Mail: Relay access denied

Discussion in 'Installation/Configuration' started by _X_, Oct 14, 2008.

  1. _X_

    _X_ New Member


    everything is done according to:
    The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server)

    Client can receive mail but cannot send mail with error:
    The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was ''. Subject 'test', Account: 'user1', Server: '', Protocol: SMTP, Server Response: '554 5.7.1 <>: Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79

    Authentication is enabled.

    In mail.log:
    server1 postfix/smtpd[25684]: NOQUEUE: reject: RCPT from unknown[]: 554 5.7.1 <>: Relay access denied; from=<> to=<> proto=ESMTP helo=<HOME>

    In local-host-names:

    In virtualusertable exists: user1 user1 user1

    smtpd_banner = $myhostname ESMTP $mail_name
    biff = no
    append_dot_mydomain = no
    readme_directory = no
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    myhostname =
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    relayhost =
    mynetworks =
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipients_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    ---------------^^ - smtpd_recipient_restrictions should be here
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names

    dig mx
    ; IN MX
    ;; ANSWER SECTION: 300 IN MX 10

    ; IN A

    Dig mx
    ; IN MX
    ;; ANSWER SECTION: 3600 IN MX 10

    ; IN A
    ;; ANSWER SECTION: 3600 IN A

    If client uses webmail (squirrelmail) mail can be sent with no problems. Client recives mail with no problems using mail client application (OutLook, OutLook Express, ...)

    Q: Do I need to add IP of my into line in
    mynetworks =

    Q: I havent done anything in DNS Manager section in ISPconfig. Do I need to do something about that and what exaclty?
    Last edited: Oct 26, 2008
  2. _X_

    _X_ New Member


    I can send mail from outlook to local users (from to but any mail that goes to external destination has: Relay access denied error.
  3. _X_

    _X_ New Member

    Update 2

    Adding IPs of and in didnt solve the problem

    Activating SSL in mail client didnt help.
    Last edited: Oct 15, 2008
  4. trcinc1

    trcinc1 New Member HowtoForge Supporter

    Just today I started having the same problem

    This is what I found out: (my problem - not necessarily yours)

    CBL Lookup Utility ( used the lookup link with my IP)

    Note: Automated/scripted bulk lookups are forbidden.

    Enter an IP address:

    IP Address XX.XXX.XX.XXX is currently listed in the CBL.

    It was detected at 2008-10-13 19:00 GMT (+/- 30 minutes), approximately 1 days, 2 hours, 30 minutes ago.

    ATTENTION: At the time of detection, this IP was infected with, or NATting for a computer infected with a high volume spam sending trojan - it is participating or facilitating a botnet sending spam or spreading virus/spam trojans.

    ATTENTION: if you simply repeatedly remove this IP address from the CBL without correcting the problem, the CBL WILL stop letting you delist it.

    This is the Cutwail

    You MUST patch your system and then fix/remove the trojan. Do this before delisting, or you're most likely to be listed again almost immediately.

    If this IP is a NAT firewall/gateway, you MUST configure the NAT to prevent outbound port 25 connections to the Internet except from your real mail servers.

    Request delisting of XX.XXX.XX.XXX.
  5. _X_

    _X_ New Member

    Tested both IPs and they are not listed.
  6. _X_

    _X_ New Member

    I have tried everything that could find on forums but nothing helped.

    Getting desperate here :confused:

    Any new ideas?
  7. falko

    falko Super Moderator ISPConfig Developer

    This sounds as if you did not enable "Server requires authentication" in Outlook. Please double-check.
  8. _X_

    _X_ New Member

    That was first thing that I checked, double-checked and triple-checked :)

    Tried with Outlook Express, Outlook and Opera mail client but always recive same error.

    here is complete session log:
    domain pop3d: Connection, ip=[]
    domain postfix/smtpd[9556]: connect from unknown[]
    domain pop3d: LOGIN, user=user1, ip=[], port=[2517]
    domain postfix/smtpd[9556]: NOQUEUE: reject: RCPT from unknown[]: 554 5.7.1 <>: Relay access denied; from=<> to=<> proto=ESMTP helo=<home>
    domain pop3d: LOGOUT, user=user1, ip=[], port=[2517], top=0, retr=0, rcvd=18, sent=38, time=0
    domain postfix/smtpd[9556]: disconnect from unknown[]

    domain = - FQDM of server that runs ISPconfig
    user1 = - user that is client with its site hosted as virtual on server
  9. _X_

    _X_ New Member

    here is all ok if i'm correct?

    telnet localhost 25
    Connected to localhost.
    Escape character is '^]'.
    220 ESMTP Postfix
    ehlo localhost
    250-SIZE 10240000
    250 DSN
    221 2.0.0 Bye
  10. _X_

    _X_ New Member


    testsaslauthd -u user1 -p xxxx -f /var/spool/postfix/var/run/saslauthd/mux
    0: OK "Success."
  11. _X_

    _X_ New Member

    also firewall settings:
    Name Port Type Active
    FTP 21 tcp yes
    SSH 22 tcp yes
    SMTP 25 tcp yes
    DNS 53 tcp yes
    DNS 53 udp yes
    WWW 80 tcp yes
    ISPConfig 81 tcp yes
    POP3 110 tcp yes
    IMAP2 143 tcp yes
    SSL (www) 443 tcp yes
  12. _X_

    _X_ New Member



    pwcheck_method: saslauthd
    mech_list: plain login
  13. _X_

    _X_ New Member

    should in read:

    myhostaname =


    myhostname =


    in /etc/mailname should read:

    Last edited: Oct 15, 2008
  14. _X_

    _X_ New Member

    and more questions :rolleyes:

    should for (main server that runs ISPconfig) under Management/Server/Settings>DNS be Default MX: enabled?

    should for site that defined under ISP Manager/Sites>Basis be Create DNS and Create DNS MX: enabled?
  15. _X_

    _X_ New Member

  16. _X_

    _X_ New Member

    i know this is getting borring but:

    testsaslauthd -u user1 -p user1_pass
    connect() : No such file or directory

    is this normal?

    /etc/init.d/saslauthd restart
    * Stopping SASL Authentication Daemon saslauthd [ OK ]
    * Starting SASL Authentication Daemon saslauthd [ OK ]
  17. falko

    falko Super Moderator ISPConfig Developer

    Are there any other errors in your mail log?
    What's in /etc/default/saslauthd?

    You need to authenticate only if you send to a remote address.
  18. _X_

    _X_ New Member

    here is mail.log:

    Oct 16 15:08:53 domain postfix/smtpd[30986]: connect from unknown[]
    Oct 16 15:08:54 domain postfix/smtpd[30986]: NOQUEUE: reject: RCPT from unknown[]: 554 5.7.1 <>: Relay access denied; from=<> to=<> proto=ESMTP helo=<HOME>
    Oct 16 15:08:54 domain postfix/smtpd[30986]: disconnect from unknown[]
    Oct 16 15:08:54 domain pop3d: Connection, ip=[]
    Oct 16 15:08:54 domain pop3d: LOGIN, user=user1, ip=[], port=[1273]
    Oct 16 15:08:54 domain pop3d: LOGOUT, user=user1, ip=[], port=[1273], top=0, retr=0, rcvd=12, sent=39, time=0

    and i found this so i guess sasl works?

    Oct 11 22:32:29 domain postfix/smtpd[9567]: warning:[]: SASL LOGIN authentication failed: authentication failure
    Oct 11 22:32:31 domain postfix/smtpd[9567]: too many errors after AUTH from[]
    Last edited: Oct 16, 2008
  19. _X_

    _X_ New Member


    DESC="SASL Authentication Daemon"
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
  20. _X_

    _X_ New Member

    my best guess would be that is not on the list for authentication but exists in virtualusertable and and exists i local-host-names.

    tried to add and to local-host-names and after: /etc/init.d/postfix restart got same error.

Share This Page