HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Relay access denied (http://www.howtoforge.com/forums/showthread.php?t=61535)

danhansen@denmark 20th April 2013 03:40

Relay access denied
 
Hi,

Will try to keep it simple.
Anybody who knows the solution to this warning in the mail-log?

Apr 19 15:27:35 server1 postfix/smtpd[17196]: connect from mail-ee0-f46.google.com[74.125.83.46]
Apr 19 15:27:36 server1 postfix/smtpd[17196]: NOQUEUE: reject: RCPT from mail-ee0-f46.google.com[74.125.83.46]: 554 5.7.1 <postmaster@domain.dk>: Relay access denied; from=<mail@gmail.com> to=<postmaster@domain.dk> proto=ESMTP helo=<mail-ee0-f46.google.com>
Apr 19 15:27:36 server1 postfix/smtpd[17196]: disconnect from mail-ee0-f46.google.com[74.125.83.46]


Mailserver received mails for 5 minutes and then stopped receiving. Emails bounce "back to sender" :confused:

Please help:o

markc 20th April 2013 07:44

Hi Dan, make sure you have something like this in your postfix main.cf...
Code:

~ grep smtpd_recipient_restrictions /etc/postfix/main.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination


danhansen@denmark 20th April 2013 17:29

Relay access denied - /etc/postfix/main.cf
 
Hi Mark ;)


Thanks for you help ...

But, is these restrictios something you can set in the ISPconfig CP? Or do I have to do it the old fashion way ;)

I have gathered some settings here - with help from johnny Chadda from the other side of the border, in sweden ;) Here's the links to some postfix knowhow:
http://johnny.chadda.se/article/mail...rey-and-dspam/

Code:

Postfix RBL and other rules

smtpd_recipient_restrictions =
permit_mynetworks
permit_tls_all_clientcerts
#permit_sasl_authenticated
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
#reject_unknown_sender_domain
#reject_unknown_hostname
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client dnsbl.njabl.org
reject_rbl_client dnsbl.sorbs.net
reject_rhsbl_sender dsn.rfc-ignorant.org
check_policy_service inet:127.0.0.1:60000
permit
#
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit

what say you mr. C
Can any of the above be used along with your suggestion? Been reading and writing all night, so I have to know.

Sorry for being a completely nobrain.. I'm no Postfix Professor, I know it!

I noiced that the RBL I entered in the ISPconfic CP "System > Server Config > Mail" is shown in the /etc/postfix/main.cf as shown beneath:

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org

So apparently you can enter the information in ISPconfig CP - But can you enter it all there?

markc 20th April 2013 18:35

Just edit /etc/postfix/main.cf directly with whatever is the minimum to allow your mailserver to work as expected. Once it works then any amount of fiddling and fine tuning can be applied afterwards. The line I posted works for me so compare yours with it and make sure there isn't a glaring or obvious omission in your main.cf.

There are some great hints in that Johnny Chadda link you posted, thanks for that :-)

danhansen@denmark 20th April 2013 18:41

Enter it directly!
 
Hi Mark,

Thanks for that! I just made a backup file and are doing your command...
And yes, you are right, other stuff can be added later on!

Here is the result after editing the /etc/postfix/main.cf directly - hope it works and that other novices like me can use this:

relayhost =
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, reject_rbl_client zen.spamhaus.org
mailbox_size_limit = 0
message_size_limit = 0



Thanks again Mark ;)

danhansen@denmark 20th April 2013 19:08

Still no mail - relay access denied, but?
 
Hi Mark,

Stil no mail.. It bounces instantly! Here's the stuff from the mail-log:

Apr 20 17:55:39 server1 postfix/smtpd[6892]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 20 17:55:39 server1 postfix/smtpd[6892]: connect from mail-we0-f180.google.com[74.125.82.180]
Apr 20 17:55:39 server1 postfix/smtpd[6895]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 20 17:55:39 server1 postfix/smtpd[6892]: NOQUEUE: reject: RCPT from mail-we0-f180.google.com[74.125.82.180]: 554 5.7.1 <postmaster@domain.dk>: Relay access denied; from=<mail@gmail.com> to=<postmaster@domain.dk> proto=ESMTP helo=<mail-we0-f180.google.com>


Could it be beacause of the warning? Its just that its a "warning" and not an "error":

warning: dict_nis_init: NIS domain name not set

And I did restart postfix ;)

danhansen@denmark 20th April 2013 19:38

Mailbox Spamfilter settings ISPconfig CP
 
Hi,

It just keeps getting on and on..

I tried setting spamfiler rules in the ISPconfig CP but still no luck..

Code:

Apr 20 18:22:24 server1 postfix/smtpd[2865]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 20 18:22:24 server1 postfix/smtpd[2867]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 20 18:22:24 server1 postfix/smtpd[2337]: connect from mail-wi0-f177.google.com[209.85.212.177]
Apr 20 18:22:24 server1 postfix/smtpd[2867]: connect from mail-wi0-f169.google.com[209.85.212.169]
Apr 20 18:22:24 server1 postfix/smtpd[2337]: NOQUEUE: reject: RCPT from mail-wi0-f177.google.com[209.85.212.177]: 554 5.7.1 <postmaster@domain.dk>: Relay access denied; from=<mail@gmail.com> to=<postmaster@domain.dk> proto=ESMTP helo=<mail-wi0-f177.google.com>
Apr 20 18:22:24 server1 postfix/smtpd[2337]: disconnect from mail-wi0-f177.google.com[209.85.212.177]
Apr 20 18:22:24 server1 postfix/smtpd[2867]: NOQUEUE: reject: RCPT from mail-wi0-f169.google.com[209.85.212.169]: 554 5.7.1 <postmaster@domain.dk>: Relay access denied; from=<mail@gmail.com> to=<postmaster@domain.dk> proto=ESMTP helo=<mail-wi0-f169.google.com>
Apr 20 18:22:24 server1 postfix/smtpd[2867]: disconnect from mail-wi0-f169.google.com[209.85.212.169]
Apr 20 18:22:24 server1 postfix/smtpd[2865]: connect from mail-we0-f171.google.com[74.125.82.171]
Apr 20 18:22:24 server1 postfix/smtpd[2865]: NOQUEUE: reject: RCPT from mail-we0-f171.google.com[74.125.82.171]: 554 5.7.1 <postmaster@domain.dk>: Relay access denied; from=<mail@gmail.com> to=<postmaster@domain.dk> proto=ESMTP helo=<mail-we0-f171.google.com>
Apr 20 18:22:24 server1 postfix/smtpd[2865]: disconnect from mail-we0-f171.google.com[74.125.82.171]

Remember, after the port 25 were opened from the ISP all mails went trough for a short time, and then just stopped! I didn't change anything at all. And this warning appered to:

warning: dict_nis_init: NIS domain name

Any ideas?

markc 20th April 2013 19:48

The next thing to check is this...

check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf

so add this to your /etc/mysql/my.cnf files under the [mysqld] sections...

general_log = 1
general_log_file = /var/log/mysql/mysql.log


and tail -f /var/log/mysql/mysql.log while a message comes in/ What you are looking for is the EXACT mysql query which is defined in the mysql-virtual_recipient.cf file (cat the file to see it).

Once you see the log entry for, say, postmaster then ctrl-c out of tailing the log file and at the prompt type...

mysql -e "PASTE THE ENTIRE QUERY FROM THE MYSQL LOG FILE HERE;"

and that will either successfuly return a correct lookup... or give you an error as to why it failed, which could be as simple as the server_id field being wrong.

markc 20th April 2013 19:53

As for the NIS lookup warning, the goog found this...

It's a warning, not an error. You eliminate it by removing NIS lookups.

First, find out what setting is using NIS:

$ postconf | grep nis:

This outputs something like

alias_maps = hash:/etc/aliases nis:mail.aliases

or

alias_maps = hash:/etc/mail/aliases nis:mail.aliases

Then, disable NIS lookups (as root):

# postconf -e alias_maps=hash:/etc/aliases

or

# postconf -e alias_maps=hash:/etc/mail/aliases

The exact command depends on "postconf | grep nis:" output.

Wietse

***

And here is another comment that explains why a bit better...

First of I didn’t ask postfix to do NIS lookups. These warning messages started showing up when I commented out alias_maps and decided to only use alias_database instead. The fix was simple.

alias_maps when commented, uses the default settings:
alias_maps = hash:/etc/aliases, nis:mail.aliases

This allows postfix to work even without explicit alias_maps settings. However the default also encumbers it with checking nis. Setting alias_maps explicitly eliminates the problem:

alias_maps = hash:/etc/aliases

danhansen@denmark 20th April 2013 19:57

I'm lost...
 
Hi Mark,

I'm lost.. Under the SQL section you say...

Sorry :o


All times are GMT +2. The time now is 11:36.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.