Getting error when trying to forward mail from my Linux email server to Exchange Server on a WIN NT <br>SERVER.

1. I use Exchange Server on my internal network.

2. I use Linux on an "external network" to relay mail from the Internet in and out. The Linux has a fixed IP address from my ISP.

3.  Internet Mail is successfully transmitted from any client on my internal network via Exchange Server to my Linux box on my external network and to the Internet.

problem:  I am ALREADY RECEIVING  INTERNET MAIL from the Internet as far as my Linux box.  I have a test user on the Linux box and the test user receives mail from the Internet.  However my internal network users' mail is reject by the linux box with the following error "Reason: 5.7.1 .... relaying denied"

1) I have relay setup in /etc/access for my Exchange Server' NT Server.
2) I have an entry in /etc/mailertable as follows:
3) I have entered lines for my two hosts in their hosts files

In my file I have defined the smarthost as my ISP mail server and also setup the MASQUERADE lines recommended.

PS.  I have the Exchange Server (Winnt) and the Linux server connected to each other via a hub and secondary nics on each and sharing their own subnet.

Who is Participating?
jlevieConnect With a Mentor Commented:

The times when you'll need to use a SMARTHOST on a relay server include:

1) If your ISP blocks outgoing SMTP traffic as a spam control measure. In cases like this you use the ISP's mail server as an outgoing relay.

2) If the IP of your mail relay lies within a netblock that has been registered with any of the Internet black lists as being part of a 'dial up network'. Again this is part of spam control and would limit who you could send email to. Again you'd use your ISP's mail server as an outgoing relay.

As to securing a Linux box that's used as a mail relay. For the most part common sense applies. You need to make sure that the system always has any security updates applied. I subscribe to a nuber of security related mailing lists so I get notifications of newly discovered vulnerabilities. Most folks only have one or two Internet accessible servers and it generally suffices to check your Linux vendors site about once a week for new advisories.

The next obvious item is to disable any services that aren't actually required, like telnet, rsh, etc. You should only be accessing the server via ssh to frustrate anyone with a sniffer. I also highly recommend installing and configuring tripwire. Not only will it tell you about penetration attempts, but if one happens you'll have the information necessary to repair the system (you'll know what's been modified).

The really paranoid (mself included) will set up a firewall on the system to restrict external connections to be only those that are required. In this case I'd configure the firewall rulesets to allow inbound SMTP from the Internet and the exchange server and to allow inbound ssh from one or two "system management workstations" on your internal network. The "system management workstations" would be Linux in my case and they would be hardened almost as much as the servers and would be restricted to the use of trusted admins.
Does your access file look like:      RELAY

with the IP being that of your exchange server? And after changing the access file did you rebuild the access map?

How about posting the envelope headers of a failed message?
RabeycAuthor Commented:
The access has the ip address: RELAY

And the access.db was rebuilt the access map using
# makemap hash /etc/mail/access < /etc/mail/access

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Is all outbound email from internal users being sent to the exchange server and then through the Linux relay? You can tell what the path is by looking at the envelope headers in the bounce. Depending on what client you are using you may need to enable viewing of all headers in order to see them.
RabeycAuthor Commented:
Yes all outbound mail from internal users are sent to the exchange server and then through the Linux relay.  The Exchange server routes the mail directly to the ip address of the Linux server.  This portion works well.

The envelope header of an incoming mail that cannot be relayed from linux to exchange follows:

Mar 20 20:56:37 isumail sendmail[1848]: g2L2ubp01848: ruleset=check_rcpt, arg1=<>, [], reject=550 5.7.1 <>... Relaying denied


Okay, so it's inbound mail from the Internet that's bounced by Linux. I misunderstood the problem. I going to assume that you are using the Linux box as a true relay and want all mail addresses to your domain sent on to the exchange server and that you won't have any accounts on the Linux box.

Add your domain name to /etc/mail/local-host-names and empty the mailertable file. Add an entry to /etc/mail/virtusertable that looks like:

@mydom.tld    %1@exchange-srv.mydom.tld

replacing mydom.tld with your domain name and exchange-srv.mydom.tld with the FQDN of your exchange server. Rebuild the maps and re-start sendmail and I believe that you'll find that it will relay mail.

If that doesn't work I'll need to see the contents of your file.
RabeycAuthor Commented:
Thanks! It worked!

I also deleted the line that defines the SMARTHOST in the sendmail configuration file.  I am not sure if it was required.

You may also want to comment on the following: The email working as it is what are the areas of security in Linux that can be looked at to improve the security from the point of view of viruses and also from unauthorized access to my internal network.


RabeycAuthor Commented:
I accept answer.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.