Topic: How can I enable mail relay from the router/gateway

[alex_rhys-hurn]

So, it seems that SME does not allow email relay when the source IP address matches the Gateway or router address set in SME. It even does not allow this if using secure SMTPD port 465 and SSL.

I can understand this and normally this is cool. But today I have a different need.

I am using SME server to handle mail for a small hotspot scenario, and the hotspot software is NATTING the users on the router which the SME server uses, so it appears that all emails from the networks listed as local networks come from the gateway. and so it goes and blocks them.

So I would like to enable relay from the gateway.

I have found this fragment:

/etc/e-smith/templates-custom/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter

Code: [Select]

{
    return '' unless $GatewayIP;

    # we allow access from the router, but we do not allow relaying
    return $GatewayIP;
}

So it occurs to me that if I create a custom template for this I can change the behaviour. Trouble is I dont know anything about perl and cant figure how to edit this template.

Please can somebody help me to edit this template to ALLOW relay from the gateway?

Rgds

Alex

[CharlieBrady]

I have found this fragment:

/etc/e-smith/templates-custom/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter

No, actually you found:

/etc/e-smith/templates/var/service/qpsmtpd/config/norelayclients/20norelayFromRouter

Please can somebody help me to edit this template to ALLOW relay from the gateway?

An empty file will do what you want. But DO NOT DO THAT
unless you are absolutely certain that Internet connections are not also NATTED via that router. If you create an open mail relay you can be certain that it will be found, and will be exploited by spammers.

Find another solution to your problem. You can probably reconfigure the router so that it only routes and does not NAT.

[alex_rhys-hurn]

Hi there.

Thanks for the reply.

Your right, I pasted what I was PLANNING to put as a custom template...... Thanks for point out my error.

OK. So this is the single little guy that prevents open relay. Hmmm.... Your right we dont want to make an open relay...

Changing the router config is not going to be that easy.  I will have to re-think this.

Thank you.

Alex

[alex_rhys-hurn]

Hi again,

Is it not possible to allow ONLY authenticated SSL smtp from the gateway?

Rgds

Alex

[CharlieBrady]

Is it not possible to allow ONLY authenticated SSL smtp from the gateway?

Allowing authenticated SSL smtp from anywhere (including the gateway) is already a standard feature.

[alex_rhys-hurn]

So why do I get relay denied messages when I tail the /var/log/qpsmtpd/current file when sending? The messages immediately come back with a Error 550 Relay Access Denied.

By the way, I should say that my senders may have their own email accounts elsewhere and simply want to relay through that server. This works perfectly from the primary local netowrk, but not at all from other local networks I have configered, as they appear to come from the gateway.

Rgds

Alex

[brianr]

This also is a problem when you try to use the router facility to email router logs (the server needs to be in server only mode for this to work as well).  Using an outside email server is not possible in my case as the outside email server needs to be authenticated (it is the UK BT system), and the router does not support authenticated email sending.