MTA Routing

I would like an email to go through the following route to get to remote mail server. I am running comms suite 5.
1. Outlook Express -> internal MTA -> either one of the mail relay (ext-MTA1 and ext-MTA2)
2. Webmail -> LMTP -> mail store -> either one of the mail relay (ext-MTA1 and ext-MTA2)
I have setup the MX records in my local DNS server to load balance between ext-MTA1 and ext-MTA2. However, in both cases the email is rejected on the first MTA it goes through. The email never reaches the mail relays.
Errors
1. 03-Jul-2007 14:59:04.75 tcp_local J 0 xxx@domain rfc822; yyy@internet-domain 550 5.7.1 Relaying not allowed: yyy@internet-domain
Which MTA does it attempt to relay the message? Nothing is written in the log.
2. The mail store is the first MTA in this case. A Delivery Notification: Delivery has failed is sent shortly after the mail is sent with the reason: Illegal host/domain name found.
I am in a simulated environment using a switch with VLANs. There is no link to the Internet yet. I plan to get the mail routing correct before attempting to connect to the Internet. The correct behaviour in both cases should be either ext-MTA1 or ext-MTA2 bounces back the message and NOT the first MTA.
Please correct me if I am wrong.
null

Hi,
Webmail talks SMTP, not LMTP. It is better to justconsider webmail to be 'just another email client'
and thus use the same delivery path as (1) - there
are configutil options to specify the outgoing smtp
host (and port) for webmail. Ideally the stores
shouldn't even have SMTP enabled, send all the emails
via the internal MTA servers, which then send them
onto the stores.
Can you provide me the configutil options to specify
the outgoing smtp host for the webmail? Is the local
SMTP the default as it seems to do exactly what you
have described?service.http.smtphost & service.http.smtpport
This way you reduce your troubleshooting paths --none of this 'oh email is kinda broken' stuff
(because outlook can send but webmail can't or vice
versa). Also you get to expand all lists in the
internal MTA and reduce the number of systems to
check for delivered email etc. Plus you only use LMTP
delivery thus reducing load on the back-end servers.
Do you mean I do not need to configure MTA, just the
message store during initial runtime configuration?
How does the internal MTA deliver email to the
message store? Are you saying that LMTP work without
configuring the MTA?No thats not what I mean. The message store system needs an MTA - the store just stores the emails, the MTA is needed to deliver emails into the store. Email can be injected via either the LMTP daemon or the ims-ms (SMTP) daemon.
The traditional mail-server layout looks like this:
(internally destined emails e.g. [email protected])
Email client -> SMTP -> system 1 (internal MTA) -> LMTP -> system 2 (mail-store)
(externally destined emails e.g. [email protected])
Email client -> SMTP -> system 1 (internal MTA) -> system 3/4 ('external' MTAs) -> gmail or whatever non-organizational server
The internal MTA is a completely different install. Your original descriptions didn't make it clear whether 'internal MTA' was just the MTA associated with the mail-store or whether it was an 'internal MTA' within your organisation.
Here is a summary of the current observation. As you
may have noticed, the recipient is addressed outside
the local network. I create a zone in the local DNS
so that it won't give me the invalid host/domain
error.
All mails (webmail + outlook express) with invalid
host/domain seem to be going through the internal MTA
which then talks LMTP with the message store. The MTA
for the message store is active. However I do not
know if it is used at all. After switching to LMTP,
the system seems to be smart enough to favor LMTP.
After the mail reaches the message store, it simply
bounces back stating delivery failure. Is it normal?I think you have a fundamental knowledge gap with regards to how email routing and non-delivery notifications work. By operating in an environment which sounds like it doesn't have a workable DNS configuration is only making life even more difficult.
The email is most likely bouncing back because it can't be delivered, the MTA does an MX record for the invalid domain, can't resolve it, creates a bounce email and sends it back to the sender. You need to read the information in the bounce email very carefully - it should explain why you have the bounce email.
Mails with valid host/domain configured in the local
DNS is queued on the tcp_local channel of the
internal MTA.
Here are my questions:
1. I am very new to DNS. How do I configure the
internal MTA to relay the mail to external MTAs using
DNS MX records? The message store MTA seems to
deliver the email directly to the Internet. I do not
want this behavior.I already answered this. You add the 'daemon <external MTA MX address'> to the channel which handles 'external' emails, i.e. the tcp_local channel.
2. For external mail access, do you recommend
installing an external MTA local to webmail or just
use an external MTA on another host?This depends on how big your email load is, whether you want room for growth, whether you want to isolate of email routing vs. email storage and any number of factors.
Regards,
Shane.

Similar Messages

  • Cant route the emails from MTA to ironport to SMTP server

    Hi, I have a problem of routing the emails from MTA (Sun Java Msg Server 6.2) to the ironport.
    I have change the tcp_local under the file imta.cnf and did the following commands: imsimta cnbuild and cnbuild restart.
    Is there any other files which i need to change?
    I was able to ping the ironport and telnet the ironport via port 25.
    Thanks for the help.

    Hi shane,
    Thanks for the response.
    Yeah, this is for the outgoing mails.
    The clients want to collect some statistics before the mails are sent out, therefore the mail path is as follow:
    outgoing MTA -> ironport -> smtp server
    I only add the line in tcp_local under the imta.cnf:
    tcp_local smtp mx wrapsmtplonglines single_sys remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_
    POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 daemon <ironport hostname>
    and then did a ./imsimta cnbuild and ./imsimta restart
    but the emails doesnt seem to go through, did i miss out anything?
    Thanks for your help
    With Regards
    Edwin

  • Routing mail TO specific address to another MTA

    I don't think we can have specific email addresses in the rewrite rules pattern matching. So, how would I route mail to [email protected] to a different MTA and continue to keep the existing routing for "lists.example.com" domain?
    Thanks

    Is lists.example.com a domain you host or an outside domain?
    If you host the domain, then setting the mailHost attribute on the object which defined [email protected] will do what you want. Or you could use the mailForwardingAddress attribute. Or the mailRoutingAddress attribute.
    http://wikis.sun.com/display/CommSuite/Messaging+Server+and+Calendar+Server+LDAP+Object+Classes+and+Attributes#MessagingServerandCalendarServerLDAPObjectClassesandAttributes-ANOHL

  • Routing mail to another MTA via LDAP configuration?

    Hi,
    I am configuring JES Messaging (2004Q2) with multi-domain support, using schema 1.
    I have understood how the DC Tree (o=internet) works in order to support hosted domains and their aliases.
    Now I need to support also mail forwarding to another server for a specific domain which is not hosted within my JES instance.
    Example:
    - mydomain.com - and -
    - customer1.net
    are local to my JES (their users all present in the User DS), while
    - associatedpartner.biz
    has his own mail server. Since we are their MX I need to re-route all incoming mail directed to associatedpartner.biz to their server, without checking locally if the destination user exists, etc etc
    Is there a way to implement this via the o=internet DC tree?
    I have set mailRoutingHosts and mailRoutingSmartHost to their server in dc=associatedpartner,dc=biz,o=internet, but JES sends messages to the MX record and not to their server.
    I have also set ROUTE_TO_ROUTING_HOST=1 in option.dat .
    Any help will be greatly appreciated. Especially if the solution does not require a restart of JES Messaging.
    Paolo

    This has worked for most other users. .. .
    Adding a Smart Routing Host for a Domain
    A smart routing host or smart host is an MTA host that is considered to be the authoritative source of routing information for all users in a domain. If a local MTA does not find a user in its local directory, it will forward the message to the smart host. Specify a smart host by adding the fully qualified host name of the routing host to the mailRoutingSmartHost attribute of the domain entry. The following LDIF record sets smarthost1.siroe.com as the routing host for domain sesta.com.
    Code Example 2-12 Modify Statement for Adding a Smart Routing Host
    dn: dc=sesta, dc=com, o=internet
    changetype: modify
    add: mailRoutingSmartHost
    mailRoutingSmartHost: smarthost1.siroe.com
    Code Example 2-13 LDIF Record for Hosted Domain with Smart Routing Host
    dn: dc=sesta,dc=com,o=internet
    objectClass: domain
    objectClass: inetDomain
    objectClass: mailDomain
    description: DC node for sesta.com hosted domain
    dc: sesta
    inetDomainBaseDN: o=sesta.com,o=isp
    inetDomainStatus: active
    mailDomainStatus: active
    mailDomainAllowedServiceAccess: +imap, pop3, http:*
    mailRoutingHosts: manatee.sesta.com
    preferredMailHost: manatee.sesta.com
    mailDomainDiskQuota: 100000000
    mailDomainMsgQuota: -1
    mailClientAttachmentQuota: 5
    mailRoutingSmartHost: smarthost1.siroe.com
    Adding a New Routing Host for a Domain
    A routing host is the MTA host that is permitted route mail for addresses in a domain and its sub-domains. A missing mailRoutingHosts attribute in a domain record means all MTAs with access to the directory in the system are permitted to route mail for that domain. The example LDIF record below shows how to designate one or more specific MTAs as responsible for mail routing for the domain.
    Code Example 2-14 Modify Statement for Adding Routing Hosts
    dn: dc=sesta, dc=com, o=internet
    changetype: modify
    add: mailRoutingHosts
    mailRoutingHosts: sestarouter1.siroe.com
    mailRoutingHosts: sestarouter2.siroe.com
    Code Example 2-15 LDIF Record for Hosted Domain with Routing Host
    dn: dc=sesta,dc=com,o=internet
    objectClass: domain
    objectClass: inetDomain
    objectClass: mailDomain
    description: DC node for sesta.com hosted domain
    dc: sesta
    inetDomainBaseDN: o=sesta.com,o=isp
    inetDomainStatus: active
    mailDomainStatus: active
    mailDomainAllowedServiceAccess: +imap, pop3, http:*
    mailRoutingHosts: manatee.sesta.com
    mailRoutingHosts: sestarouter1.siroe.com
    mailRoutingHosts: sestarouter2.siroe.com
    preferredMailHost: manatee.sesta.com
    mailDomainDiskQuota: 100000000
    mailDomainMsgQuota: -1
    mailClientAttachmentQuota: 5

  • MTA Crashes for no apparent reason

    Running GW 7.0.2HP on SLES10SP2 OES2. GroupWise has been running fine since I put on the HP, so I haven't obviously bothered with it for quite awhile (if it's not broke, don't fix it), but now the MTA crashes for no apparent reason throughout the day. I reload it, and it runs fine for a couple of hours then crashes again. I changed the logs to verbose, but so far nothing seems to make sense. Below are a couple of entries from the previous logs. Any help will be appreciated.
    Thanks,
    Hogan
    .....Entries in the log before the crash
    09:03:42 472 RTR: FAE1_Domain: 000c38f3.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f3.3W4 (4 kb)
    09:03:42 616 RTR: FAE1_Domain: 000c38f4.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f4.3W4 (4 kb)
    09:03:42 856 RTR: FAE1_Domain: 000c38f6.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f6.3W4 (4 kb)
    09:03:42 616 RTR: FAE1_Domain: 000c38f7.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f7.3W4 (4 kb)
    09:03:42 856 RTR: FAE1_Domain: 000c38f8.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f8.3W4 (4 kb)
    09:03:42 848 RTR: FAE1_Domain: 000c38f9.XK4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f9.XK4 (4 kb)
    09:03:42 680 RTR: FAE1_Domain: 000c38fa.EB4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38fa.EB4 (10 kb)
    09:03:42 240 RTR: FAE1_Domain: 000c38
    .....Entries in the log during the next restart
    09:07:36 208 Starting GWHTTP-Listener
    09:07:36 992 DIS: MTA configuration loaded
    09:07:36 992 Zeli1_PO: Post office now open
    09:07:37 592 LOG: Opening new log file: 0111mta.002
    09:07:37 400 RTR: FAE1_Domain: 000c3934.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c3934.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3936.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c3936.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3938.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c3938.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3939.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c3939.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c393b.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c393b.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c393f.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c393f.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3942.3W5: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/5/000c3942.3W5 (1 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3943.3W5: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/5/000c3943.3W5 (1 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3944.3W5: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/5/000c3944.3W5 (1 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3945.3W5: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/5/000c3945.3W5 (1 kb)
    09:07:38 080 FAE1_Domain: Domain now open
    09:07:38 312 FGRPGWIA: Gateway now open
    09:07:38 544 WEBAC70A: Gateway now open
    09:07:38 392 Zeli1_GWRemote1: Gateway now open
    09:07:42 400 RTR: FAE1_Domain: 000c3949.SH4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c3949.SH4 (3 kb)
    09:07:42 400 RTR: FAE1_Domain: 000c394a.FI4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c394a.FI4 (9 kb)
    09:07:42 400 RTR: FAE1_Domain: 000c394b.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c394b.3W4 (4 kb)
    09:07:42 400 RTR: FAE1_Domain: 000c394c.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c394c.3W4 (4 kb)
    09:07:42 400 RTR: FAE1_Domain: 000c394d.MR4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c394d.MR4 (15 kb)
    09:07:42 400 RTR: FAE1_Domain: 000c394e.ZB4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c394e.ZB4 (3 kb)

    Hi Michael,
    i think there is a newer patchlevel available (7.03 Hp4).
    Maybe you can update your agents.
    Do you get error messages (var/log/messages), etc.?
    Kind regards
    Frank Diekmann
    Originally Posted by Michael Hogan
    Running GW 7.0.2HP on SLES10SP2 OES2. GroupWise has been running fine since I put on the HP, so I haven't obviously bothered with it for quite awhile (if it's not broke, don't fix it), but now the MTA crashes for no apparent reason throughout the day. I reload it, and it runs fine for a couple of hours then crashes again. I changed the logs to verbose, but so far nothing seems to make sense. Below are a couple of entries from the previous logs. Any help will be appreciated.
    Thanks,
    Hogan
    .....Entries in the log before the crash
    09:03:42 472 RTR: FAE1_Domain: 000c38f3.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f3.3W4 (4 kb)
    09:03:42 616 RTR: FAE1_Domain: 000c38f4.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f4.3W4 (4 kb)
    09:03:42 856 RTR: FAE1_Domain: 000c38f6.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f6.3W4 (4 kb)
    09:03:42 616 RTR: FAE1_Domain: 000c38f7.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f7.3W4 (4 kb)
    09:03:42 856 RTR: FAE1_Domain: 000c38f8.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f8.3W4 (4 kb)
    09:03:42 848 RTR: FAE1_Domain: 000c38f9.XK4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38f9.XK4 (4 kb)
    09:03:42 680 RTR: FAE1_Domain: 000c38fa.EB4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c38fa.EB4 (10 kb)
    09:03:42 240 RTR: FAE1_Domain: 000c38
    .....Entries in the log during the next restart
    09:07:36 208 Starting GWHTTP-Listener
    09:07:36 992 DIS: MTA configuration loaded
    09:07:36 992 Zeli1_PO: Post office now open
    09:07:37 592 LOG: Opening new log file: 0111mta.002
    09:07:37 400 RTR: FAE1_Domain: 000c3934.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c3934.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3936.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c3936.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3938.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c3938.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3939.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c3939.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c393b.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c393b.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c393f.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c393f.3W4 (4 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3942.3W5: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/5/000c3942.3W5 (1 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3943.3W5: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/5/000c3943.3W5 (1 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3944.3W5: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/5/000c3944.3W5 (1 kb)
    09:07:37 400 RTR: FAE1_Domain: 000c3945.3W5: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/5/000c3945.3W5 (1 kb)
    09:07:38 080 FAE1_Domain: Domain now open
    09:07:38 312 FGRPGWIA: Gateway now open
    09:07:38 544 WEBAC70A: Gateway now open
    09:07:38 392 Zeli1_GWRemote1: Gateway now open
    09:07:42 400 RTR: FAE1_Domain: 000c3949.SH4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c3949.SH4 (3 kb)
    09:07:42 400 RTR: FAE1_Domain: 000c394a.FI4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c394a.FI4 (9 kb)
    09:07:42 400 RTR: FAE1_Domain: 000c394b.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c394b.3W4 (4 kb)
    09:07:42 400 RTR: FAE1_Domain: 000c394c.3W4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c394c.3W4 (4 kb)
    09:07:42 400 RTR: FAE1_Domain: 000c394d.MR4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c394d.MR4 (15 kb)
    09:07:42 400 RTR: FAE1_Domain: 000c394e.ZB4: Routing /var/opt/novell/groupwise/mail/domain/mslocal/gwinprog/4/000c394e.ZB4 (3 kb)

  • Upgrading from Exchange 2003 Bridgehead servers to Exchange 2010 Transport Hub servers for routing SMTP only

    Our company moved from on-premises Exchange 2003 to Office365 and only have 4 Exchange 2003 servers on-prem that we use for Routing email from application servers to Office365. We need to migrate these servers to Exchange 2010 then to Exchange 2013 and
    only route email only. Is it possible to upgrade to Exchange 2010 by installing the transport Hub & Mailbox server options only? Our OAB and EWS services come from the CAS servers located on Office365 so we should not need a CAS server to set up Transport
    rules or route mail would we? Any assistance with this would be greatly appreciated! - Thanks, DWB
    Dave

    Since it is not internet facing we will not have to worry about configuring an Internet Domain Name when installing the first server, correct? in my planning I was going to
    install the Exchange 2010 CAS/Mailbox/Transport Hub roles on one server, then upgrade it to Exchange 2013. Once this is completed I'll then install the 2 mailbox role servers in one Datacenter, and 3 more in our DRP DC. If something happens to the
    primary Datacenter I would want it to fail over to the other site. For this I would have to install another CAS/mailbox server in the secondary DC. Would this plan sound about right? Since we moved to Office365 in 2010 I have not had a chance to deal with
    actual servers except for the Exchange 2003 servers we still have on-premises. Each of these are located in 4 Regional offices along with single Windows 2008 R2 servers using only the IIS SMTP service for routing mail from on-prem application servers
    and print/scanners which email back to the users. The plan is to move to a routing system which will provide both MTA and redundancy if one has an issue.
    Dave

  • Routing for a single domaion

    Hello All,
    A little background information first. I'm an IT specialist with the National Oceanic and Atmospheric Administration (NOAA) and provide technical support and mail system development to our fleet of ocean survey vessels.
    We have a somewhat unique requirement to support our ocean going research vessel mesaaging systems. Since the vessels are at sea, and moving, they
    do not have a connecion to the internet or NOAA WAN. We've developed a custom MTA solution that receives email from the Sun messaging server as SMTP traffic and then stores the e-mail as a compressed text file. These compressed files are then transferred between ship and shore via sattelite link or cell phones. The files are decompressed, read and then sent via SMTP to the relaying messaging server on shore. Message delivery to the ship works the same way, only in the reverse direction. This system has been in use for 6 years using Netscape Messaging Server 4.
    Although our MTA system overcomes the lack of a TCPIP conncetion for message delivery, the problem that still exists is the synchroniztion of the LDAP.
    Since we can not keep the LDAP synchronized we create one LDAP to contain all shipboard accounts , that the messagging server uses for lookup, and another instance that contains all other @noaa.gov addresses which is provided only as an IMAP client lookup directory. This apporach worked fine with Netscape as it only used the User ID lookup, did not care about the domain, to verify that a user was local.
    Here is the problem we now face:
    1) NOAA requires that all users, shipboard and shore based, have an email address in the @noaa.gov domain.
    2) The direcories can not be synchronized between ship and shore to stay current.
    We can configure the Sun MTA, using imta.cnf to deliver "noaa.gov" domain locally but any addresses that are not in the ship LDAP ( shore based addresses) are rejected with a 5.1.1 error code at the client SMTP session.
    We can configure the system to send all @noaa.gov mail to our Ship MTA, bu then no mail is delivered locally.
    The question: Is there any way to accomplish both on Sun Messaging Server 6.3 as we did on Netscape 4?
    Ideally we would prefer to have a rewrite rule, or other mechanism, that routes all local mail to the Sun system and any @noaa.gov addresses not in the LDAP to the Ship MTA system via SMTP. These rules both have to work at the same time and of course the mail domain name is the same for local mail and relayed mail.

    BruceStone-NOAA wrote:
    Here is the problem we now face:
    1) NOAA requires that all users, shipboard and shore based, have an email address in the @noaa.gov domain.
    2) The direcories can not be synchronized between ship and shore to stay current.
    We can configure the Sun MTA, using imta.cnf to deliver "noaa.gov" domain locally but any addresses that are not in the ship LDAP ( shore based addresses) are rejected with a 5.1.1 error code at the client SMTP session.
    We can configure the system to send all @noaa.gov mail to our Ship MTA, bu then no mail is delivered locally.
    The question: Is there any way to accomplish both on Sun Messaging Server 6.3 as we did on Netscape 4? Assuming I have a full grasp of your requirements this should be pretty straight-forward.
    The mailroutingsmarthost: LDAP domain attribute allows you to specify a 'fall-back' system for email addresses of a domain that are not defined in the LDAP directory. This is usually used during migration between non-LDAP legacy systems and Sun Messaging Server when there are legacy accounts for an email domain that haven't been migrated.
    So for example I have two test MTA's configured with the same domain (aus.sun.com) but pointing at different directories and they have different users defined.
    For the LDAP directory instance that mta1 uses I added the following (schema 2):
    bash-3.00# ldapmodify -D "cn=directory manager" -w ********
    dn: o=aus.sun.com,dc=aus,dc=sun,dc=com
    changetype: modify
    add: mailroutingsmarthost
    mailroutingsmarthost: mta2.aus.sun.com
    I then sent an email to "[email protected]" to mta1.aus.sun.com, this was accepted and then relayed to mta2.aus.sun.com (where I defined the address "[email protected]" as an alias of a user in mta2's LDAP directory) and the email was accepted/delivered locally into mta2's store.
    Any addresses defined in mta1's LDAP directory are delivered locally to mta1 as per usual.
    Regards,
    Shane.

  • Mta fail to resolve external mail address

    ]# /run/msg/imsimta test -rewrite [email protected]
    address channel = tcp_local
    forward channel =
    backward channel = tcp_local
    unique identifier = [email protected]
    header forward address = [email protected] (route (TCP-DAEMON,TCP-DAEMON)) (host yahoo.com.hk)
    header reverse address = [email protected]
    envelope forw address = (route (reprocess-daemon-error,reprocess-daemon-error)) (host yahoo.com.hk)
    envelope rev address = [email protected] (route (TCP-DAEMON,TCP-DAEMON)) (host yahoo.com.hk)
    name =
    mbox = hoilau
    Extracted address action list:
    [email protected]
    Extracted 733 address action list:
    [email protected]
    Address list expansion:
    -13 expansion total.
    Submitted address list:
    Address list error -- 4.0.0 Temporary lookup failure: [email protected]
    Submitted notifications list:
    # tail /log-msg/mail.log_current
    14-Mar-2009 11:12:45.45 3f39.1.299 reprocess Q 4 [email protected] rfc822;[email protected] [email protected] Temporary lookup failure: [email protected] Temporary lookup failure: [email protected]
    14-Mar-2009 11:12:45.46 3f3d.1.275 reprocess Q 51 [email protected] rfc822;[email protected] [email protected] Temporary lookup failure: [email protected] Temporary lookup failure: [email protected]
    14-Mar-2009 11:12:45.47 3f3a.1.292 reprocess Q 12 [email protected] rfc822;[email protected] [email protected] Temporary lookup failure: [email protected] Temporary lookup failure: [email protected]
    14-Mar-2009 11:12:45.48 3f38.1.302 reprocess Q 233 [email protected] rfc822;[email protected] [email protected] Temporary lookup failure: [email protected] Temporary lookup failure: [email protected]
    14-Mar-2009 11:12:45.49 3f3d.1.276 reprocess Q 4 [email protected] rfc822;[email protected] [email protected] Temporary lookup failure: [email protected] Temporary lookup failure: [email protected]
    14-Mar-2009 11:12:45.49 3f39.1.300 reprocess Q 13 [email protected] rfc822;[email protected] [email protected] Temporary lookup failure: [email protected] Temporary lookup failure: [email protected]
    14-Mar-2009 11:12:45.50 3f3a.1.293 reprocess Q 5 [email protected] rfc822;[email protected] [email protected] Temporary lookup failure: [email protected] Temporary lookup failure: [email protected]
    14-Mar-2009 11:12:45.51 3f38.1.303 reprocess Q 13 [email protected] rfc822;[email protected] [email protected] Temporary lookup failure: [email protected] Temporary lookup failure: [email protected]
    14-Mar-2009 11:12:45.52 3f39.1.301 reprocess Q 200 [email protected] rfc822;[email protected] [email protected] Temporary lookup failure: [email protected] Temporary lookup failure: [email protected]
    14-Mar-2009 11:12:45.52 3f39.1.301 reprocess Q 200 [email protected] rfc822;[email protected] [email protected] Temporary lookup failure: [email protected] Temporary lookup failure: [email protected]
    If I resolve the same mail address on mailstore host machine, it work.
    Can anyone help me fix the problem?

    >
    Please always provide the exact version of Messaging Server that you are using (./imsimta version).
    ]# /run/msg/imsimta test -rewrite [email protected]
    address channel = tcp_local
    forward channel =
    backward channel = tcp_local
    unique identifier = [email protected]
    header forward address = [email protected] (route (TCP-DAEMON,TCP-DAEMON)) (host yahoo.com.hk)
    header reverse address = [email protected]
    envelope forw address = (route (reprocess-daemon-error,reprocess-daemon-error)) (host yahoo.com.hk)
    envelope rev address = [email protected] (route (TCP-DAEMON,TCP-DAEMON)) (host yahoo.com.hk)
    name =
    mbox = hoilau
    Extracted address action list:
    [email protected]
    Extracted 733 address action list:
    [email protected]
    Address list expansion:
    -13 expansion total.
    Submitted address list:
    Address list error -- 4.0.0 Temporary lookup failure: [email protected]
    Messaging server attempts to search the LDAP server for the domain of the email address (in this case yahoo.com.hk) to see if it is a locally defined domain. As Chris already noted, you will see the "Temporary lookup failure" message if your LDAP server is not operating correctly or the MTA is performing an invalid query (an MTA configuration problem).
    I suggest you review the access logs on your LDAP server to see if there are any errors reported.
    You will also get additional debug logging by using the -debug switch with your earlier command e.g.
    ./imsimta test -rewrite -debug [email protected]
    If I resolve the same mail address on mailstore host machine, it work.Is the mailstore host system pointed to the same LDAP server for address resolution?
    Regards,
    Shane.

  • How to send messages alternately to two MTA's?

    I would like to set up a constallation of a HA-iMS 5.1 and two Virusscanners working parallel but not clustered.
    How can I address those two MTA's (Virusscanners) alternatly or even randomly.
    Thanks in advance,
    Roberto

    there are 2 ways you could do this.
    First is to use the BIND DNS round robin scheme which will bounce clients doing DNS lookups between the two or more IP addresses associated with each system.
    The better and more reliable way to do this however would be to use a network load balancer. Some of the better ones will even track weather the service is up on a host and if it detects an outage it will not route clients to the down system.
    -Chris

  • MTA processing question

    First off, this is what I'm running:
    Sun Java(tm) System Messaging Server 6.3-5.02 (built Oct 12 2007; 32bit)
    libimta.so 6.3-5.02 (built 17:15:31, Oct 12 2007; 32bit)
    SunOS mailer 5.9 Generic_118558-38 sun4u sparc SUNW,Sun-Fire-V440
    Our current configuration uses a seperate sendmail based mail server for our users' SMTP server. Messasges get sent to the "mailhub". The mailhub then delivers the message to IMS. The reason for this is we have a large number of mail aliases that process the message through some type of program, mailman, Mhonarch etc.
    What I'd like to do, is change the order, use IMS as the primary SMTP server and route only specific users through the mailhub, only those mail addresses that get external processing. Those processed addresses don't have corresponding names in the IMS LDAP server.
    In my imta.cnf, I have:
    tcp_local smtp mx daemon mailhub.our.domain single_sys remotehost inner switchc
    hannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver maysasl
    server saslswitchchannel tcp_auth missingrecipientpolicy 0
    tcp-daemon
    What other parts of the puzzle am I missing? Also, I have DOMAIN_UPLEVEL=3 in option.dat.
    Thanks,
    Roger S.

    Jo_nage wrote:
    Thanks for responding. Actually, the job is a bit simpler than I described above. It turns out that all SMTP traffic needs to go through mail hub. The mail hub does all of our spam and virus scanning. Fairly standard approach, I used to run a similar configuration (in our case the mailhub was running PMDF).
    So, given the names mailer for IMS mailstore and mailhub for the mail hub, SMTP traffic would be mailer->mailhub->mailer. Sounds simple but it can be deceptively complex unfortunately.
    At this point you need to consider how emails are 'sent' to your mailer system. For example if you use webmail (Messaging Express/UWC) emails will be sent via the server defined in "./configutil -o service.http.smtphost".
    You may also have email clients (e.g. Mozilla Thunderbird) uploading emails directly to the mailer system. You can also get emails 'generated' based on vacation messages, mailing lists, sieve rules etc.
    So in your case what you may want to do is to 'funnel' all emails via the mailhub prior to being sent to the mailstore. This could be achieved by:
    1. Changing the service.http.smtphost to point at the mailhub
    2. Getting users to configure their email clients to point at the mailhub server (if it doesn't already) and write a PORT_ACCESS mapping rule to reject any emails that don't come from the mailhub and localhost (127.0.0.1)
    3. Configure your tcp_local/tcp_intranet channels to direct all emails that aren't 'local' (i.e. not addressed to an account on the mailstore) to the mailhub by adding "daemon <mailhub>" to the channel definitions.
    4. Add the mailroutingsmarthost: to your 'local' domain to catch those email address that aren't defined in LDAP but have a @mydomain.com address.
    Here's the local users selection section of my imta.cnf:
    ! Rules to select local users
    $* $A$E$F$U%[email protected]
    mailer.mydomain.com $U%[email protected]
    mydomain.com $U%[email protected]'m guessing if I remove the last line, that would cause the message to be routed to the tcp_local channel, which has "daemon mailhub.mydomain.com" in the keywords list. You shouldn't need to remove the mydomain.com line.
    However, given what you said earlier, I should add the "mailroutingsmarthost" attribute to the LDAP domain entry. The mailhub system is currently configured to rewrite addresses to the form "[email protected]".
    Sendmail has a habit of doing this. Have you defined "[email protected]" as a mail/mailalternateaddress email address in LDAP for your users?
    If you run : "./imsimta test -rewrite [email protected]" (where user is a valid userid) does the email report that it is being delivered to ims-ms channel (delivered locally)?
    I know hooking mailer directly into spam/virus scanning would be more efficient. But, it took our Network Engineer quite a while to get everything setup and I really don't want to re-invent the wheel.Understood. In my case we ended up replacing the PMDF systems for a large university with Sun Messaging Server MTA hub. That was an ordeal lasting several years -- tracking down & cleaning & converting to LDAP old flat-file mailing lists/name router tables etc. some reaching back to 1997.
    Regards,
    Shane.

  • TLS mutual authentication and Separate default SMTP routes per listener - IronPort c370

    Dear all ,
    We have two IronPort C370 ESAs , formed in a cluster.
    We are in a need to route e-mails targeted to a special group using TLS Required/Verify.
    I have two questions :
    1.  Is TLS mutual authentication possible on both incoming and outgoing ?
    2.  Due to the nature of the TLS need the existing listener cannot be used. So I created a new listener and respective filters to decide when the recipient requirements are met. The new listener is going to be configured with a policy specifying TLS required/verify. Problem is that  there is always a default SMTP route pointing specifically to a cloud service rather than directly to the Internet while for the new listener usedns is required. Is it possible to have two different default SMTP routes assigned to different listeners ?
    Thanks and kind regards ,
    Gino.
    PS : Please bear with me and questions. I am making my first steps in Iron Port administration.

    I have made some sort of progress but I would also like to have your expert opinions.
    I have came to understand that in order to present TLS mutual authentication for the incoming traffic I will just have to trust the sender(s) CA ( containing SANs etc for both the SMTP domain and the ESA itself ) while if I spread own SANs to the counterparts I will also have TLS mutual authentication on the outgoing traffic as well. Issue is that I will have to declare it in destination controls and it cannot be generic.
    Is there any way to make TLS required/verify with mutual authentication the default without having to set destination contol(s) ?
    As for my second question I have came to understand that the additional listener is not an aditional MTA and concequently I cannot have separate default SMTP route ( default = what is called as "ALL" in IronPort ). Still if anyone knows something more it would be really helpful if it was shared.

  • Problem of sending mail with MTA

    Hi,
    I have installed Sun Messaging Server, but I have a problem to send mail to other SMTP server over internet, like gmail, hotmail... So I have tried to send an email using javamail and I get this exception "530 5.7.1 Relaying not allowed", that mean that I don't have a Relay SMTP to routing the messages. But the idea that I have, is that the MTA installed with Messaging Server play the role of SMTP Relay.
    So this idea is true, so I think is can be I problem of configuration, and I need to have may own SMTP Relay and don't using ISP Relay.
    and I thank you for your help,
    Mabrouk.

    GS1-Tunisia wrote:
    21-Nov-2008 17:32:31.58 tcp_local                 Q 1 [email protected] rfc822;[email protected] [email protected] TCP active open: Failed connect()    Error: Connection timed out
    This indicates that Messaging Server is unable to connect to the yahoo mail servers.
    I have configured my server to use mydomain.com with ip 41.x.x.xHow did you configure your server to achieve this -- what settings did you add/change?
    but when I see this log [email protected] is converted to [email protected] and 192.168.3.2 is mailhost which is behind firewall in DMZ, So it may be the problem of NAT, I don't know!!!
    Given that Messaging Server cannot connect to the yahoo mail servers, the problem appears to be at the networking level so the firewall is most likely blocking the outgoing port 25 connection.
    When you are on the Messaging Server system, what output do you get for the following command:
    telnet a.mx.mail.yahoo.com. 25Regards,
    Shane.

  • How to have internal email scanned by external MTA.

    Hi, Guys
    For exchange 2013/ exchange online, I know it is easier to have external scanner to scan inbound/outbound email , but i don't know if it is possible to have internal email was scanned by external MTA before deliver to internal
    recipients. anyone know how to  achieve this and if the MTA can change email content?
    please advice urgent from where this can be done , thanks very much!!

    Hi Tony,
    According to your description, I understand that you want to use MTA to scan internal message to ensure security.
    If I misunderstand your concern, please do not hesitate to let me know.
    What’s the meaning of MTA? Message Transfer Agent or the term "MTA" to mean what Exchange refers to as the "Transport”? Transport service handle message routing, more details about Mail Flow, for your reference:
    https://technet.microsoft.com/en-us/library/aa996349(v=exchg.150).aspx#TransportPipeline
    The internal message never leave Exchange Organization, so external MTA cannot used for internal mail flow.
    However, we can deploy anti-spam agent on Mailbox Server to improve security, for example Sender filter, Sender ID agent and content filter agent.
    I find an article about Anti-spam protection, for your convenience:
    https://technet.microsoft.com/en-us/library/jj218660(v=exchg.150).aspx#Mailbox
    Best Regards,
    Allen Wang

  • Poor MTA reputation due to neighbors in /24 block

    Good day,
    I have sent an email to [email protected], without any response (including of the automated kind). 
    I basically have 2 small IP blocks:
    a primary /32 block (any traffic originating from the server appears to come from this IP)
    a secondary /29 block that is routed to the /32
    My MTA has a poor reputation, but it is not clearly indicated WHY.   I have been with the current colocation services for about 3 years, and I have had issues sending mail since.  In that time, my servers have never been blacklisted (as far as I can tell) on the various RBLs out there.  At the previous colocation facility that I used for 5 years, I never had any issues.
    I have aggressive DKIM and SPF records, rDNS setup setup for my main domains. 
    All I can surmise is some of the IPs in the /24 my main block is part of have poor ratings, which is impacting me negatively.
    I just don't know what else I can do to make things better.
    Thanks
    Jason

    Some information here:
    https://discussions.apple.com/thread/4913784?tstart=0
    If you monitor the "More Like This" box (top right), other threads appear. Opening them usually displays other threads.
    Send Apple feedback. They won't answer, but at least will know there is a problem. If enough people send feedback, it may get the problem solved sooner.
    Feedback

  • IP-specific MTA rewrite rule

    Hello,
    I'm having a lot trouble understanding how to configure the iMS 6.2 MTA to do my will. I've read the MTA sections in the Messaging Server Administration Guide and still it seems that when I try to implement a rewrite rule, it doesn't work the way I thought it would.
    So with that preface, I'd like to ask:
    1) What would an imta.cnf rule look like that would route all incoming messages from a server at an IP (say 1.2.3.4) to a specific channel (say tcp_scan)?
    2) Does anyone know of any good (or even marginal) books or other resources for learning how to program the iMS MTA?
    Thank you,

    Yes, there's a book on iMS. You can get it on amazon.com.
    check out the unofficial page at:
    http://ims.balius.com
    as well.
    No, you can't use a rewrite rule to route based on source ip.
    You can use mapping file and channels for much of that. Far better to help me understand what your goal is, rather than for you to try to solve your problem by the wrong route....

Maybe you are looking for

  • Qozmio blue screens when display powers down on Win 7 64 bit

    I put the latest NVidia drivers on and all windows updates are applied, but it will not turn off the display without blue screen. Running an experiment now to see if the whole computer will sleep OK. Solved! Go to Solution.

  • Iphoto for free download anywhere ?

    I have just got a new macbook pro to replace my old white macbook. On the new laptop there is no ilife/no iphoto ( have checked applications, finder and spotlight. All I need is something like iphoto 6. Downloads from the camera, easy to store, can t

  • User Exits in idocs

    Hi All,          If we extend an idoc by adding a custom segmant with some new fields we will write the code for the new segment in the respective user-exit(by finding them through cmod and smod).After writing the code when we execute the program tha

  • Login items help

    I have installed a monitor calibration tool - ColorVision Spyder. It creates a Login Item - "ColorVisionStartup.app". Problem is - this "item" is unchecked in my account's "Login items" but still runs at login (I can see the icon of this app briefly

  • Lumia 928 LTE/WiFi issues

    I don't know if anyone else is having these problems, but it appears that my 928 only wants to connect to data over LTE unless I turn off the Data Connection in "Cellular" settings or I go into airplane mode with WiFi enabled. While this would be a t