From 3d26c8a64e5519ca694575fa21b9ab0dfc6dbea4 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Fri, 6 Feb 2026 07:46:38 +0100 Subject: [PATCH] docs: Document mail server DNS and firewall fixes - BIND zone was returning internal IP (192.168.255.1) instead of public IP - Added IPv6 AAAA records to BIND zone and Gandi DNS - Fixed nftables forward_wan chain blocking DNAT'd mail traffic - Added mail port forwarding rules for both IPv4 and IPv6 - Documented Free ISP inbound port 25 blocking issue Co-Authored-By: Claude Opus 4.5 --- .claude/WIP.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.claude/WIP.md b/.claude/WIP.md index c97c75ca..80036d52 100644 --- a/.claude/WIP.md +++ b/.claude/WIP.md @@ -109,6 +109,28 @@ _Last updated: 2026-02-07_ - Fix: Added `mailctl fix-ports` command to enable all mail ports - Also added password reset for mail users in LuCI dashboard +- **BIND Zone Returning Internal IP** — RESOLVED (2026-02-07) + - Root cause: `/etc/bind/zones/secubox.in.zone` had 192.168.255.1 (internal) instead of public IP + - External DNS queries returned non-routable internal IP + - Fix: Updated zone file with public IP 82.67.100.75 for all records + +- **IPv6 DNS Support** — DONE (2026-02-07) + - Added AAAA records to BIND zone and Gandi DNS + - IPv6: `2a01:e0a:dec:c4e0:250:43ff:fe84:fb2f` + - Records: @, mail, ns0, ns1, wildcard + +- **nftables Mail Forwarding Rules** — DONE (2026-02-07) + - Root cause: nftables `forward_wan` chain blocked DNAT'd mail traffic + - iptables DNAT worked but nftables dropped packets before forwarding + - Fix: Added explicit accept rules for mail ports (25,143,465,587,993,995) + - Added both IPv4 and IPv6 forwarding rules + - Persisted in `/etc/firewall.user` + +- **Inbound Port 25 Blocked by Free ISP** — KNOWN ISSUE + - Free ISP blocks inbound port 25 on residential lines + - Outbound mail works, inbound from external fails + - Workaround options: VPS relay, Mailgun/SendGrid, or contact Free support + ### Just Completed - **Unified Backup Manager** — DONE (2026-02-05)