IspConfig 3 Email Routing

Discussion in 'Installation/Configuration' started by dylan.chrysanthou, May 31, 2018.

  1. dylan.chrysanthou

    dylan.chrysanthou New Member

    Hi All,
    I am hoping someone can assist.

    I have an ISPconfig 3 server hosted in the cloud. I need to route mail sent to a domain whose MX records are pointed at this box to a onsite mail server.
    I have configured the domain under email routing:
    Server: My Server
    Domain: domain.com
    No MX Lookup ticked
    destination: 1.2.3.4
    Sort by 5
    Active: Ticked.

    When i check mail.log emails are rejected as mail relay access denied.
    Is there something i am missing. I know if i add the domain under mail domains, ISPConfig is going to reject mail as the address wont be in the virtual address tables.
    Any assistance will be appreciated/
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Add the email addresses that shall be forwarded under relay recipients in the mail module in ispconfig, or alternatively add @domain.tld there to forward anything for that domain. In the second case, the receiving server should accept all incoming emails to not produce backscatter.
     
  3. dylan.chrysanthou

    dylan.chrysanthou New Member

    I assume you mean Relay Recipients. I have tested that with an individual address as well as @domain.com...
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you add that domain as email domain? If yes, remove the email domain.
     
  5. dylan.chrysanthou

    dylan.chrysanthou New Member

    I did initially add it but then realized on the bounce back that the mailbox user wont be found.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Then it should work when you add the email routing, the relay recipient and don't add it as email domain. I use that setup here on several servers in front of exchange servers.
     
  7. dylan.chrysanthou

    dylan.chrysanthou New Member

    It's weird i agree. Theoretically it should work. I can only think that something in postfix is not configured correctly.
    Below is the precise log in mail.log, i have just redacted the addresses:
    May 31 14:45:50 myserver postfix/smtpd[187727]: NOQUEUE: reject: RCPT from mail-ve1eur01on0118.outbound.protection.outlook.com[104.47.1.118]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<EUR01-VE1-obe.outbound.protection.outlook.com>
     
  8. dylan.chrysanthou

    dylan.chrysanthou New Member

    Interestingly if I add a mailbox on a different domain to the server, and correctly point MX records etc. When I try and send an email to one of the mailboxes that needs to be transported, I receive the below:

    <[email protected]>: mail a.co.za loops back to myself
     
  9. dylan.chrysanthou

    dylan.chrysanthou New Member

    Problem Still exists, as a temporary solution. I have configured the mail accounts and am just fetching the mail via fetchmail on the local server. Will try recreate the problem with a VM.
     
  10. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    well, you have probably no right to pretend to be ve1eur01on0118.outbound.protection.outlook.com while trying to route the mail as is from a to b. fetching mail or forwarding mails might work, but this is not the situation where you are one of the mail routers from microsoft ;)
     
  11. dylan.chrysanthou

    dylan.chrysanthou New Member

    Perhaps i have miss typed the redactions. I am not trying to be microsoft servers. Scenario is as follows:
    There is a domain, [email protected], b.co.za has a local domain server, what i am trying to do is route the mail through my ispconfig server and have it relay the mail to the local mail server. The relay error above is what is logged in the mail.log when a different domain tries to send mail to @b.co.za
     
  12. konoskoncepts

    konoskoncepts New Member

    I have this same problem...

    cannot seem to work it through and I am an experienced mail administrator. It seems that mail transports that are local nets are still being relayed out of the WAN instead of resolved over the LAN hence your loopback problem as well. WAN is address is being resolved instead of internal in that case.

    Has anyone overcome this issue?

    Till? Any ideas?
     
  13. konoskoncepts

    konoskoncepts New Member

    This is now working for me...

    In Advanced Email Routing, I have found that contrary to the manual, the Domain must not have an email address or a wildcard. Only the full domain to route is valid otherwise Relay access denied is returned.

    If relaying to local networks, one must manually ad the local networks to mynetworks in postfix main.cf
    Not sure if there is anywhere in ISPConfig where this can be configured.
    eg: mynetworks = 127.0.0.0/8 [::1]/128 192.168.8.0/24 192.168.9.0/24
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    The manual does not say that.

    That's wrong as well. Email domains or the email addresses that your server shall accept for relaying have to be added under Email > Relay recipients. Please see ISPConfig manual, chapter 4.7.6.4 Relay Recipients.
     
  15. konoskoncepts

    konoskoncepts New Member

    Hi Till...

    The manual does indeed say that... From the manual 4.7.1.7 (Email Transport):

    Now, if i follow this and use [email protected],xyz,au or *@mydomain,xyz,au then mails are not transferred or submitted via mta to my internal systems but if i simply enter the domain only, it works. Not sure what's going on here but I have been over this many times and when configured as per manual, the MTA returns Relay access denied as it attempts to transfer mail via upstream (WAN).

    Postfix won't relay to local nets unless told which nets are allowed, hence:
    mynetworks = 127.0.0.0/8 [::1]/128 192.168.8.0/24 192.168.9.0/24
    How does one enable local nets via ISPConfig UI?

    I have also done this using @mydomain,xyz,au sytnax.

    These are not FQDN systems because they are down stream through internal networks and therefore muse be routed using their internal IP addresses. Could this be is a DNS issue? I do not have DNS server component enabled. I tried to force downstream transfer by configuring as per manual and adding internal servers to hosts file but the MTA still attempted to transfer via upstream.

    This problem no longer affects me as I have since deployed a VM using Exim router and hubbed hosts to handle domain based mail routing but I would still like see a resolution. Just from reading online it is my understanding that others are still experiencing the same behavior. In certain cases like this, following the manual doesn't work.

    To be clear, I'm not challenging you or the manual :) Love your work, and the product. In my case, it is not a conventional setup anyway.

    Cheers
    Nathan
     
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    As you don't trust the ispconfig manual, you might want to trust the postfix manual of what you can use in postfix transport:

    http://www.postfix.org/transport.5.html

    I'll cite the relevant part here:

    Code:
    [email protected] transport:nexthop
                  Deliver mail for [email protected] through transport to nex-
                  thop.
    
           [email protected] transport:nexthop
                  Deliver mail for [email protected] through transport to nexthop.
    
           domain transport:nexthop
                  Deliver mail for domain through transport to nexthop.
    
           .domain transport:nexthop
                  Deliver mail for any subdomain of domain  through  transport  to
                  nexthop. This applies only when the string transport_maps is not
                  listed  in  the  parent_domain_matches_subdomains  configuration
                  setting.  Otherwise, a domain name matches itself and its subdo-
                  mains.
    
           * transport:nexthop
                  The special pattern * represents any address (i.e. it  functions
                  as  the  wild-card  pattern,  and is unique to Postfix transport
                  tables).
    So you can use the email address, the domain, .domain.tld and * according to the postfix manual.

    Just add the relay recipients as described in the manual, see chapter 4.7.6.4 Relay Recipients. The Relay recipients must match the receiving domain or email address.

    I use this setup on several ISPConfig servers in front of Exchange servers and it works fine.
     
  17. konoskoncepts

    konoskoncepts New Member

    Till you've completely misunderstood my intention of posting here and I now regret that I even bothered.

    You seem to take other peoples problems as a personal affront, an attitude that is entirely unhelpful as a forum member and a developer. This is not how community forums and open source platforms work mate. Clearly, you just want to defend your own product and its manual but have no intention of helping people actually work through their deployment issues.

    As i have said, I am not challenging you or the manual but trying to get to the bottom of the problem in case anyone else experiences the same behavior. That is how a community forum works... folks helping each other out. Doesn't bother me because I have been a linux mail administrator for 25 years and can work these things out myself.

    For those of you who are still experiencing similar issues, I haven't had a chance to fully investigate the behavior I have experienced with my deployment but if and when I determine the answer, I will document. It is clearly something out of the ordinary and may possibly be out of the scope of normal operation.
     

Share This Page