PDA

View Full Version : SMTP: Relay access denied

mturillo
19th February 2009, 20:06
Hi guys

I have some problem with the SMTP server. I have followed the CentOs tutorial on this site.

The problem is send the email to an external domain.
I have already read the last post but I have not found any solution.


helo mail.mydomain.com
mail from:<web2_info@mydomain.com>
rcpt to:<test@gmail.com>
data
subject: This is a test mail
to: recipientname@mydomain.com
This is the text of my test mail.
.



220 myserver.mydomain.com ESMTP Postfix
helo mail.mydomain.com
mail from:<web2_info@mydomain.com>
rcpt to:<test@gmail.com>
data
subject: This is a test mail
to: recipientname@mydomain.com
This is the text of my test mail.
.250 myserver.mydomain.com
250 2.1.0 Ok
554 5.7.1 <test@gmail.com>: Relay access denied
554 5.5.1 Error: no valid recipients
221 2.7.0 Error: I can break rules, too. Goodbye.


Maillog

Feb 19 19:01:50 myserver postfix/smtpd[14596]: NOQUEUE: reject: RCPT from host84-42-dynamic.183-80-r.retail.telecomitalia.it[80.183.42.84]: 554 5.7.1 <test@gmail.com>: Relay access denied; from=<web2_info@mydomain.com> to=<test@gmail.com> proto=SMTP helo=<mail.mydomain.com>



[root@myserver ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_command =
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = /etc/postfix/local-host-names
myhostname = myserver.mydomain.com
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relayhost = mail.mydomain.com
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550



any idea?
Angelito
20th February 2009, 04:36
You might have to authenticate yourself first,
try:
EHLO mail.mydomain.com

and look for something like this:

AUTH PLAIN LOGIN

If you see anything that starts with AUTH, it means you will have to supply a username and password.

Try that

Angel
mturillo
20th February 2009, 10:30
helo mail.mydomain.com
220 myserver.mydomain.com ESMTP Postfix
EHLO mail.mydomain.com
250-myserver.mydomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<web2_info@mydomain.com>
250 2.1.0 Ok
rcpt to:<test@gmail.com>
554 5.7.1 <test@gmail.com>: Relay access denied
.
.
.
.


but the problem persist :(
nothing to do
Angelito
20th February 2009, 10:46
Your post confirms what I said, you are being required to authenticate yourself.
Most likely the server is set to use AUTH LOGIN if so type in right after EHLO:

AUTH LOGIN

then you should get:

VXN1cm5hbWU6
which stands for username, then you should supply your email address encoded in base64. Then you will be required for your password encode it and send it as well.

Good luck.
mturillo
20th February 2009, 11:14
Your post confirms what I said, you are being required to authenticate yourself.
Most likely the server is set to use AUTH LOGIN if so type in right after EHLO:

AUTH LOGIN

then you should get:

VXN1cm5hbWU6
which stands for username, then you should supply your email address encoded in base64. Then you will be required for your password encode it and send it as well.

Good luck.



220 myserver.mydomain.com ESMTP Postfix
helo mail.mydomain.com
250 myserver.mydomain.com
EHLO mail.mydomain.com
250-myserver.mydomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
334 UGFzc3dvcmQ6
xxxxxxxxxxxx
235 2.0.0 Authentication successful
mail from:<web2_info@mydomain.com>
250 2.1.0 Ok
rcpt to:<test@gmail.com>
250 2.1.5 Ok
data
subject: This is a test mail
to: recipientname@mydomain.com
This is the text of my test mail.
.354 End data with <CR><LF>.<CR><LF>



Ok I have not understood. Now the email seems to me accepted but I don't receive nothing. what happens now? Any idea?

thanks
mturillo
20th February 2009, 17:36
Now in the log file I can see:



Feb 20 16:29:39 myserver postfix/qmgr[28529]: 8ED615300AE: to=<test@gmail.com>, relay=none, delay=0.65, delays=0.65/0.01/0/0, dsn=4.3.5, status=deferred (delivery temporarily suspended: mail for mail.mydomain.com loops back to myself)



any idea?
falko
20th February 2009, 19:18
Please add mail.mydomain.com to /etc/postfix/local-host-names and restart Postfix.
mturillo
20th February 2009, 20:52
Hi Falko,

the problem persists.


Feb 20 19:50:19 myserver postfix/smtp[21789]: 246A3530088: to=<test@gmail.com>, relay=none, delay=0.18, delays=0.18/0/0/0, dsn=4.3.5, status=deferred (mail for mail.mydomain.com loops back to myself)
falko
21st February 2009, 18:47
What's in /etc/postfix/local-host-names and /etc/postfix/main.cf?

Does this happen when you send a mail to a remote server or this server?
mturillo
21st February 2009, 21:11
Hi Falko,

It happens when I send the email by thunderbird to an external email address.

in the /etc/postfix/local-host-names there are all the domain and subdomains, mail.mydomain.com included


[root@myserver ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_command =
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = /etc/postfix/local-host-names
myhostname = myserver.mydomain.com
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relayhost = mail.mydomain.com
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550


This is the message on the maillog:
Feb 21 21:42:00 myserver postfix/smtp[23403]: D8C66C28008: to=<test@gmail.com>, relay=none, delay=0.2, delays=0.19/0.01/0/0, dsn=4.3.5, status=deferred (mail for mail.mydomain.com loops back to myself)

If I delete the config row: relayhost = mail.mydomain.com it works! But in the header inside the email received in the GMAIL service I can see this message:

Received-SPF: neutral (google.com: xxx.xxx.xxx.xxx is neither permitted nor denied by best guess record for domain of info@mydomain.com) client-ip= xxx.xxx.xxx.xxx;

Where xxx.xxx.xxx.xxx is my IP.

thanks
falko
22nd February 2009, 21:20
If I delete the config row: relayhost = mail.mydomain.com it works!Why do you want to relay through the same server? :confused:

But in the header inside the email received in the GMAIL service I can see this message:

Received-SPF: neutral (google.com: xxx.xxx.xxx.xxx is neither permitted nor denied by best guess record for domain of info@mydomain.com) client-ip= xxx.xxx.xxx.xxx;

Where xxx.xxx.xxx.xxx is my IP.

thanksPlease set up an SPF record for your domain.
mturillo
23rd February 2009, 09:59
how have I set the SPF Record by ISPConfig?
falko
24th February 2009, 20:10
This guide shows how to create an SPF record in ISPConfig: http://www.howtoforge.com/ispconfig_dns_providerdomain_schlund