Re: Exchange 2003 denying email from SGI client.

george.e.sullivan_at_saic.com
Date: 03/21/05 

Date: 21 Mar 2005 06:46:22 -0800

I R A Darth Aggie wrote:
> On 18 Mar 2005 13:12:39 -0800,
> george.e.sullivan@saic.com <george.e.sullivan@saic.com>, in
> <1111180359.339050.263040@z14g2000cwz.googlegroups.com> wrote:
>
> >+ Sent: Tuesday, January 18, 2005 12:53 PM
> >+ To: aford@chicago-iso.isoto.gov; glogan@chicago-iso.isoto.gov
>
> [snip!]
>
> >+ The following recipient(s) could not be reached:
> >+
> >+ aford@chicago-iso.isoto.gov on 1/18/2005 12:50 PM
>
> >+ glogan@chicago-iso.isoto.gov on 1/18/2005 12:50 PM
>
> Hmmm...ok, at least they both failed! :-)
>
> >+ You do not have permission to send to this recipient.
> >+ For assistance,
> >+ contact your system administrator.
> >+ < raven.sopo.com #5.7.1 SMTP; 550 5.7.1 Unable to
relay
> >+ for glogan@chicago-iso.isoto.gov>
> >+
>
> Ok, so I'll assume these messages are originating from inside
> saic.com, and routing to isoto.gov (is there such a domain? it's not
> in my DNS server!)
>
> I'm not sure how/why you're trying to relay thru raven.sopo.com.
Take
> a look at /etc/sendmail.cf and see what follows this:
>
> # "Smart" relay host (may be null)
> DS
>
> What follows that "DS"?
>
> James
> --
> Consulting Minister for Consultants, DNRC
> I can please only one person per day. Today is not your day. Tomorrow
> isn't looking good, either.
> I am BOFH. Resistance is futile. Your network will be assimilated.

Morning James,

Correct. You will not see these domains in your DNS. They are
private. After my DS is boarsnest-baltimore.pen.gov.

Here is the scoop on network layout.

sopo.com where raven is on internal/local network.
subnet is 182.1.5.xxx

the mail server it is getting permission denied from is
boarsnest-baltimore.pen.gov. pen.gov 9.150.1.xxx

raven house to default route out and go through the PIX
and routers to get back down to 9.150.1.xxx.

The PIX is handling address translation between 9.150.1.xxx
and 182.1.5.xxx I can ping 182.1.5.2 (the PIX), but can't
ping any 9.150.1.xxx addresses, though raven can resolve
the name.

THis is a mess "ain't" it? boarsnest-baltimore does have
an internal CNAME of boarsnest-baltimore.sopo.com. Maybe
I used try, the internal name. I was just thinking this.

Relevant Pages

  • Re: Exchange 2003 denying email from SGI client.
    ... > I'm not sure how/why you're trying to relay thru raven.sopo.com. ... Here is the scoop on network layout. ... The PIX is handling address translation between 9.150.1.xxx ... ping any 9.150.1.xxx addresses, though raven can resolve ...
    (comp.sys.sgi.misc)
  • Re: [fw-wiz] bypassing PIX limitation
    ... setup another Pix box who's sole purpose is to connect to the ... Hopefully the following information will be clearer: The network behind ... assign the outside ip block from the partner to your global ... Can packets going into a VPN tunnel be NATed? ...
    (Firewall-Wizards)
  • Re: Help config Pix 501 . . . please
    ... :From inside the network I can get out, and from outside the network I ... You can't do that with a PIX 501. ... You can only ping your "closest" interface, ... that is part of the RFC1918 reserved private address spaces. ...
    (comp.dcom.sys.cisco)
  • [fw-wiz] Followup: An interesting VPN problem
    ... - Repeat above steps for the remote PIX, ... all traffic on the remote network is pushed ... > (including the traffic that should ultimately end up on the Internet). ... > that to work (using source routing), but I'd like to use a peripheral ...
    (Firewall-Wizards)
  • RE: [fw-wiz] Re: IP aliasing behind a PIX
    ... > network behind the PIX, but ... >> IPs behind a PIX firewall. ... >> network, the aliases work fine (i.e., the machines are accessible using ...
    (Firewall-Wizards)