Koozali.org: home of the SME Server

[Server Only mode] smtp error "Relay not allowed

Eric Belhomme

[Server Only mode] smtp error "Relay not allowed
« on: July 17, 2002, 06:19:49 PM »
hi,

I just installed a SME5.5 box in my office on a DMZ network with a public IP address, to do mail server.

I added on server-manager a local network to declare my LAN range.

Now i can send emails to everybody declared on the SME box, but if I send an email to anybody on Internet, I get this message : '553 Sorry, that domain isn't in my list of allowed rcpthosts.'

What's wrong in my config ?

thanks

Eric Belhomme

Eric Belhomme

Re: [Server Only mode] smtp error "Relay not allowed
« Reply #1 on: July 17, 2002, 06:36:17 PM »
Hi tried to open the firewall between DMZ and Internet : emails are sent ! But if I close the firewall, and just open smtp port and dns-query port it don't and send me the error message I mentionned i my previous post !

I don't know why...

Eric Belhomme

Eric Belhomme

Re: [Server Only mode] smtp error "Relay not allowed
« Reply #2 on: July 17, 2002, 08:08:44 PM »
I found this http://www.palomine.net/qmail/selectiverelay.html
So i followed directives in it and I found /etc/tcprules/tcp.smtp witch it seems ok

So I wonder qmail is correctly configured to relay my LAN... so why did I get this fu****g message ???

Eric Belhomme

Re: [Server Only mode] smtp error "Relay not allowed
« Reply #3 on: July 17, 2002, 08:26:29 PM »
I resolved !!!

my networks looks like this :

           INTERNET
               |
           FIREWALL (public IP)
               |
      +--------+-------+
      |                |
SME5.5 (DMZ)          LAN
public IP                private IP/16

My firewall was configured to MASQUERADE all traffic outcomming from the LAN, so the SME server received smtp connection with source IP from the firewall !

I modified my iptables rules to do masquerade only if destination is NOT my DMZ and now relaying works well :)

Anyway, I'm in doubt : /etc/tcprules/tcp.smtp explicitly allow relaying from the firewall IP (witch is the unique gateway address for the server) even with MASQUERADE, it sould be relayed ? isn't it ?

Eric Belhomme