Can Send Email, But Not Recieve; Relay access denied

Discussion in 'Installation/Configuration' started by jazzgillum, Mar 9, 2006.

  1. jazzgillum

    jazzgillum New Member

    Hi,

    I'm stuggling to get ISPConfig up and running. I followed the Ubuntu Perfect Setup. When I send test emails to user accounts that I have set up, I quickly get a bounce message back. Here's the complaint in the return mail:

    PERM_FAILURE: SMTP Error (state 9): 554 <test@mydomain.dom>: Relay access denied

    I've searched this forum and found lots of similar problems, but mostly about SENDING mail rather than RECEIVING it. I've tried some of the solutions suggested in the similar topics, but nothing has worked, so its possible that I've messed things up worse.

    Again, I can send emails, but not recieve. Any help would be appriciated!
     
  2. edge

    edge Active Member Moderator HowtoForge Supporter

    I've had exactly the same problem some days ago.
    The strange thing was that it was only with one of the domains.. all other domains did not have the 554 error!

    I deleted the account/domain, and remade it.. after this all was fine again!

    If you are having the 554 problem with only one domain, try what I did, and it might fix it also
     
  3. jazzgillum

    jazzgillum New Member

    Hmmm... I haven't tried adding additional domains yet. I don't think it will matter, though, because I totally removed and reinstalled Postfix and ISPConfig trying to fix the problem, with the same result. But I'll try setting one or two of my other domains up tomorrow to see if the same thing happens.

    Thanks for the tip!
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Have you created a website "www.mydomain.dom" in ISPConfig? Has this site a co-domain "mydomain.dom" with empty host field?

    If yes:

    Is the domain "mydomain.dom" listed in /etc/postfix/local-host-names ?

    If "mydomain.dom" is not a local domain on your server, you will have to enable SMTP server authentication in your email client. In outlook the option is named like "Server needs authentication".
     
  5. jazzgillum

    jazzgillum New Member

    Yes.

    Yes, both mydomain.dom and www.mydomain.dom are listed.

    What do you mean by "a local domain on your server? The DNS (I'm using my registrar's DNS service) points to my IP and I've set "mydomain.dom" up through ISPConfig. The website is running just fine. Does that mean "mydomian.dom" is "a local domain" on my server?

    Anyway, I don't understand how a setting in an email client could effect wether or not mail gets delivered to an address. Client or no client, the mail never arrives in the users "mailbox"!

    Thanks for your help. I'll go ahead and set up another domain (I adjusted the DNS entries last night; they should have propogated by now) to check out edge's theory.
     
  6. jazzgillum

    jazzgillum New Member

    Okay, I set up another domain. Same result. Web page works. Sending mail out works (I'm using mail2web.com to get into the account and send mail) but incoming mail is rejected.
     
  7. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's the domain of the incoming mail?
    What's in /etc/postfix/local-host-names?
     
  8. jazzgillum

    jazzgillum New Member

    You mean the actual domain the mail is addressed to? Sure, what the heck.

    My test email address in this case is:
    rick@ricklynn.com

    Code:
    ###################################
    #
    # ISPConfig local-host-names Configuration File
    #         Version 1.0
    #
    ###################################
    localhost
    server.localdomain
    localhost.server.localdomain
    localhost.localdomain
    www.smallmericles.com
    www.ricklynn.com
    www.nbmap.com
    smallmericles.com
    ricklynn.com
    nbmap.com
    #### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
    Here's the mail.log entries for a recent attempt to send:

    Code:
    Mar 10 12:02:18 localhost postfix/smtpd[20146]: connect from wproxy.gmail.com[64.233.184.196]
    Mar 10 12:02:19 localhost postfix/smtpd[20146]: NOQUEUE: reject: RCPT from wproxy.gmail.com[64.233.184.196]: 554 <rick@ricklynn.com>: Relay access denied; from=<jazzgillum@gmail.com> to=<rick@ricklynn.com> proto=ESMTP helo=<wproxy.gmail.com>
    Mar 10 12:02:19 localhost postfix/smtpd[20146]: disconnect from wproxy.gmail.com[64.233.184.196]
     
  9. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I found out that mail.ricklynn.com is the mail server for ricklynn.com. Then I did this:

    Code:
    dig mail.ricklynn.com
    
    ; <<>> DiG 9.2.1 <<>> mail.ricklynn.com
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30276
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mail.ricklynn.com.             IN      A
    
    ;; ANSWER SECTION:
    [B][COLOR="Red"]mail.ricklynn.com.      3336    IN      CNAME   ricklynn.com.[/COLOR][/B]
    ricklynn.com.           3321    IN      A       216.212.44.217
    
    ;; Query time: 2 msec
    ;; SERVER: 81.169.163.104#53(81.169.163.104)
    ;; WHEN: Sat Mar 11 11:08:32 2006
    ;; MSG SIZE  rcvd: 65
    mail.ricklynn.com is a CNAME, not an A record.

    On http://langfeldt.net/DNS-HOWTO/BIND-9/DNS-HOWTO-5.html, I found this:

    Please change it!
     
  10. jazzgillum

    jazzgillum New Member

    I've changed the DNS entries:

    Code:
    ; <<>> DiG 9.3.1 <<>> mail.ricklynn.com
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47115
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;mail.ricklynn.com.             IN      A
    
    ;; ANSWER SECTION:
    mail.ricklynn.com.      3070    IN      A       216.212.44.217
    
    ;; AUTHORITY SECTION:
    ricklynn.com.           3070    IN      NS      ns3.secureserver.net.
    ricklynn.com.           3070    IN      NS      ns4.secureserver.net.
    
    ;; ADDITIONAL SECTION:
    ns3.secureserver.net.   170722  IN      A       64.202.165.10
    ns4.secureserver.net.   170722  IN      A       68.178.211.105
    
    ;; Query time: 111 msec
    ;; SERVER: 216.212.0.10#53(216.212.0.10)
    ;; WHEN: Mon Mar 13 08:26:47 2006
    ;; MSG SIZE  rcvd: 135
    ...but I still get the same results.

    I'm also testing smallmericles.com. I set up the DNS differently, without a "mail" subdomain:

    Code:
    ; <<>> DiG 9.3.1 <<>> smallmericles.com
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14950
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;smallmericles.com.             IN      A
    
    ;; ANSWER SECTION:
    smallmericles.com.      3360    IN      A       216.212.44.217
    
    ;; AUTHORITY SECTION:
    smallmericles.com.      3360    IN      NS      NS3.SECURESERVER.NET.
    smallmericles.com.      3360    IN      NS      NS4.SECURESERVER.NET.
    
    ;; ADDITIONAL SECTION:
    NS3.SECURESERVER.NET.   170584  IN      A       64.202.165.10
    NS4.SECURESERVER.NET.   170584  IN      A       68.178.211.105
    
    ;; Query time: 167 msec
    ;; SERVER: 216.212.0.10#53(216.212.0.10)
    ;; WHEN: Mon Mar 13 08:29:04 2006
    ;; MSG SIZE  rcvd: 135
    ...but it still behaves the same way, too.
     
  11. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I just sent a test mail to rick@ricklynn.com, and it came back.
    Is 216.212.44.217 your ISPConfig server?
    Can you post /etc/postfix/local-host-names, /etc/postfix/virtusertable and /etc/postfix/main.cf?
     
  12. jazzgillum

    jazzgillum New Member

    216.212.44.217 is my public IP. This server is behind my ISPs VINA eLink at 192.168.1.60. Please keep in mind that I'm not a network expert, but this is my understanding of how the network is set up, supported by the fact that the web server is working just fine (i.e., www.ricklynn.com and www.smallmericles.com are working properly).

    Code:
    ###################################
    #
    # ISPConfig local-host-names Configuration File
    #         Version 1.0
    #
    ###################################
    localhost
    server.localdomain
    localhost.server.localdomain
    localhost.localdomain
    www.smallmericles.com
    www.ricklynn.com
    www.nbmap.com
    smallmericles.com
    ricklynn.com
    nbmap.com
    #### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
    Code:
    ###################################
    #
    # ISPConfig virtusertable Configuration File
    #         Version 1.0
    #
    ###################################
    matt@www.smallmericles.com    web1_matt
    web1_matt@www.smallmericles.com    web1_matt
    matt@smallmericles.com    web1_matt
    web1_matt@smallmericles.com    web1_matt
    rick@www.ricklynn.com    web2_rick
    web2_rick@www.ricklynn.com    web2_rick
    rick@ricklynn.com    web2_rick
    web2_rick@ricklynn.com    web2_rick
    matt@www.nbmap.com    web3_matt
    web3_matt@www.nbmap.com    web3_matt
    matt@nbmap.com    web3_matt
    web3_matt@nbmap.com    web3_matt
    #### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    myhostname = server.littleblue.net
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = server.littleblue.net, littleblue.net, localhost.localdomain, localhost.localdomain, localhost
    relayhost =
    mynetworks = 192.168.0.0/24,192.168.1.0/24,127.0.0.0/8
    mailbox_command =
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    home_mailbox = Maildir/
    
     
  13. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Please remove this line from your postfix configuration:

    and restart postfix:

    /etc/init.d/postfix restart
     
  14. jazzgillum

    jazzgillum New Member

    Okay, done.

    Well, now I get an entirely different error. Here is the new returned email message:

    Code:
    This is the Postfix program at host server.littleblue.net.
    
    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.
    
    For further assistance, please send mail to <postmaster>
    
    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.
    
                           The Postfix program
    
    <web1_matt@littleblue.nbmap.com> (expanded from <matt@smallmericles.com>): mail
    - Show quoted text -
       for littleblue.nbmap.com loops back to myself
    
    
    Final-Recipient: rfc822; web1_matt@littleblue.nbmap.com
    Original-Recipient: rfc822; matt@smallmericles.com
    Action: failed
    Status: 5.0.0
    Diagnostic-Code: X-Postfix; mail for littleblue.nbmap.com loops back to myself
    
    
    
    ---------- Forwarded message ----------
    From: "Matt Smith" <matt@nbmap.com>
    To: rick@ricklynn.com, matt@smallmericles.com
    Date: Mon, 13 Mar 2006 11:37:27 -0600
    Subject: Mar-13 New Test 1
    Here we go, everybody, here we go...
    Matt
    This is troubling because I changed (or tried to change) my server name from the nbmap.com domain to my littleblue.net domain. (i.e., from littleblue.nbmap.com to server.littleblue.net). I must have missed something since this email claims to be from "Mail Delivery System MAILER-DAEMON@littleblue.nbmap.com>". Where is that coming from? It should be "Mail Delivery System <MAILER-DAEMON@server.littleblue.net>", right?

    Thanks for your continued assistance! Seems like we're getting somewhere now.
     
  15. jazzgillum

    jazzgillum New Member

    Oh, and for that matter, this:
    Code:
    <web1_matt@littleblue.nbmap.com> (expanded from <matt@smallmericles.com>)
    should say this:
    Code:
    <web1_matt@server.littleblue.net> (expanded from <matt@smallmericles.com>)
    right?
     
  16. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Please add the domain:

    littleblue.nbmap.com

    at the end of the file /etc/postfix/local-host-names and restart postfix.
     
  17. jazzgillum

    jazzgillum New Member

    Oh, sure, that works! :rolleyes:

    But why does it work? Is it going to cause me any troubles later? Why does Postfix think my server is called littleblue.nbmap.com? Or is that a question for some Postfix forum out there? I'd really like to understand what's going on so I can troubleshoot problems if/when things get out of whack!

    Thanks so much!
     
  18. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    No.

    Maybe it's your hostname or in /etc/mailname?
     
  19. jazzgillum

    jazzgillum New Member

    Bingo. It's /etc/mailname.

    Now, after reading up on /etc/mailname I've changed it to littleblue.net and removed littleblue.nbmap.com from local-host-names, just to keep things tidy.

    But now email bounces back with:

    Code:
    This is the Postfix program at host server.littleblue.net.
    
    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.
    
    For further assistance, please send mail to <postmaster>
    
    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.
    
                           The Postfix program
    
    <web2_rick@littleblue.net> (expanded from <rick@ricklynn.com>): mail for
       littleblue.net loops back to myself
    
    
    Final-Recipient: rfc822; web2_rick@littleblue.net
    Original-Recipient: rfc822; rick@ricklynn.com
    Action: failed
    Status: 5.0.0
    Diagnostic-Code: X-Postfix; mail for littleblue.net loops back to myself
    
    
    
    ---------- Forwarded message ----------
    From: "Matt Smith" <matt@nbmap.com>
    To: rick@ricklynn.com
    Date: Tue, 14 Mar 2006 08:16:52 -0600
    Subject: Mar-13 New Test 3
    How dry I am, how dry I am...
    Matt
    ...and this from mail.log...

    Code:
    Mar 14 08:16:47 localhost postfix/smtpd[7479]: connect from wproxy.gmail.com[64.233.184.204]
    Mar 14 08:16:47 localhost postfix/smtpd[7479]: CBA6A9004E6: client=wproxy.gmail.com[64.233.184.204]
    Mar 14 08:16:48 localhost postfix/cleanup[7484]: CBA6A9004E6: message-id=<1d5962220603140616q3520cec5s973ebac9b8e3dee2@mail.gmail.com>
    Mar 14 08:16:48 localhost postfix/qmgr[7464]: CBA6A9004E6: from=<jazzgillum@gmail.com>, size=1348, nrcpt=1 (queue active)
    Mar 14 08:16:48 localhost postfix/smtpd[7486]: connect from host44-217.birch.net[216.212.44.217]
    Mar 14 08:16:48 localhost postfix/smtp[7485]: warning: host littleblue.net[216.212.44.217] greeted me with my own hostname server.littleblue.net
    Mar 14 08:16:48 localhost postfix/smtp[7485]: warning: host littleblue.net[216.212.44.217] replied to HELO/EHLO with my own hostname server.littleblue.net
    Mar 14 08:16:48 localhost postfix/smtp[7485]: CBA6A9004E6: to=<web2_rick@littleblue.net>, orig_to=<rick@ricklynn.com>, relay=littleblue.net[216.212.44.217], delay=1, status=bounced (mail for littleblue.net loops back to myself)
    Mar 14 08:16:48 localhost postfix/smtpd[7486]: disconnect from host44-217.birch.net[216.212.44.217]
    Mar 14 08:16:48 localhost postfix/cleanup[7484]: 633309004E9: message-id=<20060314141648.633309004E9@server.littleblue.net>
    Mar 14 08:16:48 localhost postfix/qmgr[7464]: 633309004E9: from=<>, size=3176, nrcpt=1 (queue active)
    Mar 14 08:16:48 localhost postfix/qmgr[7464]: CBA6A9004E6: removed
    Mar 14 08:16:49 localhost postfix/smtp[7485]: 633309004E9: to=<jazzgillum@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.185.27], delay=1, status=sent (250 2.0.0 OK 1142345816 33si1531260wra)
    Mar 14 08:16:49 localhost postfix/qmgr[7464]: 633309004E9: removed
    
    Ideas? I guess I could set /etc/mailname back to littleblue.nbmap.com or even just nbmap.com, but I want littleblue.net to be my ISP domain name. It feels like I'm missing something obvious now, but I don't know what to try next.
     
  20. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Is littleblue.net in your /etc/postfix/local-host-names file? If not, add it at the end.
     

Share This Page