Mail: Relay access denied

Discussion in 'Installation/Configuration' started by _X_, Oct 14, 2008.

  1. _X_

    _X_ New Member

    ***SOLVED***

    everything is done according to:
    The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server)

    Client can receive mail but cannot send mail with error:
    The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was '[email protected]'. Subject 'test', Account: 'user1', Server: 'mail.user1.com', Protocol: SMTP, Server Response: '554 5.7.1 <[email protected]>: Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79

    Authentication is enabled.

    In mail.log:
    server1 postfix/smtpd[25684]: NOQUEUE: reject: RCPT from unknown[xxx.xxx.xxx.xxx]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<HOME>

    In local-host-names:
    localhost
    domain.info
    localhost.domain.info
    localhost.info
    localhost.localdomain
    www.user1.com
    user1.com
    webmail.user1.com
    #### MAKE MANUAL ENTRIES BELOW THIS LINE! ####

    In virtualusertable exists:
    [email protected] user1
    [email protected] user1
    [email protected] user1

    In Main.cf
    smtpd_banner = $myhostname ESMTP $mail_name
    biff = no
    append_dot_mydomain = no
    readme_directory = no
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    myhostname = server1.info
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    relayhost =
    mynetworks = 127.0.0.0/8
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipients_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    ---------------^^ - smtpd_recipient_restrictions should be here
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names

    dig mx domain.info:
    ;; QUESTION SECTION:
    ;domain.info. IN MX
    ;; ANSWER SECTION:
    domain.info. 300 IN MX 10 mail.domain.info.

    dig domain.info
    ;; QUESTION SECTION:
    ;domain.info. IN A
    ;; ANSWER SECTION:
    domain.info. 300 IN A xxx.xxx.xxx.xx

    Dig mx user1.com
    ;; QUESTION SECTION:
    ;user1.com. IN MX
    ;; ANSWER SECTION:
    user1.com. 3600 IN MX 10 mail.user1.com.

    dig user1.com
    ;; QUESTION SECTION:
    ;user1.com. IN A
    ;; ANSWER SECTION:
    user1.com. 3600 IN A xxx.xxx.xxx.xx

    If client uses webmail (squirrelmail) mail can be sent with no problems. Client recives mail with no problems using mail client application (OutLook, OutLook Express, ...)

    Q: Do I need to add IP of my server1.info into line in main.cf:
    mynetworks = 127.0.0.0/8

    Q: I havent done anything in DNS Manager section in ISPconfig. Do I need to do something about that and what exaclty?
     
    Last edited: Oct 26, 2008
  2. _X_

    _X_ New Member

  3. _X_

    _X_ New Member

    Update 2

    Adding IPs of domain.info and user1.com in main.cf didnt solve the problem

    Activating SSL in mail client didnt help.
     
    Last edited: Oct 15, 2008
  4. trcinc1

    trcinc1 New Member HowtoForge Supporter

    Just today I started having the same problem

    This is what I found out: (my problem - not necessarily yours)

    CBL Lookup Utility (http://cbl.abuseat.org/ used the lookup link with my IP)

    Note: Automated/scripted bulk lookups are forbidden.

    Enter an IP address:

    IP Address XX.XXX.XX.XXX is currently listed in the CBL.

    It was detected at 2008-10-13 19:00 GMT (+/- 30 minutes), approximately 1 days, 2 hours, 30 minutes ago.

    ATTENTION: At the time of detection, this IP was infected with, or NATting for a computer infected with a high volume spam sending trojan - it is participating or facilitating a botnet sending spam or spreading virus/spam trojans.

    ATTENTION: if you simply repeatedly remove this IP address from the CBL without correcting the problem, the CBL WILL stop letting you delist it.

    This is the Cutwail

    You MUST patch your system and then fix/remove the trojan. Do this before delisting, or you're most likely to be listed again almost immediately.

    If this IP is a NAT firewall/gateway, you MUST configure the NAT to prevent outbound port 25 connections to the Internet except from your real mail servers.

    Request delisting of XX.XXX.XX.XXX.
     
  5. _X_

    _X_ New Member

    Tested both IPs and they are not listed.
     
  6. _X_

    _X_ New Member

    I have tried everything that could find on forums but nothing helped.

    Getting desperate here :confused:

    Any new ideas?
     
  7. falko

    falko Super Moderator ISPConfig Developer

    This sounds as if you did not enable "Server requires authentication" in Outlook. Please double-check.
     
  8. _X_

    _X_ New Member

    That was first thing that I checked, double-checked and triple-checked :)

    Tried with Outlook Express, Outlook and Opera mail client but always recive same error.

    here is complete session log:
    domain pop3d: Connection, ip=[::ffff:xx.xxx.xxx.xx]
    domain postfix/smtpd[9556]: connect from unknown[xx.xxx.xxx.xx]
    domain pop3d: LOGIN, user=user1, ip=[::ffff:xx.xxx.xxx.xx], port=[2517]
    domain postfix/smtpd[9556]: NOQUEUE: reject: RCPT from unknown[xx.xxx.xxx.xx]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<home>
    domain pop3d: LOGOUT, user=user1, ip=[::ffff:xx.xxx.xxx.xx], port=[2517], top=0, retr=0, rcvd=18, sent=38, time=0
    domain postfix/smtpd[9556]: disconnect from unknown[xx.xxx.xxx.xx]

    domain = domain.info - FQDM of server that runs ISPconfig
    user1 = [email protected] - user that is client with its site hosted as virtual on domain.info server
     
  9. _X_

    _X_ New Member

    here is all ok if i'm correct?

    telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 domain.info ESMTP Postfix
    ehlo localhost
    250-domain.info
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    quit
    221 2.0.0 Bye
     
  10. _X_

    _X_ New Member

    also:

    testsaslauthd -u user1 -p xxxx -f /var/spool/postfix/var/run/saslauthd/mux
    0: OK "Success."
     
  11. _X_

    _X_ New Member

    also firewall settings:
    Name Port Type Active
    FTP 21 tcp yes
    SSH 22 tcp yes
    SMTP 25 tcp yes
    DNS 53 tcp yes
    DNS 53 udp yes
    WWW 80 tcp yes
    ISPConfig 81 tcp yes
    POP3 110 tcp yes
    IMAP2 143 tcp yes
    SSL (www) 443 tcp yes
     
  12. _X_

    _X_ New Member

    and:

    /etc/postfix/sasl/smtpd.conf

    pwcheck_method: saslauthd
    mech_list: plain login
     
  13. _X_

    _X_ New Member

    should in main.cf read:

    myhostaname = mail.domain.info

    instead:

    myhostname = domain.info

    or

    in /etc/mailname should read:

    mail.domain.info

    intead:

    domain.info
     
    Last edited: Oct 15, 2008
  14. _X_

    _X_ New Member

    and more questions :rolleyes:

    should for domain.info (main server that runs ISPconfig) under Management/Server/Settings>DNS be Default MX: enabled?

    should for user1.com site that defined under ISP Manager/Sites>Basis be Create DNS and Create DNS MX: enabled?
     
  15. _X_

    _X_ New Member

    new info :)

    if i sent mail to [email protected] from [email protected] from outlook express i dont have relay access problem and mail is delivered.

    obviously if I send mail to [email protected] from [email protected] i get Relay access denied.

    :confused:
     
  16. _X_

    _X_ New Member

    i know this is getting borring but:

    testsaslauthd -u user1 -p user1_pass
    connect() : No such file or directory

    is this normal?

    /etc/init.d/saslauthd restart
    gives:
    * Stopping SASL Authentication Daemon saslauthd [ OK ]
    * Starting SASL Authentication Daemon saslauthd [ OK ]
     
  17. falko

    falko Super Moderator ISPConfig Developer

    Are there any other errors in your mail log?
    What's in /etc/default/saslauthd?

    You need to authenticate only if you send to a remote address.
     
  18. _X_

    _X_ New Member

    here is mail.log:

    Oct 16 15:08:53 domain postfix/smtpd[30986]: connect from unknown[xx.xxx.xxx.xx]
    Oct 16 15:08:54 domain postfix/smtpd[30986]: NOQUEUE: reject: RCPT from unknown[xx.xxx.xxx.xx]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<HOME>
    Oct 16 15:08:54 domain postfix/smtpd[30986]: disconnect from unknown[xx.xxx.xxx.xx]
    Oct 16 15:08:54 domain pop3d: Connection, ip=[::ffff:xx.xxx.xxx.xx]
    Oct 16 15:08:54 domain pop3d: LOGIN, user=user1, ip=[::ffff:xx.xxx.xxx.xx], port=[1273]
    Oct 16 15:08:54 domain pop3d: LOGOUT, user=user1, ip=[::ffff:xx.xxx.xxx.xx], port=[1273], top=0, retr=0, rcvd=12, sent=39, time=0

    and i found this so i guess sasl works?

    Oct 11 22:32:29 domain postfix/smtpd[9567]: warning: 114-44-140-191.dynamic.hinet.net[114.44.140.191]: SASL LOGIN authentication failed: authentication failure
    Oct 11 22:32:31 domain postfix/smtpd[9567]: too many errors after AUTH from 114-44-140-191.dynamic.hinet.net[114.44.140.191]
     
    Last edited: Oct 16, 2008
  19. _X_

    _X_ New Member

    /etc/default/saslauthd:

    START=yes
    DESC="SASL Authentication Daemon"
    NAME="saslauthd"
    MECHANISMS="pam"
    MECH_OPTIONS=""
    THREADS=5
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
     
  20. _X_

    _X_ New Member

Share This Page