Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th April 2013, 02:40
danhansen@denmark danhansen@denmark is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 187
Thanks: 39
Thanked 4 Times in 4 Posts
Exclamation Relay access denied

Hi,

Will try to keep it simple.
Anybody who knows the solution to this warning in the mail-log?

Apr 19 15:27:35 server1 postfix/smtpd[17196]: connect from mail-ee0-f46.google.com[74.125.83.46]
Apr 19 15:27:36 server1 postfix/smtpd[17196]: NOQUEUE: reject: RCPT from mail-ee0-f46.google.com[74.125.83.46]: 554 5.7.1 <postmaster@domain.dk>: Relay access denied; from=<mail@gmail.com> to=<postmaster@domain.dk> proto=ESMTP helo=<mail-ee0-f46.google.com>
Apr 19 15:27:36 server1 postfix/smtpd[17196]: disconnect from mail-ee0-f46.google.com[74.125.83.46]


Mailserver received mails for 5 minutes and then stopped receiving. Emails bounce "back to sender"

Please help
__________________
Kind Regards
Dan

__________________________________________________ _______
Fixed IP/WAN
DMZ -> "ispserverip"
Primary NameServer -> ns1.myprimarynameserver.tld
Secondary NameServer -> ns2.somedomainservice.tld

Ubuntu Server 12.04.4
ISPconfig 3 v.3.0.5.2 (Single Server Setup)
NameServer: BIND v.9.8.1-P1
SquirrelMail: v.1.4.22
MailServer: PostFix v.2.9.6 - IMAP/POP3 Dovecot v.2.0.19
Database: MySQL Server v.5.5.29-0ubuntu0.12.04.2
Tutorial: "ThePerfectServer-ISPconfig3-Ubuntu12.04"
Reply With Quote
Sponsored Links
  #2  
Old 20th April 2013, 06:44
markc markc is offline
Member
 
Join Date: Dec 2012
Posts: 56
Thanks: 6
Thanked 9 Times in 9 Posts
Default

Hi Dan, make sure you have something like this in your postfix main.cf...
Code:
~ grep smtpd_recipient_restrictions /etc/postfix/main.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
Reply With Quote
The Following User Says Thank You to markc For This Useful Post:
danhansen@denmark (20th April 2013)
  #3  
Old 20th April 2013, 16:29
danhansen@denmark danhansen@denmark is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 187
Thanks: 39
Thanked 4 Times in 4 Posts
Exclamation Relay access denied - /etc/postfix/main.cf

Hi Mark


Thanks for you help ...

But, is these restrictios something you can set in the ISPconfig CP? Or do I have to do it the old fashion way

I have gathered some settings here - with help from johnny Chadda from the other side of the border, in sweden Here's the links to some postfix knowhow:
http://johnny.chadda.se/article/mail...rey-and-dspam/

Code:
Postfix RBL and other rules

smtpd_recipient_restrictions =
permit_mynetworks
permit_tls_all_clientcerts
#permit_sasl_authenticated
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
#reject_unknown_sender_domain
#reject_unknown_hostname
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client dnsbl.njabl.org
reject_rbl_client dnsbl.sorbs.net
reject_rhsbl_sender dsn.rfc-ignorant.org
check_policy_service inet:127.0.0.1:60000
permit
#
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
what say you mr. C
Can any of the above be used along with your suggestion? Been reading and writing all night, so I have to know.

Sorry for being a completely nobrain.. I'm no Postfix Professor, I know it!

I noiced that the RBL I entered in the ISPconfic CP "System > Server Config > Mail" is shown in the /etc/postfix/main.cf as shown beneath:

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org

So apparently you can enter the information in ISPconfig CP - But can you enter it all there?
__________________
Kind Regards
Dan

__________________________________________________ _______
Fixed IP/WAN
DMZ -> "ispserverip"
Primary NameServer -> ns1.myprimarynameserver.tld
Secondary NameServer -> ns2.somedomainservice.tld

Ubuntu Server 12.04.4
ISPconfig 3 v.3.0.5.2 (Single Server Setup)
NameServer: BIND v.9.8.1-P1
SquirrelMail: v.1.4.22
MailServer: PostFix v.2.9.6 - IMAP/POP3 Dovecot v.2.0.19
Database: MySQL Server v.5.5.29-0ubuntu0.12.04.2
Tutorial: "ThePerfectServer-ISPconfig3-Ubuntu12.04"

Last edited by danhansen@denmark; 20th April 2013 at 17:13.
Reply With Quote
  #4  
Old 20th April 2013, 17:35
markc markc is offline
Member
 
Join Date: Dec 2012
Posts: 56
Thanks: 6
Thanked 9 Times in 9 Posts
Default

Just edit /etc/postfix/main.cf directly with whatever is the minimum to allow your mailserver to work as expected. Once it works then any amount of fiddling and fine tuning can be applied afterwards. The line I posted works for me so compare yours with it and make sure there isn't a glaring or obvious omission in your main.cf.

There are some great hints in that Johnny Chadda link you posted, thanks for that :-)
Reply With Quote
  #5  
Old 20th April 2013, 17:41
danhansen@denmark danhansen@denmark is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 187
Thanks: 39
Thanked 4 Times in 4 Posts
Exclamation Enter it directly!

Hi Mark,

Thanks for that! I just made a backup file and are doing your command...
And yes, you are right, other stuff can be added later on!

Here is the result after editing the /etc/postfix/main.cf directly - hope it works and that other novices like me can use this:

relayhost =
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, reject_rbl_client zen.spamhaus.org
mailbox_size_limit = 0
message_size_limit = 0



Thanks again Mark
__________________
Kind Regards
Dan

__________________________________________________ _______
Fixed IP/WAN
DMZ -> "ispserverip"
Primary NameServer -> ns1.myprimarynameserver.tld
Secondary NameServer -> ns2.somedomainservice.tld

Ubuntu Server 12.04.4
ISPconfig 3 v.3.0.5.2 (Single Server Setup)
NameServer: BIND v.9.8.1-P1
SquirrelMail: v.1.4.22
MailServer: PostFix v.2.9.6 - IMAP/POP3 Dovecot v.2.0.19
Database: MySQL Server v.5.5.29-0ubuntu0.12.04.2
Tutorial: "ThePerfectServer-ISPconfig3-Ubuntu12.04"

Last edited by danhansen@denmark; 20th April 2013 at 17:53.
Reply With Quote
  #6  
Old 20th April 2013, 18:08
danhansen@denmark danhansen@denmark is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 187
Thanks: 39
Thanked 4 Times in 4 Posts
Exclamation Still no mail - relay access denied, but?

Hi Mark,

Stil no mail.. It bounces instantly! Here's the stuff from the mail-log:

Apr 20 17:55:39 server1 postfix/smtpd[6892]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 20 17:55:39 server1 postfix/smtpd[6892]: connect from mail-we0-f180.google.com[74.125.82.180]
Apr 20 17:55:39 server1 postfix/smtpd[6895]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 20 17:55:39 server1 postfix/smtpd[6892]: NOQUEUE: reject: RCPT from mail-we0-f180.google.com[74.125.82.180]: 554 5.7.1 <postmaster@domain.dk>: Relay access denied; from=<mail@gmail.com> to=<postmaster@domain.dk> proto=ESMTP helo=<mail-we0-f180.google.com>


Could it be beacause of the warning? Its just that its a "warning" and not an "error":

warning: dict_nis_init: NIS domain name not set

And I did restart postfix
__________________
Kind Regards
Dan

__________________________________________________ _______
Fixed IP/WAN
DMZ -> "ispserverip"
Primary NameServer -> ns1.myprimarynameserver.tld
Secondary NameServer -> ns2.somedomainservice.tld

Ubuntu Server 12.04.4
ISPconfig 3 v.3.0.5.2 (Single Server Setup)
NameServer: BIND v.9.8.1-P1
SquirrelMail: v.1.4.22
MailServer: PostFix v.2.9.6 - IMAP/POP3 Dovecot v.2.0.19
Database: MySQL Server v.5.5.29-0ubuntu0.12.04.2
Tutorial: "ThePerfectServer-ISPconfig3-Ubuntu12.04"
Reply With Quote
  #7  
Old 20th April 2013, 18:38
danhansen@denmark danhansen@denmark is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 187
Thanks: 39
Thanked 4 Times in 4 Posts
Exclamation Mailbox Spamfilter settings ISPconfig CP

Hi,

It just keeps getting on and on..

I tried setting spamfiler rules in the ISPconfig CP but still no luck..

Code:
Apr 20 18:22:24 server1 postfix/smtpd[2865]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 20 18:22:24 server1 postfix/smtpd[2867]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr 20 18:22:24 server1 postfix/smtpd[2337]: connect from mail-wi0-f177.google.com[209.85.212.177]
Apr 20 18:22:24 server1 postfix/smtpd[2867]: connect from mail-wi0-f169.google.com[209.85.212.169]
Apr 20 18:22:24 server1 postfix/smtpd[2337]: NOQUEUE: reject: RCPT from mail-wi0-f177.google.com[209.85.212.177]: 554 5.7.1 <postmaster@domain.dk>: Relay access denied; from=<mail@gmail.com> to=<postmaster@domain.dk> proto=ESMTP helo=<mail-wi0-f177.google.com>
Apr 20 18:22:24 server1 postfix/smtpd[2337]: disconnect from mail-wi0-f177.google.com[209.85.212.177]
Apr 20 18:22:24 server1 postfix/smtpd[2867]: NOQUEUE: reject: RCPT from mail-wi0-f169.google.com[209.85.212.169]: 554 5.7.1 <postmaster@domain.dk>: Relay access denied; from=<mail@gmail.com> to=<postmaster@domain.dk> proto=ESMTP helo=<mail-wi0-f169.google.com>
Apr 20 18:22:24 server1 postfix/smtpd[2867]: disconnect from mail-wi0-f169.google.com[209.85.212.169]
Apr 20 18:22:24 server1 postfix/smtpd[2865]: connect from mail-we0-f171.google.com[74.125.82.171]
Apr 20 18:22:24 server1 postfix/smtpd[2865]: NOQUEUE: reject: RCPT from mail-we0-f171.google.com[74.125.82.171]: 554 5.7.1 <postmaster@domain.dk>: Relay access denied; from=<mail@gmail.com> to=<postmaster@domain.dk> proto=ESMTP helo=<mail-we0-f171.google.com>
Apr 20 18:22:24 server1 postfix/smtpd[2865]: disconnect from mail-we0-f171.google.com[74.125.82.171]
Remember, after the port 25 were opened from the ISP all mails went trough for a short time, and then just stopped! I didn't change anything at all. And this warning appered to:

warning: dict_nis_init: NIS domain name

Any ideas?
__________________
Kind Regards
Dan

__________________________________________________ _______
Fixed IP/WAN
DMZ -> "ispserverip"
Primary NameServer -> ns1.myprimarynameserver.tld
Secondary NameServer -> ns2.somedomainservice.tld

Ubuntu Server 12.04.4
ISPconfig 3 v.3.0.5.2 (Single Server Setup)
NameServer: BIND v.9.8.1-P1
SquirrelMail: v.1.4.22
MailServer: PostFix v.2.9.6 - IMAP/POP3 Dovecot v.2.0.19
Database: MySQL Server v.5.5.29-0ubuntu0.12.04.2
Tutorial: "ThePerfectServer-ISPconfig3-Ubuntu12.04"
Reply With Quote
  #8  
Old 20th April 2013, 18:48
markc markc is offline
Member
 
Join Date: Dec 2012
Posts: 56
Thanks: 6
Thanked 9 Times in 9 Posts
Default

The next thing to check is this...

check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf

so add this to your /etc/mysql/my.cnf files under the [mysqld] sections...

general_log = 1
general_log_file = /var/log/mysql/mysql.log


and tail -f /var/log/mysql/mysql.log while a message comes in/ What you are looking for is the EXACT mysql query which is defined in the mysql-virtual_recipient.cf file (cat the file to see it).

Once you see the log entry for, say, postmaster then ctrl-c out of tailing the log file and at the prompt type...

mysql -e "PASTE THE ENTIRE QUERY FROM THE MYSQL LOG FILE HERE;"

and that will either successfuly return a correct lookup... or give you an error as to why it failed, which could be as simple as the server_id field being wrong.
Reply With Quote
  #9  
Old 20th April 2013, 18:53
markc markc is offline
Member
 
Join Date: Dec 2012
Posts: 56
Thanks: 6
Thanked 9 Times in 9 Posts
Default

As for the NIS lookup warning, the goog found this...

It's a warning, not an error. You eliminate it by removing NIS lookups.

First, find out what setting is using NIS:

$ postconf | grep nis:

This outputs something like

alias_maps = hash:/etc/aliases nis:mail.aliases

or

alias_maps = hash:/etc/mail/aliases nis:mail.aliases

Then, disable NIS lookups (as root):

# postconf -e alias_maps=hash:/etc/aliases

or

# postconf -e alias_maps=hash:/etc/mail/aliases

The exact command depends on "postconf | grep nis:" output.

Wietse

***

And here is another comment that explains why a bit better...

First of I didn’t ask postfix to do NIS lookups. These warning messages started showing up when I commented out alias_maps and decided to only use alias_database instead. The fix was simple.

alias_maps when commented, uses the default settings:
alias_maps = hash:/etc/aliases, nis:mail.aliases

This allows postfix to work even without explicit alias_maps settings. However the default also encumbers it with checking nis. Setting alias_maps explicitly eliminates the problem:

alias_maps = hash:/etc/aliases

Last edited by markc; 20th April 2013 at 18:58.
Reply With Quote
  #10  
Old 20th April 2013, 18:57
danhansen@denmark danhansen@denmark is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 187
Thanks: 39
Thanked 4 Times in 4 Posts
 
Default I'm lost...

Hi Mark,

I'm lost.. Under the SQL section you say...

Sorry
__________________
Kind Regards
Dan

__________________________________________________ _______
Fixed IP/WAN
DMZ -> "ispserverip"
Primary NameServer -> ns1.myprimarynameserver.tld
Secondary NameServer -> ns2.somedomainservice.tld

Ubuntu Server 12.04.4
ISPconfig 3 v.3.0.5.2 (Single Server Setup)
NameServer: BIND v.9.8.1-P1
SquirrelMail: v.1.4.22
MailServer: PostFix v.2.9.6 - IMAP/POP3 Dovecot v.2.0.19
Database: MySQL Server v.5.5.29-0ubuntu0.12.04.2
Tutorial: "ThePerfectServer-ISPconfig3-Ubuntu12.04"
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
link my domain to my server, impossible! 007007 Installation/Configuration 7 17th January 2012 13:59
Postfix doesn't have Nolan Installation/Configuration 5 13th April 2011 05:00
SugarCRM Install on ISPConfig3 w/ SuPHP clucena Installation/Configuration 1 9th February 2010 09:29
ISP Config hesitation when opening web pages frankb Installation/Configuration 7 15th December 2008 13:06
Questions in regards to ISP-Server Setup - Ubuntu 5.10 "Breezy Badger" rbrantley HOWTO-Related Questions 16 10th April 2006 18:26


All times are GMT +2. The time now is 07:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.