Re: [courier-users] Courier and NAT and Relaying - Robert Steinmetz - net.sourceforge.lists.courier-users

8 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Courier and NAT a...

From	Sent On	Attachments
Robert Steinmetz	Jul 15, 2006 10:19 am
Sam Varshavchik	Jul 15, 2006 1:54 pm
Robert Steinmetz	Jul 15, 2006 6:49 pm
Sam Varshavchik	Jul 15, 2006 7:04 pm
Jeff Jansen	Jul 15, 2006 7:18 pm
Robert Steinmetz	Jul 15, 2006 9:06 pm
Sam Varshavchik	Jul 16, 2006 6:33 am
Jeff Jansen	Jul 16, 2006 8:32 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: [courier-users] Courier and NAT and Relaying	Actions...
From:	Robert Steinmetz (ro...@steinmetznet.com)
Date:	Jul 15, 2006 6:49:32 pm
List:	net.sourceforge.lists.courier-users

Sam Varshavchik wrote:

Robert Steinmetz writes:

I have a router which uses NAT to assign public IP addresses to those machines we want to access directly from the Internet. We want one machine to receive some email. That machine has a DNS entry, but is not the MX for the primary domain. The private ip address is 192.168.1.1. I am getting mail returned with this message;

<URL:mailto:ro...@hamlet.no.steinmetznet.com>ro...@machine.name.steinmetzne t.com SMTP error from remote mailer after RCPT TO:<URL:mailto:ro...@hamlet.no .steinmetznet.com><ro...@machine.name.steinmetznet.com>: host machine.name.steinmetznet.com [aa.bbb.cc.dd]: 513 Relaying denied.

I have added this to the /etc/courier/smtpaccess/default

10 allow,RELAYCLIENT 192.168 allow,RELAYCLIENT aa.bbb.cc.dd allow,RELAYCLIENT

There is also also a file /etc/courier/smtpaccess/webadmin

Rather than making random guesses, look at the log on the mail server, which records the exact IP address the server receives the connection from.

But since I gather from your description that anyone will be able to connect to your server, and have relaying privileges, you'll be quickly blacklisted for being an open relay.

Rather than using RELAYCLIENT, use authenticated SMTP, which is always enabled automatically and requires no further setup.

I guess I didn't make myself clear. I'm not trying to get the server to relay anything, except for the private IP addresses on our lan which is behind a fire wall and which no unauthorized person should have any access to. I actually only want to relay 192.168.1.xxx, although SMTP auth is certainly a good suggestion and before I roll this out I will check it out. But the relaying I actually want is working fine and is less than the default Courier smtpaccess, as I understand it.

The problem I'm trying to address is that ALL INCOMING MAIL mail for LOCAL USERS with ACCOUNTS ON THE SERVER is being rejected with a "Relaying Denied" error refererencing the public address of the Courier server (not the local address which is a private IP of 192.168.1.1. In all cases the Courier server is the final location of the incoming email. Based on my limited understanding of Courier it should already be accepting the mail for local delivery.

I don't understand why it isn't.

Let me explain;

If I send an email to my account on that server from an external account to my account on the Courier Server (ro...@machine.name.steinmetznet.com) The email gets marked as undeliverable, with the error listed above. I don't understand what is happening and more importantly how to fix it..

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: