How do I configure SMTP to send or relay from a private network

Question

How do I configure SMTP to send or relay from a private network

Hello,

I have a Mac Pro Server connected to a NetGear ReadyNAS on a private network. I would like the email alerts from the ready NAS to either use or relay through the SMTP server on the Mac.

*The network:*
en0 on the MacPro is odin.ad.bangor.ac.uk
en3 on the MacPro is 192.168.168.10

The ReadyNAS is 192.168.168.168

The network is up and working. The server can see the NAS over en3 and the internet through en0.

As a first try, I have configured the NAS to use the SMTP server on the MacPro.

From the logs, it looks like the problem might be that there isn't a FQN for 192.168.168.168.
What is the best fix for this?

Mar 3 14:03:33 odin postfix/smtpd[1126]: disconnect from unknown[192.168.168.168]
Mar 3 14:03:33 odin postfix/smtpd[1126]: connect from unknown[192.168.168.168]
Mar 3 14:03:33 odin postfix/smtpd[1126]: disconnect from unknown[192.168.168.168]
Mar 3 14:03:33 odin postfix/smtpd[1126]: connect from unknown[192.168.168.168]
Mar 3 14:03:33 odin postfix/smtpd[1126]: NOQUEUE: reject: RCPT from unknown[192.168.168.168]: 504 5.5.2 <localhost>: Helo command rejected: need fully-qualified hostname; from=<a.fischer@bangor.ac.uk> to=<a.fischer@bangor.ac.uk> proto=ESMTP helo=<localhost>
Mar 3 14:03:33 odin postfix/smtpd[1126]: lost connection after DATA (0 bytes) from unknown[192.168.168.168]

MacPro Server, Mac OS X (10.6.4), Mac OS X Server

Posted on Mar 3, 2011 6:21 AM

Reply

Answer 1

MrHoffman

Level 10

146,557 points

Mar 3, 2011 9:55 AM in response to Andrew_Debbie

Your gizmo looks to be sending over a bad or incomplete or misconfigured HELO message.

Poke around over in the ReadyNAS forums for details?

As for DNS itself, adding the entry into a DNS server is performed via Server Admin, and Mac OS X Server effectively requires DNS services. Whether the ReadyNAS will pick that up, I don't know. (I'd tend to guess not, as the product probably doesn't expect DNS on the LAN.)

A quick look at one of the [ReadyNAS manuals|http://www.readynas.com/download/documentation/UM/ReadyNAS UM19Nov07.pdf] manual shows you can enter an FQDN into the box. Do you have the FQDN for the box set? (And then does that change the contents of the SMTP HELO message from the ReadyNAS MTA?)

If you want to disable part of the spam defenses on the mail server (which looks to be the trigger for the rejection here), then Google around for details of the setting:

smtpd helorestrictions = reject unknown_helohostname

and analogous in the Postfix configuration.

Reply

Answer 2

Mar 4, 2011 1:40 AM in response to MrHoffman

Thanks for the helpful reply.

Incase anyone else with a similar problem comes across this thread, I've got a ReadyNAS Pro 6. The manual is here --> http://www.readynas.com/download/documentation/UM/ReadyNASBusiness_SW12July10.pdf

I can set a host name but not a fully qualified name.

The ReadyNAS pro defaults to using DHCP but can be giving a fixed ip address for a DNS. I could set it to use the MacPro. I hadn't thought of doing that....

My MacPro is using the university name servers. I'll look into setting it to provide limited names services to just the private network...

Reply

Answer 3

Mar 4, 2011 2:39 AM in response to MrHoffman

If you want to disable part of the spam defenses on the mail server

In the end that's what I did. Getting the readyNAS and DNS configured was too much effort.

The line you sent was close enough that I was able to find the correct settings for server 10.6.4

The key was to turn off reject non_fqdn_helohostname.

This is the command that does that:

sudo postconf -e smtpd helo_restrictions=reject_invalid_helohostname

See man postconf(5) for details.

+If you receive this message, the email alert notification is working properly.+
🙂

Thanks again, the point in the right direction was a big help.

Reply

Answer 4

Mar 4, 2011 2:48 AM in response to Andrew_Debbie

The SMTP server is set to require a login and doesn't allow relay. Hopefully that is enough protection that turning off rejectnon_fqdn_helohostname won't open a hole for spam.

Reply

Answer 5

UptimeJeff

Level 4

3,479 points

Mar 5, 2011 7:57 PM in response to Andrew_Debbie

You can keep the restrictions...


smtpdhelorestrictions = permitsaslauthenticated, permit_mynetworks, rejectnon_fqdnhostname, rejectinvalidhostname, permit

The line above will allow any client that authenticates or is from your local LAN to relay without a proper helo. This adjustments also resolves issues with Outlook not sending a proper helo.

Message was edited by: UptimeJeff

Reply