) 16.001 ms 15.962 ms *
7 mno-b2-link.telia.net (62.115.135.79) 28.552 ms cr1-tenge0-0-0-0-cal4.mil.kpnqwest.it (109.168.0.177) 23.521 ms 23.305 ms
8 kpn-ic-304883-mno-b2.c.telia.net (213.248.86.66) 27.766 ms 25.870 ms cr2-hunge0-0-1-1-cal1.mil.kpnqwest.it (109.168.0.22) 25.847 ms
9 er1-tenge4-7-cal1.mil.kpnqwest.it (109.168.0.34) 23.106 ms 23.043 ms cr2-tenge0-0-0-0-cal2.mil.kpnqwest.it (109.168.0.173) 27.571 ms
10 cr1-hunge0-0-1-1-cal1.mil.kpnqwest.it (109.168.0.5) 30.869 ms 27.932 ms cs1-port-channel10-cal1.mil.kpnqwest.it (109.168.0.74) 22.957 ms
11 * er2-tenge4-5-cal1.mil.kpnqwest.it (109.168.0.30) 29.735 ms *

0 replies

Be the first to reply! / Ответьте первым!

Reply / Ответить