Allow SMTP relaying..
In Snow Leopard and Lion, I could allow SMTP relaying from a specific IP address. Is there a way to do this in Mountain Lion?
I have a few copy machines that need this to allow scanning to email.
Thanks!
aaronfromlas vegas wrote:
For those that may have the same issue, go to the Terminal....
type the following...
sudo serveradmin settings mail:postfix:mynetworks:_array_index:0 = "127.0.0.0/8,X.X.X.X"
That's exactly what I was looking for!
Also of possible interest, if you are getting Helo command rejections, topicdesk has some information about setting your smtpd_helo_restrictions so that local and authenticated users are accepted while still rejecting badly formed outsiders:
http://topicdesk.com/faqs/os-x-server-mail-services-faq/188-helo-command-rejecte d
That page states:
OS X Server 10.8
Check your current helo restrictions with:
sudo postconf -c /Library/Server/Mail/Config/postfix/ smtpd_helo_restrictions
Your results will likely be:
smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
We'd like to allow local-lan and smtp-authenticated users to bypass the restriction, so we allow their access before the reject lines.
Issue this to fix:
sudo postconf -c /Library/Server/Mail/Config/postfix/ -e "smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname"
Then activate the change with:
sudo postfix reload
Similar Messages
-
Secure way for SMTP relay for DMZ server
Hi,
I would like to know if there is a secure way to allow SMTP relay from server in DMZ. This is our Exchange server configuration.
All Exchange server roles installed on a single server.
No Edge server.
Thanks in advance.Hello
if haven't got relay connector, need create one receive connector add only one dmz ip and if application can authentication use that authentication method, if cant use any auth method enable anoynous relay.
sorry my english -
Dear sirs,
how to solve the mail problem which occurs while I am abroad; bearing in mind that I use HOTSPOT and sometime it's sending emails sometime getting the below messages " SMTP Relay "Message rejected"The outgoing mail server is rejecting mail from your network address. Typically that happens when your mail service provider is also your ISP, and you connect to it from another network. The SMTP server will allow connections without a password from anywhere, but it will only relay mail from within the ISP's network. It could also be that your account on the server has expired or been suspended.
If you need to send mail from outside your ISP's network, use an independent mail service provider. I don't have a specific recommendation. -
How to configure my server GroupWise 8.2, OES2.3, not to allow sending internal e-mail without authentication? Today, any user can use the email domain to send an email with different names and without authentication.
Originally Posted by Rogerio Lopes Alves
How to configure my server GroupWise 8.2, OES2.3, not to allow sending internal e-mail without authentication? Today, any user can use the email domain to send an email with different names and without authentication.
Hi,
Do you mean they can do this by using the GroupWise Client? Or is the GWIA itself permitting relay for all servers?
If the last is the case here, you can disable relaying (which should be disabled by default) within the GWIA settings in ConsoleOne > TAB Access Control > SMTP Relay Settings
There you can also specify any exceptions that are needed.
-Willem -
GWIA SMTP relay restriction doesn't work
I am running GWIA on SLES 10 SP2 GW703HP4.
I have the GWIA SMTP Relay Defaults=Prevent message relaying. Exceptions with allow from 192.168.10.3 to * as the 192.168.10.3 is the alert mail server. When I tried to test the SMTP port to GWIA, I got restrict relay error. If I change Relay Default to "Allow message relaying", that is the only time that I can connect from 192.168.10.3 to send SMTP mail via GWIA.
I have tried to restarted GWIA everytime I make the change but can't get the exception to work?
Any suggestion?
Cheer
AndyI deleted the IP address and added the same entry back, then GWIA relay fine.
Might be I have bad eyes?? Thanks all for the inputs.
Andy
Originally Posted by buckesfeld
* andyj2009 wrote, On 05/20/2010 11:06 PM:
> Exceptions with allow from 192.168.10.3 to * as the 192.168.10.3 is the
> alert mail server.
Note there are two situations where you don't have to tinker with relaying exceptions at all:
- the alert mail server sends to internal addresses only
- the alert mail server can do SMTP authentication.
Uwe
Novell Knowledge Partner (NKP)
Please don't send me support related e-mail unless I ask you to do so. -
How to check Exchange smtp relay logs successed/failed
We have a quite a few servers in the company that allow to relay smtp through our current Exchange environment. Often time, the recipients did not get those messages that was send out from our SQLservers. We would like to get these logs from Exchange to see
why those messages were sent from SQLservers that did not go through. Is there a way to track those messages?Hi ThaiFL,
Any updates?
Frank Wang
TechNet Community Support -
10.3.9 - Mobile Users Authenticating for SMTP Relay.
I hope I get my thoughts together and this question comes out right.
I have a small shop, where most of my users are in-house. They're using Entourage clients, and my couple of PC folks are using Outlook 2003. From in-house, everyone works just fine. Relay filters are setup to allow people inside the network to send fine. I have 127.0.0.1/32 and 192.168.1.1/32 in the Mail/Settings/Filters/SMTP Relay settings.
However, I have a couple of mobile users, the Director being one of them, who want/need to send email when outside of the office, or from a mobile device, like their Treo.
What I'm running into is that my mobile users are having authentication issues when trying to send email while outside the office. Even when they indicate they need to authenticate SMTP from their client, I get different issues with different users.
The Director's Treo, using Versamail, recieves email normally via IMAP. However, when sending, even though she's set to ESMTP Authentication, I get a 502 error. Without ESMTP Authentication turned on, I get a relay error.
Mail/Settings/Advanced has LOGIN and Plain checked for SMTP Authentication, and IMAP has LOGIN, Plain and Clear checked, while POP has APOP and Clear slected.
I'm at a loss for how to proceed with correcting this issue to allow mobile users to authenticate reliably from where ever they are. Can someone provide me some straightforward guidence on how this should be correctly configured?
Thanks.
PowerBook G4 17 Mac OS X (10.4.9) 1.5G RAMThanks for the response.
I've seen the posts about adding alternate ports, but it doesn't seem to matter what the ISP source is, they get Relay denied messages and our mailer shows the denial traffic.
There are additional relay exceptions in this, but here is the postconf file you requested:
always_bcc =
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
inet_interfaces = all
luser_relay =
mail_owner = postfix
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains = sbl-xbl.spamhaus.org,bl.spamcop.net
messagesizelimit = 15728640
mydestination = $myhostname,localhost.$mydomain,kemperart.org
mydomain_fallback = localhost
myhostname = mail.kemperart.org
mynetworks = 127.0.0.1/32,192.168.200.99/32,192.168.200.1/32,rr.com,68.25.136.123/32
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdclientrestrictions = rejectmapsrbl
smtpdenforcetls = no
smtpdpw_server_securityoptions = plain,login,cram-md5
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdtls_certfile = /etc/postfix/server.pem
smtpdtlsloglevel = 0
smtpduse_pwserver = yes
smtpdusetls = no
unknownlocal_recipient_rejectcode = 450
Remember, be gentle, while I'm able to get around the Terminal Window, I am, by no means, an expert.
Thanks again!
PowerBook G4 17 Mac OS X (10.4.9) 1.5G RAM -
Ironport C170 Blocks Emails Being Sent From SMTP Relay
I have an issue with emails being sent out through our virtual SMTP Relay from a server on the DMZ. Any emails being sent to internal email accounts on our domain works fine. However the ones sent to external accounts are being rejected by the RAT. Here is a shot of the rejection message we are getting:
29 Oct 2013 10:09:58 (GMT -05:00)
Protocol SMTP interface Data 2 (IP xxx.xxx.xxx.xxx) on incoming connection (ICID xxxxxxx) from sender IP xxx.xxx.xxx.xxx. Reverse DNS host internal.domain.org verified yes.
29 Oct 2013 10:09:58 (GMT -05:00)
(ICID xxxxxxx) ACCEPT sender group UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 0.4
29 Oct 2013 10:09:58 (GMT -05:00)
Start message xxxxxx on incoming connection (ICID xxxxxxx).
29 Oct 2013 10:09:58 (GMT -05:00)
Message xxxxxx enqueued on incoming connection (ICID xxxxxxx) from [email protected]
29 Oct 2013 10:09:58 (GMT -05:00)
Message xxxxxx on incoming connection (ICID xxxxxxx) to [email protected] was rejected by Recipient Access Table (RAT).
29 Oct 2013 10:09:58 (GMT -05:00)
Message xxxxxx aborted: Receiving aborted by sender
I am new to the Ironport world so I am having a hard time figuring out how to allow for my SMTP relay to send emails to external email accounts. Thanks for any advice in advance!It looks like the message should be arriving via SENDERGROUP RELAYLIST instead of
ACCEPT sender group UNKNOWNLIST .
Navigate to GUI --> Mail Policies --> HAT Overview
Then click the RELAYLIST sendergroup
Add the IP address of your sending MTA to this group, submit and commit changes. -
I'm trying to send anonymous email to an outside email address from inside, with the Mailbox servers down. We are using cmdlets to relay to the Hub Transport server, but the error "Mailbox Unavailable" keeps coming back. I've tried multiple methods
of powershell SMTP email delivery, and the errors are virtually identical.
Does anyone have any methods to deliver anonymous email to a relay server while the Mailbox servers are down?
PS D:\#E2010-Management> #####Script1 - Set Password
$s = New-Object System.Security.SecureString
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "NT AUTHORITY\ANONYMOUS LOGON", $s
#####Script2 - Send Email
$From = "[email protected]"
$To = "[email protected]"
$SMTPServer = "SMTPSERVER.company.com"
$SMTPPort = "25"
$subject = "test"
$body = "n"
$smtp = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort);
$smtp.EnableSSL = $false
$smtp.Credentials = New-Object System.Net.NetworkCredential($credential.GetNetworkCredential().Username, $credential.GetNetworkCredential().Password)
$smtp.Send($From, $To, $subject, $body);
Exception calling "Send" with "4" argument(s): "Mailbox unavailable. The server response was: 5.7.1 Unable to relay"
At line:15 char:11
+ $smtp.Send <<<< ($From, $To, $subject, $body);
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodExceptionPS D:\#E2010-Management> $s = New-Object System.Security.SecureString
$creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "NT AUTHORITY\ANONYMOUS LOGON", $s
$creds.GetNetworkCredential()
$smtp.EnableSsl = $false
Send-MailMessage -to "[email protected]" -from "[email protected]" -subject "test" -SmtpServer "SMTPRELAY.company.com" -credential $creds
UserName Password Domain
ANONYMOUS LOGON NT AUTHORITY
Send-MailMessage : Mailbox unavailable. The server response was: 5.7.1 Unable to relay
At line:5 char:17
+ Send-MailMessage <<<< -to "[email protected]" -from "[email protected]" -subject "test" -SmtpServer "SMTPRELAY.company.com"
-credential $creds
+ CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpFailedRecipientException
+ FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessageHi Mr.Cross,
If you want to allow anonymous relay, you need to create a new Receive connector on the Hub Transport server and use the Shell to grant the relay permission to anonymous connections.
Here’s an article for your reference:
Allow Anonymous Relay on a Receive Connector
http://technet.microsoft.com/en-us/library/bb232021(v=exchg.141).aspx
Notes:
Allowing anonymous relay on a Receive connector is a security risk, especially on Internet-facing servers.
If you have any further questions, please do not hesitate to post back.
Best regards,
Eric -
Revert my allowing smtp sasl for external site
Our version is 6.3
Previously we've set the smtp relaying from outside if they could authenticate
the tcp_auth channel was set as follows:
tcp_auth smtp mx single_sys mustsaslserver missingrecipientpolicy 4
and the tcp_local like this:
tcp_local smtp mx single_sys remotehost inner switchchannel identnonenumeric sub
dirs 20 maxjobs 7 pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel
tcp_auth missingrecipientpolicy 0 loopcheck
Now we want to disable smtp connection from outside (to prevent mail relaying cos someone might
guess the password of some users) even with authentication
I tried to change the tcp_auth
to look like this
tcp_auth smtp mx single_sys nosasl nosaslserver missingrecipientpolicy 4
But this didn't work for me ( I tried from outside site to send mail using smtp authentication
and still I was allowed)
Could someone enlighten me on how to take off smtp auth altogether
(I could even take off for internal site as well)
Thanks in advanceYou don't really want to "disable smtp connection from outside", do you? That would mean not receiving any mail from outside.
If you just want to disable SMTP authentication from the outside, then remove "maysaslserver" and "saslswitchchannel tcp_auth" from the tcp_local channel. Those are how SMTP connections coming from outside are allowed to authenticate and then switched to be coming from the tcp_auth channel instead of tcp_local.
You probably have the same issue with the tcp_submit channel, which would normally be messages coming in on port 587. But removing those from the tcp_submit channel would also mean your local users cannot authenticate. Alternatively, you could use your firewall to block connections to port 587 from outside or accomplish similar with the PORT_ACCESS mapping table.
But I really question the wisdom of this whole line of thought. SMTP authentication is a good thing. It improves your overall security. Of course if users have easily guessable passwords, that is a password policy issue. -
Our company recently moved to Office 365 which mean our on premise exchange server went away as well with the move. I am trying to configure my new sql server (OS-Windows Server 2012 R2, DBMS- SQL 2014 Std Edtion). After some searching I found
this article (http://blogs.technet.com/b/meamcs/archive/2013/02/25/how-to-configure-sql-database-mail-so-send-emails-using-office-365-exchange-online-a-walkthrough.aspx) and have followed these steps exactly, but to no avail. I did some further research
on the SMTP relay I setup and found a way to test it (listed here http://technet.microsoft.com/en-us/library/dn592151(v=exchg.150).aspx at the bottom of the article). If I drop the email.txt file in the pickup folder, it gets sent out no problem.
I have configured my db email exactly as describe here(http://blogs.technet.com/b/meamcs/archive/2013/02/25/how-to-configure-sql-database-mail-so-send-emails-using-office-365-exchange-online-a-walkthrough.aspx). But keep getting an unable to connect
to SMTP server error. I have even tried completely shutting down firewall to see if that is the issue and multiple restarts. Any ideas how to get this to work on Office 365?
DB Mail error log:
Date 6/10/2014 10:28:41 PM
Log Database Mail (Database Mail Log)
Log ID 46
Process ID 2196
Mail Item ID 19
Last Modified 6/10/2014 10:28:41 PM
Last Modified By xx
Message
The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 2 (2014-06-10T22:28:41). Exception Message: Cannot send mails to mail server. (Failure sending mail.).Hi,
I followed this blog and got the below error message in the Database Mail Log.
“The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 2 (2014-06-11T19:34:00). Exception Message: Cannot send mails to mail server. (Mailbox unavailable. The server response was: 5.7.1 Unable to relay
for [email protected]).”
If you are getting the same error message, you can try the below steps to resolve the issue.
1. Open the IIS 6.0 management console. Right click on the SMTP server and open the properties window.
2. Click on the Access tab, click Relay button under Relay restrictions. loopback IP address (i.e 127.0.0.1).
Then the email should be sent out from Database Mail without problem.
Thanks.
Tracy Cai
TechNet Community Support -
How to use multiple mail sending address in SMTP relay for exchange online
We have one SMTP relay configured with [email protected] credentials. one oracle application automatically shoots mail to users using this [email protected] to users. So if recipient reply on auto-generated mail it goes to mailbox of [email protected] (so that application
team see and reply to any query raised by recipient).
Now my requirement is, I want to notify users about their password expiry before 10 days (something like that) I have made the script and tested it in lab. But the main requirement is I want to use [email protected] mail ID for sending mail. And if any recipient
reply on the auto-generated mail it goes to [email protected] mailbox (which is managed by different team).
So the query How can I use two different mailbox enabled IDs for sending mails on a single SMTP Relay server
Thanks
Pankaj SharmaThanks Ed and Mavis for the reply and suggestion, but here scenario is different.
We have one SMTP relay configured with [email protected] credentials. one oracle application automatically shoots mail to users using this [email protected] to users. So if recipient reply on auto-generated mail it goes to mailbox of [email protected] (so that
application team see and reply to any query raised by recipient).
Now my requirement is, I want to notify users about their password expiry before 10 days (something like that) I have made the script and tested it in lab. But the main requirement is I want to use [email protected] mail ID for sending mail. And if any recipient
reply on the auto-generated mail it goes to [email protected] mailbox (which is managed by different team).
So the query is can I use two different mailbox enabled IDs on a single SMTP Relay, If yes then how..
Thanks
Pankaj -
Hi,
How do I set up an account to receive email from my SMTP Relay Server?
I've setup the SMTP feature and set my Server to use anonymous authentication.
Things appear to look ok.
But I can't connect make a test connection to it when I am trying to add an email account in Outlook.
I could be doing something wrong here.
This is my process.
1. I have setup my SMTP Server.
2. Created a user account in AD and given it an email address.
3. Opened Outlook and tried to manually add a POP3 account by specifying the incoming and outgoing Server details.
But when I go to test the connection on the email setup it keeps failing.
Please help.
ThanksHi Midi25,
As Florent suggested, please use Telnet to test SMTP Communication. For more details, please refer to following articles.
How to Use Telnet to Test SMTP Communication
XFOR: Telnet to Port 25 to Test SMTP Communication
In addition, please also refer to following article and check if can help you.
How to Configure a Windows Server 2003 Server as a Relay Server or Smart Host
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Have to add 0.0.0.0/0 to "Accept SMTP relays only from these"?
To reach the server via vpn I had to add a virtual IP (192.168.1.1) to the ethernet port. Since then mail acts a bit strange: I have to add 0.0.0.0/0 to "Accept SMTP relays only from these" in SA. Otherwise i get a "[/var/imap/socket/lmtp]: Connection refused" in the smtp log and the server does not accept any delivery of mails from the internets.
I'm not quite sure if it's a good idea. Can anyone please tell if this is still a security risk (while having access restrictions on the mail service)?After a few telnet tests I can answer my own question: It makes an open relay server to spammers! But to solve the former issue with the connection refuse, I had to switch to virtual hosting in the advanced tab of the mail service and add my own domains.
-
Hello world...
I hope someone has an answer to this - i have gone through the CUE CLI documentation looking to config it up as an SMTP relay, and this idea does not seem like it will work.
System is UC540 on 8.6.5
I have a PRI with a DID block for the client - they want individual fax numbers for each person. That part is easy enough. They do NOT want to store it in their vociemail box. They just want it sent to their email inbox. They do not want to use the "listen" mode where fax and voice comes in on the same DID because the delay for the customer calling in is too great in their opinion. This is fine. I get it.
However I am having a dickens of a time using the CUE to send the emails based upon the DID to the user mailbox. I am talking about configuring a separate ephone-dn and an account on the CUE for the fax email user. when i go this route, The sending fax machine just hangs and never successfully transmits.
IF, however, I set the "mta send server" to my test-bench smtp relay by IP address, it all works. Fax as email attachment comes through like greased lightning.
I try to do it via the extension and have CUE submit it out, things just hang.
IS THERE A WAY to configure the CUE to act as a simple SMTP relay for all things internal?
This is the config that works for me:
mta send server 192.168.110.25 port 25 <IP addess of my bench smtp server>
mta send server 10.10.10.1 port 25
mta send with-subject both
mta send mail-from hostname LAB-UC540.lab.org
mta send mail-from username $s$
mta receive aliases 10.10.10.2
mta receive maximum-recipients 7
For the MMOIP, I have:
dial-peer voice 3020 pots
translation-profile incoming Lab_Fax_T37_Called_26
service onramp
incoming called-number 4627
direct-inward-dial
port 0/2/0:23
dial-peer voice 1801 mmoip
service fax_on_vfc_onramp_app out-bound
destination-pattern 4627
information-type fax
session target mailto:[email protected]
The above works remarkably well
This (generic CCA config) is broken:
dial-peer voice 3020 pots
translation-profile incoming Lab_Fax_T37_Called_26
service onramp
incoming called-number 4627
direct-inward-dial
port 0/2/0:23
dial-peer voice 1800 mmoip
description ** fax onramp for outbound faxmail to CUE **
service fax_on_vfc_onramp_app out-bound
destination-pattern ^....$
information-type fax
session target mailto:[email protected]
fax receive called-subscriber $d$
fax interface-type fax-mail
mta send server 10.10.10.1 port 25
mta send with-subject both
mta send mail-from hostname 10.10.10.2
mta send mail-from username $s$
mta receive aliases 10.10.10.2
mta receive maximum-recipients 7
Any suggestions? Or do I build a small internal LAN smtp relay server?Hello,
The CUE is used with the script for t37 - there are two approaches with fax to email.
One is using the CUE and the other is not using CUE just to add the right information.
For more information:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/unity_exp/rel3_1/administration/guide/voicemail/fxgatewy.html
https://supportforums.cisco.com/docs/DOC-9718
HTH,
Alex
Maybe you are looking for
-
Everything else is working fine since I've updated the phone to the new iOS7, but when I am texting or emailing, or even putting in my passcode, the reaction on the screen is very slow, and I have to wait a few seconds between each word. Is there an
-
Hi All, I hit a road block on providing a solution where the outside vendors could carry out the redlining and markups on a PDF document published on the portal. DMS is used as the back end and I need to export back the markups files along with the o
-
Lightroom 4.1 will not load
I am loading Lightroom 4.1 on a 64 bit Windows 7 Ultimate machine that is running Lightroom 4.0 just fine. I get an error message indicating that the installer is looking for a file called Adobe_Lightroom_x64.msi in this folder: C:\Users\Adminsistrat
-
50% discount for all Pro using FCP Studio/Sever!
I am a FCP Studio Pro user since version 1.0. I am have buy/download from the APP Store the new FCP X due to the numerous BAD ratings and publicity. I urge Apple to allow all FCP Studio/Server Pro users to buy FCP X at 50% discount in order to encou
-
Avalibility of services real-time
Hi participants in this forum I have a question regarding services scenario suppose I am a company selling furnitures and doing the assembly as a service so i want that the customer when orders some item they should select the kind of service (eg ass