Problemas com email

[Marra]

Primeiro post e já vem problema...

Bom pessoal tenho aqui na empresa uma rede com um link velox pppoe...

O mikrotik disca pro velox... configurei o web-proxy e algumas regras no mesmo e no firewall para alguns bloqueios....

Quando começamos a colocar o pessoal se conectando com o mikrotik eles tiveram problemas com o email, no envio e recebimento...
obs: o email é da locaweb...
A versão do mikrotik é a 2.9.27.... Aguardo resposta...

[1c3m4n]

Tenta dizer o problema que alguém pode tentar ajudar.

[Marra]

Como eu disse...
O problema é no envio de email...
Usávamos o outlook express.. porem, as vezes, ele não consegue se conectar ao pop e/ou ao smtp para baixar e/ou enviar os emails...

tentamos em seguida o thunderbird e está dando a mesma coisa...

Obs: As vezes funciona, as vezes não funciona o recebimento e o envio(na maioria das vezes nao funciona rs)

[1c3m4n]

Qual é a mensagem de erro amigo? Simplesmente da erro podem ser milhares de coisas diferentes... Como está sua configuração,etc.

[Marra]

1/2

RouterOS 2.9.27# software id = 22G5-4TT
#
/ interface ethernet
set eth-LAN name="eth-LAN" mtu=1500 mac-address=00:07:95:F5:75:8A \
arp=enabled disable-running-check=yes auto-negotiation=yes \
full-duplex=yes cable-settings=default speed=1Gbps comment="" \
disabled=no
set eth-Velox name="eth-Velox" mtu=1500 mac-address=00:E0:7D:F8:1A:79 \
arp=enabled disable-running-check=yes auto-negotiation=yes \
full-duplex=yes cable-settings=default speed=100Mbps comment="" \
disabled=no
/ interface bridge port
add interface=eth-LAN priority=0x80 path-cost=10 edge=auto \
point-to-point=auto external-fdb=auto comment="" disabled=yes
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 \
authentication=pap,chap,mschap1,mschap2 \
default-profile=default-encryption
/ interface pppoe-server server
add service-name="zirta" interface=eth-Velox max-mtu=1492 max-mru=1492 \
authentication=pap,chap,mschap1,mschap2 keepalive-timeout=60 \
one-session-per-host=no max-sessions=60 \
default-profile=default-encryption disabled=no
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 \
keepalive-timeout=30 default-profile=default-encryption
/ interface pppoe-client
add name="Velox" max-mtu=1492 max-mru=1492 interface=eth-Velox \
user="[email protected]" password="2122222576" \
profile=default-encryption service-name="" ac-name="" \
add-default-route=yes dial-on-demand=no use-peer-dns=yes \
allow=pap,chap,mschap1,mschap2 disabled=no
/ ip pool
add name="Pool_Clientes" ranges=192.168.25.10-192.168.25.100
add name="hs-pool-2" ranges=192.168.25.10-192.168.25.200
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
add address=192.168.25.94 mac-address=00:0F:EA:A0:37:9F interface=eth-LAN \
comment="MARRA" disabled=no
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=200.222.122.134 secondary-dns=200.165.132.155 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip dns static
add name="DNS" address=200.185.6.131 ttl=1d
add name="DNS2" address=200.184.26.3 ttl=1d
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m \
inactive-flow-timeout=15s
/ ip address
add address=192.168.25.252/24 network=192.168.25.0 broadcast=192.168.25.255 \
interface=eth-LAN comment="" disabled=no
add address=192.168.25.1/24 network=192.168.25.0 broadcast=192.168.25.255 \
interface=eth-Velox comment="hotspot network" disabled=no
/ ip proxy
set enabled=no port=8080 parent-proxy=0.0.0.0:0 \
maximal-client-connecions=1000 maximal-server-connectons=1000
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" \
disabled=no
/ ip neighbor discovery
set eth-LAN discover=yes
set eth-Velox discover=yes
set Velox discover=no
/ ip route
/ ip firewall mangle
/ ip firewall nat
add chain=srcnat out-interface=Velox action=masquerade comment="" \
disabled=no
add chain=dstnat in-interface=eth-LAN protocol=tcp dst-port=80 \
action=redirect to-ports=3128 comment="" disabled=no
add chain=dstnat in-interface=eth-Velox protocol=tcp dst-port=80 \
action=redirect to-ports=3128 comment="" disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall filter
add chain=forward content=facebook action=drop comment="" disabled=no
add chain=forward content=uol action=drop comment="" disabled=no
add chain=forward content=player action=drop comment="" disabled=no
add chain=forward content=bol action=drop comment="" disabled=no
add chain=forward content=sexo action=drop comment="" disabled=no
add chain=forward content=jogos action=drop comment="" disabled=no
add chain=forward content=hotmail src-address-list="" action=drop comment="" \
disabled=no
add chain=forward content=mail.google action=drop comment="" disabled=no
add chain=forward content=g1.globo action=drop comment="" disabled=no
add chain=forward content=twitter action=drop comment="" disabled=no
add chain=forward content=.bol action=drop comment="" disabled=no
add chain=forward content=ORKUT action=drop comment="" disabled=no
add chain=forward content=porn action=drop comment="" disabled=no
add chain=forward content=flagra action=drop comment="" disabled=no
add chain=input in-interface=Velox protocol=tcp dst-port=3128 action=drop \
comment="" disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist \
action=drop comment="drop ftp brute forcers" disabled=no
add chain=output protocol=tcp content="530 Login incorrect" \
dst-limit=1/1m,9,dst-address/1m action=accept comment="" disabled=no
add chain=output protocol=tcp content="530 Login incorrect" \
action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h comment="" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist \
action=drop comment="drop ssh brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list \
address-list=ssh_blacklist address-list-timeout=1w3d comment="" \
disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list \
address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage1 action=add-src-to-address-list \
address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=yes
set h323 disabled=yes
set quake3 disabled=yes
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name="default" hotspot-address=0.0.0.0 dns-name="" \
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
split-user-domain=no use-radius=no
add name="hsprof1" hotspot-address=192.168.25.1 dns-name="dns" \
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
split-user-domain=no use-radius=no
/ ip hotspot user profile
set default name="default" idle-timeout=none keepalive-timeout=2m \
status-autorefresh=1m shared-users=1 transparent-proxy=yes \
open-status-page=always advertise=no
/ ip dhcp-server
add name="DHCP_Clientes" interface=eth-LAN lease-time=3d \
address-pool=Pool_Clientes bootp-support=static disabled=no
add name="dhcp1" interface=eth-Velox lease-time=1h address-pool=hs-pool-2 \
bootp-support=static authoritative=after-2sec-delay disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=192.168.25.0/24 gateway=192.168.25.252 netmask=24 comment=""
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \
lifebytes=0 pfs-group=modp1024 disabled=no
/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=3128 hostname="proxy" \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator="webmaster" max-object-size=100000KiB \
cache-drive=system max-cache-size=unlimited max-ram-cache-size=unlimited
/ ip web-proxy access
add url="facebook.com" action=deny comment="Block sites " disabled=no
add url="mail.google.com" action=deny comment="" disabled=no
add url="uol.com.br" action=deny comment="" disabled=no
add url="globo.com" action=deny comment="" disabled=no
add url="orkut.com" action=deny comment="" disabled=no
add url="gmail.com" action=deny comment="" disabled=no
add url="hotmail.com" action=deny comment="" disabled=no
add url="layer" action=deny comment="" disabled=no
add url="ig.com.br" action=deny comment="" disabled=no
add url="orn" action=deny comment="" disabled=no
add url=":video" action=deny comment="" disabled=no
add url="youtube" action=deny comment="" disabled=no
add url="twitter" action=deny comment="" disabled=no
add url="piada" action=deny comment="" disabled=no
add url="sexo" action=deny comment="" disabled=no
add url="penis" action=deny comment="" disabled=no
add url="jogo" action=deny comment="" disabled=no
add url="yahoo.com" action=deny comment="" disabled=no
add url="blogger.com" action=deny comment="" disabled=no
add url="blogspot.com" action=deny comment="" disabled=no
/ ip web-proxy cache
add url=":cgi-bin\\?" action=deny comment="don't cache dynamic http pages" \
disabled=no
/ ip web-proxy direct
add url="facebook" action=deny comment="" disabled=yes

[Marra]

/ system logging
add topics=info prefix="" action=memory disabled=no
add topics=error prefix="" action=memory disabled=no
add topics=warning prefix="" action=memory disabled=no
add topics=critical prefix="" action=echo disabled=no
add topics=web-proxy prefix="Proxy" action=remote disabled=no
/ system logging action
set memory name="memory" target=memory memory-lines=100 \
memory-stop-on-full=no
set disk name="disk" target=disk disk-lines=100 disk-stop-on-full=no
set echo name="echo" target=echo remember=yes
set remote name="remote" target=remote remote=192.168.25.13:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 \
check-interval=1d user=""
/ system clock dst
set dst-delta=+00:00 dst-start="jan/01/1970 00:00:00" dst-end="jan/01/1970 \
00:00:00"
/ system watchdog
set reboot-on-failure=no watch-address=none watchdog-timer=yes \
no-ping-delay=5m automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term="" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
set FIXME term="linux" disabled=no
/ system console screen
set line-count=25
/ system identity
set name="MikroTik"
/ system note
set show-at-login=yes note=""
/ system lcd
set enabled=no type=24x4 port=parallel contrast=0
/ system lcd page
set time display-time=5s disabled=yes
set resources display-time=5s disabled=yes
set uptime display-time=5s disabled=yes
set packets display-time=5s disabled=yes
set bits display-time=5s disabled=yes
set version display-time=5s disabled=yes
set eth-Velox display-time=5s disabled=yes
set eth-LAN display-time=5s disabled=yes
set Velox display-time=5s disabled=yes
/ system ntp server
set enabled=no broadcast=no multicast=no manycast=yes
/ system ntp client
set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/ system routerboard bios
set
/ system health
set state-after-reboot=enabled
/ port
set serial0 name="serial0" baud-rate=9600 data-bits=8 parity=none \
stop-bits=1 flow-control=hardware
/ ppp profile
set default name="default" session-timeout=30m idle-timeout=30m \
use-compression=default use-vj-compression=default \
use-encryption=default only-one=default change-tcp-mss=yes comment=""
set default-encryption name="default-encryption" session-timeout=30m \
idle-timeout=30m use-compression=default use-vj-compression=default \
use-encryption=yes only-one=default change-tcp-mss=yes comment=""
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 \
sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60 \
red-min-threshold=10 red-max-threshold=50 red-burst=20 \
red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 \
sfq-allot=1514
add name="default-small" kind=pfifo pfifo-limit=10
/ queue simple
add name="Carol" target-addresses=192.168.25.30/32 dst-address=0.0.0.0/0 \
interface=all parent=none direction=both priority=8 \
queue=default-small/default-small limit-at=0/0 max-limit=2000000/0 \
total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat \
disabled=no
/ user
add name="admin" group=full address=0.0.0.0/0 comment="system default user" \
disabled=no
/ user group
add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,\
!ftp,!write,!policy
add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,passwo\
rd,web,!ftp,!policy
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,win\
box,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact="" location=""
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 \
max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from="<>"
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name="" file-limit=10 \
streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes \
filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535 \
filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no \
redistribute-static=no redistribute-rip=no redistribute-bgp=no \
metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 \
metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default \
translator-role=translate-candidate authentication=none \
prefix-list-import="" prefix-list-export="" disabled=no
/ routing bgp
set enabled=yes as=65530 router-id=0.0.0.0 redistribute-static=no \
redistribute-connected=no redistribute-rip=no redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no \
redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1 \
metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m

Já aumentamos o tempo de espera do outlook nas máquinas, e nada;...

[1c3m4n]

<sup>vc consegue consectar no servidor via telnet?

telnet servidor.com.br 110
user [email protected]
pass suasenha

se isso funcionar o problema está no outlook</sup>

[Marra]

Segui esse link da locaweb:
http://wiki.locaweb.com.br/pt-br/Tes...imento_via_POP

Mas não consegui autenticar, tanto no mikrotik quanto no gvt

Porém, não pode ser problema no outlook..

Como eu disse tenho um link gvt... Quanto eu passo as máquinas para o gvt (sem o mikrotik) os emails funcionam que é uma beleza...

[1c3m4n]

Se sem passar pelo mikrotik funciona o problema está nas regras do firewall/nat. Somente o email não funciona? Se vc tentar utlizar outra porta, por exemplo ftp, não funciona também?

[Marra]

Cara, as vezes funciona... 1 em um milhão de tentativas rs...

Será que depois de uma certa quantidade de email ele bloqueia?

Parece que o maior problema é quando chega anexo...

Mas eu não entendo também porque o pop para..

Será que é alguma config de internet

Na navegação eu não sinto oscilação...

[1c3m4n]

Pode até haver limitação e bloqueio sim, mas não acho que seja o caso. Você deveria conseguir se autenticar mesmo havendo este tipo de bloqueio.

Eu sinceramente não li sua config inteira, mas recomendo você a começar limpando suas regras de firewall/nat e ir acrescentando aos poucos, por exemplo: liberar any any no firewall, criar um nat full e fazer o teste. Com isso funcionando vc começa a criar os bloqueios.