[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Getting error when trying to forward mail from my Linux email server to Exchange Server on a WIN NT <br>SERVER.

Posted on 2002-03-21
Medium Priority
Last Modified: 2010-03-18
1. I use Exchange Server on my internal network.

2. I use Linux on an "external network" to relay mail from the Internet in and out. The Linux has a fixed IP address from my ISP.

3.  Internet Mail is successfully transmitted from any client on my internal network via Exchange Server to my Linux box on my external network and to the Internet.

problem:  I am ALREADY RECEIVING  INTERNET MAIL from the Internet as far as my Linux box.  I have a test user on the Linux box and the test user receives mail from the Internet.  However my internal network users' mail is reject by the linux box with the following error "Reason: 5.7.1 testuser@mydomain.org .... relaying denied"

1) I have relay setup in /etc/access for my Exchange Server' NT Server.
2) I have an entry in /etc/mailertable as follows:
   "@mydomain.org     SMTP:exchange.mydomain.org
3) I have entered lines for my two hosts in their hosts files

In my sendmail.mc file I have defined the smarthost as my ISP mail server and also setup the MASQUERADE lines recommended.

PS.  I have the Exchange Server (Winnt) and the Linux server connected to each other via a hub and secondary nics on each and sharing their own subnet.

Question by:Rabeyc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
LVL 40

Expert Comment

ID: 6887703
Does your access file look like:      RELAY

with the IP being that of your exchange server? And after changing the access file did you rebuild the access map?

How about posting the envelope headers of a failed message?

Author Comment

ID: 6889123
The access has the ip address: RELAY

And the access.db was rebuilt the access map using
# makemap hash /etc/mail/access < /etc/mail/access

LVL 40

Expert Comment

ID: 6889247
Is all outbound email from internal users being sent to the exchange server and then through the Linux relay? You can tell what the path is by looking at the envelope headers in the bounce. Depending on what client you are using you may need to enable viewing of all headers in order to see them.
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.


Author Comment

ID: 6890069
Yes all outbound mail from internal users are sent to the exchange server and then through the Linux relay.  The Exchange server routes the mail directly to the ip address of the Linux server.  This portion works well.

The envelope header of an incoming mail that cannot be relayed from linux to exchange follows:

Mar 20 20:56:37 isumail sendmail[1848]: g2L2ubp01848: ruleset=check_rcpt, arg1=<rabeyc@mydomain.org>, relay=wgs1.isp.net [], reject=550 5.7.1 <rabeyc@mydomain.org>... Relaying denied


LVL 40

Expert Comment

ID: 6890158
Okay, so it's inbound mail from the Internet that's bounced by Linux. I misunderstood the problem. I going to assume that you are using the Linux box as a true relay and want all mail addresses to your domain sent on to the exchange server and that you won't have any accounts on the Linux box.

Add your domain name to /etc/mail/local-host-names and empty the mailertable file. Add an entry to /etc/mail/virtusertable that looks like:

@mydom.tld    %1@exchange-srv.mydom.tld

replacing mydom.tld with your domain name and exchange-srv.mydom.tld with the FQDN of your exchange server. Rebuild the maps and re-start sendmail and I believe that you'll find that it will relay mail.

If that doesn't work I'll need to see the contents of your sendmail.mc file.

Author Comment

ID: 6894790
Thanks! It worked!

I also deleted the line that defines the SMARTHOST in the sendmail configuration file.  I am not sure if it was required.

You may also want to comment on the following: The email working as it is what are the areas of security in Linux that can be looked at to improve the security from the point of view of viruses and also from unauthorized access to my internal network.



Author Comment

ID: 6894793
I accept answer.
LVL 40

Accepted Solution

jlevie earned 800 total points
ID: 6894964

The times when you'll need to use a SMARTHOST on a relay server include:

1) If your ISP blocks outgoing SMTP traffic as a spam control measure. In cases like this you use the ISP's mail server as an outgoing relay.

2) If the IP of your mail relay lies within a netblock that has been registered with any of the Internet black lists as being part of a 'dial up network'. Again this is part of spam control and would limit who you could send email to. Again you'd use your ISP's mail server as an outgoing relay.

As to securing a Linux box that's used as a mail relay. For the most part common sense applies. You need to make sure that the system always has any security updates applied. I subscribe to a nuber of security related mailing lists so I get notifications of newly discovered vulnerabilities. Most folks only have one or two Internet accessible servers and it generally suffices to check your Linux vendors site about once a week for new advisories.

The next obvious item is to disable any services that aren't actually required, like telnet, rsh, etc. You should only be accessing the server via ssh to frustrate anyone with a sniffer. I also highly recommend installing and configuring tripwire. Not only will it tell you about penetration attempts, but if one happens you'll have the information necessary to repair the system (you'll know what's been modified).

The really paranoid (mself included) will set up a firewall on the system to restrict external connections to be only those that are required. In this case I'd configure the firewall rulesets to allow inbound SMTP from the Internet and the exchange server and to allow inbound ssh from one or two "system management workstations" on your internal network. The "system management workstations" would be Linux in my case and they would be hardened almost as much as the servers and would be restricted to the use of trusted admins.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question