[BlueOnyx:24105] Re: creating an internal SMTP relay for internal subnets - not working

Michael Stauber mstauber at blueonyx.it
Wed Jul 15 15:07:21 -05 2020 

Hi Chris,

> I had one server that had sites created on domain.local, with accounts for
> authentication and it was working just fine then it stopped seems to have
> a sendmail postfix choice now.

So it's a BlueOnyx 5210R.

> I deleted it and create another one this
> one I have no sites, just email under Network Services.
> 
> SMTP
> SMTPS
> Enable submission port
> 
> POP and IMAP off
> 
> Relay for these subnets.
> 
> 10.1.0.0
> 10.100.1.0
> 10.100.2.0
> 10.100.3.0
> 10.100.4.0
> 10.100.5.0
> 10.250.250.0
> 10.10.10.0
> 
> Its hit or miss....any ideas? If not I'm going to have to move to another
> solution as the pressure is too high.

All in all this is not enough information to even begin troubleshooting.
So you're using a 5210R and can use either Sendmail or Postfix. Either
one will work for you, but for sake of simplicity let's say you're using
Sendmail.

When email comes in, then the MTA needs to make one important distinction:

A) Is the email terminating locally?
B) Is the email destined for a remote location that I am
   functioning as relay for?

If none of these two questions can be answered positively, then the MTA
will reject the email.

On BlueOnyx in the default configuration the MTA is configured to only
work on the (A) distinction. It'll only accept inbound emails that
terminate locally.

When you enable SMTP-Auth, then authenticated users can send emails to
local or remote destinations *if* they are authenticated. Local
applications (PHP scripts, cronjobs, etc.) can of course always send.

Under "Server Management" / "Network Services" / "Email" in the
"Advanced" tab you find the field "Relay Email From Hosts/Domains/IP
Addresses".

Into that you enter IP addresses of servers that are allowed to pass
email to the BlueOnyx. The MTA on BlueOnyx will treat emails originating
from these IPs as authenticated and will either:

 - Deliver them to local mailboxes on the BlueOnyx
   ... or...
 - Forward them to the destined recipient on a remote server.

This just works. Either with Sendmail or Postfix.

However: You mentioned that this is an internal setup. Internal IPs, no
internet connection or perhaps a NAT'ed internet connection.

THAT can be a problem. At least it's an extra layer of complexity.

Imagine this scenario: Another server in your local network passes an
email on to the BlueOnyx. Recipient is "chris at domain2.local".

How does the MTA determine if this email is for a local recipient or if
it needs to be passed on elsewhere?

For that it'll use DNS A and DNS MX records, /etc/hosts as well the
contends of /etc/mail/access and /etc/mail/virtusertable (assuming
Sendmail).

WHERE do you define where domain2.local can be found? Do you have an
internal DNS server that has "fake" records matching your internal
network? Do you have manual additions of the hostnames and IPs of the
servers of your internal network in /etc/hosts on the BlueOnyx?

Or do you use "Smart Relay Server" on the BlueOnyx to pass *all* emails
that don't terminate local on to a single specified other MTA?

Like said: These are things I don't know about your internal layout.
There are several ways how this can be done and I'm wondering which way
you're using.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list