[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 264
  • Last Modified:

Mailbox unkown or not accepting mail.

Hi,

Currently I am having a difficult time receiving inbound email.  Currently, the environment that I am conducting mail tests looks as follow....

Server1(mail server) --> Server2(SMTP Antivirus Gateway server) --> Server3(mail server)

All of the server are currently under the same domain.  When I send an email from Server1 to Server3, it would work fine...But when I send an email from Server3 to Server1, Server1 would not receive the email and Server3 would get a email from the SMTP server(Server2) states as follows...

                         Mailbox unkown or not accepting mail.  

In the "detail.txt" file that is attached to the error email, it would read as follows.  

                         Cannot route mail to user

I have tried to reply back on the email that was sent from Server1 on the Server3, but it would still give me this error email.  Please point me to the right direction to correct this issue.

Thank you.
0
gsalcedo
Asked:
gsalcedo
  • 5
  • 5
1 Solution
 
PsiCopCommented:
Sounds like Server 2 has not been told to act as a relay for Server 1's mail.

When Server 2 gets an E-Mail destined for Server 3, something in its config is telling it "You're not Server 3, so if you get an E-Mail addressed to user@server3, send it to <here>" where "<here>" is Server 3.

The same sort of thing needs to be done, on Server 2, for mail destined to Server 1. Exactly how to do that depends on the software (the "SMTP Antivirus Gateway server") running on Server 2.
0
 
gsalcedoAuthor Commented:
Hi PsiCop,

All of the servers are under the same domain.  On server2 (SMTP Server), I only indicated the domain name.  Since I have just indicated the domain name, the emails from Server1 are able to reach through Server2 and reach its destination on Server3...but it can not do it the other way, which is from Server3 through Server2 and then to Server1.  Although I did not enter the FQDN of Server3 in the relay, do I have to indicate the FQDN of Server1?
0
 
PsiCopCommented:
I have no idea what your relay's software is or how it needs to be configured. What EXACTLY are you using on Server 2?
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
gsalcedoAuthor Commented:
I am using the Symantec Mail Security for SMTP
0
 
rugdogCommented:
in a multi SMTP server scenario, you need:

1) an MX DNS entry for every server name, and all emails directed to each machine will have to be addressed @server.domain.com
  and/or
2) a "smart host" or a relay, where the rest of the mail servers send mail to by default. this smart host will do the routing.

so in your scenario, I guess you need option 2. So, you need to tell server1 and server3 that the smart host is server2, now server 2 must know how to route to the other two servers, by means of aliases, virtusertable or whatever mechanisms Symantec Mail Security has.
0
 
PsiCopCommented:
Yep. You need some way to tell Server 2 how to route E-Mail between the two other servers. Hopefully, Symantec (you still haven't bothered to state the VERSION of Symantec's product, or what the operating platform is) offers you some way to do this.
0
 
gsalcedoAuthor Commented:
Hi rugdog and PsiCop,

The version of Symantec Mail Security for SMTP that I am using is 4.0.4.64.  I had to disable the sendmail daemon that came with Solaris.  So, any of the sendmail tasks are configured on the Symantec application.  By doing this, the Symantec's installation/implementation guide mentioned that it will eliminate problems with port 25.  

Please correct me if I am wrong with my interpretation of "routing" and "relay domains" on an SMTP server configuration.  

   -  Routing: I interpret routing as any domain name or FQDN that are indicated in this section will assist the SMTP server to    
                   route any emails to the domain or mail server that are coming inbound from the outside world.

  -  Relay Domains: I interpret relay domains as a section that indicate domains that are allowed to send emails to this domain.  In
     another words, lets say that the SMTP server is in the adc.com domain.  In the relay-domains file, it indicates def.com, ghi.com,
     and jkl.com domains.  Only the three domains (def.com, ghi.com, and jkl.com) are allowed to send email to this server.  If a
     mail is being sent from the xyz.com domain, the mail will not be able to enter the abc.com domain because xyz.com domain is
     not indicated in the relay-domains file.

Would I be correct with this interpretation of routing and relay-domains?  

If a mail server within a SMTP server within the abc.com domain is trying to send an email to the outside world, such as the xyz.com domain, do I need to indicate the xyz.com domain anywhere in the SMTP server configuration?

Since all mail traffic are going through the SMTP server, do I need to indicate anything in the routing or relay-domains files?

Thank you in advance for your help.

0
 
PsiCopCommented:
Hmmmm.....OK, you disabled sendmail. And I suspect (but I do not know) that the Symantec product does not offer the granularity of control that you would need to *selectively* route E-Mail between these Servers 1 and 3. I *suspect* that Symantec's product is a"dumb" relay, in that it takes in an E-mail and once it is done with it, it can only relay it to one destination.

I think you need to get sendmail back into the picture, because it will (using virtual user tables, aliases, etc.) afford you much more granular routing control.

I'd look at either adding another NIC to the Solaris machine, or binding another IP address to the existing NIC, so you have IP addresses A and B. I'd then configure Symantec to *only* is IP A, and re-activate sendmail, configured to *only* use IP B.

I would continue to point my inbound E-Mail to IP A, where Symantec would scan it. Symantec would then be configured to use IP B (still on Server 2) as the next "hop" in the relay. sendmail would be sitting there on IP B, and would have the necessary aliases/virtusertable/access/whatever needed for it to route a given E-Mail to either Server 1 or Server 3.

Servers 1 and 3 would be configured to use Server 2/IP B as their "smart" E-Mail relays, and that way sendmail gets their messages and routes them appropriately. This cuts Symantec out of the look in the *internal* E-Mail traffic (between 1 and 3) while still leaving it scanning inbound from the Internet (and depending on how you set up sendmail on Server 2, Symantec could still scan outbound E-Mail).

The only other choice I see is to split Symantec off to its own physical server. But you need the fine-grained control that sendmail will afford you.
0
 
gsalcedoAuthor Commented:
Hi PsiCop,

The Symantec Mail Security for SMTP does offer routing and relay-domains features.  
0
 
PsiCopCommented:
Then the answer is probably to configure that. I've not really used the Symantec product, so I can't get more specific.
0
 
gsalcedoAuthor Commented:
Hi PsiCop,

I do know that I do have to configure the routing and relay-domains, but I was wondering if my interpretation of them are correct..

Please correct me if I am wrong with my interpretation of "routing" and "relay domains" on an SMTP server configuration.  

   -  Routing: I interpret routing as any domain name or FQDN that are indicated in this section will assist the SMTP server to    
                   route any emails to the domain or mail server that are coming inbound from the outside world.

  -  Relay Domains: I interpret relay domains as a section that indicate domains that are allowed to send emails to this domain.  In
     another words, lets say that the SMTP server is in the adc.com domain.  In the relay-domains file, it indicates def.com, ghi.com,
     and jkl.com domains.  Only the three domains (def.com, ghi.com, and jkl.com) are allowed to send email to this server.  If a
     mail is being sent from the xyz.com domain, the mail will not be able to enter the abc.com domain because xyz.com domain is
     not indicated in the relay-domains file.

Would I be correct with this interpretation of routing and relay-domains?  

If a mail server within a SMTP server within the abc.com domain is trying to send an email to the outside world, such as the xyz.com domain, do I need to indicate the xyz.com domain anywhere in the SMTP server configuration?

Since all mail traffic are going through the SMTP server, do I need to indicate anything in the routing or relay-domains files of the mail servers?
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now