Mail Server behind proxy is doing HTTPS request without using the proxy

jfernandez · March 18, 2019, 9:48pm

NethServer Version: 7.6.1810
Module: mail 2.4.5-1 | rspam 1.8.3-1

I have a Nethserver Mail Server (let’s call it mail-server) behind a NS Proxy/Gatewy Server (let’s call it proxy-server).

proxy-server is droping HTTPS request from mail-server, as you can see in bellow:

journalctl -xe -S '2019-03-18 17:22:00' | grep 'SRC=192.168.9.7' | egrep 'DROP|REJECT' | grep -v 'PROTO=ICMP' | egrep 'DPT|SRC|PROTO'
Mar 18 17:26:17 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=30262 DF PROTO=TCP SPT=37692 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:17 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=11757 DF PROTO=TCP SPT=37694 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:17 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37082 DF PROTO=TCP SPT=37696 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:17 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=4651 DF PROTO=TCP SPT=37698 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:18 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=11758 DF PROTO=TCP SPT=37694 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:18 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=4652 DF PROTO=TCP SPT=37698 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:20 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=11759 DF PROTO=TCP SPT=37694 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:20 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=4653 DF PROTO=TCP SPT=37698 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:32 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=11761 DF PROTO=TCP SPT=37694 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:32 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=4655 DF PROTO=TCP SPT=37698 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:42 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=60934 DF PROTO=TCP SPT=50754 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:26:48 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=444 TOS=0x00 PREC=0x00 TTL=63 ID=47059 DF PROTO=UDP SPT=43601 DPT=11335 LEN=424 
Mar 18 17:27:20 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=11763 DF PROTO=TCP SPT=37694 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:27:20 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=88.99.142.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=4657 DF PROTO=TCP SPT=37698 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:27:46 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1677 DF PROTO=TCP SPT=43888 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:27:47 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1678 DF PROTO=TCP SPT=43888 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:27:49 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1679 DF PROTO=TCP SPT=43888 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:27:53 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1680 DF PROTO=TCP SPT=43888 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:28:01 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1681 DF PROTO=TCP SPT=43888 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:28:17 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1682 DF PROTO=TCP SPT=43888 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:28:49 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1683 DF PROTO=TCP SPT=43888 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:29:53 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=23967 DF PROTO=TCP SPT=48884 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:29:54 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=23968 DF PROTO=TCP SPT=48884 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:29:56 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=23969 DF PROTO=TCP SPT=48884 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:30:00 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=23970 DF PROTO=TCP SPT=48884 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:30:08 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=23971 DF PROTO=TCP SPT=48884 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:30:24 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=23972 DF PROTO=TCP SPT=48884 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:31:57 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=212.24.145.107 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=21529 DF PROTO=TCP SPT=43450 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:31:57 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=212.24.145.107 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38401 DF PROTO=TCP SPT=43452 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:31:58 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=212.24.145.107 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38402 DF PROTO=TCP SPT=43452 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:32:00 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=212.24.145.107 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38403 DF PROTO=TCP SPT=43452 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:32:00 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43865 DF PROTO=TCP SPT=58560 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:32:01 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43866 DF PROTO=TCP SPT=58560 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:32:03 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43867 DF PROTO=TCP SPT=58560 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:32:04 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=212.24.145.107 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38404 DF PROTO=TCP SPT=43452 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:32:07 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43868 DF PROTO=TCP SPT=58560 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:32:12 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=212.24.145.107 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38405 DF PROTO=TCP SPT=43452 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:32:15 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43869 DF PROTO=TCP SPT=58560 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:32:28 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=212.24.145.107 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38406 DF PROTO=TCP SPT=43452 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:32:31 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43870 DF PROTO=TCP SPT=58560 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:33:00 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=212.24.145.107 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38407 DF PROTO=TCP SPT=43452 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:33:03 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=43871 DF PROTO=TCP SPT=58560 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:34:07 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37055 DF PROTO=TCP SPT=50812 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:34:08 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37056 DF PROTO=TCP SPT=50812 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:34:10 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37057 DF PROTO=TCP SPT=50812 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:34:14 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37058 DF PROTO=TCP SPT=50812 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:34:23 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37059 DF PROTO=TCP SPT=50812 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:34:39 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37060 DF PROTO=TCP SPT=50812 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:35:11 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37061 DF PROTO=TCP SPT=50812 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:36:15 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12251 DF PROTO=TCP SPT=43946 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:36:16 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12252 DF PROTO=TCP SPT=43946 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:36:18 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12253 DF PROTO=TCP SPT=43946 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:36:22 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12254 DF PROTO=TCP SPT=43946 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:36:30 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12255 DF PROTO=TCP SPT=43946 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:36:46 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12256 DF PROTO=TCP SPT=43946 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:37:18 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12257 DF PROTO=TCP SPT=43946 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:38:22 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=19291 DF PROTO=TCP SPT=48938 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:38:23 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=19292 DF PROTO=TCP SPT=48938 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:38:25 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=19293 DF PROTO=TCP SPT=48938 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:38:29 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=19294 DF PROTO=TCP SPT=48938 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:38:37 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=19295 DF PROTO=TCP SPT=48938 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:38:53 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=19296 DF PROTO=TCP SPT=48938 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:39:25 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.192.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=19297 DF PROTO=TCP SPT=48938 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:40:30 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38808 DF PROTO=TCP SPT=58576 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:40:31 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38809 DF PROTO=TCP SPT=58576 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:40:37 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38811 DF PROTO=TCP SPT=58576 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:40:45 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38812 DF PROTO=TCP SPT=58576 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:41:01 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38813 DF PROTO=TCP SPT=58576 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:41:33 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.0.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=38814 DF PROTO=TCP SPT=58576 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:42:37 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32119 DF PROTO=TCP SPT=50828 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:42:38 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32120 DF PROTO=TCP SPT=50828 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:42:40 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32121 DF PROTO=TCP SPT=50828 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:42:44 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32122 DF PROTO=TCP SPT=50828 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:42:52 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32123 DF PROTO=TCP SPT=50828 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:43:09 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32124 DF PROTO=TCP SPT=50828 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:43:41 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.64.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32125 DF PROTO=TCP SPT=50828 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:44:45 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32038 DF PROTO=TCP SPT=43954 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:44:46 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32039 DF PROTO=TCP SPT=43954 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:44:48 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32040 DF PROTO=TCP SPT=43954 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 
Mar 18 17:44:52 heimdall.durerocaribe.cu kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 MAC=56:76:ab:e3:56:cb:52:a1:d7:5f:c7:1c:08:00 SRC=192.168.9.7 DST=151.101.128.133 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32041 DF PROTO=TCP SPT=43954 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0

Which means some process is not using the proxy configuration on mail-server to do its requests. Cheking mail-server journal I got this:

journalctl -xe -p 4
Mar 18 17:24:18 hermod.durerocaribe.cu rspamd[12841]: <fdp86m>; map; http_map_error: error reading https://maps.rspamd.com/freemail/free.txt.zst(212.24.145.107:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out
Mar 18 17:24:36 hermod.durerocaribe.cu rspamd[12841]: <u9r7uu>; map; http_map_error: error reading https://maps.rspamd.com/rspamd/redirectors.inc.zst(88.99.142.95:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out
Mar 18 17:25:02 hermod.durerocaribe.cu rspamd[12840]: <b5b025>; proxy; fuzzy_check_timer_callback: got IO timeout with server fuzzy1.rspamd.com(88.99.142.95:11335), after 1 retransmits
Mar 18 17:26:52 hermod.durerocaribe.cu rspamd[12840]: <d32a07>; proxy; fuzzy_check_timer_callback: got IO timeout with server fuzzy2.rspamd.com(88.99.142.95:11335), after 1 retransmits
Mar 18 17:28:24 hermod.durerocaribe.cu rspamd[12841]: <78wxos>; map; http_map_error: error reading https://maps.rspamd.com/rspamd/2tld.inc.zst(88.99.142.95:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out
Mar 18 17:28:24 hermod.durerocaribe.cu rspamd[12841]: <k8f914>; map; http_map_error: error reading https://maps.rspamd.com/freemail/disposable.txt.zst(88.99.142.95:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out
Mar 18 17:28:30 hermod.durerocaribe.cu rspamd[12840]: <5b1e10>; proxy; fuzzy_check_timer_callback: got IO timeout with server fuzzy1.rspamd.com(88.99.142.95:11335), after 1 retransmits
Mar 18 17:30:21 hermod.durerocaribe.cu sssd[be[durerocaribe.cu]][3467]: Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing mode.
Mar 18 17:30:23 hermod.durerocaribe.cu sssd[be[durerocaribe.cu]][3467]: Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing mode.
Mar 18 17:30:24 hermod.durerocaribe.cu sssd[be[durerocaribe.cu]][3467]: Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing mode.
Mar 18 17:30:26 hermod.durerocaribe.cu sssd[be[durerocaribe.cu]][3467]: Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing mode.
Mar 18 17:30:27 hermod.durerocaribe.cu sssd[be[durerocaribe.cu]][3467]: Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing mode.
Mar 18 17:30:29 hermod.durerocaribe.cu sssd[be[durerocaribe.cu]][3467]: Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing mode.
Mar 18 17:30:30 hermod.durerocaribe.cu sssd[be[durerocaribe.cu]][3467]: Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing mode.
Mar 18 17:30:32 hermod.durerocaribe.cu sssd[be[durerocaribe.cu]][3467]: Warning: user would have been denied GPO-based logon access if the ad_gpo_access_control option were set to enforcing mode.
Mar 18 17:31:21 hermod.durerocaribe.cu rspamd[12840]: <0f4051>; proxy; fuzzy_check_timer_callback: got IO timeout with server fuzzy1.rspamd.com(88.99.142.95:11335), after 1 retransmits
Mar 18 17:31:39 hermod.durerocaribe.cu rspamd[12840]: <92a58d>; proxy; fuzzy_check_timer_callback: got IO timeout with server fuzzy1.rspamd.com(88.99.142.95:11335), after 1 retransmits
Mar 18 17:33:09 hermod.durerocaribe.cu rspamd[12840]: <20df2c>; proxy; fuzzy_check_timer_callback: got IO timeout with server fuzzy1.rspamd.com(88.99.142.95:11335), after 1 retransmits
Mar 18 17:34:04 hermod.durerocaribe.cu rspamd[12841]: <9zc4wc>; map; http_map_error: error reading https://maps.rspamd.com/rspamd/mid.inc.zst(212.24.145.107:443): connection with http server terminated incorrectly: ssl connect error: syscall fail: Connection timed out

It seems that rspamd is trying to connect to https://maps.rspamd.com/rspamd/mid.inc.zst.
maps.rspamd.com has an IP on 88.99.142.95, there are other 2 IP which are:

151.101.128.133
212.24.145.107

I need to know how I can fix this, please

federico.ballarini · March 18, 2019, 10:02pm

Please tell us more about your configuration:

On Gatway is enabled IPS?
Have you got any particular firewall rule?
Have you added an host without proxy for the mail server? Why not? You need to pass from proxy to get out on the Internet?

jfernandez · March 18, 2019, 10:15pm

Yes

I’m denying a HTTP/HTTPS routing request, this has to strictly go through the proxy.

I don’t understand the question

I’m denying any kind of routing request on my gateway/proxy server. Exeptions are:

HTTP/HTTPS through proxy
WhatsApp ports
DNS request
SMTP/SMTPS request

federico.ballarini · March 18, 2019, 11:00pm

Could you try adding on mail server the proxy settings through “Network” page -> Proxy Settings ?
It should be the IP of your proxy on port 3128…

mrmarkuz · March 19, 2019, 1:21am

It may be an IPS problem, see IPS Bypass IP rspamd_proxy

federico.ballarini · March 19, 2019, 8:38am

Try also to set these categories to “Block”:
BotCC Portgrouped, BotCC, CIArmy, Compromised, Drop, Dshield, ActiveX, Attack Response, Exploit, Malware, Mobile Malware, Netbios, P2P, TOR.

All other categories put it on “Alarm”.
Obviusly check also “Enable IPS”

It should works.
Wait for feedback.

jfernandez · March 19, 2019, 11:51am

I had that configured before installing mail module. I actually discovered an issue with ClamAV not using proxy since I had this server using a proxy configuration.

I had that configuration, but to make sure that is not the problem, I disabled “Enable IPS” checkbox and hit submit, however the problem remains.