Topic: Shouldn't internal clients be allowed to relay? [NON-SME ISSUE / SOLVED]

[Elliott]

My searches regarding relaying and allowing relaying all seem to turn up scenarios different that mine.

I am configuring a load balancing router which will sit NEXT TO my SME 7.3 in the network topology. All clients will go through this load balancer which will have an ip address on the same 10.x.x.0 network as my SME. These same clients send and receive email via the SME server.

In the management interface of the load balancer (Linksys RV082) there is the normal management tab where I can enable emailing logs, status, and alerts. Unfortunately, there's no authentication method of note. I can simply put in an SMTP server's name and the email address to send alerts to.

This is of course failing.

Is there a simple way to allow this single static host the ability to relay mail through the SME? It is on the same LAN and therefor shouldn't pose any sort of open relaying risks.

Thanks for any pointers!

-Elliott

[Elliott]

I just noticed that I put this in the wrong place. Can someone move it to the 7.x forum?

[CharlieBrady]

Is there a simple way to allow this single static host the ability to relay mail through the SME? It is on the same LAN and therefor shouldn't pose any sort of open relaying risks.

All hosts on the local LAN are permitted to relay, except the default router. The default router is not permitted to relay because it may be proxying connections from outside.

If you are sure that your router doesn't NAT the remote address when passing in SMTP connections, then you can use a default template to allow it to relay as well.

In any case, you say "NEXT TO" rather than "between SME and the Internet", so I guess you are not talking about the default router either.

In any case, you are right to say that internal clients (on the local LAN) should be permitted to relay.

[Elliott]

I say NEXT TO because the SME is directly connected to the internet as is the router. I use another internal server to dole out the DHCP information and it tells the clients to use the router as their gateway.

So you're saying that my error is likely something besides a relaying error? I'll have a look at the logs.

Should the client (router in this case) need to use login credentials of any kind to send an email through the system?

-E

[Boris]

It is no clear that topology you have.
1. Your SME directly connected to Internet. Is it is set in the server-gateway mode or server-only?
2. You router-gateway is connected to the same Internet network (different IP on the same public subnet) and the same LAN subnet or its sharing one of the subnets only?
3. Are you using internal LAN address of your SME as SMTP host on the router?

[Elliott]

Sorry - let me clarify:


                  INTERNET
                 /         \
              lbRouter    SME
                 \         /
        Client's on the 10.10.10.x net


The lbRouter is connected to two different upstream providers on it's WAN ports and is then connected to the same switchplane as the clients on it's LAN side and I've given it a hard coded IP on the 10.10.10.x space that the SME and all other clients have.

In the lbRouter's management interface I have put a destination email address that falls in the domain that SME (server/gateway) has control over. I have give the lbRouter the SME's 10.10.10.x address as the SMTP server.

I think that's all that you asked. Hopefully that clarifies.

[mercyh]

It will depend how the lbrouter sends its mail.

If the path is this way>

                INTERNET
                 ^           v
              lbRouter    SME
                 \         /
        Client's on the 10.10.10.x net

You will have a relay problem.

I have give the lbRouter the SME's 10.10.10.x address as the SMTP server.

Is the lbRouter mail request getting to the SME at all. If the path is as shown above, I don't see how it can as there is no way for the WAN to route to 10.10.10.x.

--------------------------------------

If it goes like this>

                INTERNET
                /          \
              lbRouter    SME
                v             ^
        Client's on the 10.10.10.x net

It should relay fine.

What happens if you add the single external IP address of the lbrouter to SME's local networks?

see here for instructions:
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#Local_networks

[Boris]

In this configuration it should work fine.
Please double check if there are any extra settings for ISP e-mail hosts configured on the router or SME and for simple misspellings of domain/user names in the e-mail address.
Did you check SME e-mail logs for the errors? Anything useful there?

[Elliott]

In this configuration it should work fine.
Please double check if there are any extra settings for ISP e-mail hosts configured on the router or SME and for simple misspellings of domain/user names in the e-mail address.
Did you check SME e-mail logs for the errors? Anything useful there?

The only settings on the lbRouter are for recipient and smtp server. I'm using the web manager to search qmail.current and see this:

Code: [Select]

2008-09-25 13:58:18.963518500 9832 250 <admin@dynamictrend.com>, recipient ok
2008-09-25 13:58:18.971055500 9832 logging::logterse plugin: ` 10.11.12.254 pc-00254.dynamictrend.com dynamictrend.com <admin@dynamictrend.com> <admin@dynamictrend.com> check_basicheaders 901 Mail with no Date header not accepted here msg denied before queued

Mail with no date header.... hmmmm, I guess I'm off to the LinkSys forums to see what I can do about that.... unless I can somehow cheat it to the SME side for this single host.

-E

[CharlieBrady]

Mail with no date header.... hmmmm, I guess I'm off to the LinkSys forums to see what I can do about that....

And this is why you should always record observations before you attempt to make any interpretation. You mislead yourself and us that there was a relay problem, when all along it was invalid message format.

[Elliott]

And this is why you should always record observations before you attempt to make any interpretation. You mislead yourself and us that there was a relay problem, when all along it was invalid message format.

And for that I apologize 100 times and will be sure to perform 37 our fathers and 117 hail mary's.   

If the bugtracker is where bugs are reported why can't the forums be the place where we ask questions of people with more experience to first figure out if we have a bug?

It's sad that when I read the threads here that a very high percentage of the posts have replies that chastise member's for asking questions. I've opened/participated in bugs once or twice but generally I search here and read what others have found and post. I believe I've even helped the random stranger who somehow knew less than me.

And before you chastise me further and tell me I should have found this information in the logs before I ever posted I'll save you the trouble. This time I goofed it up. Usually I'd have known better but my false intuition told me that this was a relaying issue.

I apologize again but this is a community. I will happily help when/if I can. I hope I never get so jaded as to ride on the high horse than many here seem to be preaching from.

[CharlieBrady]

No offense intended. I don't intend to chastise, just to teach. Always observe first, then interpret. If you don't write down your observations, nobody can check your logic. You will end up wasting time trying to solve a problem which doesn't exist.

[Elliott]

No offense intended. I don't intend to chastise, just to teach. Always observe first, then interpret. If you don't write down your observations, nobody can check your logic. You will end up wasting time trying to solve a problem which doesn't exist.

Understood and agreed! 

[Boris]

Sometimes it helps to have somebody confirm that design is OK and to look in the right direction for clues.
Logs a often good source for helpful information, what is why they are created in the first place. 

[charlien]

Elliot,

Did you ever get this to work? I have a similar issue.

Charlie