Mail routed to an internal mailserver from an external IP is getting blocked. Relay access is being denied.

[SamenICT]

Hi,

We currently use this installation of PMG for one thing:
Relaying mail to another smarthost to end up in a different mailbox.

However, now we want to send mail to one specific domain to an internal mailserver.
I've got the transports set up as follows:


And this works just fine if we're sending the mail from an internal IP, since those are whitelisted under Networks.

The issue I'm running into is that the mailserver rejects the e-mails if it's coming from an external IP address that isn't whitelisted in networks, even though I have the whitelist set up as follows in the "Mail filter" section:


And the domain is whitelisted under "Who objects".
What can I do to accept all mail, from all IPs directed to this domain (but keep the rest of the configuration in place)?

Kind regards,
Rody

 

[SamenICT]

To add onto this: all mail not directed to this domain should still be whitelisted under "Networks", we do want to keep that in place.

 

[SamenICT]

Bumping this for visbility, I still need a solution for this.

 

[Bob.Dig]

Why do you think you need to whitelist your domain? Reset everything to the defaults I guess.

 

[SamenICT]

I think you misunderstood @Bob.Dig all traffic from external IPs should be allowed to send mails to this particular domain.
The routing part works, I've tested sending mail from an internal server to that domain and everything gets routed correctly.

However, the relay access gets denied when an external IP tries to send mail to this particular domain because it's not whitelisted under 'Networks'.

All IPs sending traffic directed towards other domains should still have to be whitelisted under 'Networks', just this particular domain always needs to be let through.

 

[Bob.Dig]

However, the relay access gets denied when an external IP tries to send mail to this particular domain because it's not whitelisted under 'Networks'.

Then why don't you do it there?

 

[SamenICT]

@Bob.Dig Because it can be any random IP sending an e-mail to that particular domain.

 

[Bob.Dig]

It is the default that every IP on earth can send email towards the PMG. That is why I advised you to start over fresh.

 

[SamenICT]

That's odd, either someone before me changed something or I changed something subconsciously. But as far as I can remember that was never the case for us.

Alongside that, hypothetically speaking if I were to do that, how would I make it so that every IP address on earth can still send e-mails to that domain, and all mail directed towards another domain would still need to be on an IP whitelist? I don't want our mailserver to get abused.

 

[Bob.Dig]

That's odd, either someone before me changed something or I changed something subconsciously. But as far as I can remember that was never the case for us.

Alongside that, hypothetically speaking if I were to do that, how would I make it so that every IP address on earth can still send e-mails to that domain, and all mail directed towards another domain would still need to be on an IP whitelist? I don't want our mailserver to get abused.

Don't open it to the public in the first place? But if you do it anyway, there is a mail filter rule system with blocklists and whitelists, to and from and so on, so you will be able to do this there.

 

[SamenICT]

That's what I tried to use, but it didn't work. That's what I stated in my initial post right? Or am I missing something?