Page 1 of 1

Remote users unable to access MailScanner web page

Posted: 15 Mar 2019 05:59
by 2Old4This
When logged on to the AD domain on location or by VPN, users can click the link at the bottom of quarantine notifications to release them. But remote users cannot.

I've opened up port 80 on the firewall, and have rules to NAT ports 25 and 80 to the internal address.
I've checked the firewall on the EFA server and it says port 80 is open (by default, didn't need to open it).

It doesn't seem like a problem with EFA, but I'm hoping someone else has an idea because I think I'm overlooking something really simple. My firewall stats show packets being sent and received through both the NAT rule and access rule. So it seems like the server is being found, but then the connection times out.

Any ideas? TIA

Re: Remote users unable to access MailScanner web page

Posted: 21 Mar 2019 22:41
by 2Old4This
Anybody?.... Does anybody have their system available for remote release of messages, or is everybody doing it locally? Can anybody at least tell me if there is some port besides 80 used for this?

Thanks

Re: Remote users unable to access MailScanner web page

Posted: 22 Mar 2019 10:19
by henk
Hi 2 old for this ( a alias for henk:)

As webmail is working, you already added a dns entry for you mailserver something like <mail.<yourdomain>.org to your wan address.
Check

Code: Select all

dig MX <<your domain>>
and dig <mail.<yourdomain>.org to resolve the ip.

In the firewall Wan interface you should already have a rule that redirects all tcp 443 traffic to the mailserver ip.

Code: Select all

If you are satisfied that this message is not spam, you can release it from quarantine
by clicking http://<<your efa fqdn>>/cgi-bin/release-msg.cgi?datenumber=20180829&id=xxxxxxA.A111&token=token
You also need a dns entry to resolve the fqdn mentioned in the above link. ( like the mailserver entry already present)
something like <<your efa fqdn> to your wan address

As I block all traffic not 443, my 2 cents options:

1. Redirect all tcp 80 to efa.... ( don't shoot me:)
2. use different ports for webmail and efa release link (ex. 443 and 4443) to be able to determine the redirect needed in your firewall
3. Use vpn
4. just mention we are to old for this and you need to come to office to release quarantined mail.
5. Hope there a members that have solved this in a safe way and want to share the solution.

Before you enable any remote access you could have a look at viewtopic.php?t=3407

Re: Remote users unable to access MailScanner web page

Posted: 22 Mar 2019 16:54
by 2Old4This
Hen,

Thank you very much for the response, and the link discussing disabling TSL. I will look into both immediately.