Can anyone help?
I am getting 550 5.7.1 relaying denied;
Thru shorewall to ms exhange 5.5 email.
Sent <<< RCPT TO:user@domain.com
Received >>> 550 5.7.1 <user@domain.com>... relaying denied
Unable to deliver message to <user@domain.com> (and other recipients in
the
same domain).
****************************************************
[ /]# shorewall version
1.4.10
[ /]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
100
link/ether 00:50:04:68:6c:17 brd ff:ff:ff:ff:ff:ff
inet X.X.X.66/28 brd X.X.X.79 scope global eth0
inet X.X.X.70/32 brd X.X.X.70 scope global eth0:1
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:60:08:ad:58:ad brd ff:ff:ff:ff:ff:ff
inet Y.Y.Y.1/24 brd Y.Y.Y.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:e0:29:41:ce:3a brd ff:ff:ff:ff:ff:ff
[ /]# ip route show
X.X.X.64/28 dev eth0 scope link
Y.Y.Y.0/24 dev eth1 scope link
169.254.0.0/16 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via X.X.X.65 dev eth0
Hello Adam, Adam Sanders said the following on 16-Jun-04 6:27:> Can anyone help? > I am getting 550 5.7.1 relaying denied; > Thru shorewall to ms exhange 5.5 email. > Sent <<< RCPT TO:user@domain.com > Received >>> 550 5.7.1 <user@domain.com>... relaying denied > Unable to deliver message to <user@domain.com> (and other recipients in the > same domain).This has nothing to do with Shorewall imho, as this is only an firewall and not an email server. Your linux box probally runs sendmail, or any other common mailserver such as postfix, exim or others. Try to configure those, search google for "<mailserver> configure relay" -- Met Vriendelijke groet/Yours Sincerely Stijn Jonker <SJCJonker@sjc.nl>
Thanks Stijn.> Sent: On Behalf Of Stijn Jonker Tuesday, June 15, 2004 11:41 PM > Hello Adam, > > Adam Sanders said the following on 16-Jun-04 6:27: > > Can anyone help? > > I am getting 550 5.7.1 relaying denied; > > Thru shorewall to ms exchange 5.5 email. > > Sent <<< RCPT TO:user@domain.com > > Received >>> 550 5.7.1 <user@domain.com>... relaying denied > Unable to > > deliver message to <user@domain.com> (and other recipients > in the same > > domain). > > This has nothing to do with Shorewall imho, as this is only > an firewall > and not an email server. Your linux box probably runs > sendmail, or any > other common mailserver such as postfix, exim or others. > > Try to configure those, search Google for "<mailserver> > configure relay" > > --Actually I am sure it does relate to shorewall. A MS KB article illustrates the same error occurs when Exchange is behind a Cisco PIX firewall device with Mailguard feature turned on. The Auth and Auth login commands (Extended Simple Mail Transfer Protocol [ESMTP] commands) are stripped by the firewall, and this makes the system think that you are relaying from a non-local domain. I never had this problem (received email from the contact for 5 years) with out the firewall in place. Once the firewall was installed (in March 2004) we receive this error inconsistently. If the email is resent eventually it will go thru. Thanks
Adam Sanders wrote:> Thanks Stijn. > >>Sent: On Behalf Of Stijn Jonker Tuesday, June 15, 2004 11:41 PM >>Hello Adam, >> >>Adam Sanders said the following on 16-Jun-04 6:27: >> >>>Can anyone help? >>>I am getting 550 5.7.1 relaying denied; >>>Thru shorewall to ms exchange 5.5 email. >>>Sent <<< RCPT TO:user@domain.com >>>Received >>> 550 5.7.1 <user@domain.com>... relaying denied >> >>Unable to >> >>>deliver message to <user@domain.com> (and other recipients >> >>in the same >> >>>domain). >> >>This has nothing to do with Shorewall imho, as this is only >>an firewall >>and not an email server. Your linux box probably runs >>sendmail, or any >>other common mailserver such as postfix, exim or others. >> >>Try to configure those, search Google for "<mailserver> >>configure relay" >> >>-- > > > Actually I am sure it does relate to shorewall.Then you are wrong.> A MS KB article illustrates the same error occurs when Exchange is behind a > Cisco PIX firewall device with Mailguard feature turned on. The Auth and > Auth login commands (Extended Simple Mail Transfer Protocol [ESMTP] > commands) are stripped by the firewall, and this makes the system think that > you are relaying from a non-local domain. > I never had this problem (received email from the contact for 5 years) with > out the firewall in place. > Once the firewall was installed (in March 2004) we receive this error > inconsistently. If the email is resent eventually it will go thru.The problem with PIX firewalls can only happen when the firewall runs an SMTP proxy in which case the problem is in the proxy and NOT in the packet filter (Netfilter/Shorewall). No Shorewall/Netfilter component has any knowledge whatsoever of ESMTP commands. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
From: "Adam Sanders"> Actually I am sure it does relate to shorewall.No.. it relates to how putting a firewall in place calls for correct firewall DNAT SNAT configuration, reconfiguring Exchange and Dns possibly. The only thing that the firewall could be doing is being misconfigured by the admin who drops a firewall inplace expecting everything to auto-magically work. Not that you or someone else did that, but from your intial post it sure seems like it.. no worries though.... Not only that .. you assume the firewall is at fault and you don''t send any info to help. Sending your ifconfig output will get you NO where. If you want some real help.. Help us help you by, 1) Sending us the uncoomented protions of all shorewall files that you touched when configuring shorewall. I.E... important ones.. a) interfaces b) masq c) rules Please don''t send stuff like x.x.x.21/24 2) What is your FQ (mx) mail domain name that is mapped in public dns? 3) What ip was Exchange listening on before and what ip is it listening on now behind the firewall? I''m personally willing to help you isolate whats happening. I''m sure this would take 5 minutes or less to isolate where the problem actually lies..but with out any info to go on, you''ll be hard pressed to get any help.> A MS KB article illustrates the same error occurs when Exchange is behinda> Cisco PIX firewall device with Mailguard feature turned on. The Auth and > Auth login commands (Extended Simple Mail Transfer Protocol [ESMTP] > commands) are stripped by the firewall, and this makes the system thinkthat> you are relaying from a non-local domain.PIX is running a layer 7 smtp proxy filter of some kind. Shorewall is running Netfilter (iptables) statefull layer 3 packet filters..Again the only thing that Shorewall could be doing is being misconfigured..> I never had this problem (received email from the contact for 5 years)with> out the firewall in place.LOL.. Yes I know.. I think maybe we''ve all said this at one point in time. Or something similar. But the if you suspect that the firewall is at fault then the burden of proof is put on you to prove it.. So far we have your Opinion and an "ifconfig" output in x.x.x.x/x formatt..> Once the firewall was installed (in March 2004) we receive this error > inconsistently. If the email is resent eventually it will go thru.Your suffering from either one problem. Exchange needs to be reconfigured now that it is behind a firewall with a different ip or there''s a Exchange+Firewall+DNS issue.. Heh.. But this would''ve already been solved if you would of provided enough info..Sigh''s Me.. :) Now that you have a firewall inplace you should learn how to use tcpdump.. That alone would of helped you isolate where the problem was.. HTH''s, Joshua Banks