How exactly do mail servers talk to each other?

[Red Squirrel]

I've been setting up this testing environment with a fake internet. I have two mail servers with port 25 open and got accounts setup on both and they can send to users on their own server. But if I try to send mail to user@server1 from server2 or vise versa, I get relay denied errors, but I normally would not want to allow relay as people can use it to spam others, so how exactly does this work so they can at least talk to each other?

 

[Netopia]

You don't say what package you are using. Postfix, Sendmail etc.

That would help.

Joe

 

[Red Squirrel]

My bad, its postfix, everything mostly default, just edited the main.cf to the right hostname.

The other server is ms exchange.

 

[Nothinman]

SMTP.

You need to allow relaying for any host that you want to send mail, relaying isn't a bad thing.

 

[Netopia]

Give this a quick read:

http://www.postfix.org/BASIC_C...README.html#relay_from

Joe

 

[Red Squirrel]

Yeah open relay would be fine on a local network like this, but I want to do it as if this was an internet server, for educational purposes. So Open relay = bad in this case. I could allow the hosts, but I don't see how that would be feasable, on the real internet there are millions of web servers, would be crazy to add them all to allowed list.

 

[Nothinman]

Most Internet SMTP servers only relay for the few network ranges that the server's owner owns, no one in their right mind adds individual IPs on other networks unless they've got some duct taped together setup.

 

[Netopia]

RedSquirrel,

I don't think you get it. If you don't want to relay, then you cannot send out of your box. Going to ANYWHERE other than the original mail server is seen as relaying! If a userA@server1 wants to mail userB@server2, then server1 must RELAY the message for the user from server1 TO server2.

If you take the time to look at the link I posted above, you'll see two settings that you must have in order to do what you want to do:

mynetworks and relay_domains

mynetworks tells postfix what networks are allowed to send mail from a server to other servers. For instance, if you put it like this:

mynetworks = 127.0.0.1/8

Then ONLY local accounts on that server are allowed to relay to any other server. This would stop the open relay that you're worried about.

Actually, that's the only setting you need. relay_domains is more used if you have a gateway server delivering mail to other downstream servers. You could still use it though. If you set it up as follows, it would be a second way of making sure that people outside the server could not use the server to relay mail:

relay_domains =

(just blank after the equal sign)

If you want to learn a LOT about Postfix setup and anti-spam/anti-virus setups, I suggest you visit http://www.freespamfilter.org and also check out their forums. Pretty much everything I've learned about mail servers I've picked up from there.

I also highly recommend http://www200.pair.com/mecham/spam/ , though the author of that site spends huge amounts of time on freespamfilter's forums.

Joe