Scalix Forums

Hi,

I have some users that use authenticated smtp. This weekend we changed the IP on the server so that it could be behind a firewall.

Everything works except SMTP users. These users get "denied due to spam list" whenever they try to send mail to anyone besides local users. Does anyone have a clue what might be wrong. I have a feeling it has something to do with the smtp authentication, but I have no idea how to fix it.

Any help will be greatly appreciated.

Here is what I see in the log

REPORT SMTP Relay (SMTPD Relay Pr) 02.12.07 16:52:31
[OM.DMON 2172] SMTP: Rejected relay attempt from mustik@SOMEDOMAIN.com at 68.236.122.5 to bob.lentini@SOMEDOMAIN.com

Easy steps first: search the forums and check the wiki... I had this exact problem back in october/september, and now there's a HowTO in the wiki about this:

HowTos/ChangeIP

Check that page over and see if it fixes your problems... if not I would suggest going through your smtpd.cfg and see if you see any oddities, if not, post the relevant (uncommented) lines here and someone is sure to help.

Mito

if you check in /var/opt/scalix/??/s/sys/smtpd.conf you'll find a line authorizing relaying from your old IP address. You'll want to add/change it to include 68.236.122.5 (based on your below example).

Kev.

I can certainly add the IP for people that are in my office, but we have remote users that use smtp as well. I was relying on the smtp authentication to handle that. Are there any other suggestions? It appears to me that the SMTP Auth is not working. Is there any way to check this?

Also we are behind a firewall. The local system IP is different from the actual IP people are connecting to. I think this might have more to do with that is going on. I have scoured the forums and I haven't come up with anything that describes this. I did change the IP the same way it was described in the how to. Thanks for the link.

But is your SERVER's new IP listed in there as being authorized for relaying?

Here is what I have in the config. I masked out the IPs for security reasons. I added notes to describe what they are.

RELAY accept 127.0.0.1 (Note: localhost)
RELAY accept xxx.xxx.xxx.xxx (Note: actual IP assigned to the NIC card)
RELAY accept xxx.xxx.xxx.xxx (Note: Public IP that is translated in the firewall)


Thanks for your help. Keep in mind that these are smtp users. They are using thunderbird and other clients. I just want them to authenticate and be able to send mail using this smtp server. All other functions of scalix works. My outlook clients work fine.

You probably don't want the bottom of those 3 lines, actually.

In your logfile, both the sender and the recipient have the same domain. Is that the domain of your server? 'cause that's not relaying, that's just submitting.

You're certain that SMTP authentication is turned on and being used by the sender?

Kev.

Just got it working. If your running a Cisco PIX with the SMTP fixup, it messes with the authentication.

Thanks so much for all your help.

blentini wrote:Just got it working. If your running a Cisco PIX with the SMTP fixup, it messes with the authentication.

Thanks so much for all your help.

That's actually a very good thing to know... as I have 2 or 3 of those, just not in front of my mailserver.

What did you have to do to fix it? This would be good info for the wiki as well

You need to remove the fixup. I believe the command is "no smtp fixup"

Our servers are hosted, so I don't have my own pix anymore to play with.

blentini wrote:You need to remove the fixup. I believe the command is "no smtp fixup"

Our servers are hosted, so I don't have my own pix anymore to play with.

Ah, well, the fact that you had it enabled made me think that you needed it enabled for some reason. I haven't hosted behind a pix yet so I didn't know if it would be necessary...

Yeah, the PIX is a great firewall, but those fixups can be a little tricky. The name is misleading because they tend to cause more problems then they "fix".