One of my clients has a needlessly complex e-mail setup for a couple of domains, which is causing problems when they try to send e-mail between them.
They have a couple of domains where mail follows a slightly weird path:
- Users connect to an Exchange server to send e-mail
- The exchange server relays the message to an ISP-owned SMTP server as a smart host
- The ISPs server delivers the mail to the mail exchanger specified in DNS
- The mail exchanger is another server that runs hMailServer
- The Exchange server connects to the hMail server via POP3 and retrieves the messages.
The problem arises when they send mail between addresses in the same domain, or two addresses that are present on the hMail server. hMail requires SMTP authentication when sending from local to local addresses, so the messages don't arrive.
Removing SMTP authentication isn't really an option, as the server has been the target of spam being sent from spoofed local addresses. SMTP authentication prevents this. It is possible to add the ISP's mail server as an IP range with specific rules, but this seems inelegant.
Bearing in mind I only have access to the hMail server and not the Exchange server, is there a better way of going about this?
Best Answer
Are the users sending mail via an Exchange client, then receiving their mail to the hMail server? I think I'm missing something, because that split is pretty strange.
If the hMail server requires SMTP auth for local domain messages, then you'll have to get around it somehow. If you can't make any changes to the Exchange server, then that pretty much leaves building an exemption. I would suggest making sure the ISP's server is marked as an Incoming Relay, and then whitelist the Exchange server as not needing SMTP-auth. At least this way you're whitelisting the Exchange server rather than the whole ISP. Is it still inelegant? Maybe. But you've got a complicated setup.