gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Document mail port hijacking fix

Browse Source 
Firewall DNAT rules were redirecting ALL port 993/587/465 traffic
to local mailserver, blocking external mail server connections.

Fix: Add -i $WAN_IF to only redirect inbound WAN traffic.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-05 12:53:15 +01:00
parent b7f3eb9613
commit ffc3138d2b
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.claude/WIP.md
View File

@ -70,6 +70,12 @@ _Last updated: 2026-02-06_
- Fix: Changed setup.sh to use `lmdb:` prefix and copy resolv.conf to chroot - Fix: Changed setup.sh to use `lmdb:` prefix and copy resolv.conf to chroot
- Added `mailctl fix-postfix` command to repair existing installations - Added `mailctl fix-postfix` command to repair existing installations
- **Mail Port Hijacking External Connections** — RESOLVED (2026-02-06)
- Root cause: firewall.user DNAT rules had no interface restriction
- ALL port 993/587/etc traffic was redirected to local mailserver
- This blocked Thunderbird from connecting to external mail (ssl0.ovh.net)
- Fix: Added `-i $WAN_IF` to only redirect inbound WAN traffic
### Just Completed ### Just Completed
- **Unified Backup Manager** — DONE (2026-02-05) - **Unified Backup Manager** — DONE (2026-02-05)