1

One of my clients has a needlessly complex e-mail setup for a couple of domains, which is causing problems when they try to send e-mail between them.

They have a couple of domains where mail follows a slightly weird path:

  • Users connect to an Exchange server to send e-mail
  • The exchange server relays the message to an ISP-owned SMTP server as a smart host
  • The ISPs server delivers the mail to the mail exchanger specified in DNS
  • The mail exchanger is another server that runs hMailServer
  • The Exchange server connects to the hMail server via POP3 and retrieves the messages.

The problem arises when they send mail between addresses in the same domain, or two addresses that are present on the hMail server. hMail requires SMTP authentication when sending from local to local addresses, so the messages don't arrive.

Removing SMTP authentication isn't really an option, as the server has been the target of spam being sent from spoofed local addresses. SMTP authentication prevents this. It is possible to add the ISP's mail server as an IP range with specific rules, but this seems inelegant.

Bearing in mind I only have access to the hMail server and not the Exchange server, is there a better way of going about this?

toryan
  • 231
  • 3
  • 6
  • 17

2 Answers2

1

Are the users sending mail via an Exchange client, then receiving their mail to the hMail server? I think I'm missing something, because that split is pretty strange.

If the hMail server requires SMTP auth for local domain messages, then you'll have to get around it somehow. If you can't make any changes to the Exchange server, then that pretty much leaves building an exemption. I would suggest making sure the ISP's server is marked as an Incoming Relay, and then whitelist the Exchange server as not needing SMTP-auth. At least this way you're whitelisting the Exchange server rather than the whole ISP. Is it still inelegant? Maybe. But you've got a complicated setup.

NathanG
  • 1,356
  • 10
  • 14
  • I hadn't considered using an incoming relay, so thanks for that. Whitelisting the ISP's server was my first thought, I just wondered if there was a more 'elegant' solution to the problem. – toryan Apr 13 '12 at 13:21
  • The server has to know to trust the mail from Exchange. You could do something if you could make changes on the Exchange side, but since you can't, all that's left is the server you can control. :( – NathanG Apr 13 '12 at 14:31
  • Having read the documentation, I'm not sure that Incoming Relays work in the way you suggest, so I've added an IP range for the ISP's server and this seems to be working. I guess now we wait and see if any other problems arise. – toryan Apr 18 '12 at 08:04
0

It seems you may have sorted this but in hMailServer adding the IP range and turning off local to local authentication is the correct way to do what you're trying to do.

Was there something else you had in mind that would be more "elegant"?

briantist
  • 2,545
  • 1
  • 19
  • 34