English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
Reject 550 <username> is not allowed access from your location
-
Hello,
Just configuring MDaemon and Gateway to take over from an old Exchange system.
I get the 550 not allowed access error from the smart hosted Gateway (logs) when trying to send from an account on MDaemon.
Any suggestions what I might have missed?
-
Arron Staff
Are you using SecurityGateway and is it returning the 550 error? If you are and it is returning the error, by default SecurityGateway only accepts messages from local users that are from IPs configured as domain mail servers. You can configure a domain mail server by going to Setup / Users | Mail Configuration | Domain Mail Servers.
If that is not it, log snippets that show the error occurring and a better undertanding of the mail routing that is causing issues would be helpful.
-
Thanks Arron, that got me pointed in the right direction. We used a FQDN to allow the MDaemon to talk to SecurtiyGateway but the DMZ record wasn't pointing to the correct IP. Changing to the explicit Trusted IP it worked.
Exchange is now forwarding inbound mail to the SecurityGateway if it doesn't find the user mailbox. The message is delivers to MDaemon. Great.
Now the second part of this is trying to get local Exchange users to be able to send mail to other local domain users residing on MDaemon. We will take another look at this tomorrow. It seems to be redirecting out the front door from the SecurityGateway...
Tue 2025-01-14 17:09:43: --> MAIL From:<user1@dougallmedia.com> SIZE=6821Tue 2025-01-14 17:09:43: <-- 250 2.1.0 Sender OKTue 2025-01-14 17:09:43: --> RCPT To:<user2@dougallmedia.com>Tue 2025-01-14 17:09:43: <-- 250 2.1.5 Recipient OKTue 2025-01-14 17:09:43: --> DATATue 2025-01-14 17:09:43: <-- 354 Start mail input; end with .Tue 2025-01-14 17:09:43: Sending <C:\Program Files\MDaemon Technologies\SecurityGateway\Temp\49ddec30454b4da08453780c66c85c4c.tmp> to [192.168.1.14]Tue 2025-01-14 17:09:43: <-- 250 2.6.0 <CH2PR01MB6054FE7688A2F5362C4116BFAB182@CH2PR01MB6054.prod.exchangelabs.com> [InternalId=7247] Queued mail for deliveryTue 2025-01-14 17:09:43: ----------
-
Arron Staff
If dougallmedia.com is configured as a domain in SecurityGateway, it should be sending it to the domain mail servers that are configured. Does user2@dougallmedia.com exist in SecurityGateway?
Is the user configured to use the domain mail server for the domain or have you configured a domain mail server for that user account? (Setup / Users | Accounts | Select a domain | Users | Select a User | Edit, scroll down and you will see the mail delivery section that allows you to specify a domain mail server to be used for that user account)
What does the rest of the transcript show is happening?
-
To be clear, there is no problem with sending external mail in or out though Exchange which hands it off to SGW then MDaemon server mailbox.
Yes the user is listed on within the domain on MDaemon and SecurityGateway (SGW). It may be an order of operations thing to some extent. Both servers are listed in the Mail Delivery list and 'use domain mail servers' was selected by default. The Exchange server was listed first.
If we change the Mail Delivery to 'Deliver mail using specified mail server' and just select MDaemon Mail Server.. Test from Exchange server from the same domain to a user (on the same domain) on DMaemon we get a 550 5.7.1 Sender unknown. We tried adding the domain name to the Allow list using both *@domain.com and the 'specific domain' allow entering the FQDN of the exchange server. Once that was done we got an Authentication required message. The sending user on the Exchange machine does not have a user account on the MDaemon servers.
It looks like MDaemon just looks to itself since is thinks it has that domain to itself.
Wed 2025-01-15 11:58:49: Attempting TCP connection to [192.168.1.146 : 25]Wed 2025-01-15 11:58:49: Socket connection established (192.168.204.72 : 54662 -> 192.168.1.146 : 25)Wed 2025-01-15 11:58:49: Waiting for protocol initiation...Wed 2025-01-15 11:58:49: <-- 220 mail3.dougallmedia.com ESMTP Wed, 15 Jan 2025 11:58:27 -0500Wed 2025-01-15 11:58:49: --> EHLO dougallmedia.comWed 2025-01-15 11:58:49: <-- 250-mail3.dougallmedia.com Hello dougallmedia.com [192.168.204.72], pleased to meet youWed 2025-01-15 11:58:49: <-- 250-ETRNWed 2025-01-15 11:58:49: <-- 250-AUTH LOGIN PLAINWed 2025-01-15 11:58:49: <-- 250-8BITMIMEWed 2025-01-15 11:58:49: <-- 250-ENHANCEDSTATUSCODESWed 2025-01-15 11:58:49: <-- 250-PIPELININGWed 2025-01-15 11:58:49: <-- 250-CHUNKINGWed 2025-01-15 11:58:49: <-- 250-STARTTLSWed 2025-01-15 11:58:49: <-- 250 SIZEWed 2025-01-15 11:58:49: --> STARTTLSWed 2025-01-15 11:58:49: <-- 220 2.7.0 Ready to start TLSWed 2025-01-15 11:58:49: SSL negotiation successful (TLS 1.2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)Wed 2025-01-15 11:58:49: --> EHLO dougallmedia.comWed 2025-01-15 11:58:49: <-- 250-mail3.dougallmedia.com Hello dougallmedia.com [192.168.204.72], pleased to meet youWed 2025-01-15 11:58:49: <-- 250-ETRNWed 2025-01-15 11:58:49: <-- 250-AUTH LOGIN PLAINWed 2025-01-15 11:58:49: <-- 250-8BITMIMEWed 2025-01-15 11:58:49: <-- 250-ENHANCEDSTATUSCODESWed 2025-01-15 11:58:49: <-- 250-PIPELININGWed 2025-01-15 11:58:49: <-- 250-CHUNKINGWed 2025-01-15 11:58:49: <-- 250-REQUIRETLSWed 2025-01-15 11:58:49: <-- 250 SIZEWed 2025-01-15 11:58:49: --> MAIL From:<User1@dougallmedia.com> SIZE=2778Wed 2025-01-15 11:58:49: <-- 550 5.7.1 Sender unknownWed 2025-01-15 11:58:49: ----------I have mailbox on both systems and sending from exchange to a mailbox user with only a mailbox on MDaemon I'm rejected with 530 5.7.0 Authentication requiredWed 2025-01-15 12:09:57: --> 250 Ok, message savedWed 2025-01-15 12:09:57: <-- QUITWed 2025-01-15 12:09:57: --> 221 See ya in cyberspaceWed 2025-01-15 12:09:57: SMTP session successful (Bytes in/out: 34119/398)Wed 2025-01-15 12:09:57: ----------Wed 2025-01-15 12:09:57: Attempting TCP connection to [192.168.1.146 : 25]Wed 2025-01-15 12:09:57: Socket connection established (192.168.204.72 : 54965 -> 192.168.1.146 : 25)Wed 2025-01-15 12:09:57: Waiting for protocol initiation...Wed 2025-01-15 12:09:57: <-- 220 mail3.dougallmedia.com ESMTP Wed, 15 Jan 2025 12:09:35 -0500Wed 2025-01-15 12:09:57: --> EHLO dougallmedia.comWed 2025-01-15 12:09:57: <-- 250-mail3.dougallmedia.com Hello dougallmedia.com [192.168.204.72], pleased to meet youWed 2025-01-15 12:09:57: <-- 250-ETRNWed 2025-01-15 12:09:57: <-- 250-AUTH LOGIN PLAINWed 2025-01-15 12:09:57: <-- 250-8BITMIMEWed 2025-01-15 12:09:57: <-- 250-ENHANCEDSTATUSCODESWed 2025-01-15 12:09:57: <-- 250-PIPELININGWed 2025-01-15 12:09:57: <-- 250-CHUNKINGWed 2025-01-15 12:09:57: <-- 250-STARTTLSWed 2025-01-15 12:09:57: <-- 250 SIZEWed 2025-01-15 12:09:57: --> STARTTLSWed 2025-01-15 12:09:57: <-- 220 2.7.0 Ready to start TLSWed 2025-01-15 12:09:57: SSL negotiation successful (TLS 1.2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)Wed 2025-01-15 12:09:57: --> EHLO dougallmedia.comWed 2025-01-15 12:09:57: <-- 250-mail3.dougallmedia.com Hello dougallmedia.com [192.168.204.72], pleased to meet youWed 2025-01-15 12:09:57: <-- 250-ETRNWed 2025-01-15 12:09:57: <-- 250-AUTH LOGIN PLAINWed 2025-01-15 12:09:57: <-- 250-8BITMIMEWed 2025-01-15 12:09:57: <-- 250-ENHANCEDSTATUSCODESWed 2025-01-15 12:09:57: <-- 250-PIPELININGWed 2025-01-15 12:09:57: <-- 250-CHUNKINGWed 2025-01-15 12:09:57: <-- 250-REQUIRETLSWed 2025-01-15 12:09:57: <-- 250 SIZEWed 2025-01-15 12:09:57: --> MAIL From:<user1_withmailboxesonbothserver@dougallmedia.com> SIZE=34253Wed 2025-01-15 12:09:57: <-- 250 2.1.0 Sender OKWed 2025-01-15 12:09:57: --> RCPT To:<user2_withmailboxonMDaemonOnly@dougallmedia.com>Wed 2025-01-15 12:09:57: <-- 530 5.7.0 Authentication requiredWed 2025-01-15 12:09:57: ----------
-
Arron Staff
MDaemon, by default, expects there to be a mailbox for all users of a domain. So if you hadd mydomain.com, then MDaemon expects it knows about all email addresses for mydomain.com. You can work around that in a couple of different ways.
1. Create all an account in MDaemon for every address. If the address exists in exchange, tell MDaemon to forward the message to exchange or SecurityGateway and let them route the mail.
2. Tell MDaemon to route mail for unknown addresses to another mail server, in this case I would choose SecurityGateway. Setup / Server Settings / Unknown mail, check the box for "forwarded to another mail server" and uncheck the options for "returned to sender", "sent to postmaster", and "sent to the bad message folder". In the field for Send the message to this host, enter the host name or IP address of the server to send the messages to. You'll also have to adjust the Account verification settings found at Security / Security Settings / Relay Control so that messages to/from unknown local users will be accepted. There are a number of different ways you could do it, you could trust local IPs, you could require authentication, or you could just turn the checks off completely. Its up to you. If you decide to exclude the check for authenticated sessions, you'll have to configure SecurityGateway and/or Exchange to authenticate when sending to MDaemon.
If you configure MDaemon this way you should proceed with caution. If MDaemon is available on the internet and you turn off the Account verification checks it will accept mail to any address on local domains and will generate lots of unwanted traffic.
By default MDaemon requires authentication when mail is sent from local accounts. You can adjust these settings by going to Security / SMTP Authentication. Or you could configure SecurityGateway and/or Exchange to authenticate with MDaemon when sending mail to it.
-
I'll check that out Arron, thank you.
The whole reason in trying to get this to work is then we can move peoples mailboxes off of Exchange ad-hoc or per department. Moving everything over in one shot (which would be ideal) is going to take way to much time so being without an messaging servers. That's based on our initial test moves per mailbox. Then theres a synconization issue with the one or two Public Folders/Calendars.
