Remote users unable to access MailScanner web page

General eFa discussion
Post Reply
2Old4This
Posts: 9
Joined: 15 May 2015 21:11

Remote users unable to access MailScanner web page

Post by 2Old4This » 15 Mar 2019 05:59

When logged on to the AD domain on location or by VPN, users can click the link at the bottom of quarantine notifications to release them. But remote users cannot.

I've opened up port 80 on the firewall, and have rules to NAT ports 25 and 80 to the internal address.
I've checked the firewall on the EFA server and it says port 80 is open (by default, didn't need to open it).

It doesn't seem like a problem with EFA, but I'm hoping someone else has an idea because I think I'm overlooking something really simple. My firewall stats show packets being sent and received through both the NAT rule and access rule. So it seems like the server is being found, but then the connection times out.

Any ideas? TIA

2Old4This
Posts: 9
Joined: 15 May 2015 21:11

Re: Remote users unable to access MailScanner web page

Post by 2Old4This » 21 Mar 2019 22:41

Anybody?.... Does anybody have their system available for remote release of messages, or is everybody doing it locally? Can anybody at least tell me if there is some port besides 80 used for this?

Thanks

henk
Posts: 360
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Remote users unable to access MailScanner web page

Post by henk » 22 Mar 2019 10:19

Hi 2 old for this ( a alias for henk:)

As webmail is working, you already added a dns entry for you mailserver something like <mail.<yourdomain>.org to your wan address.
Check

Code: Select all

dig MX <<your domain>>
and dig <mail.<yourdomain>.org to resolve the ip.

In the firewall Wan interface you should already have a rule that redirects all tcp 443 traffic to the mailserver ip.

Code: Select all

If you are satisfied that this message is not spam, you can release it from quarantine
by clicking http://<<your efa fqdn>>/cgi-bin/release-msg.cgi?datenumber=20180829&id=xxxxxxA.A111&token=token
You also need a dns entry to resolve the fqdn mentioned in the above link. ( like the mailserver entry already present)
something like <<your efa fqdn> to your wan address

As I block all traffic not 443, my 2 cents options:

1. Redirect all tcp 80 to efa.... ( don't shoot me:)
2. use different ports for webmail and efa release link (ex. 443 and 4443) to be able to determine the redirect needed in your firewall
3. Use vpn
4. just mention we are to old for this and you need to come to office to release quarantined mail.
5. Hope there a members that have solved this in a safe way and want to share the solution.

Before you enable any remote access you could have a look at viewtopic.php?t=3407

2Old4This
Posts: 9
Joined: 15 May 2015 21:11

Re: Remote users unable to access MailScanner web page

Post by 2Old4This » 22 Mar 2019 16:54

Hen,

Thank you very much for the response, and the link discussing disabling TSL. I will look into both immediately.

Post Reply