Fix issue with helo behind nat #1810
Conversation
jaapmarcus
commented
May 17, 2021
jaapmarcus
commented
- When the local ip has an different value then the public ip an error was show and publicip config was created causing potential issues with Nginx / Apache2
- When HELO was empty an new key was created
- On update of natted ip the local ip was updated in mailhelo.conf instead the public ip
helo=‘’ helo=“hostname.com”
| #Create or update ip:helo pair in mailhelo.conf file | ||
| if [ ! -z "$helo" ]; then | ||
| if [ $(cat /etc/${MAIL_SYSTEM}/mailhelo.conf | grep "$ip") ]; then | ||
| sed -i "/^$ip:/c $ip:$helo" /etc/${MAIL_SYSTEM}/mailhelo.conf | ||
| if [ $(cat /etc/${MAIL_SYSTEM}/mailhelo.conf | grep "$natip") ]; then | ||
| sed -i "/^$natip:/c $natip:$helo" /etc/${MAIL_SYSTEM}/mailhelo.conf | ||
| else | ||
| echo $ip:$helo >> /etc/${MAIL_SYSTEM}/mailhelo.conf | ||
| echo $natip:$helo >> /etc/${MAIL_SYSTEM}/mailhelo.conf | ||
| fi | ||
| else | ||
| sed -i "/^$ip:/d" /etc/${MAIL_SYSTEM}/mailhelo.conf | ||
| sed -i "/^$natip:/d" /etc/${MAIL_SYSTEM}/mailhelo.conf | ||
| fi | ||
| } |
There was a problem hiding this comment.
Don't we want the real ip here?
There was a problem hiding this comment.
We want the public ip to be visible or not? Local ip doesn't make any sense
https://serverfault.com/questions/305925/what-exactly-should-helo-say
There was a problem hiding this comment.
hestiacp/bin/v-change-sys-hostname
Lines 65 to 69 in 47cf4a0
If we run v-change-sys-hostname dev.hestiacp.com the public ip pass trough will be 1.2.3.4
Lines 48 to 55 in 4a8b229
Currently this "$ip" value creates an new config file for "1.2.3.4"
"ip" pass trough in the system becomes both $ip and $natip and get overwritten for the local ip 192.168.1.10 for example
For Help we still need to announce the public ip so far I can understand if we use 192.168.1.10 the DNS records will not match the sending domain
There was a problem hiding this comment.
We want the public ip to be visible or not? Local ip doesn't make any sense
https://serverfault.com/questions/305925/what-exactly-should-helo-say
Yes, we want the public IP.
There was a problem hiding this comment.
I think I'm not following your changes because it says "In case the IP is an NAT use the real ip address". Okay.
So that check does, if the real ip file doesn't exist, get the real ip and put it in $ip variable. This I follow.
But then later you put the $natip variable into the mailhelo.conf file. Which might not be the public ip.
There was a problem hiding this comment.
We should save the HELO "value" for /usr/local/hestia/data/ips/local.ip other wise users are allowed to select the public ip and causing issues
For mailhelo.conf we have to use the public ip. And is set with the current changes.
When v-change-sys-ip-helo is called for any reason the value set will update in mailhelo.conf the public ip and for Hestia the local ip...
I think we are safe now
There was a problem hiding this comment.
Yes, I just misunderstood the roles of the variables. It looks good!
