Postfix configuration when using 2 servers behind a load balancer (failover) - load-balancing

In my company we are facing the following issue. Can you help me to guess what is causing it? Thanks for your help :)
We have a Load Balancer: lbname.glb.itcs.companyname.net
which balances traffic in FAILOVER mode to:
servername1.itcs.companyname.net
servername2.itcs.companyname.net
Our problem is regarding email redirection. We intend to receive email from partners (external company) in our load balancer, but this fails (relay access denied). However, if we send email directly to any of the two servers, it works. Let me explain in more detail.
Case 1: email to the load balancer
The load balancer redirects correctly to the primary server (servername1), but this one rejects and we get back an email with the following content:
servername1.itcs.companyname.net rejected your message to the following e-mail addresses:
account#imspro.glb.itcs.hpecorp.net (account#imspro.glb.itcs.hpecorp.net)
servername1.itcs.companyname.net gave this error:
<account#imspro.glb.itcs.hpecorp.net>: Relay access denied
Case 2: email directly to servername1
It works with no issue and we are able to see the mail in our mailbox at linux level.
We have the following postfix configuration:
existing files in /etc/postfix
main.cf file

We solved this issue just adding the Load Balancer to the destinations file, so that the file looks now like this:
lbname.glb.itcs.companyname.net
It was empty before.
We also needed to restart postfix service.

Related

Mautic & Amazon SES Integration issues

I installed Mautic in-house instance. I tried to integrate it with Amazon SES service. After all was set as needed (please find the attached screenshot below), I clicked "Test connection" button and got the following error:
Connection could not be established with host
email-smtp.eu-west-1.amazonaws.com [An attempt was made to access a
socket in a way forbidden by its access permissions. #10013] Log data:
++ Starting Mautic\EmailBundle\Swiftmailer\Transport\AmazonTransport !! Connection could not be established with host
email-smtp.eu-west-1.amazonaws.com [An attempt was made to access a
socket in a way forbidden by its access permissions. #10013] (code: 0)
++ Starting Mautic\EmailBundle\Swiftmailer\Transport\AmazonTransport
Can someone give a hand on this? What am I doing wrong?
Screenshot Mautic_Amazon-SES_Integration Settings
I had the same problem and fixed it by leaving the field "Port" empty (Mautic --> email settings --> Port). Apparently my server wasn't able to use port 25, and leaving this field empty made Mautic find the best port.

The HTTP request was forbidden with client authentication scheme 'Anonymous' WCF SSL

First of all let me describe my system.
I have a virtual server (Windows Server 2012 R2 with IIS 8.5) with two running systems.
One is for receiving Informations from Devices and the other one is for presenting and combining the users information with the device information.
The two systems are combined by a reference (via VS2012).
Problem:
If I have a look on my website for the system which gives me the user and device information in get an error, so I try to debug it on my own pc.
While debugging I want to access the service to display me all devices and it gives me:
System.ServiceModel.Security.MessageSecurityException
The HTTP request was forbidden with client authentication scheme 'Anonymous'.
I also have a WCF-Tracelog which shows me:
WCF-Tracelog
I'm now facing that problem for days and I was browsing stackoverflow a lot. I guess that it should be a problem with my certificates. At the moment I got a SSL-certificate (received from my university). I also "registered" it to a specified port and added the right bindings in my IIS (IIS 8.5). I am very new to WCF,IIS,SOAP and certificates but I guess my problem is the understanding of the certificates.
Question:
Which certificates do I have to create for my "Server-Website/Client"-System and which do I have to create for my own "Client" and where do I have to copy them (at the moment I'm familiar with the MMC => Snap-In)? And where do I need to keep my SSL-certificate located?
I hope someone faced the same Problem and can help me to fix this soon. Sorry for my bad english and if you need more information let me know!
EDIT:
I fixed my certificate-problem but now i receive 403.4 (SSL is required)
my problem solved, i have enabled "IP Address and Domain Restriction" and i added an "allow" option to this section, thus another ip got that error

Silverlight Security Issue Help - Debugging resource strings are unavailable.

I hosted silverlight application iis and that can be accessed in multiple ways..
When I access using Qualified name of server IP address IT WORKS fine:
http://[QUALIFIEDNAME]/WebUAT/App.aspx
When I access using IP address like below:
http://[IPADDRESS]/WebUAT/App.aspx
It gives error below:
[Async_ExceptionOccurred]
Arguments:
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See http://go.microsoft.com/fwlink/?linkid=106663&Version=5.1.20913.00&File=System.dll&Key=Async_ExceptionOccurred StackTrace : at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
Follow these,
(i) Try to use fiddler and find the request which is making crossdomainpolicy xml request.
(ii)Check whether it is failing, if so add the crossdomain and clientaccesspolicy to the root folder of your Application
(iii)Check whether the service which is invoked by your application is blocked by firewall.

Heroku Intercepting Some Gmail Incoming Messages

I am serving my Rails 3 app on Heroku, my mail through Google, and the domain through Enom. This is for www.challengage.com
This works 95% of the time, however, once in a while, when someone tries to reply to an email I send them, it fails with the below error message because my email, josh#challengage.com, somehow got replaced with josh#herokuapp.challengage.com when they recieved it. I think it has something to do with Mail Delivery Subsystems, but I'm not sure. It also only seems to happen when emailing University professionals.
Error Message:
From: Mail Delivery Subsystem [mailto:MAILER-DAEMON#smtp2.syr.edu]
Sent: Monday, July 15, 2013 2:08 PM
To: David DiMaggio
Subject: Undeliverable: FW: Challengage - Work Team Simulation product for interviewing evaluations
Delivery has failed to these recipients or groups:
paul#challengage.herokuapp.com
The server has tried to deliver this message, without success, and has stopped trying. Please try sending this message again. If the problem continues, contact your helpdesk.
The following organization rejected your message: challengage.herokuapp.com.
Any ideas?
Thanks everyone.
This is almost certainly because you're using a CNAME for your email records.
Although most email servers will reflect the original domain when sending a message, others will replace it with the domain that's at the end of the CNAME.
This means that instead of sending to someone#challengage.com they send to someone#challengage.herokuapp.com instead.
The mail server sees the request to send to someone#challengage.herokuapp.com and decides that it doesn't look after challengage.herokuapp.com and so from it's perspective the message is rejected.
We used to see this issue with CloudMailin customers and started to recommend that they don't use CNAMES where email is involved and just make use of adding MX records direct to the Apex domain.
With Heroku this poses a problem though as you don't have a single IP that you can use to access their servers. We eventually ended up using Route 53 to host our domain, then adding an SSL endpoint (to get load balancer details) and then adding that load balancer to Route 53's Alias command so that it automatically always gave the correct results. Alternatively you can setup some sort of static IP based system on your apex domain to redirect.

moved net.tcp WCF services from localhost to IP address on new site, services won't load

I have a website running 2 WCF services. Working awesome until I needed to move them from the "Default Web Site" in IIS7 to a dedicated website with a new IP address. Now I get the error message:
"...could not be loaded because more than one endpoint configuration for that contract was found. Please indicate the preferred endpoint configuration section by name"
ALL I did was change:
net.tcp://localhost/...
TO:
net.tcp://10.1.2.204/...
I have changed every spot in my configs which once used localhost to specified IP address. The new website is setup exactly the same with the proper net.tcp bindings and it is bound to the single IP address of 10.1.2.204.
I cannot seem to figure out what is going on. I am looking at the svc trace logs and all I get is a bunch of the same.
My new website is called "core" whereas previously I was hosting on "Default Web Site". I added a new FQDN/public IP to route to this new site (backwards to the mentioned private IP address). Now my services are busted.
I know baseAddress is ignored when using IIS/WAS hosting, so I am not sure what else to check. I changed absolutely nothing else in the configs.
What else can I provide to help troubleshoot this?
--
I am also seeing this in the service trace viewer:
Activity Name Receive bytes on connection 'Listen at 'net.tcp://hole.myserver.com/...'.'.
...but the WCF services are actually hosted on that new "core" website which translates to my new private IP address. I have change FQDN names for the example. To make it clear:
I used to have 1 FQDN on this server using Default Web Site.
I now added a 2nd FQDN to this server, new website, second IP. It seems to me that the listening should be directed towards: net.tcp://core.myserver.com instead of net.tcp://hole.myserver.com. Let's pretend the server name is hole.myserver.com and my new website is core.myserver.com on the same server.
Hopefully this is not confusing and you can make sense of it.
I'm using the default net.tcp port of 808 and binding of 808:*
--
This is the first exception thrown that I can tell:
The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:10'.
--
None of these combos will activate the service and all produce the same exception:
net.tcp://localhost
net.tcp://localhost:808
net.tcp://10.1.2.204
net.tcp://10.1.2.204:808
even using a different port which I have done before without issue:
net.tcp://localhost:75
net.tcp://10.1.2.204:75
none of these work. :(
Thanks so much!
Its rights issue. Right click on your new website --> then Edit Permissions. On properties window click security tab and Edit button. Then Add IIS_IUSRS and give Read & Execute, List folder contents, Read permissions. Now iisreset and start to host and connect net tcp on new website.