alfatec
asked on
Cannot send mail from external sources
I am having a small problem with Postfix. Everything is now working fine and I think I just need to fine tune it a little bit. I can send and receive mail no problem on my internal network. I can send and receive mail using Squirrelmail from internal and external. I can receive mail externally but cannot send mail externally. It comes up with error 550 cannot relay. Any hints would be much appreciated.
ASKER
Hey Scorp, Nice to hear from you again. Yea just fine tuning the system now. Have got about 20 users trialing it out for me before the big chop over to 1200 users (no pressure then!!!). As I said everything works fine. Can send/receive when on internal network, can send/receive to external sources when on internal network. Can use webmail internally and externally (1 small weird thing is that the sent mails do not go into the sent folder after being sent). Only thing that is weird is when you use Outlook from external source you can receive but you cannot send. I think it might be a good idea if I set up my SMTP to be my own SMTP rather than my ISP's as at least then I will have total control over everything. Could you post setting up my SMTP server. That way I will feel alot more confident in controlling everything.
Hope things are well with you and thanks for helping out again.
Hope things are well with you and thanks for helping out again.
I agree with "scorp888". This must be a configuration on your ISP's server.They need to enable the relay option.When you give them a call, find out if they don't have a different SMTP server that will allow relaying...
ASKER
Spoke to my ISP, about as much use as a chocolate fireguard. Appreciate the setup instructions so that I use my own SMTP server.
Can I just confirm that you're using postfix for the outgoing mail, and telnet 25 to the mail server produces somethiling like.
SMTP blah postfix version ...
Also, can I confirm that your dns is all fixed, and you're not using sale.com ?
Otherwise setting up a "proper" smtp service is not going to work.
SMTP blah postfix version ...
Also, can I confirm that your dns is all fixed, and you're not using sale.com ?
Otherwise setting up a "proper" smtp service is not going to work.
ASKER
Yea I am using postfix for the outgoing mail. When I telnet the server on port 25 I get the following:
220 mail.salegrammar.co.uk ESMTP postfix
DNS now seems to work OK. Have been using the tools from DNS STUFF and it passes all the tests, so it seems OK.
220 mail.salegrammar.co.uk ESMTP postfix
DNS now seems to work OK. Have been using the tools from DNS STUFF and it passes all the tests, so it seems OK.
Ok, can I ask you to post your postfix conf file, xxx out any information you don't think should be public, for example the last octet of an ip address.
so 10.1.2.3 becomes 10.1.2.xxx
Then we can work through the conf and set you up.
so 10.1.2.3 becomes 10.1.2.xxx
Then we can work through the conf and set you up.
ASKER
Sorry for the delay, here is the postfix conf file:
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
mydomain_fallback = localhost
myhostname = mail.salegrammar.co.uk
mydomain = salegrammar.co.uk
myorigin = $mydomain
mailbox_transport = cyrus
enable_server_options = yes
luser_relay =
maps_rbl_domains = sbl-xbl.spanhaus.org
message_size_limit = 10240000
mydestination = $myhostname,localhost.$myd
smtpd_use_tls = no
smtpd_enforce_tls = no
smtpd_client_restrictions = reject_maps_rbl
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_option
smtpd_tls_loglevel = 0
smtpd_sasl_auth_enable = yes
smtpd_use_pw_server = yes
smtpd_recipient_restrictio
smtpd_pw_server_security_o
server_enabled = 1
relayhost =
smtpd_client_restrictions = reject_maps_rbl
always_bcc =
mynetworks = 127.0.0.1/32,10.xx.xx.xx/3
local_recipient_maps =
unknown_local_recipient_re
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
mydomain_fallback = localhost
myhostname = mail.salegrammar.co.uk
mydomain = salegrammar.co.uk
myorigin = $mydomain
mailbox_transport = cyrus
enable_server_options = yes
luser_relay =
maps_rbl_domains = sbl-xbl.spanhaus.org
message_size_limit = 10240000
mydestination = $myhostname,localhost.$myd
smtpd_use_tls = no
smtpd_enforce_tls = no
smtpd_client_restrictions = reject_maps_rbl
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_option
smtpd_tls_loglevel = 0
smtpd_sasl_auth_enable = yes
smtpd_use_pw_server = yes
smtpd_recipient_restrictio
smtpd_pw_server_security_o
server_enabled = 1
relayhost =
smtpd_client_restrictions = reject_maps_rbl
always_bcc =
mynetworks = 127.0.0.1/32,10.xx.xx.xx/3
local_recipient_maps =
unknown_local_recipient_re
550 is an authentication error. As you probably know, SMTP authentication is most commonly managed in two ways:
a) A list of permitted subnets
b) Username and password access
I don't think b) is enabled by default so it's likely to be that, by default, an SMTP server will only accept mail relaying request from machines on the same subnet until you customise it. It should be that simple.
As your mail server should be transmitting mail on the same subnet as your ISP I don't think it's got anything to do with them - it's an internal issue. So let's assume the email clients and your mail server are on different subnets. One way to diagnose the issue would be to set up a client on the same subnet as the mail server and try sending again. If it works, voila - all you'll need to do is add the clients' subnet to the authentication list (the documentation should give instructions on this - I don't know off-hand).
If it still doesn't work, some deeper digging will be required. But it's definitely authentication.
a) A list of permitted subnets
b) Username and password access
I don't think b) is enabled by default so it's likely to be that, by default, an SMTP server will only accept mail relaying request from machines on the same subnet until you customise it. It should be that simple.
As your mail server should be transmitting mail on the same subnet as your ISP I don't think it's got anything to do with them - it's an internal issue. So let's assume the email clients and your mail server are on different subnets. One way to diagnose the issue would be to set up a client on the same subnet as the mail server and try sending again. If it works, voila - all you'll need to do is add the clients' subnet to the authentication list (the documentation should give instructions on this - I don't know off-hand).
If it still doesn't work, some deeper digging will be required. But it's definitely authentication.
ASKER
OK sorted this out. Just needed to add the external IP ranges for users who were coming in externally.
Cheers for your help.
Cheers for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Which server is the 550 cannot relay coming from?
My bet is it's your ISP's server.
This normally means that they've not enabled you for smtp at all.
Fix - Simple phone call.
OR, that they have you registered for one domain and are sending on another.
Are you still using sale.com internally? or did you change over.
It also may be that if you are using your salegrammer.ac.uk (cant' remember exactly what it was) and that's not set up as being allowed.
So in summary, it sounds like you're doing simple forwarding of external mail, (rather than trying to be a "proper" mail server on your own)
so you need to talk to the isp who provides you with that upstream mail server.
Other than that, post back and I'll talk you through setting yourself up as a full mail server, although it's lots more hassle, and lots more maintenance.