Relay access denied

[Juraj M]

Hello.
I recently installed the mail gateway and it seems to be doing a great job. However, we use a third-party app to access our exchange for SMTP to email invoices. I am unsure of how and what to set up to get it passed the gateway. I am getting this error.

Oct 25 09:50:10 gateway postfix/smtpd[11213]: connect from unknown[193.28.8.13*]
Oct 25 09:50:10 gateway postfix/smtpd[11213]: NOQUEUE: reject: RCPT from unknown[193.28.8.13*]: 554 5.7.1 <ASSK-Financne-SK@*****.com>: Relay access denied; from=<maria.k@*****.sk> to=<ASSK-Financne-SK@*****.com> proto=ESMTP helo=<theseus.print.sk>
Oct 25 09:50:10 gateway postfix/smtpd[11213]: lost connection after RSET from unknown[193.28.8.13*]
Oct 25 09:50:10 gateway postfix/smtpd[11213]: disconnect from unknown[193.28.8.13*] ehlo=1 auth=0/1 mail=1 rcpt=0/1 rset=2 commands=4/6

Thank you for any help.

 

[dcsapak]

relay access denied means that a mail coming from extern has a receiver domain that is not designated as 'relay domain'

is that a mail that you want to receive or send ?

did the app maybe send to the wrong port (external 25 vs internal 26) ?

 

[Juraj M]

The application is outside of our network. It worked ok with the MS exchange opened to public over port 25. We access the application through a web portal and it has the option to send invoices and such via email. And for SMTP we use our MS Exchange on-premise. So it is something I want to send. I hope it makes sense. Thank you.

 

[dcsapak]

ok then it's a bit more involved, by default the port 25 is only meant for mail from outside -> your domains (thus the relay domains), and port 26 from inside to the rest of the world

you could open port 26 and only allow that ip under 'trusted networks' to send mail

 

[Juraj M]

just so I understand this correctly, do I tell the application to use 26 as smtp port? Allow 26 through firewall to PMG and set up PMG trusted networks? Thank you.

 

[dcsapak]

almost:

point your application to port 26 to the pmg (configure your network how you have to)
and put your applications ip! in the trusted networks

caution: computers in the trusted networks can send any mail on port 26, so make sure you don't configure yourself an open relay

 

[Juraj M]

Hello. Hopefully, I can continue in this thread with an issue I can't figure out due to lack of knowledge (I said it :-( ) It is sort of a follow-up on the previous case where we have been using PMG as a relay for an external application. The gateway itself works great, but using it as a relay, we are getting a lot of undelivered messages. Looking at the pmg deferred mail, some emails are stuck in there. If you can point me in the right direction or what could be done about it, I would much appreciate it. I might have the option to point port 26 to the MS Exchange directly and then forward it to 25.

Thank you so much.

 

[dcsapak]

it seems you set the fqdn of the pmg to pmg.something.local
this is also what is sent to other mails servers as ehlo and will probably not be accepted as .local is not really a valid public tld

(see the error message: 'invalid EHLO/HELO domain')

 

[Juraj M]

darn.... I knew it was my mistake. I take it as you suggest replacing .local to match our domain.

 

[Juraj M]

Hi. so I made the change and it still showing the old hostname .local. Can I get your advice again on this please?

 

[dcsapak]

did you restart the services / rebooted the pmg ?

 

[Juraj M]

Yes, I did. I ended up reinstalling the pmg from scratch. So far so good. Thank you.