This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Relay access denied - receive Mails for a second domain

Hello,

we currently receive Mails for a single domain. Now we would like to receive mails for a second domain as well.

The MXRecord for the second domain is already set and we do see the e-mails in PureMessage Logs.

When checking the log I can see the following:

Activity: 

Rejected service@seconddomain.de: Relay access denied

 

This is how the Log entry looks like:

 

When looking for "relay access denied" in google, Most of the answers are related to UTM9 devices and not puremessage.

Thanks in advance!

 



This thread was automatically locked due to age.
Parents
  • Are you using puremessage for exchange or unix ?

    if exchange, then the allowed domains must be configured via exchange connectors as exchange handles all connections (so could be a firewall rule on the box or similar) 

    If your using puremessage for unix

    you must configure postfix by adding the domain, or wildcard domain to the transport file as a domain you accept mail for. (see main.cf and master.cf files)

     

    In the case of pmExchange .. the program is really just a filter that exchange delivers mail to..  Im not sure there is actually a way of making purememssage reject mail unless it triggers av/as or similar rules. 

     

    try doing a telnet test to to see if your actually connecting.. or getting rejected by the firewall..

     

    Telnet address 25
    Helo localhost
    Mail from: test@sub.domain.com.com
    Rcpt to: justin@mydomain.com

    DATA
    Subject: test email
    From: someemail@some.cdomain.com

    ENTER MESSAGE
    (blank line)
    .

    you should see a message that says something like sending ID# .. etc.

    if you dont even conect to the server, its a firewall rule.

    if you get to rcpt to: and it fails.. you dont accept mail for that domain

     

    if you get past both of those, you should be able to send the email.. if you dont get it.. you know its downstream  .. could be an exchange rule or outlook rule.

Reply
  • Are you using puremessage for exchange or unix ?

    if exchange, then the allowed domains must be configured via exchange connectors as exchange handles all connections (so could be a firewall rule on the box or similar) 

    If your using puremessage for unix

    you must configure postfix by adding the domain, or wildcard domain to the transport file as a domain you accept mail for. (see main.cf and master.cf files)

     

    In the case of pmExchange .. the program is really just a filter that exchange delivers mail to..  Im not sure there is actually a way of making purememssage reject mail unless it triggers av/as or similar rules. 

     

    try doing a telnet test to to see if your actually connecting.. or getting rejected by the firewall..

     

    Telnet address 25
    Helo localhost
    Mail from: test@sub.domain.com.com
    Rcpt to: justin@mydomain.com

    DATA
    Subject: test email
    From: someemail@some.cdomain.com

    ENTER MESSAGE
    (blank line)
    .

    you should see a message that says something like sending ID# .. etc.

    if you dont even conect to the server, its a firewall rule.

    if you get to rcpt to: and it fails.. you dont accept mail for that domain

     

    if you get past both of those, you should be able to send the email.. if you dont get it.. you know its downstream  .. could be an exchange rule or outlook rule.

Children
  • Thank you for your reply.

    I am using puremessage for unix, sorry for not mentioning this before.

    Where can I find the files you mentioned?

    main.cf and master.cf

     

    Is there no way to use the webinterface to add a domain?

  • skys the limit with pmx.. but in the case of routing and validation.. all of that config is done with postfix / text config files and postmapping the database files.. the gui is basically for configuration/policy, services and cluster management and quarantine searches .. 

     

    highly recommend checking out the postfix site directly as all of the specif examples are directly transferable to pmx.

     

    but here is a little crash course... 

     

    the default files are in /opt/pmx6/postfix/etc 

    you should see the main.cf .. if your talking about wanting to accept mail from your own hosts, update the my networks and relay hosts.. 

     

    if your wanting to accept mail from outside domains .. depending on your configuration you will need to modify the transport file and virtual files.. then run postmap to recompile the .db file.. and restart postfix..

     

    ie:

    to accept mail of abc.com and route it to aws 

    your transport file may look something like

    abc.com                                                aws.mydomain.mymailserver.com

    or

    .abc.com                                               aws.mydomain.mymailserver.com

    for sub domains like jimmy@domainx.abc.com

     

    if you wish to do validation on that domain you may also need have an accept file with a list of valid email addresses

    maye be something like

    /opt/pmx6/postfix/etc/accept.human

    jimmybob@abc.com                           jimmybob@abc.com

    or if you had alias accounts

    jimmybob@abc.com                           jimmy@abc.com

     

    skys the limit there.

     

    once all your config is done you will need to use postmap to compile the db files.. 

    ie

    /opt/pmx6/postfix/sbin/postmap hash:/opt/pmx6/postfix/etc/accept.humans

    then restart postfix

     

     

    in this case to once you postmap and restart postfix.. when you do your telnet test .. you should either be accepted or dropped the second you enter rcpt to command..

  • Yesterday I tried to follow your instructions.

    I did as followed:

    1. Edited main.cf and added the domain

     

    2. Edited transport file

     

    3. Wasn't able to follow this instruction:

     

    once all your config is done you will need to use postmap to compile the db files.. 

    ie

    /opt/pmx6/postfix/sbin/postmap hash:/opt/pmx6/postfix/etc/accept.humans

    then restart postfix

     

    I couldn't find any "accept.humans" file, was this kind of a joke and you meant the db file "transport.db"? If so I am not too familiar with puremessage that I would understand that joke, sorry :s

    Did I do the first two steps correctly and just failed at the recompiling of the db file?

  • Hi Justin,

    the accept file was just an example.. in your config you will specifically set your own files to compile.. could be called anything you like as long as they exist and in the proper format.

    the postmap command would just be what ever you have called the file in postfix configuration.

    and yes if you did not compile the db file properly it would not work.. you need the updated db file and to restart or reload postfix .. either will work..  

     

    you can verify the changes by using a tool such as zgrep -i searchtext filename .. this will search the binary and report it either exists or was not found.

     

    Unfortunately PMX configuration is not a friendly experience, nor can it really be supported via the forums as everyone's configuration is unique.

     

    I strongly recommend you open a support case and set up an rdp/ssh session so an engineer can assist you with your specific configuration..  

  • Actually open it through the admin ui on your csm, ensure you check off "attach configuration" and that will include the majority of your configuration.. this will help the engineer evaluate your specific configuration. 

  • Thank you! I was able to add another domain and successfully pass it through the other systems.

    After adding the domain inside the main.cf and the transport file and compiling the transport file, I successfully received emails from the second domain.

     

    To be honest the support had rather rough answers which wouldn't let me solve this issue.

    To be fair I didn't use the inbult function to open a ticket within puremessage, maybe the outcome would have been different that way.

     

    Thanks again!

    Best regards

    Justin