Loading ...
Sorry, an error occurred while loading the content.

554 5.7.1 Relay access denied

Expand Messages
  • Tim Dunphy
    Hello, I recently had to rebuild my mail server. Unfortunately I am running into a little problem. I seem to be able to DELIVER mail to my mail user account
    Message 1 of 9 , May 6, 2010
    • 0 Attachment
      Hello,

      I recently had to rebuild my mail server. Unfortunately I am running
      into a little problem.

      I seem to be able to DELIVER mail to my mail user account


      But when I try to _send_ mail I run into this error:

      ============================================================

      [root@cloud3:~ ] #:telnet cloud3 25
      Trying 10.249.74.116...
      Connected to cloud3.newdom.com.
      Escape character is '^]'.
      220 cloud3.newdom.com ESMTP Postfix (Ubuntu) This Is My Cloud!
      EHLO cloud3
      250-cloud3.newdom.com
      250-PIPELINING
      250-SIZE 10240000
      250-ETRN
      250-STARTTLS
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN
      MAIL FROM: <bluethundr@...>
      250 2.1.0 Ok
      RCPT TO: <bluethundr@...>
      554 5.7.1 <bluethundr@...>: Relay access denied

      ==========================================================



      This is what is going on in my postfix logs:

      =============================================================

      May 6 20:12:47 cloud3 postfix/anvil[4934]: statistics: max cache size
      1 at May 6 20:02:47
      May 6 20:12:56 cloud3 postfix/smtpd[4933]: NOQUEUE: reject_warning:
      RCPT from cloud3.newdom.com[10.249.74.116]: 504 5.5.2 <cloud3>: Helo
      command rejected: need fully-qualified hostname;
      from=<bluethundr@...> to=<bluethundr@...>
      proto=ESMTP helo=<cloud3>
      May 6 20:12:56 cloud3 postfix/smtpd[4933]: NOQUEUE: reject: RCPT from
      cloud3.newdom.com[10.249.74.116]: 554 5.7.1
      <bluethundr@...>: Relay access denied;
      from=<bluethundr@...> to=<bluethundr@...>
      proto=ESMTP helo=<cloud3>

      ==============================================================

      I am also including my main.cf and master.cf files for your perusal in
      the hopes that someone with a fresh set of eyes and more experience
      than I may be able to spot the problem

      In main.cf I have substituted newdom.com for the domain I am intending
      to setup, And I am using externaldom.com to symbolize a popular
      webmail service.

      kind regards
    • /dev/rob0
      ... 10.249.74.116 is not in $mynetworks: http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from http://www.postfix.org/postconf.5.html#mynetworks
      Message 2 of 9 , May 6, 2010
      • 0 Attachment
        On Thu, May 06, 2010 at 04:24:21PM -0400, Tim Dunphy wrote:
        > May 6 20:12:56 cloud3 postfix/smtpd[4933]: NOQUEUE: reject:
        > RCPT from cloud3.newdom.com[10.249.74.116]: 554 5.7.1
        > <bluethundr@...>: Relay access denied;
        > from=<bluethundr@...> to=<bluethundr@...>
        > proto=ESMTP helo=<cloud3>

        10.249.74.116 is not in $mynetworks:

        http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
        http://www.postfix.org/postconf.5.html#mynetworks

        > I am also including my main.cf and master.cf files for your
        > perusal in the hopes that someone with a fresh set of eyes and
        > more experience than I may be able to spot the problem

        For future reference please use "postconf -n" when posting questions
        here. It didn't matter this time, so I didn't bother to review your
        files.

        > In main.cf I have substituted newdom.com for the domain I am
        > intending to setup, And I am using externaldom.com to symbolize a
        > popular webmail service.

        "Example" has been set aside for examples in every top-level domain,
        such as example.com, example.net, et c. Newdom.com and
        externaldom.com are real domains, albeit evidently just
        cybersquatters.
        --
        Offlist mail to this address is discarded unless
        "/dev/rob0" or "not-spam" is in Subject: header
      • SONNY LASKAR
        Hello, I have read a lot of posts on the Internet but could not solve the Relay Access denied problem. Below are few details: == OS *[root@server1 ~]# cat
        Message 3 of 9 , May 26, 2013
        • 0 Attachment
          Hello,

          I have read a lot of posts on the Internet but could not solve the Relay Access denied problem.
          Below are few details:
          ==
          OS
          [root@server1 ~]# cat /etc/issue
          CentOS release 6.2 (Final)
          Kernel \r on an \m
          ==
          Postfix
          [root@server1 ~]# postconf -a
          cyrus
          dovecot
          [root@server1 ~]# postconf -m
          btree
          cidr
          environ
          hash
          ldap
          mysql
          nis
          pcre
          proxy
          regexp
          static
          unix


          ===
          Telnet to Smtp,pop3 and imap
          [root@server1 ~]# telnet localhost smtp
          Trying ::1...
          Connected to localhost.
          Escape character is '^]'.
          220 server1.example.com ESMTP Postfix
          ^]
          telnet> q
          Connection closed.
          [root@server1 ~]# telnet localhost pop3
          Trying ::1...
          Connected to localhost.
          Escape character is '^]'.
          +OK Dovecot ready.
          ^]
          telnet> q
          Connection closed.
          [root@server1 ~]# telnet localhost imap
          Trying ::1...
          Connected to localhost.
          Escape character is '^]'.
          * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
          ^]
          telnet> q
          Connection closed.
          =====

          My main.cf file is as below:
          queue_directory = /var/spool/postfix
          command_directory = /usr/sbin
          daemon_directory = /usr/libexec/postfix
          data_directory = /var/lib/postfix
          mail_owner = postfix
          myhostname = server1.example.com
          mydomain = example.com
          myorigin = $mydomain
          inet_interfaces = all
          inet_protocols = all
          mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
          unknown_local_recipient_reject_code = 550
          mynetworks = 198.98.80.80/28, 127.0.0.0/8 # Assume my IP is 198.98.80.85
          alias_maps = hash:/etc/aliases
          alias_database = hash:/etc/aliases
          home_mailbox = Maildir/


          debug_peer_level = 2
          debugger_command =
                   PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
                   ddd $daemon_directory/$process_name $process_id & sleep 5
          sendmail_path = /usr/sbin/sendmail ;
          newaliases_path = /usr/bin/newaliases.postfix
          mailq_path = /usr/bin/mailq.postfix
          setgid_group = postdrop
          html_directory = no
          manpage_directory = /usr/share/man
          sample_directory = /usr/share/doc/postfix-2.6.6/samples
          readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
          virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
          virtual_mailbox_base = /var/vmail
          virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
          virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
          virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
          virtual_minimum_uid = 501
          virtual_uid_maps = static:501
          virtual_gid_maps = static:12
          virtual_transport = dovecot
          dovecot_destination_recipient_limit = 1
          smtpd_helo_required             = yes
          disable_vrfy_command            = yes
          non_fqdn_reject_code            = 450
          invalid_hostname_reject_code    = 450
          maps_rbl_reject_code            = 450
          smtpd_recipient_restrictions =
                  permit_sasl_authenticated
                  permit_mynetworks
                  reject_unauth_destination
                  reject_invalid_helo_hostname
                  warn_if_reject reject_non_fqdn_helo_hostname
                  warn_if_reject reject_unknown_helo_hostname
                  warn_if_reject reject_unknown_client
                  reject_non_fqdn_sender
                  reject_non_fqdn_recipient
                  reject_unknown_sender_domain
                  reject_unknown_recipient_domain
                  reject_rbl_client zen.spamhaus.org
                  reject_rbl_client bl.spamcop.net
                  reject_rbl_client dnsbl.sorbs.net=127.0.0.2
                  reject_rbl_client dnsbl.sorbs.net=127.0.0.3
                  reject_rbl_client dnsbl.sorbs.net=127.0.0.4
                  reject_rbl_client dnsbl.sorbs.net=127.0.0.5
                  reject_rbl_client dnsbl.sorbs.net=127.0.0.7
                  reject_rbl_client dnsbl.sorbs.net=127.0.0.9
                  reject_rbl_client dnsbl.sorbs.net=127.0.0.11
                  reject_rbl_client dnsbl.sorbs.net=127.0.0.12
                  warn_if_reject reject_rhsbl_sender dsn.rfc-ignorant.org
                  warn_if_reject reject_rhsbl_sender abuse.rfc-ignorant.org
                  warn_if_reject reject_rhsbl_sender whois.rfc-ignorant.org
                  warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org
                  warn_if_reject reject_rhsbl_sender postmaster.rfc-ignorant.org
                  permit
          smtpd_data_restrictions =
                  reject_unauth_pipelining,
                  reject_multi_recipient_bounce,
                  permit
          milter_default_action = accept
          milter_protocol = 6
          smtpd_milters = inet:localhost:12345
          non_smtpd_milters = inet:localhost:12345
          =================

          I can send email to my domain but cannot send emails to other domain:
          [root@server1 ~]# telnet localhost smtp
          Trying ::1...
          Connected to localhost.
          Escape character is '^]'.
          220 server1.example.com ESMTP Postfix
          ehlo localhost
          250-server1.example.com
          250-PIPELINING
          250-SIZE 10240000
          250-ETRN
          250-ENHANCEDSTATUSCODES
          250-8BITMIME
          250 DSN
          mail from:xyz@...
          250 2.1.0 Ok
          rcpt to:xyz@...
          554 5.7.1 <xyz@...>: Relay access denied


          The Error in mailog is :
          May 27 06:23:58 server1 postfix/smtpd[27718]: connect from localhost[::1]
          May 27 06:24:14 server1 postfix/smtpd[27718]: NOQUEUE: reject: RCPT from localhost[::1]: 554 5.7.1 <xyz@...>: Relay access denied; from=<xyz@...> to=<xyz@...> proto=ESMTP helo=<localhost>
          May 27 06:24:16 server1 postfix/smtpd[27718]: disconnect from localhost[::1]


          ==
          Note:
          Assume my domain is example.com and server hostname is server1.example.com with IP 198.98.80.85

          Please help me get past this relay access error.
          Let me know if I need to share any additional stats.

          Regards
          Sonny
        • Stan Hoeppner
          ... Use both IPv4 and IPv6 ... mynetworks is all IPv4, no IPv6 ... Deny relay if client not in mynetworks ... Your connection to Postfix is via IPv6. No IPv6
          Message 4 of 9 , May 26, 2013
          • 0 Attachment
            On 5/26/2013 9:31 PM, SONNY LASKAR wrote:

            > inet_protocols = all

            Use both IPv4 and IPv6

            > mynetworks = 198.98.80.80/28, 127.0.0.0/8 # Assume my IP is 198.98.80.85

            mynetworks is all IPv4, no IPv6

            > smtpd_recipient_restrictions =
            > permit_sasl_authenticated
            > permit_mynetworks

            Deny relay if client not in mynetworks

            > *[root@server1 ~]# telnet localhost smtp*
            > Trying ::1...
            ...
            > *554 5.7.1 <xyz@...>: Relay access denied*
            ...
            > May 27 06:23:58 server1 postfix/smtpd[27718]: connect from localhost[::1]
            > May 27 06:24:14 server1 postfix/smtpd[27718]: NOQUEUE: reject: RCPT from
            > localhost[::1]: 554 5.7.1 <xyz@...>: Relay access denied; from=<
            > xyz@...> to=<xyz@...> proto=ESMTP helo=<localhost>
            > May 27 06:24:16 server1 postfix/smtpd[27718]: disconnect from localhost[::1]

            Your connection to Postfix is via IPv6. No IPv6 subnets are in
            mynetworks, thus IP6 clients are not permitted to relay. Thus "Relay
            access denied." To fix this, choose one of these solutions:

            1. Disable IPv6 in CentOS
            2. Add the appropriate IPv6 subnet to mynetworks
            3. Set inet_protocols=ipv4

            You seem to have no need for IPv6 since you ignored it in your Postfix
            config. So #1 above is your best bet. It will likely prevent other
            headaches not related to Postfix as well.

            --
            Stan
          • SONNY LASKAR
            Dear Stan, Thanks for your reply. I notice some unknown email ids with Relay Access Denied error in maillog. It appears someone else is also trying to send
            Message 5 of 9 , May 27, 2013
            • 0 Attachment
              Dear Stan,
              Thanks for your reply.

              I notice some unknown email ids with Relay Access Denied  error in maillog.
              It appears someone else is also trying to send email.

              I have set protocol=ipv4
              What should be the value of mynetworks if I want that only my server should send email.

              Truly appreciate your time.

              Regards
              Sonny


              On Mon, May 27, 2013 at 9:33 AM, Stan Hoeppner <stan@...> wrote:
              On 5/26/2013 9:31 PM, SONNY LASKAR wrote:

              > inet_protocols = all

              Use both IPv4 and IPv6

              > mynetworks = 198.98.80.80/28, 127.0.0.0/8 # Assume my IP is 198.98.80.85

              mynetworks is all IPv4, no IPv6

              > smtpd_recipient_restrictions =
              >         permit_sasl_authenticated
              >         permit_mynetworks

              Deny relay if client not in mynetworks

              > *[root@server1 ~]# telnet localhost smtp*
              > Trying ::1...
              ...
              > *554 5.7.1 <xyz@...>: Relay access denied*
              ...
              > May 27 06:23:58 server1 postfix/smtpd[27718]: connect from localhost[::1]
              > May 27 06:24:14 server1 postfix/smtpd[27718]: NOQUEUE: reject: RCPT from
              > localhost[::1]: 554 5.7.1 <xyz@...>: Relay access denied; from=<
              > xyz@...> to=<xyz@...> proto=ESMTP helo=<localhost>
              > May 27 06:24:16 server1 postfix/smtpd[27718]: disconnect from localhost[::1]

              Your connection to Postfix is via IPv6.  No IPv6 subnets are in
              mynetworks, thus IP6 clients are not permitted to relay.  Thus "Relay
              access denied."  To fix this, choose one of these solutions:

              1.  Disable IPv6 in CentOS
              2.  Add the appropriate IPv6 subnet to mynetworks
              3.  Set inet_protocols=ipv4

              You seem to have no need for IPv6 since you ignored it in your Postfix
              config.  So #1 above is your best bet.  It will likely prevent other
              headaches not related to Postfix as well.

              --
              Stan




              --
              Regards
              Sonny
            • LuKreme
              ... 127.0.0.1 -- He was Igor, son of Igor, nephew of several Igors, brother of Igors and cousin of more Igors than he could remember without checking up in his
              Message 6 of 9 , May 27, 2013
              • 0 Attachment
                On 27 May 2013, at 09:02 , SONNY LASKAR <sonnylaskar@...> wrote:
                > What should be the value of mynetworks if I want that only my server should send email.

                127.0.0.1

                --
                He was Igor, son of Igor, nephew of several Igors, brother of Igors and
                cousin of more Igors than he could remember without checking up in his
                diary. Igors did not change a winning formula. {Footnote: Especially if
                it was green, and bubbled.}
              • SONNY LASKAR
                Thanks everyone. I have set mynetworks = 127.0.0.1 and inet_protocols = ipv4 This is solved. ... -- Regards Sonny
                Message 7 of 9 , May 27, 2013
                • 0 Attachment
                  Thanks everyone.

                  I have set mynetworks = 127.0.0.1 and inet_protocols = ipv4
                  This is solved.


                  On Mon, May 27, 2013 at 10:04 PM, LuKreme <kremels@...> wrote:
                  On 27 May 2013, at 09:02 , SONNY LASKAR <sonnylaskar@...> wrote:
                  > What should be the value of mynetworks if I want that only my server should send email.

                  127.0.0.1

                  --
                  He was Igor, son of Igor, nephew of several Igors, brother of Igors and
                  cousin of more Igors than he could remember without checking up in his
                  diary. Igors did not change a winning formula. {Footnote: Especially if
                  it was green, and bubbled.}




                  --
                  Regards
                  Sonny
                • Benny Pedersen
                  ... add # in front of mynetworks in main.cf you have blocked ipv6 connection in main.cf thats why you get relay denied are mynetworks not ok in postconf -d |
                  Message 8 of 9 , May 27, 2013
                  • 0 Attachment
                    SONNY LASKAR skrev den 2013-05-27 04:31:

                    > The Error in mailog is :
                    > May 27 06:23:58 server1 postfix/smtpd[27718]: connect from
                    > localhost[::1]
                    > May 27 06:24:14 server1 postfix/smtpd[27718]: NOQUEUE: reject: RCPT
                    > from localhost[::1]: 554 5.7.1 <xyz@...>: Relay access denied;
                    > from=<xyz@...> to=<xyz@...> proto=ESMTP helo=<localhost>
                    > May 27 06:24:16 server1 postfix/smtpd[27718]: disconnect from
                    > localhost[::1]

                    add # in front of mynetworks in main.cf you have blocked ipv6
                    connection in main.cf thats why you get relay denied

                    are mynetworks not ok in postconf -d | grep mynetworks ?, do not change
                    unneded in main.cf if defaults are ok

                    --
                    senders that put my email into body content will deliver it to my own
                    trashcan, so if you like to get reply, dont do it
                  • Benny Pedersen
                    ... and ::1, or remove mynetworks in main.cf postfix will find local ip then seen in ifconfig, why not make it simple ? -- senders that put my email into body
                    Message 9 of 9 , May 27, 2013
                    • 0 Attachment
                      LuKreme skrev den 2013-05-27 18:34:
                      >> What should be the value of mynetworks if I want that only my server
                      >> should send email.
                      > 127.0.0.1

                      and ::1, or remove mynetworks in main.cf

                      postfix will find local ip then seen in ifconfig, why not make it
                      simple ?

                      --
                      senders that put my email into body content will deliver it to my own
                      trashcan, so if you like to get reply, dont do it
                    Your message has been successfully submitted and would be delivered to recipients shortly.