Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a domain ohprs.org whose email is managed by exchange online. I have another host on a subdomain, dc1.ohprs.org. This host is physically separate from the ohprs.org hosts and is a Linux host running sendmail.
In exchange, I have a forward set up for myuser@ohprs.org to mfoley@dc1.ohprs.org. When I send an email from my personal computer to myuser@ohprs.org, it does not deliver to mfoley@cd1.ohprs.org. In Outlook, for the account myuser@ohprs.org, I get the bounce message, "myuser is not authorized to relay messages through the server that reported this error." On the dc1 host maillog I get:
How do I permit mail from Exchange to be delivered to DC1? Note that I cannot simply put 'mail-mw2nam10hn2205.outbound.protection.outlook.com' in /etc/mail/access as a RELAY because the "2205" bit changes with each message.
Note that if I forward from myuser@ohprs.org to some other host, e.g. mfoley@novatec-inc.com, it goes through without problem. So, it must have something to do with the FDQN dc1.ohprs.org.
More information on the Outlook bounce message:
Quote:
More Info for Email Admins
Status code: 550 5.7.367
The sender's message was routed to an email server outside Office 365 that returned an error that it can't relay the message. It's likely that the server isn't set up correctly to receive and relay messages sent from ohprs.org or from hprsadmin.
The receiving server is not an Office 365 server - it's likely one of your on-premises servers in a hybrid environment, a server at a smart host email service that you're trying to route messages through, or possibly a server at an email hosting service you used in the past (for example, when your MX record still points to your previous email service provider). To fix this issue, try one or more of the following:
Check the error shown in the "Error Details" section below - Check the error to determine what domain, service, or server is reporting the error. The email server needs to be configured to either accept messages from anonymous users or to include the sending domain or sending IP address in its list of authenticated senders. On an on-premises Exchange server, you can set this up in the server's receive connector. If it's a smart host managed by another service or partner, contact the service or partner and ask them to configure their servers to accept and relay messages from your domain or from your senders.
Make sure your MX/DNS records are correct - Work with your DNS hosting provider (your domain registrar, Web hosting provider, or ISP) to make sure your MX records are correctly set up to direct messages to the correct location.
Unfortunately, Office 365 support can't help fix this problem because it's likely due to misconfigured settings on an email server outside Office 365.
Why is Exchange trying to relay to dc1.ohprs.org? It should just be delivering the message there.
Is any email accepted to that address?
Is dc1.ohprs.org‘s MX pointing to the server where sendmail is?
----- The following addresses had permanent fatal errors -----
<mfoley@DC1.ohprs.org>
(reason: 550 5.7.1 <mfoley@DC1.ohprs.org>... Relaying denied)
----- Transcript of session follows -----
... while talking to dc1.ohprs.org.:
>>> DATA
<<< 550 5.7.1 <mfoley@DC1.ohprs.org>... Relaying denied
550 5.1.1 <mfoley@DC1.ohprs.org>... User unknown
<<< 503 5.0.0 Need RCPT (recipient)
I tried adding "novatec-inc.com RELAY" to DC1's /etc/mail/access and then got the bounce:
Code:
----- The following addresses had permanent fatal errors -----
<mfoley@DC1.ohprs.org>
(reason: 553 5.3.5 system config error)
----- Transcript of session follows -----
553 5.3.5 dc1.ohprs.org. config error: mail loops back to me (MX problem?)
554 5.3.5 Local configuration error
Quote:
Is any email accepted to that address?
I guess the answer would have to be "No".
Quote:
Is dc1.ohprs.org‘s MX pointing to the server where sendmail is?
There is no MX record for DC1:
Code:
$ nslookup -query=mx dc1.ohprs.org
Server: 209.18.47.61
Address: 209.18.47.61#53
Non-authoritative answer:
*** Can't find dc1.ohprs.org: No answer
Authoritative answers can be found from:
ohprs.org
origin = NS51.WORLDNIC.COM
mail addr = namehost.WORLDNIC.COM
serial = 123111914
refresh = 10800
retry = 3600
expire = 604800
minimum = 3600
Here's my problem. the domain ohprs.org does have an MX record, but that is mail.protection.outlook.com because that domain uses Exchange online. This server, DC1.ohprs.org is does not and has no domain users. So, DC1 cannot use the Exchange mail server, but I can't have a MX record just for DC1.ohprs.org, can I?
Let me step back and provide more context. I have a Windows Active Directory domain. The domain controller is Linux/Samba (but that doesn't matter here). The users use Microsoft Exchange online for email. I have a Linux server (as an apache/tomcat webserver) on the LAN, but not a domain member. It runs sendmail and is used to send messages to e.g. subscribers (not staff with Exchange accounts) when they request a password change. To get that server's Sendmail working so it could also send to Exchange accounts I had to add "define(`SMART_HOST',`ohprs-org.mail.protection.outlook.com')dnl" to the sendmail.mc file and use Exchange as a RELAY. As far as I can recall, that's all I did, email-wise. But perhaps I did something else at Exchange Admin I can't remember. That server, webserver.ohprs.org, does not have it's own MX record. Everything seem to work fine.
I'm now trying to set up a 2nd Linux/Sendmail server: dc1.ohprs.org. I've set the SMART_HOST as above. But now, when I try to send an email from my personal email to mfoley@dc1.ohprs.org I get a bounce message:
Code:
----- The following addresses had permanent fatal errors -----
<mfoley@DC1.ohprs.org>
(reason: 550 5.7.1 <mfoley@DC1.ohprs.org>... Relaying denied)
----- Transcript of session follows -----
... while talking to dc1.ohprs.org.:
>>> DATA
<<< 550 5.7.1 <mfoley@DC1.ohprs.org>... Relaying denied
550 5.1.1 <mfoley@DC1.ohprs.org>... User unknown
<<< 503 5.0.0 Need RCPT (recipient)
And the maillog on DC1 has:
Code:
Nov 29 01:54:32 DC1 sm-mta[6567]: 3AT6sV7v006567: from=<mfoley@novatec-inc.com>, size=2512, class=0, nrcpts=1, msgid=<202311290654.3AT6sTc2031063@novatec-inc.com>, proto=ESMTP, daemon=MTA, relay=novatec-inc.com [24.142.169.12]
Nov 29 01:54:33 DC1 sm-mta[6570]: STARTTLS=client, relay=ohprs-org.mail.protection.outlook.com., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Nov 29 01:54:33 DC1 sm-mta[6570]: 3AT6sV7v006567: to=<mfoley@DC1.ohprs.org>, delay=00:00:02, xdelay=00:00:01, mailer=relay, pri=122512, relay=ohprs-org.mail.protection.outlook.com. [104.47.55.138], dsn=5.7.64, reply=550 5.7.64 TenantAttribution; Relay Access Denied [ValidationStatus of '' is EmptyCertificate] [BN8NAM12FT007.eop-nam12.prod.protection.outlook.com 2023-11-29T06:54:33.592Z 08DBF036D80EC8CB], stat=Service unavailable
Nov 29 01:54:33 DC1 sm-mta[6570]: 3AT6sV7v006567: 3AT6sX7v006570: DSN: Service unavailable
Nov 29 01:54:35 DC1 sm-mta[6570]: 3AT6sX7v006570: to=<mfoley@novatec-inc.com>, delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=33725, relay=ohprs-org.mail.protection.outlook.com. [104.47.55.138], dsn=5.7.64, reply=550 5.7.64 TenantAttribution; Relay Access Denied [ValidationStatus of '' is EmptyCertificate] [BN8NAM12FT007.eop-nam12.prod.protection.outlook.com 2023-11-29T06:54:35.123Z 08DBF036D80EC8CB], stat=Service unavailable
Nov 29 01:54:35 DC1 sm-mta[6570]: 3AT6sX7v006570: 3AT6sX7w006570: return to sender: Service unavailable
I can do this just find sending to mfoley@webserver.ohprs.org and the message is delivered, no bounce, no maillog errors.
Unless there's some other config at Exchange or Sendmail I'm missing/forgetting, I can't see the difference in these two servers, except ... WEBSERVER is part of the Domain subnet at 98.102.63.105/48 and DC1 it at a different location at 24.142.169.13.
I may have solved this. Interestingly, I didn't need the SMART_HOST relay setting, and I was missing a config piece. I had to add "dc1.ohprs.org" to /etc/mail/local-host-names. More testing ...
Here's my problem. the domain ohprs.org does have an MX record, but that is mail.protection.outlook.com because that domain uses Exchange online. This server, DC1.ohprs.org is does not and has no domain users. So, DC1 cannot use the Exchange mail server, but I can't have a MX record just for DC1.ohprs.org, can I?
There you go. The problem is with your dc1. server, just like Exchange reported to you. Interesting.
Yes, you can have, and need, an MX record for dc1. As I understand it MX records tells the world where to deliver email. Without it, the connection requested on port 25 is presumed to be a relay request, which you have properly configured to not allow. Hence the bounce. Configuring to allow relaying is not the answer.
Start by setting up the MX record. Test from multiple places. Let us know what happens.
Edit: I’m presuming that sendmail is properly configured, running and listening on port 25. I don’t speak sendmail so can’t help there.
Yes, you can have, and need, an MX record for dc1. As I understand it MX records tells the world where to deliver email. Without it, the connection requested on port 25 is presumed to be a relay request, which you have properly configured to not allow. Hence the bounce. Configuring to allow relaying is not the answer.
Start by setting up the MX record. Test from multiple places. Let us know what happens.
The domain: ohprs.org, does have an MX record which is mail.protection.outlook.com. I don't think I can have another MX record for a server using a different mail server (Sendmail versus Exchange) even if the host, e.g. dc1.ohprs.org, is at a completely different location than those on the main domain e.g. webserver.ohprs.org.
If you think otherwise, how would I configure that? Just add another MX record? Would email clients be able to figure that out?
The domain: ohprs.org, does have an MX record which is mail.protection.outlook.com. I don't think I can have another MX record for a server using a different mail server (Sendmail versus Exchange) even if the host, e.g. dc1.ohprs.org, is at a completely different location than those on the main domain e.g. webserver.ohprs.org.
If you think otherwise, how would I configure that? Just add another MX record? Would email clients be able to figure that out?
Start by setting up the MX record. Test from multiple places. Let us know what happens.
It’s not “another” MX record…it’s an MX record for dc1.ohprs.orG, which doesn’t have one now.
dc1.ohprs.org is a different FQDN* running a different MTA and needs it own MX record.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.