[BlueOnyx:24106] Re: creating an internal SMTP relay for
Chris Heiner
chris.heiner at dlink.com
Fri Jul 17 12:03:05 -05 2020
Thanks Michael.
I seems to have it worked out through our G Suite relay through Googles
Servers as a smart relay. And SPF record and some firewall NAT tweaks.
Quick question, how do you test your NATed public IP from Centos? I.E.
Windows I go to www.whatismyip.com. Sometime I need to verify that the
inside address is communicating correctly on the public side.
We have Zabbix and many backup software as well as AWS and Azure reporting
back to us. And since I have worked with BQ (RAQ's) for so many years it
seems like the perfect solution.
Its working just as expected now and the noise of people complaining has
died down.
I always appreciate your complete answers.
Hope you're doing well.
Thanks.
Message: 2
Date: Wed, 15 Jul 2020 15:07:21 -0500
From: Michael Stauber <mstauber at blueonyx.it>
To: blueonyx at mail.blueonyx.it
Subject: [BlueOnyx:24105] Re: creating an internal SMTP relay for
internal subnets - not working
Message-ID: <62d8bf87-1656-f871-e912-4d6634b24ae8 at blueonyx.it>
Content-Type: text/plain; charset=utf-8
Hi Chris,
> I had one server that had sites created on domain.local, with accounts
> for authentication and it was working just fine then it stopped seems
> to have a sendmail postfix choice now.
So it's a BlueOnyx 5210R.
> I deleted it and create another one this one I have no sites, just
> email under Network Services.
>
> SMTP
> SMTPS
> Enable submission port
>
> POP and IMAP off
>
> Relay for these subnets.
>
> 10.1.0.0
> 10.100.1.0
> 10.100.2.0
> 10.100.3.0
> 10.100.4.0
> 10.100.5.0
> 10.250.250.0
> 10.10.10.0
>
> Its hit or miss....any ideas? If not I'm going to have to move to
> another solution as the pressure is too high.
All in all this is not enough information to even begin troubleshooting.
So you're using a 5210R and can use either Sendmail or Postfix. Either one
will work for you, but for sake of simplicity let's say you're using
Sendmail.
When email comes in, then the MTA needs to make one important distinction:
A) Is the email terminating locally?
B) Is the email destined for a remote location that I am
functioning as relay for?
If none of these two questions can be answered positively, then the MTA
will reject the email.
On BlueOnyx in the default configuration the MTA is configured to only
work on the (A) distinction. It'll only accept inbound emails that
terminate locally.
When you enable SMTP-Auth, then authenticated users can send emails to
local or remote destinations *if* they are authenticated. Local
applications (PHP scripts, cronjobs, etc.) can of course always send.
Under "Server Management" / "Network Services" / "Email" in the "Advanced"
tab you find the field "Relay Email From Hosts/Domains/IP Addresses".
Into that you enter IP addresses of servers that are allowed to pass email
to the BlueOnyx. The MTA on BlueOnyx will treat emails originating from
these IPs as authenticated and will either:
- Deliver them to local mailboxes on the BlueOnyx
... or...
- Forward them to the destined recipient on a remote server.
This just works. Either with Sendmail or Postfix.
However: You mentioned that this is an internal setup. Internal IPs, no
internet connection or perhaps a NAT'ed internet connection.
THAT can be a problem. At least it's an extra layer of complexity.
Imagine this scenario: Another server in your local network passes an
email on to the BlueOnyx. Recipient is "chris at domain2.local".
How does the MTA determine if this email is for a local recipient or if it
needs to be passed on elsewhere?
For that it'll use DNS A and DNS MX records, /etc/hosts as well the
contends of /etc/mail/access and /etc/mail/virtusertable (assuming
Sendmail).
WHERE do you define where domain2.local can be found? Do you have an
internal DNS server that has "fake" records matching your internal
network? Do you have manual additions of the hostnames and IPs of the
servers of your internal network in /etc/hosts on the BlueOnyx?
Or do you use "Smart Relay Server" on the BlueOnyx to pass *all* emails
that don't terminate local on to a single specified other MTA?
Like said: These are things I don't know about your internal layout.
There are several ways how this can be done and I'm wondering which way
you're using.
--
With best regards
Michael Stauber
------------------------------
Subject: Digest Footer
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
------------------------------
End of Blueonyx Digest, Vol 139, Issue 13
*****************************************
More information about the Blueonyx
mailing list