The iPlanet/SunONE Messaging Server message transfer agent (MTA) handles mail through different channels. One default channel, tcp_intranet, receives mail from the users considered local, on the local area network or Intranet. If a user does not authenticate during an SMTP session and is connecting from an IP address not considered local, the user will receive a 5.7.1 Relaying not allowed error message. This tech-recipe describes the configuration change which solves this problem.
The configuration change must be made to the mappings file in the imta/config directory under the messaging server root directory (referred to as MSGROOT in this recipe, for example /usr/iplanet/server5/msg-mail).
To add a single IP address to the tcp_intranet channel, add the following line to the MSGROOT/imta/mappings file in the section labeled INTERNAL_IP:
(192.168.1.15/32) $Y
The /32 represents the subnet mask and is the same as 255.255.255.255. To add a class C network (255.255.255.0), use the following line:
(192.168.50.0/24) $Y
In this example, anyone with an IP address of 192.168.50.0 to 192.168.50.255 can route mail through the mail server without authenticating. If you have a variable length subnet mask or a number of contiguous subnets, you can specify them with a single line. For example, to add anyone connecting from 10.48.0.0 to 10.63.255.255, you can use the mappings line as follows:
(10.48.0.0/12) $Y
Once you have edited the file, restart the MTA with the following command:
MSGROOT/imsimta refresh
This command will rebuild the configuration files following an edit and restart the MTA.
