Loading ...
Sorry, an error occurred while loading the content.

Re: Relaying denied

Expand Messages
  • Magnus Bäck
    On Thursday, November 01, 2007 at 07:10 CET, ... Not if their IP addresses are unknown. ... That works if done correctly. Show postconf -n output and logs of
    Message 1 of 7 , Oct 31, 2007
    • 0 Attachment
      On Thursday, November 01, 2007 at 07:10 CET,
      Ranjith Kumar <ranjitbat@...> wrote:

      > How to allow smtp relaying for the users who are connecting on public ip?
      > Is is possible without SASL authentication?

      Not if their IP addresses are unknown.

      > I tried adding the ip addresses to mynetworks, but still the same problem

      That works if done correctly. Show "postconf -n" output and logs of the
      incident.

      --
      Magnus Bäck
      magnus@...
    • Patric Falinder
      Hi! I act as a spamcheck -relay for a couple of servers but I get this error message for one server when I m trying to relay a message to it: Mar 17 10:28:07
      Message 2 of 7 , Mar 17, 2010
      • 0 Attachment
        Hi!

        I act as a "spamcheck"-relay for a couple of servers but I get this
        error message for one server when I'm trying to relay a message to it:

        Mar 17 10:28:07 myrelay postfix/smtp[4910]: 1358410A329:
        to=<jan@...>, relay=mail.domain.se[81.228.XXX.XXX]:25, delay=0.4,
        delays=0.08/0.01/0.27/0.05, dsn=5.7.1, status=bounced (host
        mail.domain.se[81.228.XXX.XXX] said: 550 5.7.1 <jan@...>...
        Relaying denied. Proper authentication required. (in reply to RCPT TO
        command))

        And I get this on the server I'm trying to send to (it runs Sendmail):

        Mar 17 10:28:22 gateway sendmail[26927]: o2H9SMYZ026927:
        ruleset=check_rcpt, arg1=<jan@...>,
        relay=smtp3.myrelay.com[194.218.XXX.XXX], reject=550 5.7.1
        <jan@...>... Relaying denied. Proper authentication required.

        If I try telnet to the mailserver from my relay-server I get this:

        myrelay:~/# telnet mail.domain.se 25
        Trying 81.228.XXX.XXX...
        Connected to mail.domain.se.
        Escape character is '^]'.
        220 domain.se ESMTP Wed, 17 Mar 2010 10:40:35 +0100
        ehlo domain.se
        250-domain.se Hello smtp3.myrelay.com[194.218.XX.XX], pleased to meet you
        250-ENHANCEDSTATUSCODES
        250-PIPELINING
        250-8BITMIME
        250-SIZE
        250-DSN
        250-AUTH PLAIN LOGIN
        250-DELIVERBY
        250 HELP

        I am updating my servers and "myrelay" is the new one, the old one runs
        Sendmail and can relay just fine to it without any "Relaying denied.
        Proper authentication required."
        I have no idea what the problem is here and was hoping you could help
        me? Can it be something with my sasl-setup on my new server? But
        mail.domain.se doesn't show STARTTLS when I telnet to it..


        Thanks for any help!
      • Patric Falinder
        Thats just it, I m not even sure if I have configured it right and I m starting to think there is something wrong with it cause I m not 100% sure how sasl
        Message 3 of 7 , Mar 17, 2010
        • 0 Attachment
          Thats just it, I'm not even sure if I have configured it right and I'm starting to think there is something wrong with it cause I'm not 100% sure how sasl works..
          I attached my main.cf to this mail. I have read the Postfix SASL Readme but I'm still not sure about how it works or if my config is right..


          Varun Kaushik skrev 2010-03-17 10:58:
          Do you have any authentication configured?
          As you mentioned SASL setup , are all the configurations sane?

          On Wed, Mar 17, 2010 at 3:20 PM, Patric Falinder <patric.falinder@...> wrote:
          Hi!

          I act as a "spamcheck"-relay for a couple of servers but I get this error message for one server when I'm trying to relay a message to it:

          Mar 17 10:28:07 myrelay postfix/smtp[4910]: 1358410A329: to=<jan@...>, relay=mail.domain.se[81.228.XXX.XXX]:25, delay=0.4, delays=0.08/0.01/0.27/0.05, dsn=5.7.1, status=bounced (host mail.domain.se[81.228.XXX.XXX] said: 550 5.7.1 <jan@...>... Relaying denied. Proper authentication required. (in reply to RCPT TO command))

          And I get this on the server I'm trying to send to (it runs Sendmail):

          Mar 17 10:28:22 gateway sendmail[26927]: o2H9SMYZ026927: ruleset=check_rcpt, arg1=<jan@...>, relay=smtp3.myrelay.com[194.218.XXX.XXX], reject=550 5.7.1 <jan@...>... Relaying denied. Proper authentication required.

          If I try telnet to the mailserver from my relay-server I get this:

          myrelay:~/# telnet mail.domain.se 25
          Trying 81.228.XXX.XXX...
          Connected to mail.domain.se.
          Escape character is '^]'.
          220 domain.se ESMTP Wed, 17 Mar 2010 10:40:35 +0100
          ehlo domain.se
          250-domain.se Hello smtp3.myrelay.com[194.218.XX.XX], pleased to meet you
          250-ENHANCEDSTATUSCODES
          250-PIPELINING
          250-8BITMIME
          250-SIZE
          250-DSN
          250-AUTH PLAIN LOGIN
          250-DELIVERBY
          250 HELP

          I am updating my servers and "myrelay" is the new one, the old one runs Sendmail and can relay just fine to it without any "Relaying denied. Proper authentication required."
          I have no idea what the problem is here and was hoping you could help me? Can it be something with my sasl-setup on my new server? But mail.domain.se doesn't show STARTTLS when I telnet to it..


          Thanks for any help!


        • Daniel Ryslink
          Hello, I think the server does not offer TLS authentication to you at all (only PLAIN and LOGIN authentication which you could probably use, if you have valid
          Message 4 of 7 , Mar 17, 2010
          • 0 Attachment
            Hello,

            I think the server does not offer TLS authentication to you at all (only
            PLAIN and LOGIN authentication which you could probably use, if you have
            valid credentials).

            You should really contact the administrator of the server and clarify
            things up - how are you supposed to authenticate (TLS, PLAIN, LOGIN, ...
            ?), tell him your IP is not offered TLS (maybe he just forgot to include
            your IP into some table?) if he insinsts on TLS, and so on. The problem
            could be very well on his side.

            Sorry if I misunderstood your problem, it's quite possible because your
            mail does not provide much detail about your specific scenario.

            Best Regards
            Daniel Ryslink

            On Wed, 17 Mar 2010, Patric Falinder wrote:

            > Thats just it, I'm not even sure if I have configured it right and I'm starting to think there is something wrong with it cause I'm not 100% sure how
            > sasl works..
            > I attached my main.cf to this mail. I have read the Postfix SASL Readme but I'm still not sure about how it works or if my config is right..
            >
            >
            > Varun Kaushik skrev 2010-03-17 10:58:
            > Do you have any authentication configured?
            > As you mentioned SASL setup , are all the configurations sane?
            >
            > On Wed, Mar 17, 2010 at 3:20 PM, Patric Falinder <patric.falinder@...> wrote:
            > Hi!
            >
            > I act as a "spamcheck"-relay for a couple of servers but I get this error message for one server when I'm trying to relay a
            > message to it:
            >
            > Mar 17 10:28:07 myrelay postfix/smtp[4910]: 1358410A329: to=<jan@...>, relay=mail.domain.se[81.228.XXX.XXX]:25, delay=0.4,
            > delays=0.08/0.01/0.27/0.05, dsn=5.7.1, status=bounced (host mail.domain.se[81.228.XXX.XXX] said: 550 5.7.1 <jan@...>...
            > Relaying denied. Proper authentication required. (in reply to RCPT TO command))
            >
            > And I get this on the server I'm trying to send to (it runs Sendmail):
            >
            > Mar 17 10:28:22 gateway sendmail[26927]: o2H9SMYZ026927: ruleset=check_rcpt, arg1=<jan@...>,
            > relay=smtp3.myrelay.com[194.218.XXX.XXX], reject=550 5.7.1 <jan@...>... Relaying denied. Proper authentication required.
            >
            > If I try telnet to the mailserver from my relay-server I get this:
            >
            > myrelay:~/# telnet mail.domain.se 25
            > Trying 81.228.XXX.XXX...
            > Connected to mail.domain.se.
            > Escape character is '^]'.
            > 220 domain.se ESMTP Wed, 17 Mar 2010 10:40:35 +0100
            > ehlo domain.se
            > 250-domain.se Hello smtp3.myrelay.com[194.218.XX.XX], pleased to meet you
            > 250-ENHANCEDSTATUSCODES
            > 250-PIPELINING
            > 250-8BITMIME
            > 250-SIZE
            > 250-DSN
            > 250-AUTH PLAIN LOGIN
            > 250-DELIVERBY
            > 250 HELP
            >
            > I am updating my servers and "myrelay" is the new one, the old one runs Sendmail and can relay just fine to it without any
            > "Relaying denied. Proper authentication required."
            > I have no idea what the problem is here and was hoping you could help me? Can it be something with my sasl-setup on my new
            > server? But mail.domain.se doesn't show STARTTLS when I telnet to it..
            >
            >
            > Thanks for any help!
            >
            >
            >
            >
            >
          • Brian Evans - Postfix List
            ... First, SASL has nothing to do with TLS. TLS simply provides encryption. SASL simply provides authentication. Second, please send the results of postconf
            Message 5 of 7 , Mar 17, 2010
            • 0 Attachment
              On 3/17/2010 6:05 AM, Patric Falinder wrote:
              > Thats just it, I'm not even sure if I have configured it right and I'm
              > starting to think there is something wrong with it cause I'm not 100%
              > sure how sasl works..
              > I attached my main.cf to this mail. I have read the Postfix SASL
              > Readme but I'm still not sure about how it works or if my config is
              > right..

              First, SASL has nothing to do with TLS. TLS simply provides encryption.
              SASL simply provides authentication.

              Second, please send the results of 'postconf -n' instead of main.cf. It
              makes it easier to read and more concise as to what Postfix is using.

              Third, I think you need to reread
              http://www.postfix.org/SASL_README.html#client_sasl as nothing in your
              main.cf mentions smtp_sasl*. smtp != smtpd.

              Brian

              >
              >
              > Varun Kaushik skrev 2010-03-17 10:58:
              >> Do you have any authentication configured?
              >> As you mentioned SASL setup , are all the configurations sane?
              >>
              >> On Wed, Mar 17, 2010 at 3:20 PM, Patric Falinder
              >> <patric.falinder@... <mailto:patric.falinder@...>> wrote:
              >>
              >> Hi!
              >>
              >> I act as a "spamcheck"-relay for a couple of servers but I get
              >> this error message for one server when I'm trying to relay a
              >> message to it:
              >>
              >> Mar 17 10:28:07 myrelay postfix/smtp[4910]: 1358410A329:
              >> to=<jan@... <mailto:jan@...>>, relay=mail.domain.se
              >> <http://mail.domain.se>[81.228.XXX.XXX]:25, delay=0.4,
              >> delays=0.08/0.01/0.27/0.05, dsn=5.7.1, status=bounced (host
              >> mail.domain.se <http://mail.domain.se>[81.228.XXX.XXX] said: 550
              >> 5.7.1 <jan@... <mailto:jan@...>>... Relaying denied.
              >> Proper authentication required. (in reply to RCPT TO command))
              >>
              >> And I get this on the server I'm trying to send to (it runs
              >> Sendmail):
              >>
              >> Mar 17 10:28:22 gateway sendmail[26927]: o2H9SMYZ026927:
              >> ruleset=check_rcpt, arg1=<jan@... <mailto:jan@...>>,
              >> relay=smtp3.myrelay.com
              >> <http://smtp3.myrelay.com>[194.218.XXX.XXX], reject=550 5.7.1
              >> <jan@... <mailto:jan@...>>... Relaying denied. Proper
              >> authentication required.
              >>
              >> If I try telnet to the mailserver from my relay-server I get this:
              >>
              >> myrelay:~/# telnet mail.domain.se <http://mail.domain.se> 25
              >> Trying 81.228.XXX.XXX...
              >> Connected to mail.domain.se <http://mail.domain.se>.
              >> Escape character is '^]'.
              >> 220 domain.se <http://domain.se> ESMTP Wed, 17 Mar 2010 10:40:35
              >> +0100
              >> ehlo domain.se <http://domain.se>
              >> 250-domain.se <http://250-domain.se> Hello smtp3.myrelay.com
              >> <http://smtp3.myrelay.com>[194.218.XX.XX], pleased to meet you
              >> 250-ENHANCEDSTATUSCODES
              >> 250-PIPELINING
              >> 250-8BITMIME
              >> 250-SIZE
              >> 250-DSN
              >> 250-AUTH PLAIN LOGIN
              >> 250-DELIVERBY
              >> 250 HELP
              >>
              >> I am updating my servers and "myrelay" is the new one, the old
              >> one runs Sendmail and can relay just fine to it without any
              >> "Relaying denied. Proper authentication required."
              >> I have no idea what the problem is here and was hoping you could
              >> help me? Can it be something with my sasl-setup on my new server?
              >> But mail.domain.se <http://mail.domain.se> doesn't show STARTTLS
              >> when I telnet to it..
              >>
              >>
              >> Thanks for any help!
              >>
              >>
              >
            • Patric Falinder
              ... I fixed the problem! It was the other server (domain.se) that was the problem, it did some wired rewrite on the domain part so I only had to add the
              Message 6 of 7 , Mar 17, 2010
              • 0 Attachment
                Patric Falinder skrev 2010-03-17 14:36:
                > Brian Evans - Postfix List skrev 2010-03-17 13:43:
                >> On 3/17/2010 6:05 AM, Patric Falinder wrote:
                >>> Thats just it, I'm not even sure if I have configured it right and I'm
                >>> starting to think there is something wrong with it cause I'm not 100%
                >>> sure how sasl works..
                >>> I attached my main.cf to this mail. I have read the Postfix SASL
                >>> Readme but I'm still not sure about how it works or if my config is
                >>> right..
                >>
                >> First, SASL has nothing to do with TLS. TLS simply provides encryption.
                >> SASL simply provides authentication.
                >>
                >> Second, please send the results of 'postconf -n' instead of main.cf. It
                >> makes it easier to read and more concise as to what Postfix is using.
                >>
                >> Third, I think you need to reread
                >> http://www.postfix.org/SASL_README.html#client_sasl as nothing in your
                >> main.cf mentions smtp_sasl*. smtp != smtpd.
                >>
                >> Brian
                >>
                >>>
                >>>
                >>> Varun Kaushik skrev 2010-03-17 10:58:
                >>>> Do you have any authentication configured?
                >>>> As you mentioned SASL setup , are all the configurations sane?
                >>>>
                >>>> On Wed, Mar 17, 2010 at 3:20 PM, Patric Falinder
                >>>> <patric.falinder@...<mailto:patric.falinder@...>> wrote:
                >>>>
                >>>> Hi!
                >>>>
                >>>> I act as a "spamcheck"-relay for a couple of servers but I get
                >>>> this error message for one server when I'm trying to relay a
                >>>> message to it:
                >>>>
                >>>> Mar 17 10:28:07 myrelay postfix/smtp[4910]: 1358410A329:
                >>>> to=<jan@...<mailto:jan@...>>, relay=mail.domain.se
                >>>> <http://mail.domain.se>[81.228.XXX.XXX]:25, delay=0.4,
                >>>> delays=0.08/0.01/0.27/0.05, dsn=5.7.1, status=bounced (host
                >>>> mail.domain.se<http://mail.domain.se>[81.228.XXX.XXX] said: 550
                >>>> 5.7.1<jan@...<mailto:jan@...>>... Relaying denied.
                >>>> Proper authentication required. (in reply to RCPT TO command))
                >>>>
                >>>> And I get this on the server I'm trying to send to (it runs
                >>>> Sendmail):
                >>>>
                >>>> Mar 17 10:28:22 gateway sendmail[26927]: o2H9SMYZ026927:
                >>>> ruleset=check_rcpt, arg1=<jan@...<mailto:jan@...>>,
                >>>> relay=smtp3.myrelay.com
                >>>> <http://smtp3.myrelay.com>[194.218.XXX.XXX], reject=550 5.7.1
                >>>> <jan@...<mailto:jan@...>>... Relaying denied. Proper
                >>>> authentication required.
                >>>>
                >>>> If I try telnet to the mailserver from my relay-server I get this:
                >>>>
                >>>> myrelay:~/# telnet mail.domain.se<http://mail.domain.se> 25
                >>>> Trying 81.228.XXX.XXX...
                >>>> Connected to mail.domain.se<http://mail.domain.se>.
                >>>> Escape character is '^]'.
                >>>> 220 domain.se<http://domain.se> ESMTP Wed, 17 Mar 2010 10:40:35
                >>>> +0100
                >>>> ehlo domain.se<http://domain.se>
                >>>> 250-domain.se<http://250-domain.se> Hello smtp3.myrelay.com
                >>>> <http://smtp3.myrelay.com>[194.218.XX.XX], pleased to meet you
                >>>> 250-ENHANCEDSTATUSCODES
                >>>> 250-PIPELINING
                >>>> 250-8BITMIME
                >>>> 250-SIZE
                >>>> 250-DSN
                >>>> 250-AUTH PLAIN LOGIN
                >>>> 250-DELIVERBY
                >>>> 250 HELP
                >>>>
                >>>> I am updating my servers and "myrelay" is the new one, the old
                >>>> one runs Sendmail and can relay just fine to it without any
                >>>> "Relaying denied. Proper authentication required."
                >>>> I have no idea what the problem is here and was hoping you could
                >>>> help me? Can it be something with my sasl-setup on my new server?
                >>>> But mail.domain.se<http://mail.domain.se> doesn't show STARTTLS
                >>>> when I telnet to it..
                >>>>
                >>>>
                >>>> Thanks for any help!
                >>>>
                >>>>
                >>>
                >>
                > I would just like to say thanks a lot for the response, I really
                > appreciate it!
                >
                > Okay I think I found the problem. I used telnet to the mail-server and
                > tried to send a mail to different addresses and got this:
                >
                > rcpt to: jan@...
                > 550 5.7.1 jan@...... Relaying denied. Proper authentication required.
                > rcpt to: jand
                > 250 2.1.5 jand... Recipient ok
                >
                > The mailbox-name on the mail-server for "jan@..." is "jand" so do I
                > need to rewrite the recipient address or something? Or can I specify
                > what "rcpt to:" it should use for some addresses? In the logs it looks
                > like the old server is able to send to the real address but it is
                > possible that it rewrites it anyways, that server is really old and I
                > don't have any documentation for it so I have no idea how it works..
                >
                > Thanks!
                I fixed the problem! It was the other server (domain.se) that was the
                problem, it did some wired rewrite on the domain part so I only had to
                add the correct one and it started working!

                Thanks a lot for all the help!
              Your message has been successfully submitted and would be delivered to recipients shortly.