Help with smtpd as a relay

[rjdelacr]

Have been working with opensmtpd for the past week and I can't seem to get it to work. From what I've read so far, this should be relatively easy but I can't seem to get it to work.

My goal is to get our Exchange servers to relay off of this to the outside world instead of using an Exchange Edge Server.

My current config is as follows:

Code:

listen on all

table aliases db:/etc/mail/aliases.db
table smtphosts "/etc/mail/smtphosts"

accept for local alias <aliases> deliver to mbox
accept from local for any relay
accept from source <smtphosts> for any relay

SMTPHOSTS is a list of our Exchange servers. <Not wanting an open relay situation>

Everytime I send an e-mail from my Outlook client, I get the dreaded 550 Invalid recipient NDR. What am I doing wrong? Any and all help is greatly appreciated.

[TronDD]

Did you try tracing your rules to see where it matches?

https://github.com/OpenSMTPD/OpenSMT...ll-applied-%3F

If I understand correctly, when you send an email via Outlook, you are sending through the Exchange server? Then the Exchange server forwards to opensmtpd on a different server which relays to the internet?

Is your test email to a domain outside of your own? What's the full session in the openbsmtpd log?

[rjdelacr]

Thanks for the reply back. No, I haven't done a trace but I've done some tests. I've emailed from the smtpd box to outside our domain and the email gets delivered. When I try to send to the same email address from my Outlok client, 550. I'm away from my desktop at the moment but as soon as I get a chance, I'll paste a copy of the log.

[rjdelacr]

Here is the logs when I send from the smtpd box to the external address:

Code:

debug: mta: received evp:a21902fc3201814e for <dlc@rocketmail.com>
debug: mta: draining [relay:rocketmail.com] refcount=1, ntask=1, nconnector=0, nconn=0
debug: mta: querying MX for [relay:rocketmail.com]...
debug: mta: [relay:rocketmail.com] waiting for MX
debug: MXs for domain rocketmail.com:
        66.196.118.37 preference 10
        98.138.112.38 preference 10
        98.138.112.33 preference 10
        98.138.112.32 preference 10
        98.138.112.35 preference 10
        98.138.112.37 preference 10
        66.196.118.35 preference 10
        98.136.217.202 preference 10
        98.138.112.38 preference 10
        66.196.118.33 preference 10
        66.196.118.240 preference 10
        98.136.216.25 preference 10
        63.250.192.45 preference 10
        98.138.112.37 preference 10
        98.138.112.32 preference 10
        98.136.217.203 preference 10
        98.136.217.203 preference 10
        98.136.216.25 preference 10
        98.136.217.202 preference 10
        66.196.118.36 preference 10
        66.196.118.240 preference 10
        98.138.112.38 preference 10
        98.136.216.26 preference 10
        66.196.118.35 preference 10
debug: mta: ... got mx (0x7f620b10, rocketmail.com, [relay:rocketmail.com])
debug: mta: draining [relay:rocketmail.com] refcount=1, ntask=1, nconnector=0, nconn=0
debug: mta: querying source for [relay:rocketmail.com]...
debug: mta: ... got source for [relay:rocketmail.com]: []
debug: mta: new [connector:[]->[relay:rocketmail.com],0x10000]
debug: mta: connecting with [connector:[]->[relay:rocketmail.com],0x0]
debug: mta-routing: searching new route for [connector:[]->[relay:rocketmail.com],0x0]...
debug: mta-routing: selecting candidate route [] <-> 66.196.118.37
debug: mta-routing: skipping route [] <-> 98.138.112.38: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.138.112.38
debug: mta-routing: skipping route [] <-> 98.138.112.33: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.138.112.33
debug: mta-routing: skipping route [] <-> 98.138.112.32: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.138.112.32
debug: mta-routing: skipping route [] <-> 98.138.112.35: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.138.112.35
debug: mta-routing: skipping route [] <-> 98.138.112.37: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.138.112.37
debug: mta-routing: skipping route [] <-> 66.196.118.35: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 66.196.118.35
debug: mta-routing: skipping route [] <-> 98.136.217.202: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.136.217.202
debug: mta-routing: skipping route [] <-> 98.138.112.38: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.138.112.38
debug: mta-routing: skipping route [] <-> 66.196.118.33: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 66.196.118.33
debug: mta-routing: skipping route [] <-> 66.196.118.240: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 66.196.118.240
debug: mta-routing: skipping route [] <-> 98.136.216.25: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.136.216.25
debug: mta-routing: skipping route [] <-> 63.250.192.45: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 63.250.192.45
debug: mta-routing: skipping route [] <-> 98.138.112.37: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.138.112.37
debug: mta-routing: skipping route [] <-> 98.138.112.32: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.138.112.32
debug: mta-routing: skipping route [] <-> 98.136.217.203: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.136.217.203
debug: mta-routing: skipping route [] <-> 98.136.217.203: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.136.217.203
debug: mta-routing: skipping route [] <-> 98.136.216.25: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.136.216.25
debug: mta-routing: skipping route [] <-> 98.136.217.202: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.136.217.202
debug: mta-routing: skipping route [] <-> 66.196.118.36: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 66.196.118.36
debug: mta-routing: skipping route [] <-> 66.196.118.240: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 66.196.118.240
debug: mta-routing: skipping route [] <-> 98.138.112.38: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.138.112.38
debug: mta-routing: skipping route [] <-> 98.136.216.26: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 98.136.216.26
debug: mta-routing: skipping route [] <-> 66.196.118.35: current one is better
debug: mta: mta_route_unref(): really discarding route [] <-> 66.196.118.35
debug: mta-routing: spawning new connection on [] <-> 66.196.118.37
debug: mta: 0x8440c200: spawned for relay [relay:rocketmail.com]
debug: mta: connecting with [connector:[]->[relay:rocketmail.com],0x0]
debug: mta: cannot use [relay:rocketmail.com] before 2s
debug: mta-routing: no route available for [connector:[]->[relay:rocketmail.com],0x0]: must wait a bit
debug: mta: retrying to connect on [connector:[]->[relay:rocketmail.com],0x0] in 2s...
debug: mta: draining [relay:rocketmail.com] refcount=3, ntask=1, nconnector=1, nconn=1
debug: mta: scheduling relay [relay:rocketmail.com] in 1s...
smtp-out: Connecting to smtp+tls://66.196.118.37:25 (mta-v5.mail.vip.bf1.yahoo.com) on session d46afe8009c042cb...
smtp-out: Connected on session d46afe8009c042cb
debug: lka: looking up pki "fred.xxxxxxxx.net"
debug: pony: rsae_init
debug: pony: rsae_pub_dec
debug: pony: rsae_bn_mod_exp
smtp-out: Started TLS on session d46afe8009c042cb: version=TLSv1/SSLv3, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
smtp-out: Server certificate verification succeeded on session d46afe8009c042cb
debug: mta-routing: route [] <-> 66.196.118.37 (mta-v5.mail.vip.bf1.yahoo.com) is now valid.
debug: mta: connecting with [connector:[]->[relay:rocketmail.com],0x20000]
debug: mta: cancelling connector timeout
debug: mta: enough connections already
debug: mta: 0x8440c200: handling next task for relay [relay:rocketmail.com]
debug: mta: ... timeout for [relay:rocketmail.com]
debug: mta: draining [relay:rocketmail.com] refcount=2, ntask=0, nconnector=1, nconn=1
debug: mta: all done for [relay:rocketmail.com]
relay: Ok for a21902fc3201814e: session=d46afe8009c042cb, from=<root@fred.xxxxxxxx.net>, to=<dlc@rocketmail.com>, rcpt=<->, source=77.250.224.99, relay=66.196.118.37 (mta-v5.mail.vip.bf1.yahoo.com), delay=3s, stat=250 ok dirdel
debug: mta: waiting for 1s before next transaction
debug: mta: flush for a21902fc3201814e (-> dlc@rocketmail.com)
mta: timeout for session hangon
debug: mta: 0x8440c200: no task for relay [relay:rocketmail.com]
mta: debug: last connection: hanging on for 9s
mta: timeout for session hangon
debug: mta: 0x8440c200: no task for relay [relay:rocketmail.com]
mta: debug: last connection: hanging on for 8s
mta: timeout for session hangon
debug: mta: 0x8440c200: no task for relay [relay:rocketmail.com]
mta: debug: last connection: hanging on for 7s
mta: timeout for session hangon
debug: mta: 0x8440c200: no task for relay [relay:rocketmail.com]
mta: debug: last connection: hanging on for 6s
mta: timeout for session hangon
debug: mta: 0x8440c200: no task for relay [relay:rocketmail.com]
mta: debug: last connection: hanging on for 5s
mta: timeout for session hangon
debug: mta: 0x8440c200: no task for relay [relay:rocketmail.com]
mta: debug: last connection: hanging on for 4s
mta: timeout for session hangon
debug: mta: 0x8440c200: no task for relay [relay:rocketmail.com]
mta: debug: last connection: hanging on for 3s
mta: timeout for session hangon
debug: mta: 0x8440c200: no task for relay [relay:rocketmail.com]
mta: debug: last connection: hanging on for 2s
mta: timeout for session hangon
debug: mta: 0x8440c200: no task for relay [relay:rocketmail.com]
mta: debug: last connection: hanging on for 1s
mta: timeout for session hangon
debug: mta: 0x8440c200: no task for relay [relay:rocketmail.com]
debug: mta: 0x8440c200: disconnected in state MTA_QUIT
smtp-out: Error on session d46afe8009c042cb after 1 message sent: Connection closed unexpectedly
debug: mta: 0x8440c200: session done
debug: pony: rsae_finish
debug: mta_route_collect([] <-> 66.196.118.37 (mta-v5.mail.vip.bf1.yahoo.com))
debug: mta: connecting with [connector:[]->[relay:rocketmail.com],0x0]
debug: mta: no task for connector
debug: mta: mta_route_unref(): really discarding route [] <-> 66.196.118.37 (mta-v5.mail.vip.bf1.yahoo.com)
debug: mta: freeing [relay:rocketmail.com]
debug: mta: freeing [connector:[]->[relay:rocketmail.com],0x0]

Here is the logs when I send from my Outlook client:

Code:

debug: smtp: new client on listener: 0x7b3c3000
smtp-in: New session 9d2e62a025480ae3 from host 77.250.224.90 [77.250.224.90]
debug: smtp: SIZE in MAIL FROM command
smtp-in: Failed command on session 9d2e62a025480ae3: "RCPT TO:<dlc@rocketmail.com> NOTIFY=SUCCESS,FAILURE,DELAY" => 550 Invalid recipient
smtp-in: Closing session 9d2e62a025480ae3
debug: smtp: 0x809fe000: deleting session: done

[rjdelacr]

Okay, I ran a debug trace and here is what I got.

Code:

# smtpd -d -T lookup
info: OpenSMTPD 5.4.3 starting
info: startup
smtp-in: New session 3b784854e6820b6d from host 172.23.51.31 [172.23.51.31]
lookup: check "172.23.51.31" as NETADDR in table static:<localhost> -> 0
lookup: check "172.23.51.31" as NETADDR in table static:<localhost> -> 0
lookup: check "172.23.51.31" as NETADDR in table static:smtphosts -> found
lookup: check "rocketmail.com" as DOMAIN in table static:recipients -> 0
smtp-in: Failed command on session 3b784854e6820b6d: "RCPT TO:<dlc@rocketmail.com> NOTIFY=SUCCESS,FAILURE,DELAY" => 550 Invalid recipient
smtp-in: Closing session 3b784854e6820b6d

What is a "table static:recipients"? That appears to be where my problem resides.

[rjdelacr]

Thanks TronnDD I got it working!