Relay problem

Running IMS 5.2 w/Direct LDAP and having the following issue:
Want to configure so that all email will be coming from a virus gateway. The problem I have is that the IMS server will not accept email to an "outside" address and I get the 5.7.1 "no relay" error. The IP address (virus gateway) is in the mappings file. I also found info to remove maysaslserver and replace with mustsaslserver in the tcp_local of imta.cnf file. After the change any "outside" email address returns a SMTP Auth error. My understanding would be that any IP listed in the mappings file would go to the tcp_intranet channel and not be forced for SMTP Auth. It doesn't appear to be working this way, and seems everything is being processed by the tcp_local channel. Any ideas?

Well, I don't know who you might be working with "at Sun", but. . .
1. Most firewall vendors are great at creating firewalls, but not great at creating SMTP applications. I can't tell you how many problems I've personally solved by simply switching firewall "store/forward" off for port 25. Better to run a copy of iMS' MTA on the DMZ box, instead of the firewall.
2. If your store iMS box says, "tcp_local", that by definition means that the messages have "come" from an ip address not included in "local_ip". That's how iMS works.
3. I don't see how using SASL will change this in any useful way. It's simply a more secure connection. Not authenticated, nor channel-switching.
4. If you're not getting where you need to, and have an open Tech Support case, please ask your tech to "escalate the case" to a more experienced engineer. You may ask for me, if you like. All the Sun techs know me.

Similar Messages

Relay Problem, Relay Prohibited, mappings file look fine

Hello Everybody.
I am suffering from a relay problem.
I can'not send mail to for example hotmail.com from Messenger express and outlook express.
I can send from outlook express where i activate AUTH.
I check mappings file and i see allright.
The local network is enabled, and the localhost too.
I also check all the posts in the forum and i didn't find the answer.
My mappings file looks like:
! MTA mappings file
! for access control and other table lookups
PORT_ACCESS
*|*|*|*|* $C$|INTERNAL_IP;$3|$Y$E
* $YEXTERNAL
INTERNAL_IP
$(10.11.0.0/16) $Y
$(10.31.0.0/24) $Y
$(200.68.91.33/32) $Y
127.0.0.1 $Y
* $N
ORIG_SEND_ACCESS
tcp_local|*|tcp_local|* $N$D30|Relaying$ not$ allowed
tcp_*|*|native|* $N
tcp_*|*|hold|* $N
tcp_*|*|pipe|* $N
tcp_*|*|ims-ms|* $N
! Block "external" submissions of explicitly source-routed "internal" addresses
tcp_local|*|tcp_intranet|@*:*.* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|*$%*@* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|*.*!*@* $N$D30|Explicit$ routing$ not$ allowed
tcp_local|*|tcp_intranet|"*@*"@* $N$D30|Explicit$ routing$ not$ allowed
Does anybody has answer for this problem?
Thanks very much,
Andres

I also put imta.cnf:
! IMTA configuration file
! part I : rewrite rules
! Domain Rewrite Rules.
! Uncomment this line to use domain rewrite rules
! from the configuration file instead of the domain database.
! Please refer to the iMS documentation for details.
!<IMTA_TABLE:domains.rules
! Rules to select local users
$* $A$E$F$U%[email protected]
acafipri.acasalud.com.ar $U%[email protected]
acasalud.com.ar $U%[email protected]
! ims-ms
.ims-ms-daemon $U%$H.ims-ms-daemon@ims-ms-daemon
! lmtp
!.lmtp $U%$H@lmtpcs-daemon
! native
.native-daemon $U%$H.native-daemon@native-daemon
! pipe
.pipe-daemon $U%$H.pipe-daemon@pipe-daemon
! tcp_local
! Rules for top level internet domains
<IMTA_TABLE:internet.rules
! tcp_intranet
! Do mapping lookup for internal IP addresses
[] $E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon
.acasalud.com.ar $U%$H.acasalud.com.ar@tcp_intranet-daemon
* $U%$&0.acasalud.com.ar
! reprocess
reprocess $U%reprocess.acafipri.acasalud.com.ar@reprocess-daemon
reprocess.acafipri.acasalud.com.ar $U%reprocess.acafipri.acasalud.com.ar@reproce
ss-daemon
! process
process $U%process.acafipri.acasalud.com.ar@process-daemon
process.acafipri.acasalud.com.ar $U%process.acafipri.acasalud.com.ar@process-dae
mon
! defragment
defragment $U%defragment.acafipri.acasalud.com.ar@defragment-daemon
defragment.acafipri.acasalud.com.ar $U%defragment.acafipri.acasalud.com.ar@defra
gment-daemon
! conversion
conversion $U%conversion.acafipri.acasalud.com.ar@conversion-daemon
conversion.acafipri.acasalud.com.ar $U%conversion.acafipri.acasalud.com.ar@conve
rsion-daemon
! bitbucket
bitbucket $U%bitbucket.acafipri.acasalud.com.ar@bitbucket-daemon
bitbucket.acafipri.acasalud.com.ar $U%bitbucket.acafipri.acasalud.com.ar@bitbuck
et-daemon
! deleted
deleted-daemon $U%$H@deleted-daemon
.deleted-daemon $U%$H@deleted-daemon
! inactive
inactive-daemon $U%$H@inactive-daemon
.inactive-daemon $U%$H@inactive-daemon
! hold
hold-daemon $U%$H@hold-daemon
.hold-daemon $U%$H@hold-daemon
!tcp_scanner
[] $E$R${tcp_scanner,$L}$U%[$L]@tcp_scanner-daemon
! part II : channel blocks
defaults notices 1 2 3 copywarnpost copysendpost postheadonly noswitchchannel im
mnonurgent maxjobs 7 defaulthost acasalud.com.ar acasalud.com.ar
! delivery channel to local /var/mail store
l subdirs 20 viaaliasrequired maxjobs 7 pool LOCAL_POOL
acafipri.acasalud.com.ar
! ims-ms
ims-ms defragment subdirs 20 notices 1 7 14 21 28 backoff "pt5m" "pt10m" "pt30m"
"pt1h" "pt2h" "pt4h" maxjobs 2 pool IMS_POOL fileinto $U+$S@$D destinationbrigh
tmailoptin spam
ims-ms-daemon
! native
native defragment subdirs 20 maxjobs 1
native-daemon
! pipe
pipe single defragment subdirs 20
pipe-daemon
! tcp_local
tcp_local smtp mx single_sys identtcpnumeric subdirs 20 dequeue_removeroute maxj
obs 7 pool SMTP_POOL maytlsserver maysaslserver allowswitchchannel saslswitchcha
nnel tcp_auth missingrecipientpolicy 4 aliasdetourhost tcp_scanner-daemon
tcp-daemon
! tcp_scanner
tcp_scanner smtp single_sys subdirs 5 notices 1 backoff "pt2h" "pt4h" "pt8h" deq
ueue_removeroute maxjobs 7 pool SMTP_POOL daemon [127.0.0.1] port 10024
tcp_scanner-daemon
! tcp_intranet
tcp_intranet smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SM
TP_POOL maytlsserver maysaslserver allowswitchchannel saslswitchchannel tcp_auth
missingrecipientpolicy 4 aliasdetourhost tcp_scanner-daemon
tcp_intranet-daemon
! tcp_submit
tcp_submit submit smtp mx single_sys mustsaslserver maytlsserver missingrecipien
tpolicy 4 aliasdetourhost tcp_scanner
tcp_submit-daemon
! tcp_auth
tcp_auth smtp mx single_sys mustsaslserver missingrecipientpolicy 4
tcp_auth-daemon
! tcp_tas
tcp_tas smtp mx single_sys allowswitchchannel mustsaslserver maytlsserver delive
ryflags 2
tcp_tas-daemon
! tcp_lmtpss (LMTP server - store)
!tcp_lmtpss lmtp subdirs 20
!tcp_lmtpss-daemon
! tcp_lmtpsn (LMTP server - native)
!tcp_lmtpsn lmtp subdirs 20
!tcp_lmtpsn-daemon
! tcp_lmtpcs (LMTP client - store)
!tcp_lmtpcs defragment lmtp port 225 nomx single_sys subdirs 20 maxjobs 7 pool S
MTP_POOL dequeue_removeroute
!lmtpcs-daemon
! tcp_lmtpcn (LMTP client - native)
!tcp_lmtpcn defragment lmtp port 226 nomx single_sys subdirs 20 maxjobs 7 pool S
MTP_POOL dequeue_removeroute
!lmtpcn-daemon
! reprocess
reprocess
reprocess-daemon
! process
process
process-daemon
! defragment
defragment
defragment-daemon
! conversion
conversion
conversion-daemon
! bitbucket
bitbucket
bitbucket-daemon
! deleted
deleted
deleted-daemon
! inactive
inactive
inactive-daemon
! hold
hold slave
hold-daemon

I have this email relay problem

I have this email relay problem, i.e. i can reply within reach of my home server but not if I am somewhere else. Home is KPNMail, Iphine provider is Vodafone. What should I do to get it to work?

Go into Settings>Mail, Contacts, Calendars>your account>Outgoing mail Server SMTP>Primary Server then turn Server ON and fill in both User Name +Password under Outgoing Mail Server.

Same SMTP Relay problem but new reasons. Works with most but not with few

I am writing a mail server. My applications sends mail directly to the SMTP server of recipient using MX Record. I find out the MX Record of the recipients and then using Java Mail send mail to that MX Record.This application is working fine and it has worked for thousand or so SMTP Server successfully.
There are couple of servers (SMTP of recipients) those reject the mail saying SMTP Relaying Prohibited by the Administrator and further says Invalid Mail Address Destination. I am wondering that the recipients belong to that same domain (MX record). I am able to mail them from yahoo or hotmail. I am not trying to use that SMTP for relaying, infact that mail account is registered in that particular SMTP Server.If that server is using SMTP Authentication, how come yahoo or hotmail authenticate for sending mail to their user.
I am sending all genunine parameters like senders mail address etc. I have tried setting various. Can anyone help me where I am missing?

My applications sends mail directly to the SMTPserver of recipient
using MX RecordYou don't send mail to the SMTP server you send it to
the pop3 server, anyway...
Nopes, you do send mail to the POP3 server. POP (Post Office Protocol) is used for fetching mails. Se RFC 1939 http://www.faqs.org/rfcs/rfc1939.html for more detailed information. Usually the mail agent contacts the local SMTP server and it queues it for delivery to other SMTP server that it can find via the MX record, trying the one with the highest priority first which incendently is the one with the lowest number.
If that server is using SMTP Authentication, howcome yahoo or
hotmail authenticate for sending mail to theiruser.
Hotmails' SMTP server will let you send to anybody,
most other private SMTP servers generally will
restrict the domains you can send to.
I'm a little confused as to what your problem is you
are connection to SMTP servers to send individuals
emails? why not just use on SMTP server to send to all
He is making a SMTP server.
Back to the original question:
Since you are checking the MX record for the address it should not be considered to be a relay of mail. The only reason this should happen is if the RCPT is set to something wierd like
<@HOSTA.ARPA,@HOSTB.ARPA:[email protected]>See RFC 0821 for more information. I am not sure if RFC 0821 is obsoleted, but this should still apply.
Regards,
Peter Norell

Mail relay problem

Hi,
my new Lion server has a problem relaying mails to my ISP's server.
I configured it with the same parameters than my old Snow Leopard box, wich worked fine.
Lion cues all mails localy with an error saying that no "SASL mechanism" was found.
Can anyone give me a hint how to fix this localy?
Thanks,
Luc.

I did as you said: no change, no success
the error messag in ServerAdmin says:
SASL authentication failed; cannot authenticate to server smtp.1und1.de[212.227.15.167]: no mechanism available
internal message traffic is working (as it was before)
peter

Relaying problem when sending email

Hi All,
I have read all of the forums regarding this type of problem but I am still unable to send email to outside addresses such as hotmail or yahoo. I can send to internal email adresses without a problem. I have tried autheticating myself with the server first but that didn't make a difference and I cannot make changes to the exchange servers settings for relaying like someone suggested. I know the server is setup correctly because I can send email to external accounts with my desktop outlook client. Can someone please take a look at my code and tell me if their is a problem with it. Thanks in advance!!
public void execute(javax.mail.Store store, Hashtable variables) throws Exception
        // Get system properties
        Properties props = System.getProperties();
        // Setup mail server
        props.put("mail.smtp.auth", "true");
        props.put("mail.transport.protocol", "smtp");
        props.put("mail.smtp.host",store.getURLName().getHost());
        // authenticate myself with the server
        Authenticator authenticator = new ServerAuthentication(myUsername, myPassword);
       // Get session
        Session session = Session.getDefaultInstance(props,authenticator);
        session.setDebug(true);
        // Define message
        MimeMessage message = new MimeMessage(session);
        message.setReplyTo(new Address[] {new InternetAddress("[email protected]")});
        message.setRecipient(Message.RecipientType.TO,
                             new InternetAddress(((String)variables.get("msgTO")).trim()));
        message.setSubject((String)variables.get("msgSubject"));
        message.setText((String)variables.get("msgBody"));
        // Send message
        Transport transport = session.getTransport();
        transport.send(message);
        transport.close();

Hello,
I'm in the situation than yours.
Here is the code I use to send emails. I had problem with authenticator.
Transport transport = session.getTransport("smtp");
transport.connect(server, login, password);
transport.sendMessage(mimeMessage, mimeMessage.getAllRecipients());
transport.close();
Hope this help

Relaying Problem

In our organization there are two sister companies operating. One ABC and other XYZ.
ABC is running Microsoft Exchange Server, and XYZ is running Oracle Collaboration Suite 9. When an email is sent from ABC to XYZ the following error is encountered;
You do not have permission to send to this recipient. For assistance, contact your system administrator.
<mail-ABC-01.ABC #5.7.1 smtp;550 5.7.1 Relaying not allowed: [email protected]
At what end is the problem being generated? Is this a problem with Exchange Server or OCS?
Looking forward for a positive reponse.
Mustafa

The 550 error is a standard error stating that you do not have rights to relay off of this machine. If you are sending from the exchange server to the OCS server then you are relaying either off of its self or you are going to another relay. You have to find out what relay server you are using and then set the sending domain as a trusted domain.
You can test this by telneting to the relay or the OCS machine:
$ nslookup
Default Server: dns3.us.oracle.com
Address: 144.20.190.70
set type=mx
oracle.comServer: dns3.us.oracle.com
Address: 144.20.190.70
oracle.com preference = 200, mail exchanger = gmsmtp01.oraclecorp.com
exit$ telnet gmsmtp01.oraclecorp.com 25
Trying 138.1.161.112...
Connected to bigip-rgmamersmtp.us.oracle.com.
Escape character is '^]'.
220 rgmgw2.us.oracle.com ESMTP Sendmail Switch-3.1.4/Switch-3.1.0 - Ready at Tue, 13 Dec 2005 07:17:40 -0700 - Unauthorized Usage Prohibited.
helo oracle
250 rgmgw2.us.oracle.com Hello cesolcb5.us.oracle.com [140.87.78.76], pleased to meet you
See how I get 250 I would expect you to get a 550 error here.
ACTION PLAN
=============
Set your relay to have your local domain as a trusted domain.

Outgoing relaying problem with I Phone

We just changed out web and e-mail hosting to Adobe.
Since that point and time I can receive e-mail but can not send.
It'll outgoing g mail dumps into outbox and error message about outgoing server
and relaying is displayed.
I have I phone 4G and this was not a problem before hosting switch.
Dave

Exactly what Adobe product are you referring to with regards to web and e-mail hosting?
It certainly is not Adobe Reader for iOS which is simply software for reading, annotating, and printing PDF files.
If this is in reference to Adobe's Business Analyst products, you might want to look at <http://helpx.adobe.com/business-catalyst/partner/setup-pop-imap-email-accounts.html> and see if that assists you and if it doesn't you will need to contact Adobe Technical Support.
This is definitely not an Adobe Reader for iOS issue!
- Dov

Ironport Relay Problem

Hello,
I want to configure my outgoing mail trought the applience.I want to use one interface ( data 1 ) of my C350.I recieve mail via xxx.xxx.xxx.xxx Ip address and I want to use the same ip address to relay mail.But When I try to create a private listaner for the outgoing mail, it say that already exist a listener (public) on 25 port. What is the solution of this kind of problems?
Can you explain me step by step how to configure outgoing mail?
Thanks a lot and best regards ;)

The main difference lies in their default settings. A good example are the default HAT settings for public and private listeners.
HAT settings for public listeners usually include several different sender groups (WHITELIST, BLACKLIST, SUSPECTLIST, UNKNOWNLIST, SBRSNONE...) that you can assign SBRS ratings to and other settings that are usually important for incoming connections from the internet.
Compared to that you usually only find the "RELAYLIST" SenderGroup on Private listeners that you can use to set up the systems being allowed to relay emails through your ironport.
From a technical point of view both scenarios work. You can set up the same options for private and for public listeners, even though some might not make too much sense on listeners of a certain type (like SBRS on private listeners).
I guess it's more a question of how complex and how flexible you want your setup to be. If you are only going to set it up once, have an easy setup and never change anything you can go with the one listener approach. On the other hand, if you want to stay as flexible as possible and never know what new needs might pop up next week go with the multi-listener configuration.
Personally I always go with the at-least-two-listeners configuration (usually more if the environment includes an encryption gateway). That way it's quite easy to adapt to new needs and add new functions to your configuration.
Torsten

Relay problems lion server

I installed Lion Server and switched on the mail server with the option to relay to my providers smtp server.
however when my iphone or other macs want to send mail they get
NOQUEUE: reject RCPT from xxx[::::] 554 5.7.1 <[email protected]>; Relay access denied
I changed my main.cf file and reloaded postfix and than it works. however after reboot it stops working.....
help help

The mail server first checks the domain of any recipient. If it's a local domain (i.e. one that the server handles) then it just passes that message to the user's mailbox.
It's only non-local domains that need passing upstream through your relay, so you can send as many internal emails as you like - they won't touch your relay server.

Zimbra Multi Domain SMTP auth/relay problem

I have a query in setting up a multi-domain Zimbra 8.6 OSE on Ubuntu 14.04.I have successfully setup Domain1 with Zimbra and added virtual host Domain2. Mails to each of them are routing to each other and sending from the server to outside is also working. However, I need to both domains to send emails using their respective ISP so domain1 would use ISP1 and domain2 ISP2. In my previous implementation, I have used successfully "zimbraMtaRelayHost" for single domain. Searching more, I have tried the "Relay per Domain" using "sender_dependent_relayhost_maps."I am, however, still unable to send mail using Zimbra. I have, upon instinct, put in the port after the IP address of the ISPs in /opt/zimbra/postfix/conf/bysender so it looks like the one below (based on thewiki):@domain1.com [10.10.10.1]:587
@domain2.com [20.20.20.1]:587Zimbra now...
This topic first appeared in the Spiceworks Community

Microsoft releases new license terms for Windows 10: Biggest surprise? No gotchasEd Bott has Just published an article on ZDNet which reviews in detail the just-released Windows 10 license agreementFirst published on ZDNet By Ed Bott for The Ed Bott Report | July 15, 2015 -- 18:30 GMT (19:30 BST) | Topic: Windows 10 "Two weeks ahead of the global launch of Windows 10, Microsoft has finalized the terms of its license agreements for the new operating system. I've had several days to study the documents in detail, and I can report that there are no surprises, no gotchas, and no hidden subscription traps waiting to be sprung in two or three or four years.""In fact, the new license agreement is simpler and written more clearly than any similar document I've reviewed in 20 years of examining Windows license agreements. There are a few...

Open mail -relay problem !

Hi,
My Internet/Mail server is Netra i with Solaris 2.5.1.
I received e-mail from mail-abuse org saying that my mail server is open for mail-relay.
How can I disable it ?
Thanks Ivan

Hello there,
I believe that is true with sendmail 8.6 version which was shipped
with Solaris 5.5.1 or 5.6. You will need to apply the latest
5.5.1 sendmail patch (103594-19) which upgrades 5.5.1 sendmail
to be equivalent to sendmail 8.8.8+sun patches.
Unlike previous versions, sendmail 8.8 can be configured not to
pass on mail from one user outside the local domain to another in sendmail.cf
FYI, mconnect <your hostname> will show the current sendmail rev.
Hope this helps.
Hae
Sun Developer Technical Support

Cant send mail using javamail - relay problem

Hi all,
I have provided the correct user,passwd,host.
This is the error i am getting -
javax.mail.SendFailedException: Sending failed;
nested exception is:
javax.mail.SendFailedException: Invalid Addresses;
nested exception is:
javax.mail.SendFailedException: 530 5.7.1 Relaying not allowed: [email protected]
Pl tell me how can i solve the problem

Relaying is described in the FAQ.

Fax-relay problem at MC3810

i can not send fax messages from Mc3810 (IOS 12.0(6r)T4). I tried to change the input gain ang output attenuation but no effect. The dial-peer have the following configuration:
dial-peer voice 700 voip
destination-pattern 7095.......
session target ipv4:xxx.xxx.xxx.xxx
tech-prefix 011#
dtmf-relay cisco-rtp
fax protocol t38 ls-redundancy 5 hs-redundancy 2
ip precedence 5
no vad
Can you give me a pice of advice ?

Have you seen any error messages. If not try changing the fax machines and see if it works to rule out interoperability issues. You could also use the "fax rate disable" command to disable fax translate.

Anti-Relay problem

Hi all,
I am having a mail storm shown in the log files that a specific user from an unknown domain is sending through our email server. The "sum" command for the imsimta is showing a continous increase in the channel. I added an entry in the "rules.denydomains" files to block the sender , e.g. assume the sender is [email protected] , I added :
*|*|*|tcp_local|*@B.COM|* $N
then restarted the messaging server, still the emails are sent from [email protected] , any clew what is the problem ?

You don't provide enough data to help.
It is possible that the spammer has cracked your admin password and is using authenticated smtp to send his messages. It's also possible he's using "source routed" addressing. Either will work in a default 5.2 install.
Please provide some log entries showing enqueue and dequeue for these messages, and I can provide you solutions.

Relay problem

Similar Messages

Maybe you are looking for