550 relay not permitted error is killing me

Hello, I have a problem that I've been battling with in the last 2 days.

I have setup 3 mail servers. The main one is potazo.com and it has a mail software installed that sends messages to the world through the other two servers which are relays (installed on different hosts).

My main issue is that even though messages sometimes are getting through the relays, each time I'm doing a test on potazo I get these kind of errors in the exim main.log files of the relay servers.

2018-08-27 12:43:07 1fuGrL-0008Ah-MD DKIM: d=svr.potazo.com s=mail c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - public key record (currently?) unavailable]
2018-08-27 12:43:07 1fuGrL-0008Ah-MD <= root@svr.potazo.com H=(svr.potazo.com) [173.212.238.21] P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no K S=1927 id=E1fuGrG-0006TW-2R@svr.potazo.com

2018-08-27 12:43:13 1fuGrL-0008Ah-MD [173.212.238.21] SSL verify error: depth=0 error=self signed certificate cert=/C=US/ST=California/L=San Francisco/O=Vesta Control Panel/OU=IT/CN=svr.potazo.com/emailAddress=contact@potazo.com
2018-08-27 12:43:13 1fuGrL-0008Ah-MD [173.212.238.21] SSL verify error: certificate name mismatch: DN="/C=US/ST=California/L=San Francisco/O=Vesta Control Panel/OU=IT/CN=svr.potazo.com/emailAddress=contact@potazo.com" H="173.212.238.21"
2018-08-27 12:43:13 1fuGrL-0008Ah-MD ** contact@potazo.com R=smarthost T=remote_smtp H=173.212.238.21 [173.212.238.21] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no: SMTP error from remote mail server after RCPT TO:<contact@potazo.com>: 550 relay not permitted
2018-08-27 12:43:13 1fuGrR-0008Al-Kk <= <> R=1fuGrL-0008Ah-MD U=exim P=local S=3330

2018-08-27 12:43:13 1fuGrL-0008Ah-MD Completed
2018-08-27 12:43:19 1fuGrR-0008Al-Kk [173.212.238.21] SSL verify error: depth=0 error=self signed certificate cert=/C=US/ST=California/L=San Francisco/O=Vesta Control Panel/OU=IT/CN=svr.potazo.com/emailAddress=contact@potazo.com
2018-08-27 12:43:19 1fuGrR-0008Al-Kk [173.212.238.21] SSL verify error: certificate name mismatch: DN="/C=US/ST=California/L=San Francisco/O=Vesta Control Panel/OU=IT/CN=svr.potazo.com/emailAddress=contact@potazo.com" H="173.212.238.21"
2018-08-27 12:43:19 1fuGrR-0008Al-Kk => root@svr.potazo.com R=smarthost T=remote_smtp H=173.212.238.21 [173.212.238.21] X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no K C="250- 4069 byte chunk, total 4069\\n250 OK id=1fuGrX-0006To-OZ"
2018-08-27 12:43:19 1fuGrR-0008Al-Kk Completed

The biggest problem is with this error: SMTP error from remote mail server after RCPT TO:<contact@potazo.com>: 550 relay not permitted

From what I've read it is about SMTP Authentification done wrong and looks like I need to proper configure the exim.conf file but I'm not sure which exim file to edit. The one from the main mail server (potazo)  or the ones from the relay servers.

I went inside the exim.conf for the main server (potazo) and tried to change stuff there but for sure I'm missing something

hostlist relay_from_hosts = 127.0.0.1 : X.X.X.X : x.x.x.x (the IPs of the two relay servers)

--------

smarthost:
  driver = manualroute
  domains = ! +local_domains
  transport = remote_smtp
  route_list = * X.X.X.X : x.x.x.x (the IPs of the two relay servers)
  no_more
  no_verify

Am I doing this wrong?  In fact, is this the direction I need to go in order to fix that 500 relay error?

And regarding the SSL error, is it crucial or can I live with it?

Any advice is much appreciated

Thanks a lot!
Florea RaduAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

spmtCommented:
Hello,

you need configure this under  dc_relay_nets  the IP address of the machine you want to relay from. if you look man page

dc_relay_nets
A list of machines for which we serve as smarthost. Please note that 127.0.0.1 and ::1 are always permitted to relay since /usr/lib/sendmail is available anyway and relay control doesn’t make sense here. Sets macro MAIN_RELAY_NETS.


Thanks and Regards,
0
Florea RaduAuthor Commented:
Hi, thanks for your reply.

I cant find dc_relay_nets in my exim.conf file. Should it be there or in some other place?

I'm running Centos 6
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Sigh... CentOS 6... Shudder...

If possible, start with Ubuntu Bionic, else you're going to spend hours mucking about with the complexities of how CentOS manages EXIM config files. Ubuntu... is self explanatory... You look at /etc/exim4 + know instantly how EXIM is configured.

Find your EXIM config files + decode how they work. If you get stumped, install inotify-tools + camp on file changes... as in...

# one window
inotifywait -mrq /etc | grep exim

# another window
service exim4 restart

Open in new window


This will show you the exact order EXIM config files are accessed.

Note: This may or may not be helpful, because CentOS likely didn't generate (IMHO) a complete/correct/useful set of config files.

For example, in Ubuntu you can easily find most config variables, because most are setup with defaults, so they're easy to find...

# find /etc/exim4 -type f -exec egrep -il dc_relay_nets {} \;
/etc/exim4/update-exim4.conf.conf

Open in new window


You can find anything like dc_relay_nets this way... in Ubuntu... With CentOS your mileage will vary...

I think the variable you're really trying to effect is this...

dc_other_hostnames='yourdomain.com;mail.yourdomain.com,etc...,etc...,etc...'

Open in new window


Be sure you do a hard reset on exim4 after you make changes. As I recall CentOS 6 fails to correctly reread config files if you do a soft reset.

So...

# This may or may not work
service exim4 reload

# This guaranteed to reread your config files.
service exim4 restart

Open in new window

0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Florea RaduAuthor Commented:
Hello David,

Thanks for your input.

I will try to follow your advice but until I figure that out I still have this question:

On what server do I need to change the exim config in order to correctly authenticate the message send out?

Is it on the main mail server, which is linked to multiple relay servers or on each of the relay servers in part?

I know this might be a noob question but so far I don't have a clear image of what goes where in this situation.
0
spmtCommented:
hello,

for centos try this :

https://www.ndchost.com/wiki/mail/cpanel-smart-host


Thanks and Regards,
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Florea RaduAuthor Commented:
Thanks for the help guys!

My issue has gone now
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.