Koozali.org: home of the SME Server

E-Mail Problems

geoff

E-Mail Problems
« on: April 11, 2000, 08:21:10 AM »
Hello,
It has just been brought to my attention that people that are outside of my LAN are unable to send email (SMTP). They are able to recieve (POP) email but they just get an error when they try and send. Anyone inside the LAN is able to do both, any ideas for this problem?

this is an error message that was recieved by one of the users

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'simulations@sierra.com'. Subject 'Re: email form:TRIBES hel', Account: 'sinfield.com', Server: 'sinfield.com', Protocol: SMTP, Server Response: '553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)', Port: 25, Secure(SSL): No, Server Error: 553, Error Number: 0x800CCC79

Charlie Brady

RE: E-Mail Problems
« Reply #1 on: April 11, 2000, 12:40:38 PM »
geoff wrote:

> Hello, It has just been brought to my attention that people
> that are outside of my LAN are unable to send email (SMTP).
> They are able to recieve (POP) email but they just get an
> error when they try and send. Anyone inside the LAN is able
> to do both, any ideas for this problem?

That is correct and expected behaviour. The e-smith server will
accept any email from people on your LAN, but only email for the local domain from anywhere else. This is what protects your machine from being used for unauthorised relaying by spammers.

Whichever users from not on your LAN trying to use your server for SMTP should be using a local SMTP server instead.

Regards

Charlie

geoff

RE: E-Mail Problems
« Reply #2 on: April 12, 2000, 08:37:39 AM »
Is there anyway I can get around this??

-geoff

Phil Manning

RE: E-Mail Problems
« Reply #3 on: April 17, 2000, 02:54:51 AM »
Do you mean that I can't have people phone into my esmith server?  Only people on the Lan can use the server?  I was hoping to set something up for people to be able to leave the office but be able to call back into the server via phone line to have access to their email.  If I understand right I have to have a lan connection to use E-smith.

Charlie Brady

RE: E-Mail Problems
« Reply #4 on: April 17, 2000, 05:15:00 PM »
Phil Manning wrote:

> Do you mean that I can't have people phone into my esmith
> server?  Only people on the Lan can use the server?

That is correct. There are no dial-in facilities on the server.
The full facilites are listed on the E-smith website at http://www.e-smith.net/.

> I was
> hoping to set something up for people to be able to leave the
> office but be able to call back into the server via phone line
> to have access to their email.  If I understand right I have
> to have a lan connection to use E-smith.

The e-smith server is really designed to provide Internet and local services to machines on a LAN. It would certainly be possible to provide dial-in services, but you would need to make custom changes. There is documentation to help you do that at http://www.e-smith.org/custom/.

Regards

Charlie

Andy K

RE: E-Mail Problems
« Reply #5 on: April 20, 2000, 09:16:37 PM »
We need to configure our server to relay from a couple specific domains. Several employees use another ISP to access their email accounts on our server and we want to allow them to send through our e-mail server.  How could we do this?

Gordon Rowell

RE: E-Mail Problems
« Reply #6 on: April 21, 2000, 02:16:45 AM »
Andy K wrote:

> We need to configure our server to relay from a couple specific
> domains. Several employees use another ISP to access their
> email accounts on our server and we want to allow them to send
> through our e-mail server.  How could we do this?

This is actually far less trivial to implement securely than it seems.

If your clients have static IP addresses at the other ISP, you can add them
to the qmail-smtpd entry in /etc/hosts.allow by
modifying the template entry
which uses $localAccess (i.e. sets RELAYCLIENT) and then doing a console-save
to update the file.

Gordon Rowell

RE: E-Mail Problems
« Reply #7 on: April 21, 2000, 02:35:23 AM »
Let's try that again - sorry TAB is not a good key to use in Phorum :-(

Gordon Rowell wrote:

> Andy K wrote:
>
>> We need to configure our server to relay from a couple
>> specific domains. Several employees use another ISP to
>> access their email accounts on our server and we want to
>> allow them to send through our e-mail server.  How could
>> we do this?
> [...]

This is actually far less trivial to implement securely than it
seems. What you don't want to do is to make your box an open SMTP
relay.

I'm assuming that your employees are using SMTP directly to your box,
and that is what you need relayed. If not, why not just use the ISP's mail
relay, as they have to allow relaying for their client IP addresses?

If your employees have static IP addresses at the other ISP, you
can add them to the qmail-smtpd entry in /etc/hosts.allow by doing the
following:
   - modify the qmail-smtpd template entry which uses $localAccess
   (i.e. the one which sets RELAYCLIENT
   - add a comma and the IP address of the remote machine
   - do a console-save to update the file.
   - run tcpdchk to check /etc/hosts.allow
   - test

If they have dynamic addresses at the ISP you need to implement another
form of authentication as adding the IP addresses will allow _anyone_ from
the  ISP to relay via your host - *DON'T* do this.

www.qmail.org has a few ways of doing selective relaying.

Gordon