I am getting relay not permitted errors on inbound messages. Here are the details.
Software version is 7.202 ASG320 appliance. I am also using a barracuda, but want to add an additional layer of spam/virus protection. Currently, I am natting port 25 to my barracuda. I setup the astaro to use transparent mode and I am routing the e-mail to my barracuda with the nat translation (to the barracuda) disabled. On the relay tab I have all of my mail servers, astaros, and the barracuda listed on the allowed hosts field. I also have all of my domain users listed in the alowed users field.

Also, I have a seperate Global DNS zone setup with the MX records pointing to my public IP address which is my Astaro Wan interface..not sure if that matters.

I'm running exchange 2003 an there is no evidence that the relay is coming from my exchange server. Astaro logs have many instances of relay not permitted so I'm sure the problem is with the Astaro config.

What am I missing?

The list of your domains (that you are accepting mail for) on the Routing tab?

I have my domain listed in the routing tab. Also I have selected route by static host and am pointing that to my barracuda.

Could you perhaps copy a bounce here? (Only the relevant parts, of course.)

66.14.127.176 does not like recipient.
Remote host said: 550 Relay not permitted
Giving up on 66.14.127.176.

And 66.14.127.176 is your public IP address?

Also, how is your barracuda given on the Routing tab? (i.e. by IP address, DNS, etc.)

Another idea: what happens if you turn Verify recipients OFF on the Routing tab? (Just temporarily, of course.)

66.14.127.176 is a public Ip address. Barracuda is listed by IP.


I'll give your verify recipients idea a shot. One other thing I may try is to change the verify to active directory.

I'll do both of those now and I'll post back the results.

Thanks

didn't work.

All I want is my users to get inbound e-mail. Maybe I don't need anything set in the relay fields (authenticated or host based) since we really aren't relaying for any other domains?

Yes, for inbound email you don't need anything set in the relay field (it's only for mails going outside your mail domain).

If your MX record points to the public IP address of your Astaro, you also don't need transparent mode.

Also, check that the Allow upstream/relay hosts only checkbox is OFF on the Relay tab.

If these don't help, you could perhaps post a few related lines (a few lines before and after the mail is rejected) from the smtp.log.

I'm 99% sure it is not some exotic bug, just a simple wrong setting. It's just a lot harder to find without looking at your config...

I used the transparent mode to intercept the messages on port 25. If don't use transparent mode won't the messages go straight to my barracuda as I have a static NAT translation directing smpt traffic to it's internal IP bypassing the Astaro alltogether? If I do disable that nat statement will the Asatro just pick up that traffic without some sort of nat statement?

One more thing...I do need to send outbound e-mails, just not from any other domains except for the one I've specificed. So do I still need to add hosts to the allowed hosts field, maybe just my exchange servers?

Sorry for all of the questions.