# qmail problem: smtp won't accept email to nonlocal host

## t011

I'm trying to setup qmail and qmail-pop3d so that I can read and send mail from my localuser .maildir account.  Qmail is working fine (I think).  When logged in locally to my linux machine I am able to send and receive email.  I'm now trying to access that same email from a different machine(Win2K 192.168.1.101).  I clearly have a few complications because of the way my IP and domain names resolve.  Basically I have a fixed IP address, let's say it's 216.87.1.1.  That address resolves to a domain name given to it by my ISP, let's call it big.ass.long.domain.name.  I also have a domain name registered (let's say it's shortdomain.com) which is different from the ISP's domain name.  My machine is also behind a router on a local network, so it's actual IP is 192.168.1.100.  Everything that hits 216.87.1.1 on ports 25(smtp) or 110(pop) gets forwarded to 192.168.1.100.  This Win2k machine and the rest of my local network, plus my fixed ip (216.87.90.1), and 127.0.0.1 are in my /etc/tcp.smtp.cdb file.  By specifying 216.87.1.1 as the POP and SMTP servers I'm able to download the email from my linux machine (localuser@shortdomain.com).  Using that same account, I'm able to send email to localuser@shortdomain.com from localuser@shortdomain.com (but why would I really want to do that).  What I'd like to be able to do is to send email to whoever@wherever.com from localuser@shortdomain.com.  The problem is that I get this error message:

 *Quote:*   

> The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'whoever@wherever.com'. Subject 'email to a nonlocal account', Account: 'localuser@shortdomain.com', Server: '216.87.1.1', Protocol: SMTP, Server Response: '553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)', Port: 25, Secure(SSL): No, Server Error: 553, Error Number: 0x800CCC79

 

All the files in /var/qmail/control are generally setup accurately.  Like I said, this email server functions perfectly when dealing with local accounts, it's just the pop stuff that's a bit messed up.  /var/qmail/control/me has my FQDN which is based on my short domain name.  /var/qmail/control/locals and /var/qmail/control/rcpthosts have localhost.shortdomain.com and shortdomain.com.  What I need is for the SMTP client to treat mail coming from me on my windows machine, using my localuser@shortdomain.com address, as if it originated locally.  Obviously it doesn't make any sense that in order to send email out using SMTP, that the recipients domain name would need to be in rcpthosts.  Why isn't my windows machine, whose ip address is listed in /etc/tcp.smtp.cdb, allowed to relay email, through SMTP, to my linux machine for delivery to another address not listed in local or rcpthosts?

Thanks for any help you can provide.

t011

----------

## fathergrief

The problem is you need to specify which address are allowed to send mail anywhere, if your IP address is not on that list, Qmail will only accept email going to your own accounts. For more information and for how to set this up go to http://www.palomine.net/qmail/selectiverelay.html

----------

## Larde

Actually, from what you write, I think you have set it up ok and that it should work. Hmm, you always write the IPs that you want to be allowed to relay are listed in /etc/tcp.smtp.cdb. Just to be sure: You didn't put them in there manually, did you? I assume you created that file with something like tcprules /etc/tcp.smtp.cdb /tmp/bla < /etc/tcp.smtp - so what's in your /etc/tcp.smtp? Perhaps you got the syntax wrong somehow?

Larde.

----------

## t011

To clarify my /etc/tcp.smtp config, here it is:

 *Quote:*   

> 127.0.0.1:allow,RELAYCLIENT=""
> 
> 192.168.1.100:allow,RELAYCLIENT=""
> 
> 192.168.1.101:allow,RELAYCLIENT=""
> ...

 

My linux machine is 192.168.1.100 and the win2k machine I'm trying to access from is 192.168.1.101.  216.87.90.1.1 is my external static ip.  I then compiled it into the cdb format by issuing this command (as root):

 *Quote:*   

> tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp

 

Both tcp.smtp and tcp.smtp.cdb are owned root:root and set 644.  I've read over the article at 

http://www.palomine.net/qmail/selectiverelay.html, but I don't see anything that I'm doing wrong versus what's in the article.  Maybe, it's just not obvious to me.  

Thanks for taking a look at my problem, and thanks for any other insight you may be able to provide.

t011

----------

## t011

Well, I figured out what was wrong with my configuration.  I needed to add the address of my router to the /etc/tcp.smtp file.  Once I did that, and issued  the command to convert that into /etc/tcp.smtp.cdb it would accept my mail.  Looking at the headers of the test messages, it appears that despite the email originating from 192.168.1.101 and going to 192.168.1.100, it passes through my router at 192.168.1.1, and the router's ip is the only address that the tcprules see.  Thanks for the help.

t011

----------

## lord

I also have the same problem, but it doesnt help adding any IP except the senders IP with RELAYCLIENT="".... and thats not very helpful =/

right now I got:

```
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"

:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
```

I'm managing virtual hosts and they got virtual POP3 accounts and they work fine. All users can pick up their emails, but nobody can email any adress that's not in rcpthosts.... kinda useless. I've been googling and reading qmail's archives with no luck for many hours now ... any advice would be really appreciated =)

Everyone keeps saying that there's something with relaying but LWQ and selectiverelay FAQ are really not helping =/

----------

## dlove

I beat my head against this for days:

 *lord wrote:*   

> All users can pick up their emails, but nobody can email any adress that's not in rcpthosts.... kinda useless.  =/

 

until pinning the problem on an ipv6 patch in ucspi-tcp.  If you have the ipv6 USE flag set, then try this:

```

/etc/init.d/svscan stop

emerge -C ucspi-tcp

env USE="-ipv6" emerge sys-apps/ucspi-tcp

/etc/init.d/svscan start

```

(submitting bug report now)

Something in that patch hoses the ipv4/RELAYCLIENT handling in tcpserver.

Note that when you disable ipv6 for the build, you'll immediately pick up some other patch if you have the ssl USE flag set.  That doesn't seem to be causing any problems here (yet), but you might want to also turn off ssl for the build (USE="-ipv6 -ssl") , just to be safe.

----------

## dlove

 *dlove wrote:*   

> Note that when you disable ipv6 for the build, you'll immediately pick up some other patch if you have the ssl USE flag set.  That doesn't seem to be causing any problems here (yet), but you might want to also turn off ssl for the build (USE="-ipv6 -ssl") , just to be safe.

 

Ok, I spoke too soon.   The ssl patch kills qmail-qmqpd, so you'll definitely need "USE=-ipv6 -ssl" when compiling ucspi-tcp.

----------

## java geek

I followed youre instructions and now sys-apps/ucspi-tcp wont emerge. I get the following error. Any insight into it?

 USE="-ipv6 -ssl" emerge sys-apps/ucspi-tcp Calculating dependencies ...done!

>>> emerge (1 of 1) sys-apps/ucspi-tcp-0.88-r5 to /

>>> md5 src_uri  :Wink:  ucspi-tcp-0.88.tar.gz

>>> Unpacking source...

>>> Unpacking ucspi-tcp-0.88.tar.gz to /var/tmp/portage/ucspi-tcp-0.88-r5/work

* Applying 0.88-errno.patch... [ ok ]

>>> Source unpacked.

make: the `-j' option requires a positive integral argument

Usage: make [options] [target] ...

Options:

-b, -m Ignored for compatibility.

-B, --always-make Unconditionally make all targets.

-C DIRECTORY, --directory=DIRECTORY

Change to DIRECTORY before doing anything.

-d Print lots of debugging information.

--debug[=FLAGS] Print various types of debugging information.

-e, --environment-overrides

Environment variables override makefiles.

-f FILE, --file=FILE, --makefile=FILE

Read FILE as a makefile.

-h, --help Print this message and exit.

-i, --ignore-errors Ignore errors from commands.

-I DIRECTORY, --include-dir=DIRECTORY

Search DIRECTORY for included makefiles.

-j [N], --jobs[=N] Allow N jobs at once; infinite jobs with no arg.

-k, --keep-going Keep going when some targets can't be made.

-l [N], --load-average[=N], --max-load[=N]

Don't start multiple jobs unless load is below N.

-n, --just-print, --dry-run, --recon

Don't actually run any commands; just print them.

-o FILE, --old-file=FILE, --assume-old=FILE

Consider FILE to be very old and don't remake it.

-p, --print-data-base Print make's internal database.

-q, --question Run no commands; exit status says if up to date.

-r, --no-builtin-rules Disable the built-in implicit rules.

-R, --no-builtin-variables Disable the built-in variable settings.

-s, --silent, --quiet Don't echo commands.

-S, --no-keep-going, --stop

Turns off -k.

-t, --touch Touch targets instead of remaking them.

-v, --version Print the version number of make and exit.

-w, --print-directory Print the current directory.

--no-print-directory Turn off -w, even if it was turned on implicitly.

-W FILE, --what-if=FILE, --new-file=FILE, --assume-new=FILE

Consider FILE to be infinitely new.

--warn-undefined-variables Warn when an undefined variable is referenced.

This program built for i686-pc-linux-gnu

Report bugs to <bug-make@gnu.org>

!!! ERROR: sys-apps/ucspi-tcp-0.88-r5 failed.

!!! Function src_compile, Line 38, Exitcode 2

!!! (no error message)

----------

## java geek

problem was solved https://forums.gentoo.org/viewtopic.php?p=342899#342899

----------

## slott_hansen

I've been fidling with qmial for a looong time now and I'm this close to give up. I've had problems receiving external emails addresses (local onese work fine) and followed the guide on "life with qmail".

Everything should work accordingly to the guide and my stats match the ones from the guide. The problem is that now things are even worse than before  :Sad: 

Now I can't even SEND anything from my server using squirrelmail which worked before...

Can anyone shed some light on this problem ?

----------

## SyS_RaGE

I'm having the same problem as the original post of this thread. I tried your suggestions (USE=-ipv6 -ssl) but still have the same problem. I'm using qmail and vpopmail. Anybody have any other ideas for me to try?

----------

## SyS_RaGE

Nevermind, I fixed it. My problem was that I needed to add my LAN IP to /etc/hosts. Seems kind of stupid to me that that is necessary, but oh well. It works now =)

----------

## radulucian

hi guys, had the same problem it wasn't obvious from this thread what is the solution.

i had vpopmail-5.2.1-r9 wich was working fine but open relay then i upgraded to vpopmail-5.2.2-r1 which failed to authenticate 

i did

```

/etc/init.d/svscan stop 

emerge -C ucspi-tcp 

env USE="-ipv6 -ssl" emerge sys-apps/ucspi-tcp 

/etc/init.d/svscan start 

```

and now everything is working fine, as long as i authenticate any request for outgoing mail with smtp server

thanks for the tip.

----------

## newtonian

 *radulucian wrote:*   

> hi guys, had the same problem it wasn't obvious from this thread what is the solution.
> 
> i had vpopmail-5.2.1-r9 wich was working fine but open relay then i upgraded to vpopmail-5.2.2-r1 which failed to authenticate 
> 
> i did
> ...

 

I was getting 553 sorry, that domain isn't in my list of allowed rcpthosts when trying to send mail from localhost

to gmail without authentication.

So this is what I did to get it working.

1.followed this: http://gentoo-wiki.com/TIP_Setup_Your_FQDN

2.followed the "Warning: If you don't receive any mail or you see weird errors" section in the official gentoo qmail howto

3. followed radulucian's advice in the post above.

Now, local programs sending through localhost can send without having to authenticate.

 :Very Happy: 

Cheers,

----------

