Page 1 of 1

"Relay Access Denied" when using account Forward

Posted: 2019-06-14 05:11
by jhsdurham

I am hitting a significant problem for the "Forward" function on user accounts. Here is the background.

hmailServer v5.6.7.b2425
All outbound is setup for go through a third party spam/virus filter service via STMP -> Delivery of e-mail -> SMTP Relayer

Currently, anyone sending from within our domain can send out fine. Anyone sending in to us is ok too.
External user sends to a staff person - external senders message goes to spam service system, gets checked, gets passed to staff person.
Staff person replies, their message goes to spam service system, gets checked first, then passed on from the spam service to the recipient address.

If sends to,
and person also has a Forward setup of for their account on hmailserver

person@mycompany gets the message fine
but gets a bounce back error telling them was "Relay access denied"

I spent 3 hours testing out various things with a tech from AllianceOfBTD, and it seems that when Hmailserver uses that Forward tab setting, it keeps -everything- of the mail server path. So it retains the in the header, the fact that it started from When the message then tries to get to from hmailserver with all that prior header content, g-mail can see it, and rejects it. It thinks hmailsever is trying to impersonate g-mail by forward an external send to an external account.

When I look at the Delivery Queue on hmailserver for a message sent from an external user, to an internal user that has a forward to an external account, I can see that it shows the From address is still the external user address, not the name of the user account that the message is being forwarded from.

Does that make sense?
Is there not a way to let users have forwards to external accounts?

Re: "Relay Access Denied" when using account Forward

Posted: 2019-06-14 05:51
by katip
try to put this in hmailserver.ini [Settings] and restart HMS.

Code: Select all


Re: "Relay Access Denied" when using account Forward

Posted: 2019-06-14 14:57
by jhsdurham
Thank you for finding and linking to that katip . I did a search on the forum for "relay access" but that thread did not come up. A few others did but they were not the same kind of issue either.

Fascinating.. I had no idea that this other setting existed in the ini file. I will give that a try.

However, I am curious about the comment in that thread which explains the ini and default behaviour. Can anyone explain further about what this note means when it says the change in default behaviour was to reduce the risk of delivery failures? If I make this change, and now Forwards show the From address as the account that the message was originally to as the new sender, what was it that started happening in that approach that broke things for people? I don't want to solve one problem by creating another :-)

What other secret settings do we not know of for the ini file that might help with this issue? I could be mistaken, but it seems like its due to hmail retaining all the header information and gmail can see that. I was thinking if hmail removed that prior header/path info of how the message got to the user, and just forwarded it with only its own sending path as the start of the history, that it would go through. I dunno.. my brain is friggin melted trying to go through this the past couple of days.

; When performing forwarding, hMailServer now keeps the original From address rather than changing to that of the forwarding account.
; This change was made to reduce risk of message delivery failures.
; To force the previous behavior, set RewriteEnvelopeFromWhenForwarding=1

Re: "Relay Access Denied" when using account Forward

Posted: 2019-06-14 15:38
by katip
actually it's not From adress as seen on client. Envelope From was meant.
in your case Gmail likely sees original sender (which is also a gmail address) as envelope from and rejects it as bogus.
this seetings (RewriteEnvelopeFromWhenForwarding=1) should/may fix this. give it a try.

btw, there are many other undocumented ini settings, though none of them relevant to your issue except that envelope rewrite thing.