Messaging Gateway

Hello everyone,

   I want one my Servers which is in my DMZ area to relay e-mail through SMSSMTP 5. To do this i enabled outbound mail filtering, and added this server's IP address to the ones allowed to send outbound e-mail. The result is the message stating: "Unable to relay for ..." each time i try to send an e-mail to a recipient that belongs to a different domain than our company's.

    I performed the same test from a server located inside my LAN and that server is able to relay messages properly.

    What could be wrong?

Thank you. 

Stathis,

     In the past I have seen this issue when people are trying to send the outbound email to the inbound IP address on the NIC.  Are you using Duel NIC's or a virtual IP or are you using a seperate port with the same IP as the inbound?

Thanks,

John

John,

   Thank you for your answer. I am using the same IP on the same NIC but a different port than the one used for inbound e-mail filtering. Furthermore, i am publishing this IP: port combination through an ISA Server. Everything works fine inside the ISA Server (LAN), but not on the outside. I am wondering what could be wrong...

Stathis,

I am very sorry for the delay in getting back to this thread.  I want to make sure that I understand what your situation is.

1.  Mail In----->2.  ISA/FIREWALL----->3.  SMS----->4.  Mail server

1.  Mail Comes In from the internet to the external IP of you ISA/Firewall

2.  The Firewall NAT's the traffic and send it inboutn do the SMS box on port 25

3.  The SMS Box filters the email and send it downstream

4.  Mail server recieves the email.

Now, when you send mail out through the SMS box it follows the following process.

Mail Out<-----3.  ISA/FIREWALL<-----2.  SMS<-----1.  Mail server

1.  Mail is sent to the SMS box on port 26 (or defined port other than 25)

2.  SMS Sends the mail upstream to the FIREWALL

3.  Firewall sends out to the internet

If I understand your problem you are trying to send mail form the Internet side of your firewall to the outbound IP:26 and it is giving you an error that it is unable to relay, Is this correct?

If so you can add the IP of your Firewall to the list of IP's that is allowed to send outbound.  I would strongly advise against this as it essentially configures the SMS box as an open relay.

Thanks,

John

Hello John, Thank you for your answer.

As fas as inbound mail is concerned you are perfectly right.

I enabled outbound mail filtering so that a Web Server that resides in the "Internet side" is able to send e-mail. I configured the ISA Server rule so that the original IP of the Web Server is sent to the SMS box (I checked that this happens in practice). I added the IP address of the Web Server ( "internet" ), the IP address of the ISA Server and the IP address of a client (LAN) under this: "Accept outbound mail connections from the following IP addresses and domains".

The Web Server cannot relay e-mail while the client can. All other clients in the LAN cannot relay e-mail as the should not. Any idea why this happens?

Thank you again.

Stathis,

    A quick test, login locally to your ISA server.  Open a command prompt and Telnet to the SMS box on port 26 (or whatever your outbound IP is).  Does the message get sent out?

Hello John,

   I was doing a huge mistake publishing the internal port 25 of my SMSSMTP Server on port 26 of the firewall. That led to not being able to relay e-mail. Thank you for all the help.

Stathis

Yes, it is resolved. Thank you for all the help.