Postfix & Dovecot - "Relay access denied"

Hello,
I am trying to build a webserver using postfix and dovecot-postfix on Ubuntu 9.10. I've been working on it about 5 hours ( i did the same for last 6-7 nights ). And finally, I can send mails from my server, using Squirrelmail web client. But when I try to send mail from another address to my server ( tried from google apps based domain ), it gives an error: 554 554 5.7.1: Relay access denied

Please help me ( BTW, I really researched a lot about it )

While building mail server, I followed this tutorial.

Edit: I realised that I can send only from Squirrelmail, when I try to a client ( evolution ) with authentication enabled, it still says "Relay access denied".

 

You have trouble with authentication, post here your postfix config.

 

Sure, here is my main.cf:

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

#myhostname = karincayiyen.difuzyonhosting.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = difuzyonhosting.com, karincayiyen.difuzyonhosting.com, localhost.difuzyonhosting.com, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:8
virtual_mailbox_base = /var/vmail
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

virtual_alias_maps = proxy:mysql:/etc/postfix/my_alias_maps.cf
virtual_mailbox_limit = proxy:mysql:/etc/postfix/my_mailbox_limits.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/my_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/my_mailbox_maps.cf

and my master.cf

Code:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
	-o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.conf -f ${sender} -d $(recipient)
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix	-	n	n	-	2	pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

 

What's the output of

Code:

telnet localhost 25

and then

Code:

ehlo localhost

?

Did you enable "Server requires authentication" in your email client?

Any errors in your mail log?

 

Hello falko,
I am using 587 ( submission ) port for smtp.

Code:

root@karincayiyen:/etc/ssl/private# telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 karincayiyen.difuzyonhosting.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-karincayiyen.difuzyonhosting.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

 

This is very easy. You can send from Webmail because your Squirrelmail application is 127.0.0.1. According to your mynetworks parameter in main.cf, it allows connections from 127.0.0.0/8. You need to add your client network that clients will be sending email from to your 'mynetworks' parameter in main.cf.

For example...

My mail server = 127.0.0.1
My PC = 192.168.0.100/255.255.255.0

Then you need to add the following to 'mynetworks'

mynetworks = 127.0.0.0/8, 192.168.0.0/24

Reload Postfix and it should work! The reason you're getting 'relay access denied' is by default Postfix by default does not allow anyone to relay mail. This prevents you from being an 'open relay' which is very very bad!

 

Thanks for your reply. I changed the line as follows:

Code:

mynetworks = 127.0.0.0/8, 192.168.0.0/24

However, nothing has changed and still 'relay access denied'

 

I am hoping you did not forget to reload Postfix:

Code:

/etc/init.d/postfix restart

I am guessing your same server running Postfix & Squirrelmail is also running Dovecot, correct?

What is the IP address and subnet mask of the PC you're using to connect to Postfix / Dovecot to send / receive email. What client are you using? Thunderbird?

 

No no, I reloaded postfix. And yes, I'm running Dovecot on the same server.

Code:

root@karincayiyen:~# telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Dovecot ready.

My IP adress ( the pc that I'm using, not server ) is 144.122.116.246, and my subnet mask is 255.255.255.0.

 

Then in your main.cf where your line has 'mynetworks = 127.0.0.0/8...'

You need to add the following:

Code:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 144.122.116.0/24,

Then run this command:

Code:

sudo apt-get -y install dig && sudo postfix reload

Let me know what happens? It failed because you were taking my example of 192.168.0.0/24 literally and not applying it to your network parameters for your personal PC. Hope that works for you!

 

I've made the changes.

I've edit mynetworks line as:

Code:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 144.122.116.0/24,

and problem is still the same.

 

What are you using to attempt to send email from? What client? Mozilla Thunderbird or Evolution? How is the client configured to download email? POP or IMAP? Can you download email without any issues? Can you post your Dovecot.conf file here so I can see it?

 

Looking at your main.cf closer. Please back your main.cf up and use this one I am providing as a test.

Code:

mv /etc/postfix/main.cf /etc/postfix/main.1_20_2010

Now create a new main.cf and copy and paste my entire code in there:

Code:

vim /etc/postfix/main.cf

Now copy and paste the text in there. Make sure you press 'i' for insert first and you don't cut out any of the code.

Now restart Postfix again. Also restart Dovecot and try again:

Code:

/etc/init.d/postfix restart && /etc/init.d/dovecot restart

COPY AND PASTE THIS INTO YOUR MAIN.CF

Code:

smtpd_banner = $myhostname ESMTP
biff = no

append_dot_mydomain = no

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

myhostname = karincayiyen.difuzyonhosting.com
mydomain = difuzyonhosting.com
myorigin = $mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

mydestination = $myhostname, $mydomain, karincayiyen.$mydomain, 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 144.122.116.0/24,
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
relay_domains =

virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:8
virtual_mailbox_base = /var/vmail
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

virtual_alias_maps = proxy:mysql:/etc/postfix/my_alias_maps.cf
virtual_mailbox_limit = proxy:mysql:/etc/postfix/my_mailbox_limits.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/my_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/my_mailbox_maps.cf

 

Hi,
I did just like you said. I tried changing 'mydestination' value before. I am trying to send [email protected], hsa2 is the user that I created from 'postfixadmin', and it says hsa2 is unknown user.

EDIT: But I can connect to smtp and pop3 flawlessly, problem is i can't send mail to myself from my google apps based gmail address.

 

Sorry man. That is far as I think I will be able to help. Maybe someone else can shine better light on this subject. I am interested to see what it says...also check your logs on your mail server when you get the 'relay access denied' error.

Run this command:

Code:

tail -f /var/log/mail.err

I think that is what it is in Debian / Ubuntu and then when you send from your PC. Look at the error that pops up and post it here. It should tell you exactly what is causing the reject.

 

Thanks for your effort @carlwill, I hope someone else can suggest something.

 

Welcome. You should post your error logs from when you try and send mail from the client. That will better narrow down the issue.

 

Gmail says:

Code:

This is the mail system at host karincayiyen.difuzyonhosting.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                  The mail system

<[email protected]>: unknown user: "hsa2"

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Postfix; unknown user: "hsa2"

 

What do your Postfix logs report?

 

/var/log/mail.log

Code:

Jan 20 23:46:02 karincayiyen postfix/smtpd[15906]: connect from mail-ew0-f209.google.com[209.85.219.209]
Jan 20 23:46:02 karincayiyen postfix/smtpd[15906]: 7952AF208EE: client=mail-ew0-f209.google.com[209.85.219.209]
Jan 20 23:46:02 karincayiyen postfix/cleanup[15910]: 7952AF208EE: message-id=<[email protected]>
Jan 20 23:46:02 karincayiyen postfix/qmgr[15787]: 7952AF208EE: from=<[email protected]>, size=1237, nrcpt=1 (queue active)
Jan 20 23:46:02 karincayiyen postfix/local[15911]: 7952AF208EE: to=<[email protected]>, relay=local, delay=0.39, delays=0.38/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "hsa2")
Jan 20 23:46:02 karincayiyen postfix/cleanup[15910]: BACCEF208F0: message-id=<[email protected]>
Jan 20 23:46:02 karincayiyen postfix/qmgr[15787]: BACCEF208F0: from=<>, size=3169, nrcpt=1 (queue active)
Jan 20 23:46:02 karincayiyen postfix/bounce[15912]: 7952AF208EE: sender non-delivery notification: BACCEF208F0
Jan 20 23:46:02 karincayiyen postfix/qmgr[15787]: 7952AF208EE: removed
Jan 20 23:46:03 karincayiyen postfix/smtp[15914]: BACCEF208F0: to=<[email protected]>, relay=ASPMX.L.GOOGLE.COM[209.85.221.51]:25, delay=0.72, delays=0.01/0/0.11/0.59, dsn=2.0.0, status=sent (250 2.0.0 OK 1264020362 17si587211qyk.35)
Jan 20 23:46:03 karincayiyen postfix/qmgr[15787]: BACCEF208F0: removed