|
Home > Archive > Linux Debian support > September 2005 > Relaying denied error
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Relaying denied error
|
|
| google_groups3@hotmail.com 2005-08-31, 5:53 pm |
| Hi group.
First of all. I have read the FAQ and RTFM but I am still lost!
Setup:
Debian Sarge, Sendmail, Dovecot.
What I want:
I want to be able to use the server to send and receive mail using any
computer with an email client configured. I want it secure so my IP
does not get blacklisted because of spam relaying.
Problem:
Logged in via SSH I can send and receive mail fine from the terminal.
Trying to setup client access via Outlook though is proving horrible.
I send a mail and I get one back immediately saying " 550 5.7.1
<XXXXXXXXXXXX>... Relaying denied"
Please help, I am going nuts. I have been trying to solve this for
days and I have got no closer. The manuals and FAQ do not make much
sense to me. Thanks in advance.
(The XX's being the email address I am trying to send to.)
| |
| google_groups3@hotmail.com 2005-08-31, 5:53 pm |
| OK, I added the lines:
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
to sendmail.cf and remade the file. Now i get the error:
"Relaying denied. Proper authentication required."
Am I any closer or am I just making this worse??!!
| |
| google_groups3@hotmail.com 2005-08-31, 5:53 pm |
| p.s. I have set the authentication to be the same as the incoming
server for the outgoing server.
| |
|
| On Wed, 31 Aug 2005 13:16:48 -0700, google_groups3 wrote:
> Problem:
> Logged in via SSH I can send and receive mail fine from the terminal.
> Trying to setup client access via Outlook though is proving horrible. I
> send a mail and I get one back immediately saying " 550 5.7.1
> <XXXXXXXXXXXX>... Relaying denied"
Somewhere in your Sendmail configuration will be a parameter or parameters
that specify who is allowed to relay mail. (Sorry, I'm not familiar with
the specifics of Sendmail). Normally it's set to include the ip addresses
of the local lan only. You want to be very careful not to allow spammers
to relay mail.
When you ssh to the machine, you're sending from the ip address of the
same machine where Sendmail is installed, so there is no problem. When
you connect with Outlook, the ip address is from a different machine that
you need to allow by setting the right parameters in the config file.
Sendmail has a reputation as being a bit difficult to configure. You
might want to consider Postfix or Exim.
Dan
| |
|
| On Wed, 31 Aug 2005 13:37:44 -0700, google_groups3 wrote:
> OK, I added the lines:
>
> define(`confAUTH_OPTIONS', `A')dnl
> TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
>
> to sendmail.cf and remade the file. Now i get the error:
>
> "Relaying denied. Proper authentication required."
>
>
> Am I any closer or am I just making this worse??!!
Normally you don't need authentication for smtp, you're probably
making it worse.
You need to allow relaying for the ip addresses from your lan in your
config file.
Dan
| |
| google_groups3@hotmail.com 2005-09-01, 2:46 am |
| thanks, but what if this server will be used be many different people
on many different networks? that means i cannot restrict access via
network address. is there no way to do it via userid and password?
for example, yahoo mail has no idea what network you will connect from
using outlook but you can still do it.
| |
|
| On Wed, 31 Aug 2005 22:33:52 -0700, google_groups3 wrote:
> thanks, but what if this server will be used be many different people on
> many different networks? that means i cannot restrict access via network
> address. is there no way to do it via userid and password?
> for example, yahoo mail has no idea what network you will connect from
> using outlook but you can still do it.
You need to differentiate between SMTP (sending mail) and POP (collecting
mail from a mailbox).
POP requires username and password. A POP mailbox is usually accessible
from anywhere.
SMTP, on the other hand, normally doesn't require authentication, so the
SMTP server (Sendmail) will restrict who can relay mail through it.
You normally configure your email client (Outlook in your case) to send
mail via the ISP's SMTP server. The ISP will accept and relay mail onward
because you're part of its local network.
There are some SMTP authentication protocols, but they don't seem to be
widely used. I believe that Microsoft clients are not considered to be
particularly secure.
You might find some useful hints at the following site:
http://dannelson.net/LSH/mail.html
Dan
| |
| google_groups3@hotmail.com 2005-09-01, 2:46 am |
| Thanks Dan. This I understand better now but I am still stuck!
My problem is that the server is going to be used by many different
people so I cannot restrict access based on network address. Also,
some of the ISP's used do not provide SMTP relaying services. This is
my biggest problem
I assume it can be done because hotmail, yahoo and other free providers
have this service. My personal account uses an SMTP server on a
different network to mine and I have to authenticate with it via the
same userid and password as the pop3 server. This means that there can
be no restricion on network address because with this userid and
password i can access it from anywhere.
In the outlook config, there is an Outgoing Server tab. Here you can
specify a userid and password for the outgoing email server.
If this is not possible, is there another MTA that can do this?
| |
| Andy Fraser 2005-09-01, 7:47 am |
| In alt.os.linux.debian, google_groups3@hotmail.com uttered the immortal
words:
> Thanks Dan. This I understand better now but I am still stuck!
Please read <http://groups.google.com/googlegrou...ting_style.html>
paying particular attention to "Summarize what you are following up". Thank
you.
--
Andy.
| |
| William Tasso 2005-09-01, 7:47 am |
| Dan N <dan@localhost.localdomain> wrote:
> ...
> SMTP, on the other hand, normally doesn't require authentication,
I beg to differ - smtp authentication is the prefered method of
identifying users authorised to send using the server on all but locally
secured LAN installations.
> ...
> I believe that Microsoft clients are not considered to be
> particularly secure.
It's the protocol which is not secure.
There are secure methods which (typically) use a different port - Many
mailers (including Outlook Express) support this option.
--
William Tasso
| |
| google_groups3@hotmail.com 2005-09-01, 7:47 am |
| >I beg to differ - smtp authentication is the prefered method of
>identifying users authorised to send using the server on all but locally
>secured LAN installations.
>
> ...
> I believe that Microsoft clients are not considered to be
> particularly secure.
>
>It's the protocol which is not secure.
>
>There are secure methods which (typically) use a different port - Many
>mailers (including Outlook Express) support this option.
>
>--
>William Tasso
Thanks William, I thought it must have been possible. So, any idea how
to do it?
| |
| William Tasso 2005-09-01, 7:48 am |
| <google_groups3@hotmail.com> wrote:
>
> Thanks William, I thought it must have been possible. So, any idea how
> to do it?
Sorry - I just about have a handle on exim. I'm not at all familiar with
the configuration requirements of others.
However, I would suggest that you grab a real news-reader, connect to a
real news server and trawl the groups looking for a group which is
dedicated to the product you are trying to use.
This is an excellent resource for issues directly related to Debian, but
the skill-sets/knowledge you need are guaranteed to be more diluted here
than in a specialist group.
--
William Tasso
| |
| google_groups3@hotmail.com 2005-09-01, 7:48 am |
|
William Tasso ha escrito:
> <google_groups3@hotmail.com> wrote:
>
>
> Sorry - I just about have a handle on exim. I'm not at all familiar with
> the configuration requirements of others.
>
> However, I would suggest that you grab a real news-reader, connect to a
> real news server and trawl the groups looking for a group which is
> dedicated to the product you are trying to use.
>
> This is an excellent resource for issues directly related to Debian, but
> the skill-sets/knowledge you need are guaranteed to be more diluted here
> than in a specialist group.
>
> --
> William Tasso
OK, thanks! I'm off to the sendmail group!
| |
|
| On Wed, 31 Aug 2005 23:43:36 -0700, google_groups3 wrote:
> Also, some of the
> ISP's used do not provide SMTP relaying services. This is my biggest
> problem
Are you sure? I can't think of any isp that wouldn't provide email.
Dan
|
|
|
|
|