Gmail Routing - relay not permitted

A

AxlF

Verified User
Joined
Dec 14, 2007
Messages
98
Hey,

I have a domain on my DA Server. Every e-Mail Address should go to Gmail, except of one Mailbox.

1) So I setup the [email protected] on the DA Box.
2) The MX points to Google
3) I added the alias to my google user
3) In the Google Admin Console, I added a route for sending the mails of that one recipient to the DA Server (dual delivery, https://support.google.com/a/answer/9228551?hl=en)

Everthing should be fine, but I get a "550 relay not permitted, authentication required" error message in the logs.

Code: 
Jul 20 12:26:31 mail exim[6746]: 2020-07-20 12:26:31 H=mail-wm1-f69.google.com [209.85.128.69] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<[email protected]> rejected RCPT <[email protected]>: relay not permitted, authentication required

The e-Mail System on the DA Server for other Domains are working fine. It's only the forwarding from the google box, to the da box which isn't working.

Any ideas?

Bye,
— Alexander
 

Attachments

  • Bildschirmfoto 2020-07-20 um 12.36.18.png
    Bildschirmfoto 2020-07-20 um 12.36.18.png
    162.8 KB · Views: 12
You can't tell your DirectAdmin server that Google handles the email and then expect your DirectAdmin server to handle the email.

If you want DirectAdmin to handle the email then you have to check the local delivery box "Use this server to handle my e-mails." But then any web forms will only deliver locally unless you use SMTP with Google.

1595257680130.png
 
floyd said:
You can't tell your DirectAdmin server that Google handles the email and then expect your DirectAdmin server to handle the email.
Click to expand...

Why not?

The DA Server should handle the mails, but when the MX record is pointing to another server the DA box gets no mails, except the ones delivered directly to the server.

I checked the checkbox. The MX Record points to Googles server. So Google is handling the mails.
With the routing setup at google, it makes a direct request to my (predefined) server without checking the mx records.

When google says to the DA Box that there is mail for the mailbox, the DA Box should accept it.

Am I missing something?
 
By unchecking the box you are telling your server that it is NOT responsible for emails for that domain. Therefore it will try to relay the mail to the MX record on file. It will not relay any mail though with a username and password from the sender (relay not permitted, authentication required). So you didn't have the box checked at this point.

By checking the box you are telling the server that it IS responsible for accepting mail for that domain and therefore will deliver the mail to the mailbox on that server. Other sending servers will of course send mail to the MX record on file. If your server is the origin of the mail such as from a web form then your server will handle the mail and not even look at the MX record and send it to gmail.

This is how mail servers work.

Now if you have the box checked and its still not accepting the email then there is another problem and you will have to look at your logs to find out what is going on.
 
The checkbox for this option is checked. However, I don't use the NS on the DA Box. I always used an external nameserver, but never stopped the bind service on the box.

There is nothing in the logs, except for the "relay not permitted, authentication required" messages (in syslog and exim rejectlog).

When I switch the MX back to the DA Box, everything works as expected.
 
Check to see if the domain is in /etc/virtual/domains
 
It is.

I really don't understand why the DA Box refuses to accept the mail.

The only thing I've made, is pointing the external nameserver to google, instead to the DA Box.
 
Did you check the domains file? You didn't answer that. I can't help if you don't follow the steps.
 
I know this post is a bit dated but I have found the solution:

  1. Ensure the domain that hosts your mailbox on DA has "mail.<your_domain>" in the DNS records.
  2. Secure "mail.<your_domain>" with a SSL Certificate.
  3. Navigate to the domain's MX Records.
  4. Check the box next to "Use this server to handle my e-mails. If not, change the MX records and uncheck this option."
    1. Note: This appears to affect all domains under a user. I'd suggest using a seperate user for this unique setup.
  5. Set up a host in the GMail Admin console:
    1. Settings for Gmail => Hosts => Add Route
      1. Single Host: mail.<your_domain> : 587
      2. Note: Do not use the hostname or you will receive the "550 relay not permitted, authentication required" error message for deiveries. If you have more than one domain you are routing, you will have to set up another single host in GMail.
      3. Test the secure connection to verify your host and save the setting.
    2. Settings for Gmail => Routing => Add Rule
      1. Email messages to affect:
        1. Check "Inbound" and "Internal - receiving".
      2. Route:
        1. Check "Change the route" and select your host from the dropdown menu.
      3. Encryption (onward delivery only)
        1. Check "Require secure transport (TLS)".
      4. Select "Show options".
        1. B. Account types to affect:
          1. Check "Unrecognised/catch-all".
        2. C. Envelope filter:
          1. Check "Only affect specific envelope recipients"
            1. For a single mailbox:
              1. Select "Single email address" from the dropdown and enter that address.
            2. For an entire domain:
              1. Select "Pattern match"
              2. Enter "<your_domain>$" as the regext pattern (without the quotes).
      5. Save your route settings.
    3. DA should now accept your GMail routed messages.
      1. Note: Google advises up to 24 hours for changes to be in full effect.
I hope this helps any future GCP users.
 
You must log in or register to reply here.
Back
Top