LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-17-2007, 03:26 PM   #1
_MD_
Member
 
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43

Rep: Reputation: 16
Sendmail: relay denied from a different subnet


I'm a bit new to linux mail servers so I've placed this question in the newbie section.


Alright... I have 2 subnets (192.168.1.0 and 192.168.2.0) that are connected via VPN. My mail server is on .1.0 network. It is properly configured and works fine sending and receiving mail. The new remote location was opened not so long ago (it was assigned a .2.0 subnet). Now, when people are trying to send mail from the .2.0 subnet to the .1.0 network (local addresses), it works great. But as soon as they send mail to the outside world using outlook (in outlook they have incoming and outgoing addresses set to the static mail server address .1.99), they get an error message of
554 <name@outside.com>: Relay access denied.
We have a squirrelmail configured as well, so sending through a browser to the outside world is absolutely not a problem.

I've added relay network (192.168.2) to the /etc/mail/relay-domains, restarted sendmail - nothing.
I've done what they suggest here - nothing as well.
It's funny though, I'm on fedora core 2 and have webmin installed. And in webmin I can see that both postfix and sendmail are running. However, when I open the squirrelmail config.php file, it says that it uses sendmail. Soo... any help resolving this issue is greatly appreciated. Thanks.

Last edited by _MD_; 04-17-2007 at 03:29 PM.
 
Old 04-17-2007, 05:52 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,900

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
Check if you have the file /etc/mail/LocalIP, or there is a line:
Code:
F{LocalIP} /etc/mail/LocalIP
in your sendmail.cf. If yes then add your 2nd network in that file (create it if it doesn't exist) and restart sendmail. Else you have to rebuild your sendmail.cf adding these rules,
 
Old 04-18-2007, 04:06 PM   #3
_MD_
Member
 
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Still no luck. Here's my sendmail.cf:

Code:
##################
#   local info   #
##################

# my LDAP cluster
# need to set this before any LDAP lookups are done (including classes)
#D{sendmailMTACluster}$m

Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names

# New IP definitions file
F{LocalIP} /etc/mail/LocalIP

# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
Djmydomain.com

# host/domain names ending with a token in class P are canonical
CP.

# "Smart" relay host (may be null)
DS192.168.2


# operators that cannot be in local usernames (i.e., network indicators)
CO @ % !

# a class with just dot (for identifying canonical names)
C..

# a class with just a left bracket (for identifying domain literals)
C[[

# access_db acceptance class
C{Accept}OK RELAY


C{ResOk}OKR


# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains

# arithmetic map
Karith arith
# macro storage map
Kmacro macro
# possible values for TLS_connection in access map
C{tls}VERIFY ENCR

...

# Configuration version number
DZ8.12.11
See, here I even enabled the smarthost DS192.168.2


The /etc/mail/LocalIP has

Code:
192.168.1.0/24
192.168.2.0/24
Then /etc/mail/relay-domains has

Code:
192.168.2
64.23.10.81
And /etc/mail/access

Code:
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
192.168.1                       RELAY
192.168.2                       RELAY
64.23.10.81                     RELAY
mydomain.com                    RELAY
So what else can I try to do to make it relay mail from 192.168.2.0 subnet?
Thanks for the help...
 
Old 04-19-2007, 03:51 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,900

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
So your sendmail uses /etc/mail/relay-domains instead of /etc/mail/LocalIP. Anyway you must put in /etc/mail/relay-domains also the ip of the router/bridge or whatever connects the 2.0 with the 1.0 network to see if it works.
 
Old 04-19-2007, 09:42 AM   #5
_MD_
Member
 
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by bathory
So your sendmail uses /etc/mail/relay-domains instead of /etc/mail/LocalIP. Anyway you must put in /etc/mail/relay-domains also the ip of the router/bridge or whatever connects the 2.0 with the 1.0 network to see if it works.
Hmm... A bit confusing... because my router that connects it is 1.1 and as I mentioned before, the mail works perfect on 1.0 network... Maybe I should be a bit more clear on how the VPN connection was built:

192.168.1.0 - internal side A
64.23.10.81 - external side A
64.25.17.15 - external side B
192.168.2.0 - internal side B

Routers are 192.168.1.1 and 192.168.2.1 respectively.
So my relay-domains should have 1.1 or 2.1?
In any case, I've tried putting both... to no avail.

But what's with the two MTA (sendmail and postfix) running at the same time? How can I check which is actually the one that delivers mail?
 
Old 04-19-2007, 10:10 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,900

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
Run
Code:
netstat -tanpl|grep 25
to see which one (sendmail or postfix) is listening to port 25. Most likely it's postfix since sendmail should work using relay-domains
 
Old 04-19-2007, 10:38 AM   #7
_MD_
Member
 
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Code:
tcp        0      0 192.168.1.99:25         64.23.10.81:55453      ESTABLISHED 3591/smtpd
Yes, postfix. Now we're clear on this subject and one step closer to the truth...
Ok, in my /etc/postfix/main.cf I have

Code:
...
smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination,reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain
mynetworks = 192.168.10.0/24, 192.168.1.0/24, 127.0.0.0/8, 192.168.2.0/24
relay_domains = server01.intra
....
***Note - server01 is my windows dns and dhcp server.

But relaying still doesn't work...

Last edited by _MD_; 04-19-2007 at 10:41 AM.
 
Old 04-20-2007, 02:54 AM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,900

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
I've never used postfix, so I cannot help you further. But you'll find plenty of help either here at LQ, or by googling. Anyway you can turn postix off and use sendmail

Regards
 
Old 04-20-2007, 09:20 AM   #9
_MD_
Member
 
Registered: Apr 2004
Location: Toronto, Canada
Distribution: BackTrack, Knoppix, Fedora, Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Hey, but thanks a lot man... =))))
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix as a mail relay (getting relay access denied) hypexr Linux - Software 3 09-13-2005 08:15 PM
sendmail relay access denied techrolla Linux - Networking 5 06-11-2005 02:59 PM
Sendmail (with TLS) relay denied freealx Linux - General 1 03-12-2005 05:10 PM
relay mail to sendmail relay server??? lemay_jeff Linux - Newbie 0 07-06-2004 05:54 PM
Sendmail relay denied. PTR or IP lookup failure. Bjorkli Linux - Networking 1 06-09-2004 02:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration