Hi, I used this tutorial: https://www.howtoforge.com/perfect-server-centos-7-x86_64-nginx-dovecot-ispconfig-3 CentOS Linux release 7.2.1511 (Core) version 3.0.5.4p9 When I use roundcube or Outlook and send to any address, I get the relay access denied error. main.cf: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf But the mysql table mail_access is completely empty.. Strange right? All services are up and running and all restarted. From htf_report.txt I get only some warnings: Code: ##### MAIL SERVER CHECK ##### [WARN] I found no "submission" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this. [WARN] I found no "smtps" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this. master.cf: Code: smtp inet n - n - - smtpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender} dovecot unix - n n - - pipe flags=DROhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks main.cf: Code: queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix inet_interfaces = all inet_protocols = all mydestination = <hostname>.<mydomain>, localhost, localhost.localdomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.10.1/samples readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES virtual_alias_domains = virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 myhostname = cp02.bubble-it.nl mynetworks = 127.0.0.0/8 [::1]/128 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings relayhost = mailbox_size_limit = 0 message_size_limit = 0 /etc/sasl2/smtpd.conf: Code: pwcheck_method: saslauthd mech_list: plain login My DNS resolvers work fine. I am behind a NAT, I don't think it makes any difference but just mentioning it. Telnet hostname 25 is working. External smtp testers like this one https://pingability.com/smtptest.jsp gives also the relay denied error: <I will post this output in a comment because I cannot post more then 10000 characters> And of course I have read a lot of posts and this one gives a lot of hits on Google, but after all, I think the problem is with the empty table in the dbispconfig database, so I am posting this anyway and other posts don't talk about that. Hopefully someone can help me, thanks in advance!
And the output of pingability.com: Code: DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Oracle] DEBUG SMTP: useEhlo true, useAuth true DEBUG SMTP: trying to connect to host "<myhostname>", port 25, isSSL false 220 <myhostname> ESMTP Postfix DEBUG SMTP: connected to host "<myhostname>", port: 25 EHLO localhost 250-<myhostname> 250-PIPELINING 250-SIZE 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN DEBUG SMTP: Found extension "PIPELINING", arg "" DEBUG SMTP: Found extension "SIZE", arg "" DEBUG SMTP: Found extension "VRFY", arg "" DEBUG SMTP: Found extension "ETRN", arg "" DEBUG SMTP: Found extension "STARTTLS", arg "" DEBUG SMTP: Found extension "AUTH", arg "PLAIN LOGIN" DEBUG SMTP: Found extension "AUTH=PLAIN", arg "LOGIN" DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg "" DEBUG SMTP: Found extension "8BITMIME", arg "" DEBUG SMTP: Found extension "DSN", arg "" DEBUG SMTP: Attempt to authenticate using mechanisms: LOGIN PLAIN DIGEST-MD5 NTLM DEBUG SMTP: AUTH LOGIN command trace suppressed DEBUG SMTP: AUTH LOGIN succeeded DEBUG SMTP: use8bit false MAIL FROM:<<myemail>> 250 2.1.0 Ok RCPT TO:<[email protected]> 451 4.3.0 <[email protected]>: Temporary lookup failure DEBUG SMTP: Valid Unsent Addresses DEBUG SMTP: [email protected] DEBUG SMTP: Sending failed because of invalid destination addresses RSET 250 2.0.0 Ok DEBUG SMTP: MessagingException while sending, THROW: javax.mail.SendFailedException: Invalid Addresses; nested exception is: com.sun.mail.smtp.SMTPAddressFailedException: 451 4.3.0 <[email protected]>: Temporary lookup failure at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1950) at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1195) at com.rimuhosting.util.email.EmailDetails.sendEmail(EmailDetails.java:577) at com.rimuhosting.util.email.EmailDetails.sendEmail(EmailDetails.java:396) at org.apache.jsp.smtptest_jsp._jspService(smtptest_jsp.java:258) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.rimuhosting.util.webrequest.DoNothingFilter.doFilter(DoNothingFilter.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) at org.apache.coyote.ajp.AbstractAjpProcessor.process(AbstractAjpProcessor.java:844) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: com.sun.mail.smtp.SMTPAddressFailedException: 451 4.3.0 <[email protected]>: Temporary lookup failure at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1817) ... 34 more QUIT 221 2.0.0 Bye Got a relaying denied error ([email protected]) And if I email to myself, I get this error by the way: Code: Sep 13 20:40:53 cp02 postfix/smtp[7786]: A1B3E4000F968: to=<<myemail>>, relay=127.0.0.1[127.0.0.1]:10024, delay=5812, delays=5794/0.01/0/18, dsn=4.3.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.3.0 id=04139-05 - Temporary MTA failure on relaying, from MTA(smtp:[127.0.0.1]:10025): 451 4.3.0 Error: queue file write error (in reply to end of DATA command))
I believe that error is the smtpd listening on 10025 being unable to write the message to postfix queue. Are you out of disk space, or disk mounted read-only? Also verify there is an smtpd listening on port 10025. (eg. check netstat -tna | grep LISTEN for port 10025)
It's only listening on localhost: tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN Is that correct? Disk is not full and rw mounted
yes, that's correct. Comment out your 'content_filter = amavis:[127.0.0.1]:10024' line in main.cf and see if mail delivers (that will bypass amavis, so no virus/spam filtering) and reload postfix. If it doesn't deliver, what errors do you see in the mail log?
I did that, but that doesn't help unfortunately. And I really think it's something with that table being empty. Is your "mail_access" table also empty of the db "dbispconfig"? I have another ispconfig server running on Debian 7.9 with ISPConfig version 3.0.5.4p8, and if I check that table there, it's filled indeed, check this screenshot: http://prntscr.com/chpwzg
The mail_access table is normally empty, it contains only records for mail routing trough external servers. It is not used for normal mailboxes or mail domains. If you need someone to take a look at your server directly, ask Florian from schaal @it ispconfig support team: http://www.ispconfig.org/get-suppor...www.ispconfig.org/get-support/?type=ispconfig
I did two complete fresh installs with the same manual on CentOS and did the exact same steps, failed twice with the exact same error. After that, I did a fresh install with Debian 8, within 5 minutes I had everything up and running, including the mail. I prefer CentOS but since this fixes my problem and you recommend Debian also, I will use Debian. Thanks anyway for the support!
Curious; I'm sure your CentOS setup can be debugged/fixed if you want to run that (I don't happen to have any Centos setup, but others do...).