Relay access denied when using SMTP to external recipients

That's normal. But this link might be interesting for you: http://www.howtoforge.com/block_spam_at_mta_level_postfix

 

Thanks Falko

 

Hi again,

I thought all was fine, but not quite! I had to reboot the server, and on running up, the directory /var/run/saslauthd is not there! I had to manually recreat it for SASL to work.

Why is this happening?

Thanks for your help.

Andy

 

Not sure why this is happening, but you could add the command to create that directory to /etc/rc.local.

 

OK, good idea - whilst I try to figure out why.

Thanks,

Andy

 

I have the same issue. Can't send to external recipients via mail client. I did enable smtp authentication in the mail client, which has no effect. But if I have smtpd_recipient_restrictions = permit_mynetworks permit_inet_interfaces permit_sasl_authenticated defer than I can send out fine, but than I can't get mail. Mail bounces saying For <[email protected]>, Site (domain/xxx.xxx.xxx.xxx) said: 450 4.3.2 <[email protected]>: Recipient address rejected: Try again later. I can't remove "defer" from smtpd_recipient_restrictions or postfix will fail to start. Any ideas?

 

What's in your mail log when you try to send a mail? What's in your main.cf? How did you set up your email account?

 

554 5.7.1 <[email protected]>: Relay access denied

I am having a very perplexing issue and it is a 554 5.7.1 <[email protected]>: Relay access denied error.

I have been using the ISPconfig software for well over a year flawlessly …….. my business requirements changed and with that came the following……

Cisco 871 router
PIX 506e firewall
Windows Small Business Server 2003

I was using a Linksys BEF VPN router and everything ran fine (users authenticated against the linux box everything was super) ….. email worked from both inside and outside the network….. I added and configured the Cisco appliances and the SBS but I want to use ISPconfig for email until I receive more static IPs from my ISP to configure exchange and webmail (and everything else with SBS2003)…. Trouble began when the SBS2003 wanted to take over DNS which I thought at the time was fine but now from outside the network I can’t send email to anyone outside of our domain (I get 554 5.7.1 error)….. I just pass requests from FE4 (PPOE connection) through to the firewall, utilize NAT on the firewall and just translate the same ports from the old Linksys box…. I did notice the /etc/resolve.conf had the old private router IP so I added my SBS there (still no avail)……not even sure where to start……

 

Did you enable "Server requires authentication" in your email client?
What's in /etc/resolv.conf now?

 

Same problem: not being able to send mail

Hi,

I've got the same problem. Via none of the domains hosted on this particular server (ubuntu - ispconfig) can mail be sent.

Authentication is set to on, using the same login details as pop. And on pop, all mail comes in.

I've attached a file with a lot of the info that has been asked by Falko in this thread to other people with similar problems.

p.s. I've got another problem too, being the Bind server showing as offline (although everything seems to work okayish), I don't know if that can have anything to do with it... I thought it'd be better if I make that another topic but I'll first see what people who know think of it.

Thanks, lex


Log of my e-mail client:

connected to SMTP server
authenticating (plain)...
Server reports error. The response is: Error: authentication failed
authenticating (login)...
Server reports error. The response is: Error: authentication failed
WARNING: there were no compatible authentication mechanisms detected
sending message to [email protected]
The last address submitted was <[email protected]>: Relay access denied

(pop works fine)

 

SMTP relay issue

Lex,

I found I was having more of a hardware issue and it was resolved on my PIX box….. Cisco inherently forces the “fix up” in the running config….. The firewall was looking for RPC compliancy in the actual email trying to be relayed….. because the headers in the email didn’t comply….. PIX replaces log in information with XXXXXX….. The mail server (which my ISPconfig box) freaks out because there is no user XXXXXX….. and denies the relay….. I used the “no fixup smtp 25” command in the Cisco CLI (on the firewall) and the problem was immediately resolved…..

 

Relay access AND httpd service not running

Hi I am running perfect setup Ubuntu 8.10 Postfix,ISP Config 2.2.29 and webmin 1.441 and have recently started receiving
"Warning: service httpd not running .." as well as" [email protected]' on 07/09/2009 11:30
554 5.7.1 <[email protected]>: Relay access denied"
Yes I have checked that 'My outgoing server is authenticated'
No I cannot restart Apache with sudo /etc/init.d/apache2 restart - it returns "install: invalid user `www-data'
apache2: bad user name www-data"

We run a small postfix setup and have been receiving a lot of spam lately so I tinkered with the main.cf - but even with the original one back I cannot restart the Apache server or stop the "relay access denied".

I assume the two 'problems' are related
Sorry if I am a bit wooly but i am not a computer pro!
Thanks

 

Can you check if the user www-data is listed in /etc/passwd?

 

No not in /etc/passwd
Yes in /etc/passwd-
in /etc/passwd- it reads:- www-data:x:33:33:www-data:/var/www:/bin/sh

 

I guess there's something wrong with /etc/passwd then. Make a backup of it and copy /etc/passwd- to /etc/passwd and try again. Do you still see any errors then?

 

It won't recognise a renaming of passwd-
"uid 1000 does not exist in the passwd file!"

passwd- has a lot fewer users in it. It does however have
www-data:x:33:33:www-data:/var/www:/bin/sh
and a line
nobody:x:655535:65534:nobody:/nonexistent:/bin/sh

the passwd file has on the other hand no www-data but does have
nobody:x:1002:100:nobody:/home/nobody:

What if I was to type in the missing lines www-data:x: ....etc into the passwd file?

 

Did you try this as root?

You can do that as well.

 

relaying in LAN denied via mysql transport table

Hi Falko,

There is a long time Always using in prod the superb tuto for mail & mysql :
http://www.howtoforge.com/virtual_users_and_domains_with_postfix_debian_etch_p6

I'm "cooking" the migration from my actual production server (HELIOS) on a new server (SERAPHINE), under debian lenny. For tests, I'm using for the first time the transport table, for one of my domains (MYDOMAIN). But access is denied, said postfix's logs :

Sep 12 01:34:53 helios postfix/smtpd[27479]: NOQUEUE: reject: RCPT from mail-ew0-f221.google.com[209.85.219.221]: 554 5.7.1 <david@MYDOMAIN>: Relay access denied; from=<[email protected]> to=<david@MYDOMAIN> proto=ESMTP h
elo=<mail-ew0-f221.google.com>

In the table, i've write this :
domain : MYDOMAIN
transport : smtp:[IP_LAN_LIKE_192.168...]
I've tried with transport : smtp:[IP_LAN_LIKE_192.168...]:25, same result.

But it work when I use an email account using HELIOS smtp.

An idea ?

Thanks in advance !

David

 

The same

Hi, i´m having a similar problem, CentOS 5.4 with postfix, i can receive e-mail through the relay, I can send e-mail using telnet localhost 25, but when it com es to the e-mail coming from an exchange server to the world it says Relay ACcess Denied.

Well, it used to work fine till we had to reinstall the system, the owner did not had a backup of things, and i´m not a mail programmer, but they want me to fix it.

Here´s my main.cf and my master.cf

Main.cf

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination =
mydomain = xxxx.org.br
myhostname = xxx.xxx.org.br
mynetworks = 127.0.0.0/8, 201.xxx.xxx.xxx/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains = debug_peer_list, smtpd_access_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = <domain1>, <domain2>, <domain3>
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, reject_unauth_destination
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550


Master.cf

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_mynetworks
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_helo_restrictions=
-o smtpd_sender_rstrictions=
# -o smtpd_recipient_restrictions=permit_mynetworks, reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=

#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
#local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient


None of the previous solutions worked for me. Thanks for any heko I can get.

 

Solved

there was a configuration error between master and main.cf on the mynetworks
fixed it, now runs fine.