Getting error when trying to forward mail from my Linux email server to Exchange Server on a WIN NT <br>SERVER.

Posted on 2002-03-21
Last Modified: 2010-03-18
1. I use Exchange Server on my internal network.

2. I use Linux on an "external network" to relay mail from the Internet in and out. The Linux has a fixed IP address from my ISP.

3.  Internet Mail is successfully transmitted from any client on my internal network via Exchange Server to my Linux box on my external network and to the Internet.

problem:  I am ALREADY RECEIVING  INTERNET MAIL from the Internet as far as my Linux box.  I have a test user on the Linux box and the test user receives mail from the Internet.  However my internal network users' mail is reject by the linux box with the following error "Reason: 5.7.1 .... relaying denied"

1) I have relay setup in /etc/access for my Exchange Server' NT Server.
2) I have an entry in /etc/mailertable as follows:
3) I have entered lines for my two hosts in their hosts files

In my file I have defined the smarthost as my ISP mail server and also setup the MASQUERADE lines recommended.

PS.  I have the Exchange Server (Winnt) and the Linux server connected to each other via a hub and secondary nics on each and sharing their own subnet.

Question by:Rabeyc
  • 4
  • 4
LVL 40

Expert Comment

ID: 6887703
Does your access file look like:      RELAY

with the IP being that of your exchange server? And after changing the access file did you rebuild the access map?

How about posting the envelope headers of a failed message?

Author Comment

ID: 6889123
The access has the ip address: RELAY

And the access.db was rebuilt the access map using
# makemap hash /etc/mail/access < /etc/mail/access

LVL 40

Expert Comment

ID: 6889247
Is all outbound email from internal users being sent to the exchange server and then through the Linux relay? You can tell what the path is by looking at the envelope headers in the bounce. Depending on what client you are using you may need to enable viewing of all headers in order to see them.
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.


Author Comment

ID: 6890069
Yes all outbound mail from internal users are sent to the exchange server and then through the Linux relay.  The Exchange server routes the mail directly to the ip address of the Linux server.  This portion works well.

The envelope header of an incoming mail that cannot be relayed from linux to exchange follows:

Mar 20 20:56:37 isumail sendmail[1848]: g2L2ubp01848: ruleset=check_rcpt, arg1=<>, [], reject=550 5.7.1 <>... Relaying denied


LVL 40

Expert Comment

ID: 6890158
Okay, so it's inbound mail from the Internet that's bounced by Linux. I misunderstood the problem. I going to assume that you are using the Linux box as a true relay and want all mail addresses to your domain sent on to the exchange server and that you won't have any accounts on the Linux box.

Add your domain name to /etc/mail/local-host-names and empty the mailertable file. Add an entry to /etc/mail/virtusertable that looks like:

@mydom.tld    %1@exchange-srv.mydom.tld

replacing mydom.tld with your domain name and exchange-srv.mydom.tld with the FQDN of your exchange server. Rebuild the maps and re-start sendmail and I believe that you'll find that it will relay mail.

If that doesn't work I'll need to see the contents of your file.

Author Comment

ID: 6894790
Thanks! It worked!

I also deleted the line that defines the SMARTHOST in the sendmail configuration file.  I am not sure if it was required.

You may also want to comment on the following: The email working as it is what are the areas of security in Linux that can be looked at to improve the security from the point of view of viruses and also from unauthorized access to my internal network.



Author Comment

ID: 6894793
I accept answer.
LVL 40

Accepted Solution

jlevie earned 200 total points
ID: 6894964

The times when you'll need to use a SMARTHOST on a relay server include:

1) If your ISP blocks outgoing SMTP traffic as a spam control measure. In cases like this you use the ISP's mail server as an outgoing relay.

2) If the IP of your mail relay lies within a netblock that has been registered with any of the Internet black lists as being part of a 'dial up network'. Again this is part of spam control and would limit who you could send email to. Again you'd use your ISP's mail server as an outgoing relay.

As to securing a Linux box that's used as a mail relay. For the most part common sense applies. You need to make sure that the system always has any security updates applied. I subscribe to a nuber of security related mailing lists so I get notifications of newly discovered vulnerabilities. Most folks only have one or two Internet accessible servers and it generally suffices to check your Linux vendors site about once a week for new advisories.

The next obvious item is to disable any services that aren't actually required, like telnet, rsh, etc. You should only be accessing the server via ssh to frustrate anyone with a sniffer. I also highly recommend installing and configuring tripwire. Not only will it tell you about penetration attempts, but if one happens you'll have the information necessary to repair the system (you'll know what's been modified).

The really paranoid (mself included) will set up a firewall on the system to restrict external connections to be only those that are required. In this case I'd configure the firewall rulesets to allow inbound SMTP from the Internet and the exchange server and to allow inbound ssh from one or two "system management workstations" on your internal network. The "system management workstations" would be Linux in my case and they would be hardened almost as much as the servers and would be restricted to the use of trusted admins.

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Multicast - Linux 4 30
CPU#7 stuck for 22s! 4 289
*STABLE* and free Linux Firewall distribution 6 87
iptables ubuntu BLOCK all 2 84
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question