Relay access denied when using SMTP to external recipients

[casler]

Lex,

I found I was having more of a hardware issue and it was resolved on my PIX box….. Cisco inherently forces the “fix up” in the running config….. The firewall was looking for RPC compliancy in the actual email trying to be relayed….. because the headers in the email didn’t comply….. PIX replaces log in information with XXXXXX….. The mail server (which my ISPconfig box) freaks out because there is no user XXXXXX….. and denies the relay….. I used the “no fixup smtp 25” command in the Cisco CLI (on the firewall) and the problem was immediately resolved…..

[beeman]

Hi I am running perfect setup Ubuntu 8.10 Postfix,ISP Config 2.2.29 and webmin 1.441 and have recently started receiving
"Warning: service httpd not running .." as well as" XXXX@XXXXX.co.uk' on 07/09/2009 11:30
554 5.7.1 <xxxxx@xxxxxx.co.uk>: Relay access denied"
Yes I have checked that 'My outgoing server is authenticated'
No I cannot restart Apache with sudo /etc/init.d/apache2 restart - it returns "install: invalid user `www-data'
apache2: bad user name www-data"

We run a small postfix setup and have been receiving a lot of spam lately so I tinkered with the main.cf - but even with the original one back I cannot restart the Apache server or stop the "relay access denied".

I assume the two 'problems' are related
Sorry if I am a bit wooly but i am not a computer pro!
Thanks

[falko]

Can you check if the user www-data is listed in /etc/passwd?

[beeman]

No not in /etc/passwd
Yes in /etc/passwd-
in /etc/passwd- it reads:- www-data:x:33:33:www-data:/var/www:/bin/sh

[falko]

I guess there's something wrong with /etc/passwd then. Make a backup of it and copy /etc/passwd- to /etc/passwd and try again. Do you still see any errors then?

[beeman]

It won't recognise a renaming of passwd-
"uid 1000 does not exist in the passwd file!"

passwd- has a lot fewer users in it. It does however have
www-data:x:33:33:www-data:/var/www:/bin/sh
and a line
nobody:x:655535:65534:nobody:/nonexistent:/bin/sh

the passwd file has on the other hand no www-data but does have
nobody:x:1002:100:nobody:/home/nobody:

What if I was to type in the missing lines www-data:x: ....etc into the passwd file?

[falko]

Quote:

Originally Posted by beeman

It won't recognise a renaming of passwd-
"uid 1000 does not exist in the passwd file!"

Did you try this as root?

Quote:

Originally Posted by beeman

What if I was to type in the missing lines www-data:x: ....etc into the passwd file?

You can do that as well.

[tiscarabee]

Hi Falko,

There is a long time :) Always using in prod the superb tuto for mail & mysql :
http://www.howtoforge.com/virtual_us...debian_etch_p6

I'm "cooking" the migration from my actual production server (HELIOS) on a new server (SERAPHINE), under debian lenny. For tests, I'm using for the first time the transport table, for one of my domains (MYDOMAIN). But access is denied, said postfix's logs :

Sep 12 01:34:53 helios postfix/smtpd[27479]: NOQUEUE: reject: RCPT from mail-ew0-f221.google.com[209.85.219.221]: 554 5.7.1 <david@MYDOMAIN>: Relay access denied; from=<myAdress@gmail.com> to=<david@MYDOMAIN> proto=ESMTP h
elo=<mail-ew0-f221.google.com>

In the table, i've write this :
domain : MYDOMAIN
transport : smtp:[IP_LAN_LIKE_192.168...]
I've tried with transport : smtp:[IP_LAN_LIKE_192.168...]:25, same result.

But it work when I use an email account using HELIOS smtp.

An idea ?

Thanks in advance !

David

[alexnbk]

Hi, i´m having a similar problem, CentOS 5.4 with postfix, i can receive e-mail through the relay, I can send e-mail using telnet localhost 25, but when it com es to the e-mail coming from an exchange server to the world it says Relay ACcess Denied.

Well, it used to work fine till we had to reinstall the system, the owner did not had a backup of things, and i´m not a mail programmer, but they want me to fix it.

Here´s my main.cf and my master.cf

Main.cf

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination =
mydomain = xxxx.org.br
myhostname = xxx.xxx.org.br
mynetworks = 127.0.0.0/8, 201.xxx.xxx.xxx/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains = debug_peer_list, smtpd_access_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = <domain1>, <domain2>, <domain3>
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, reject_unauth_destination
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550


Master.cf

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_mynetworks
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_helo_restrictions=
-o smtpd_sender_rstrictions=
# -o smtpd_recipient_restrictions=permit_mynetworks, reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=

#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
#local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient


None of the previous solutions worked for me. Thanks for any heko I can get.

[alexnbk]

there was a configuration error between master and main.cf on the mynetworks
fixed it, now runs fine.