rejected e-mail address only with mail Client

nonlin · #1 27th June 2009, 09:53 PM

Dear Sirs,

I am trying to send emails out from my server using a mail Client like outlook express. and I am getting the Flowing Error:
"The message could not be sent because one of the recipients was rejected by the server........Server Response: '550 5.7.1 <the email address>... Relaying denied. IP name possibly forged [an Ip address]', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79
";
Hear is what is funny. If I try to send an email to an account that is on the same server. It is delved, no errors. and if I use sendmail to send out an email to an outside server over the internet (from a program or from a command line like ssh), No problem the email is delved to the over side of the world. I only have a problem if I use a mail client to connect to the server to send the mail.?

So I am only guessing that there is no issue with sendmail but Dovecot could be doing some extra checking. I am only guessing.

Dos anyone have an idea what could be the problem?

Undy · #2 29th June 2009, 12:45 AM

vi /etc/mail/access and add the following line

Connect:192.168.1.1 RELAY

where 192.168.1.1 is the ip address of the machine you are sending mail from with the outlook client.

or you can do something like

Connect:192.168.1 RELAY

to allow all hosts in the 192.168.1.0/24 network.

Then

/sbin/service sendmail restart

You have to allow other computers to relay mail through your sendmail service. Otherwise it would be an open relay and anyone would be able to send mail through it. Check sendmail's documentation for more info.

nonlin · #3 29th August 2009, 10:15 AM

Dear Sirs,

Again, Thanks for you help. My (above) Problem has gotten more complicated. One of my clients has stared walking around with a laptop running outlook and an iPhone that he wants to use to reply to the emails he get from my server back over my server. The problem is that the IP for both devices keep changing, so he keep loosing the ability to send mail back out. He is giving me a really hard time about this, asking me why Yahoo and gmail can send emails regardless of the ip and I can't. But Undy pointed out "it would be an open relay and anyone would be able to send mail through it", so I'm willing to open it to ever IP on the net for security reasons.

Dos anyone have a good idea of how to deal with this situation?

scottro · #4 29th August 2009, 11:02 AM

Unfortunately, or perhaps fortunately (for anti-spam reasons), if your ISP does allow an email server, but gives you dynamic address, many places will reject the mail because it is coming from a block of addresses that are known to be dynamic addresses. The only real way around it is to usually spend the extra money to buy a static IP address.

It sounds as if you're trying to run a commercial mail server from a residential ISP account, and if so, you and your clients are definitely going to run into difficulties. Gmail and Yahoo purchase large blocks of addresses, to answer your client's question. If it's just a friend, and they realize that some ISPs will automatically block things from your server unless the recipient specifically whitelists you, then you might be able to get by with getting a dyndns.org account, which is free for the basic service. They give you one of their domain names, and your dynamic IP address can get a name, such as nonlin@homeunix.net. (Then, you can take it a step further and purchase a domain name from a relatively cheap seller, and point that to the nonlin@homeunix.net server.)

Undy · #5 29th August 2009, 12:31 PM

Quote:

Originally Posted by nonlin

Dear Sirs,

Again, Thanks for you help. My (above) Problem has gotten more complicated. One of my clients has stared walking around with a laptop running outlook and an iPhone that he wants to use to reply to the emails he get from my server back over my server. The problem is that the IP for both devices keep changing, so he keep loosing the ability to send mail back out. He is giving me a really hard time about this, asking me why Yahoo and gmail can send emails regardless of the ip and I can't. But Undy pointed out "it would be an open relay and anyone would be able to send mail through it", so I'm willing to open it to ever IP on the net for security reasons.

Dos anyone have a good idea of how to deal with this situation?

SMTP AUTH can help with this. It will require a user to authenticate prior to being able to send an email. Check these two sites and read the security concerns with doing so.

http://www.sendmail.org/~ca/email/auth.html
http://www.jonfullmer.com/smtpauth/

David Batson · #6 29th August 2009, 12:43 PM

Quote:

Originally Posted by Undy

SMTP AUTH can help with this. It will require a user to authenticate prior to being able to send an email.

Yes, I use smtpauth to send my pop3 email through Earthlink. It depends upon your ISP (email provider) whether they support this or not. Alternatively, you can send email from a website (webmail). Examples are hotmail and gmail. Earthlink also provides this option.

nonlin · #7 29th August 2009, 01:16 PM

Thank you both for getting back to me so fast,

I see from scottro reply that I should have given more info on my configuration. Sorry about that.
My server is on a fiber line with a static ip. the fiber line give me up to 20mb. So I am able to run the server just like it was in a data center, it doesn't look very different from any other server to the world.
Since my ip is static, when ever sendmail is run it always uses the same ip, and mail generated with in the server, always finds it way to its destination. It is my client who uses a mail client application (like outlook) that is on a dynamic ip and its my sendmail application on my server that is refusing relay his emails unless (as Undy instructed) I put my clients ip in the access file. So I believe it my servers fault

I also want to point out that I believe that my server is directly talking to the servers of the recipients and not using my local ISP's server. And Dovecote on my server is excepting emails directly from the senders servers (or the senders ISP servers). I believe this because I never set up any email accounts with my ISP.

As to what Undy sent me, thank you for the links, I will let you know when I have finished reading it.

Sincerely all.

trigpoint · #8 29th August 2009, 05:50 PM

A static IP address doesn't help. My ISP gives them automatically with their premium accounts.

I have had problems in the past sending email to some recipients when using sendmail, AOL and supranet from memory. At least AOL gave me a reason. "We don't accept mail from domestic IP ranges", which is better than supranet which just deferred the connection.

I went back to using my ISP's SMTP server.

When I began using e-mail on my phone, and got a laptop with wi-fi and began using hotspots I discovered that my ISP's SMTP server can be used in authenticated mode.

This has solved the problems, it doesn't matter how or where I connect either my phone or laptop, as long as there is a connection e-mail works.

stevea · #9 29th August 2009, 07:14 PM

Some very confusing traffic & comments here and a poor description of the problem.
Sorry but I cannot parse the meaning of "the server" when several servers are underdiscussion.

Here is what I *think* OP said.

The OP is running an SMTP server (call it OP-server) using dovecot & sendmail.
Dovecot is irrelevant as there are no complaints about the IMAP or POP3 service from OP-server.
He can generally send email from OP-server through some upstream SMTP server (call it UP-server).

When email is generated from some (local?) email client everything works as expected.
When email is generated from remote clients through OP-server, then UP-server reports an error
"Relaying denied".

2nd problem - when a remote wandering (non-local IP) system attempts to send mail through
OP-server then the email (SMTP from the client) is rejected by OP-server(??).

Quote:

I also want to point out that I believe that my server is directly talking to the servers of the recipients and not using my local ISP's server. And Dovecote on my server is excepting emails directly from the senders servers (or the senders ISP servers). I believe this because I never set up any email accounts with my ISP.

I'm fairly certain that you are wrong.
It sounds like you are running an open relay whether you know it or not. You had unauthenticated SMTP service accessible from the internet.

Dovecot provides POP3 & IMAP protocol which allows *clients* to read emails. It has absolutely nothing to do with mail delivery.

You are NOT directly delivering emails via SMTP to the destination. No serious relays or destinations accept SMTP connection from unregistered, unathenticated hosts b/c they do not want to become an open-relay.

When your upstream SMTP server states "Relaying denied", they are purposely preventing you from acting as a openrelay - at least for more than 1 hop.

You MUST use SMTP authentication - that should always be the case for any internet accessible SMTP server.
You *may* need to re-write the email headers to avoid the "Relay denied" from upstream. It's possiuble that the SMTP authentication alone will cause the headers to improve. Sendmail can do this, but you'll need a sendmail guru for help.