Postfix 554 relay access denied

Discussion in 'Installation/Configuration' started by mcevoli, Jan 11, 2012.

Thread Status:
Not open for further replies.
  1. mcevoli

    mcevoli New Member

    Hello, I'm new here!

    I know it's a quite common problem, but every thing I read around the net didn't work for me :(

    So I explain:
    I have a centos server with virtual domains. When I send an email, it works successfully only for local domains.
    When I try external domain I get the 554 relay access denied error.

    The authentication works, I think, because if I connect via telnet and do an auth plain <my base64 encoded>, I get authentication successful.

    My maillog file:
    ------
    postfix/smtpd[12834]: NOQUEUE: reject:RCPT from hostxx-xxx-dynamic.xx-xx-r.retail.telecomitalia.it[xx.xx.xx.xx]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<Inbox>
    -------


    Here my postconf -n:
    --------
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    body_checks = regexp:/etc/postfix/body_checks
    broken_sasl_auth_clients = yes
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter = amavis:[127.0.0.1]:10024
    daemon_directory = /usr/libexec/postfix
    debug_peer_level = 2
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = no
    inet_interfaces = all
    inet_protocols = ipv4
    local_recipient_maps =
    mail_owner = postfix
    mailbox_size_limit = 0
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    message_size_limit = 0
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    mydestination = server1.domain.it, localhost, localhost.localdomain
    myhostname = server1.domain.it
    mynetworks = 127.0.0.0/8 [::1]/128
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    newaliases_path = /usr/bin/newaliases.postfix
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
    receive_override_options = no_address_mappings
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    relayhost =
    sample_directory = /usr/share/doc/postfix-2.3.3/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_path = private/auth
    smtpd_sasl_type = dovecot
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_security_level = may
    smtpd_use_tls = yes
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    unknown_local_recipient_reject_code = 550
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_gid_maps = static:5000
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_transport = dovecot
    virtual_uid_maps = static:5000
    -------------------------------

    Thank you for your help in advance :)

    Marco.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which exact ISPConfig version do you use?
     
  3. mcevoli

    mcevoli New Member

    I use ISPConfig 3.0.3.2

    I forgot to mention that if I send an email via roundcube webmail it works.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Please check the smtp settings in your email client and ensure that smtp authentication is enabled. According to the log line above, the email client did not authenticate itself before he tried to send the email. The smtp authentication details are the same then the pop3/imap login details.
     
  5. mcevoli

    mcevoli New Member

    Authentication is enabled and uses the same details.

    Look at telnet:
    -------------
    220 server1.domain.it ESMTP Postfix
    ehlo localhost
    250-server1.domain.it
    250-PIPELINING
    250-SIZE
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN

    mail from: [email protected]
    250 2.1.0 Ok
    auth plain AHRlc3RAY2lhZxxxxxxxxmkuaXQAY2lhZmZvdGVzMTE=
    235 2.0.0 Authentication successful
    rcpt to: [email protected]
    554 5.7.1 <[email protected]>: Relay access denied
    ---------------
     
  6. falko

    falko Super Moderator Howtoforge Staff

  7. mcevoli

    mcevoli New Member

  8. mcevoli

    mcevoli New Member

    So any idea?
     
  9. mcevoli

    mcevoli New Member

    I think it's an issue due to connection outside the network from remote client, because the webmail works ok.

    Anyone had the same issue?
     
  10. mcevoli

    mcevoli New Member

    I RESOLVED THE ISSUE! :)

    For everyone having the same issue:
    In my confguration file main.cf the following line was commented:

    smtpd_recipient_restrictions = permit_sasl_authenticated

    I uncommented it and now it seems working
    Thanks.
     
  11. likudio

    likudio New Member

    Thakn you

    Dude, I just made my account on this forum especially to thank you. You just solved my problem. :) Best regards.
     
  12. herbie

    herbie New Member

    #1 cause is logon to authenticate not selected
    #2 connection is from outside the network. OutHouse-Tbird won't send Telus mail thru Shaw or Shaw thru Rogers. Example - Users who kept their mail accounts here and moved to Telus DSL must set thier outgoing mail server to smtp.telus.net and logon with their telus username & password. Or use Webmail
     
  13. source4u

    source4u New Member

    Hello there,

    I am trying to setup roundcube for my mail server also. but, I can't seem to send email out to gmail or yahoo or basically none of any externally. mail.log indicates connection timed out all the time. However, I can receive email sent from external e.g gmail or yahoo mail.

    I understand you manage to send email via rouncude to external email account. I am using postfix and dovecot for my mail server. Appreciate your help and advice on how your roundcube is being setup up. Thanks in advance.
     
  14. Douglas Rocha

    Douglas Rocha New Member

    My problem seems to be the same, my server also returns 554 5.7.1 but I can not resolve it.

    I followed the tutorial (https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/) but the email box does not work.

    I hope someone can help me.

    Thank you!

    my postconf -n:
    Code:
    broken_sasl_auth_clients = yes
    content_filter = amavis:[127.0.0.1]:10024
    dovecot_destination_recipient_limit = 1
    greylisting = check_policy_service inet:127.0.0.1:10023
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = /usr/share/doc/postfix/html
    inet_interfaces = all
    inet_protocols = all
    mailbox_size_limit = 0
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    mydestination = 78comunicacao.com.br, localhost, localhost.localdomain
    myhostname = 78comunicacao.com.br
    mynetworks = 127.0.0.0/8 [::1]/128
    myorigin = /etc/mailname
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    owner_request_special = no
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
    readme_directory = /usr/share/doc/postfix
    receive_override_options = no_address_mappings
    recipient_delimiter = +
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    relayhost =
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtp_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_security_level = may
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    smtpd_client_message_rate_limit = 100
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    smtpd_restriction_classes = greylisting
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_path = private/auth
    smtpd_sasl_type = dovecot
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_security_level = may
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtpd_use_tls = yes
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_transport = dovecot
    virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    and my /etc/postfix/master.cf...
    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master" or
    # on-line: http://www.postfix.org/master.5.html).
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (no)    (never) (100)
    # ==========================================================================
    smtp      inet  n       -       y       -       -       smtpd
    #smtp      inet  n       -       y       -       1       postscreen
    #smtpd     pass  -       -       y       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       y       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       y       -       -       qmqpd
    pickup    unix  n       -       y       60      1       pickup
    cleanup   unix  n       -       y       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       y       1000?   1       tlsmgr
    rewrite   unix  -       -       y       -       -       trivial-rewrite
    bounce    unix  -       -       y       -       0       bounce
    defer     unix  -       -       y       -       0       bounce
    trace     unix  -       -       y       -       0       bounce
    verify    unix  -       -       y       -       1       verify
    flush     unix  n       -       y       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       y       -       -       smtp
    relay     unix  -       -       y       -       -       smtp
    
    my hostname is server1.78comunicacao.com.br

    Code:
    root@server1:~# telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 78comunicacao.com.br ESMTP Postfix (Ubuntu)
    ehlo 78comunicacao
    250-78comunicacao.com.br
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    mail from:<domain.com>
    250 2.1.0 Ok
    rcpt to:<[email protected]>
    250 2.1.5 Ok
    
    Code:
    root@server1:~# dig server1.78comunicacao.com.br
    
    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> server1.78comunicacao.com.br
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16787
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;server1.78comunicacao.com.br.  IN      A
    
    ;; ANSWER SECTION:
    server1.78comunicacao.com.br. 6 IN      A       34.225.72.252
    
    ;; Query time: 0 msec
    ;; SERVER: 172.31.0.2#53(172.31.0.2)
    ;; WHEN: Tue Jun 06 21:04:56 UTC 2017
    ;; MSG SIZE  rcvd: 73
    
    
    root@server1:~# dig 78comunicacao.com.br                                                                 
    
    ; <<>> DiG 9.10.3-P4-Ubuntu <<>> 78comunicacao.com.br
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14694
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;78comunicacao.com.br.          IN      A
    
    ;; ANSWER SECTION:
    78comunicacao.com.br.   60      IN      A       34.225.72.252
    
    ;; Query time: 216 msec
    ;; SERVER: 172.31.0.2#53(172.31.0.2)
    ;; WHEN: Tue Jun 06 21:05:11 UTC 2017
    ;; MSG SIZE  rcvd: 65
    
     
    Last edited: Jun 6, 2017
  15. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    What is the full error message showing up in mail.log ?
     
  16. Douglas Rocha

    Douglas Rocha New Member

    Hi, Norell!!

    here is my mail.log

    Well, I can loggin on roundcube, but it does not send or receive emails.

    Thank you, very much!
     

    Attached Files:

  17. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I believe that message corresponds to smtpd_client_restrictions:
    Which looks correct. Have you added anything under Email > Postfix Blacklist? (check everything with type 'Client').

    Your master.cf looks incomplete for an ispconfig system though, so you might run through the ispconfig update.php script and let it reconfigure services, then see if everything works better.
     
  18. Hallo I cannot receive email.
    postfix log: NOQUEUE: reject: RCPT from 554 5.7.1 ...
    I have check main.cf and found this:
    Code:
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    and in the file:
    Code:
    ...
    dbname = dbispconfig
    table        = mail_access
    select_field = access
    where_field  = source
    additional_conditions = and type = 'client' and active = 'y'
    
    but in the database table mail_access is empty.
    what's happen
    can you help me?
    regards,
    Leonardo
     
  19. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I suggest you create a new topic instead of reviving this very old topic.
    Are you able to create a new mail user and log in to it?
     
  20. till

    till Super Moderator Staff Member ISPConfig Developer

    This table is only used for special setups that use postfix transports without local mailboxes or local email domains where ISPConfig acts e.g as spamfilter in front of an Exchange server, on normal setups where you have mailboxes and email domains, the table has to be empty. As @Th0m already mentioned, please make a new thread.
     
Thread Status:
Not open for further replies.

Share This Page