Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th September 2010, 03:13
ai42 ai42 is offline
Junior Member
 
Join Date: Sep 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Fresh install getting "Relay access denied" error

I just finished a fresh install of a server using the "The Perfect Server - Ubuntu 10.04 [ISPConfig 3]" article. With the exception that I installed VMware tools + installed ISPConfig 3.0.2.2 instead of 3.0.2.1

Everything seems to work ok I hooked up 1 of my domains to this box website works, setup a email box. The mailbox appears to work I can receive mail to the box from external sources (via imap). As well as I can send email out via webmail. However when attempting to send emails via smtp (using Thunderbird) I'm getting a "An error occurred while sending mail. The mail server responded: 5.7.1 <me@123.com>: Relay access denied. Please check the message recipient me@123.com and try again." I've googled around and I found a couple references to tweaks of /etc/postfix/main.cf but those appeared to be relevant for ISPConfig 2 and not 3.

Server setup
Ubuntu 10.04 with normal updates
ISPConfig 3.0.2.2
Inside of DMZ then connected to WAN via NAT

Relavant bit of /ver/log/mail.log
Sep 14 18:51:20 roslin postfix/smtpd[29921]: connect from cpe-173-172-xx-xxx.tx.res.rr.com[173.172.xx.xxx]
Sep 14 18:51:20 roslin postfix/smtpd[29921]: NOQUEUE: reject: RCPT from cpe-173-172-xx-xxx.tx.res.rr.com[173.172.xx.xxx]: 554 5.7.1 <me@123.com>: Relay access denied; from=<me@abc.com> to=<me@123.com> proto=SMTP helo=<me-macbook.local>
Sep 14 18:53:10 roslin postfix/smtpd[29921]: lost connection after RCPT from cpe-173-172-xx-xxx.tx.res.rr.com[173.172.xx.xxx]
Sep 14 18:53:10 roslin postfix/smtpd[29921]: disconnect from cpe-173-172-xx-xxx.tx.res.rr.com[173.172.xx.xxx]

output of postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = roslin.123.com, localhost, localhost.localdomain
myhostname = roslin.123.com
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = maildrop
virtual_uid_maps = static:5000

For reference 123.com is not currently hosted on this box and is external. abc.com is hosted on this box. I've played around with the mynetworks value and hardcoded my IP and it appears not to work. I do intend to use this email for potentially several customers so I need it WAN accessible.

Any help would be much appreciated

Last edited by ai42; 15th September 2010 at 03:30.
Reply With Quote
Sponsored Links
  #2  
Old 15th September 2010, 16:16
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,495
Thanks: 835
Thanked 5,534 Times in 4,352 Posts
Default

You have to enable smtp authentication in thunderbird.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 15th September 2010, 17:11
ai42 ai42 is offline
Junior Member
 
Join Date: Sep 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
You have to enable smtp authentication in thunderbird.
I do have smtp authentication enabled.

Actually I did make some progress I did change the mynetworks value to include my external IP address and it allowed me to send emails.

However, this isn't quite the behavior I'm looking for since I have users whom would be connecting through iphones, and who knows what kind of network connection.

So the question is how to I open up mynetworks to be internet facing without being a completely open relay.
Reply With Quote
  #4  
Old 15th September 2010, 22:21
ai42 ai42 is offline
Junior Member
 
Join Date: Sep 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

So after much more reading I think my problem is that the postfix-sasl authentication is not working properly. I've opened up mynetworks to the world 0.0.0.0/256 however that just made an open relay to the world.
Reply With Quote
  #5  
Old 15th September 2010, 22:24
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,495
Thanks: 835
Thanked 5,534 Times in 4,352 Posts
Default

Post the exact sasl error messages that you get in the mail log file.

Quote:
I've opened up mynetworks to the world 0.0.0.0/256 however that just made an open relay to the world.
You should undo that as soon as possible!
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 15th September 2010, 23:10
ai42 ai42 is offline
Junior Member
 
Join Date: Sep 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yea I backed out the mynetwork config pretty quick once I figured out what that was doing.

See thats the thing I don't see any SASL errors in the mail.log file. I'm not seeing a SASL error but that's the only thing I can assume is wrong. I do have Thunderbird setup to use authentication. But it appears based on the log if it does it's not working.

Sep 15 15:03:21 roslin postfix/smtpd[27210]: warning: 50.9.xxx.xx: hostname 50-9-xxx-xx.txr.clearwire-wmx.net verification failed: Name or service not known
Sep 15 15:03:21 roslin postfix/smtpd[27210]: connect from unknown[50.9.xxx.xx]
Sep 15 15:03:23 roslin postfix/smtpd[27210]: NOQUEUE: reject: RCPT from unknown[50.9.xxx.xx]: 554 5.7.1 <me@123.com>: Relay access denied; from=<me@abc.com> to=<me@123.com> proto=SMTP helo=<50-9-xxx-xx.txr.clearwire-wmx.net>
Sep 15 15:03:26 roslin postfix/smtpd[27210]: disconnect from unknown[50.9.xxx.xx]

Also a manual connection to the server remotely doesn't respond to ehlo command.
$ telnet 67.210.xxx.xx 25
Trying 67.210.xxx.xx...
Connected to 67.210.xxx.xx.
Escape character is '^]'.
220 roslin.abc.com ESMTP Postfix (Ubuntu)
ehlo
502 5.5.2 Error: command not recognized
ehlo abc.com
502 5.5.2 Error: command not recognized
ehlo localhost
502 5.5.2 Error: command not recognized

Last edited by ai42; 15th September 2010 at 23:15.
Reply With Quote
  #7  
Old 16th September 2010, 15:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
 
Default

Quote:
Originally Posted by ai42 View Post
Also a manual connection to the server remotely doesn't respond to ehlo command.
$ telnet 67.210.xxx.xx 25
Trying 67.210.xxx.xx...
Connected to 67.210.xxx.xx.
Escape character is '^]'.
220 roslin.abc.com ESMTP Postfix (Ubuntu)
ehlo
502 5.5.2 Error: command not recognized
ehlo abc.com
502 5.5.2 Error: command not recognized
ehlo localhost
502 5.5.2 Error: command not recognized
That's strange. Are there any other errors in your mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Webmin upgrade lishaw1968 Installation/Configuration 15 26th August 2010 16:23
High on Lenny - Lvm Mount Problem Serverman Technical 1 23rd June 2009 17:26
can't help ispconfig to install please help steve51184 Installation/Configuration 17 20th February 2009 11:37
Could not make OpenSSL yontengyatso Installation/Configuration 3 3rd November 2005 11:50
Install stop at uuwish, UUDeview SeaWolf Installation/Configuration 6 5th October 2005 00:53


All times are GMT +2. The time now is 17:06.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.