Solved

Getting error when trying to forward mail from my Linux email server to Exchange Server on a WIN NT <br>SERVER.

Posted on 2002-03-21
8
212 Views
Last Modified: 2010-03-18
1. I use Exchange Server on my internal network.

2. I use Linux on an "external network" to relay mail from the Internet in and out. The Linux has a fixed IP address from my ISP.

3.  Internet Mail is successfully transmitted from any client on my internal network via Exchange Server to my Linux box on my external network and to the Internet.

problem:  I am ALREADY RECEIVING  INTERNET MAIL from the Internet as far as my Linux box.  I have a test user on the Linux box and the test user receives mail from the Internet.  However my internal network users' mail is reject by the linux box with the following error "Reason: 5.7.1 testuser@mydomain.org .... relaying denied"

Done:
1) I have relay setup in /etc/access for my Exchange Server' NT Server.
2) I have an entry in /etc/mailertable as follows:
   "@mydomain.org     SMTP:exchange.mydomain.org
3) I have entered lines for my two hosts in their hosts files

In my sendmail.mc file I have defined the smarthost as my ISP mail server and also setup the MASQUERADE lines recommended.

PS.  I have the Exchange Server (Winnt) and the Linux server connected to each other via a hub and secondary nics on each and sharing their own subnet.

Thanks
0
Comment
Question by:Rabeyc
  • 4
  • 4
8 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6887703
Does your access file look like:

1.2.3.4      RELAY

with the IP being that of your exchange server? And after changing the access file did you rebuild the access map?

How about posting the envelope headers of a failed message?
0
 

Author Comment

by:Rabeyc
ID: 6889123
The access has the ip address:
10.0.0.25 RELAY

And the access.db was rebuilt the access map using
# makemap hash /etc/mail/access < /etc/mail/access


0
 
LVL 40

Expert Comment

by:jlevie
ID: 6889247
Is all outbound email from internal users being sent to the exchange server and then through the Linux relay? You can tell what the path is by looking at the envelope headers in the bounce. Depending on what client you are using you may need to enable viewing of all headers in order to see them.
0
 

Author Comment

by:Rabeyc
ID: 6890069
Yes all outbound mail from internal users are sent to the exchange server and then through the Linux relay.  The Exchange server routes the mail directly to the ip address of the Linux server.  This portion works well.

The envelope header of an incoming mail that cannot be relayed from linux to exchange follows:

Mar 20 20:56:37 isumail sendmail[1848]: g2L2ubp01848: ruleset=check_rcpt, arg1=<rabeyc@mydomain.org>, relay=wgs1.isp.net [206.27.238.5], reject=550 5.7.1 <rabeyc@mydomain.org>... Relaying denied

Thanks
Rabeyc

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 40

Expert Comment

by:jlevie
ID: 6890158
Okay, so it's inbound mail from the Internet that's bounced by Linux. I misunderstood the problem. I going to assume that you are using the Linux box as a true relay and want all mail addresses to your domain sent on to the exchange server and that you won't have any accounts on the Linux box.

Add your domain name to /etc/mail/local-host-names and empty the mailertable file. Add an entry to /etc/mail/virtusertable that looks like:

@mydom.tld    %1@exchange-srv.mydom.tld

replacing mydom.tld with your domain name and exchange-srv.mydom.tld with the FQDN of your exchange server. Rebuild the maps and re-start sendmail and I believe that you'll find that it will relay mail.

If that doesn't work I'll need to see the contents of your sendmail.mc file.
0
 

Author Comment

by:Rabeyc
ID: 6894790
Thanks! It worked!

I also deleted the line that defines the SMARTHOST in the sendmail configuration file.  I am not sure if it was required.

You may also want to comment on the following: The email working as it is what are the areas of security in Linux that can be looked at to improve the security from the point of view of viruses and also from unauthorized access to my internal network.

Thanks

0
 

Author Comment

by:Rabeyc
ID: 6894793
I accept answer.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 6894964
Cool...

The times when you'll need to use a SMARTHOST on a relay server include:

1) If your ISP blocks outgoing SMTP traffic as a spam control measure. In cases like this you use the ISP's mail server as an outgoing relay.

2) If the IP of your mail relay lies within a netblock that has been registered with any of the Internet black lists as being part of a 'dial up network'. Again this is part of spam control and would limit who you could send email to. Again you'd use your ISP's mail server as an outgoing relay.

As to securing a Linux box that's used as a mail relay. For the most part common sense applies. You need to make sure that the system always has any security updates applied. I subscribe to a nuber of security related mailing lists so I get notifications of newly discovered vulnerabilities. Most folks only have one or two Internet accessible servers and it generally suffices to check your Linux vendors site about once a week for new advisories.

The next obvious item is to disable any services that aren't actually required, like telnet, rsh, etc. You should only be accessing the server via ssh to frustrate anyone with a sniffer. I also highly recommend installing and configuring tripwire. Not only will it tell you about penetration attempts, but if one happens you'll have the information necessary to repair the system (you'll know what's been modified).

The really paranoid (mself included) will set up a firewall on the system to restrict external connections to be only those that are required. In this case I'd configure the firewall rulesets to allow inbound SMTP from the Internet and the exchange server and to allow inbound ssh from one or two "system management workstations" on your internal network. The "system management workstations" would be Linux in my case and they would be hardened almost as much as the servers and would be restricted to the use of trusted admins.
 
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now