Qmail SMTP server behind firewall configuration

Question

i've a problem with configuration Qmail + SimScan + SpamAssassin (dovecot + RoundCube) with SPF plugin. For Spf spam prevention, this system rejects all mail that don't passed SPF test with tool "spfquery" (read SPF explanation for understand my problem).

My Network configuration is:

NAT/Firewall: 10.0.1.1

MailServer: 10.0.1.2

Dns Server : 10.0.1.19

External IP: 212.212.12.12

All modules in my mail server works greatly, also network configuration. Now i've problem with SPF-rejection or DNSBL, beacuse server IP for incoming mail is 10.0.1.1

Log for smtp server is:

CHKUSER accepted sender: from remote mx5.pippo.com:unknown:10.0.1.1> rcpt <> : sender accepted

qmail-smtpd: spf-reject: HELO(mx5.pippo.com) from 10.0.1.1 MAILFROM:info@pippo.com

Why my tcpserver see mail from 10.0.1.1 and not from mx record of pippo.com? This is a bad configuration of my NAT or tcpserver/smtp server?

Answer 1

Intersting question. I think something is wrong with your config.

If I understand correctly, your MX record for your domain points to 212.212.12.12, which is the external IP of your router. You have port-forwarding setup on your router, to forward incoming connections on 212.212.12.12:25 to 10.0.1.2:25, which is the IP of your mail server on your private network.

If that's the case, your mail server should still see the connections from the remote IP that they are originating from, it should not look like the connections are coming from 10.0.1.1. Port-forwarding only re-writes the destination IP address on the packets, not the source address.

To confirm this, I did a test on a similar setup that I have at my house. I logged in remotely to a Linux box that I have running on my home network, on an inside IP behind by router, like you have. The Linux box did indeed see that I was coming from my remote IP address, not my home router's IP address.