Postfix 554 relay access denied

Discussion in 'Server Operation' started by schmidse, Jun 5, 2007.

  1. schmidse

    schmidse New Member

    Hello,

    I've a question concerning the configuration of postfix.
    I have a server running on SLES 10 where I configured postfix. This server should be a relay host and should also buffer mails if someone will send lots of mails like newsletters for example. The access to this server will be controlled through an ACL.
    So I'm able to send mails to internal addresses over this new server to our mail server. But if I try to send a mail to an external address like gmx.net, gmail.com or yahoo.com I've got the error 554 Relay access denied.
    So what I want to achieve is that postfix will relay ALL mails (internal and external) to our mail server when the client/application has the permission to send mails.

    Here is my config:
    /etc/postfix/main.cf (without comments)
    Code:
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/lib/postfix
    mail_owner = postfix
    
    unknown_local_recipient_reject_code = 550
    debug_peer_level = 2
    debugger_command =
    	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
    
    sendmail_path = /usr/sbin/sendmail
    newaliases_path = /usr/bin/newaliases
    mailq_path = /usr/bin/mailq
    setgid_group = maildrop
    html_directory = /usr/share/doc/packages/postfix/html
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/packages/postfix/samples
    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    inet_protocols = all
    biff = no
    mail_spool_directory = /var/mail
    canonical_maps = hash:/etc/postfix/canonical
    virtual_alias_maps = hash:/etc/postfix/virtual
    virtual_alias_domains = hash:/etc/postfix/virtual
    relocated_maps = hash:/etc/postfix/relocated
    transport_maps = hash:/etc/postfix/transport
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    masquerade_exceptions = root
    masquerade_classes = envelope_sender, header_sender, header_recipient
    myhostname = g99la004
    program_directory = /usr/lib/postfix
    inet_interfaces = 223.99.214.221 ::1
    masquerade_domains = smtptest.de
    mydestination = $mydomain
    defer_transports = 
    mynetworks_style = class
    disable_dns_lookups = yes
    relayhost = [internetmailgateway]
    relay_domains = $mydomain, domain1.de, domain2.de, domain3.de
    mailbox_command = 
    mailbox_transport = 
    strict_8bitmime = no
    disable_mime_output_conversion = no
    smtpd_sender_restrictions = hash:/etc/postfix/access
    smtpd_client_restrictions = 
    smtpd_banner = $myhostname - powered by $mail_name 
    smtpd_helo_required = no
    smtpd_helo_restrictions = 
    strict_rfc821_envelopes = no
    smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
    smtp_sasl_auth_enable = no
    smtpd_sasl_auth_enable = no
    smtpd_use_tls = no
    smtp_use_tls = no
    alias_maps = hash:/etc/aliases
    mailbox_size_limit = 0
    message_size_limit = 10240000
    
    output of the command postconf -n
    Code:
    alias_maps = hash:/etc/aliases
    biff = no
    canonical_maps = hash:/etc/postfix/canonical
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/lib/postfix
    debug_peer_level = 2
    defer_transports = 
    disable_dns_lookups = yes
    disable_mime_output_conversion = no
    html_directory = /usr/share/doc/packages/postfix/html
    inet_interfaces = 223.99.214.221 ::1
    inet_protocols = all
    mail_owner = postfix
    mail_spool_directory = /var/mail
    mailbox_command = 
    mailbox_size_limit = 0
    mailbox_transport = 
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    masquerade_classes = envelope_sender, header_sender, header_recipient
    masquerade_domains = smtptest.de
    masquerade_exceptions = root
    message_size_limit = 10240000
    mydestination = $mydomain
    myhostname = g99la004
    mynetworks_style = class
    newaliases_path = /usr/bin/newaliases
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    relay_domains = $mydomain, domain1.de, domain2.de, domain3.de
    relayhost = [internetmailgateway]
    relocated_maps = hash:/etc/postfix/relocated
    sample_directory = /usr/share/doc/packages/postfix/samples
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    sendmail_path = /usr/sbin/sendmail
    setgid_group = maildrop
    smtp_sasl_auth_enable = no
    smtp_use_tls = no
    smtpd_banner = $myhostname - powered by $mail_name
    smtpd_client_restrictions = 
    smtpd_helo_required = no
    smtpd_helo_restrictions = 
    smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
    smtpd_sasl_auth_enable = no
    smtpd_sender_restrictions = hash:/etc/postfix/access
    smtpd_use_tls = no
    strict_8bitmime = no
    strict_rfc821_envelopes = no
    transport_maps = hash:/etc/postfix/transport
    unknown_local_recipient_reject_code = 550
    virtual_alias_domains = hash:/etc/postfix/virtual
    virtual_alias_maps = hash:/etc/postfix/virtual
    
    The error I've got when I try to send a mail to gmx or yahoo within /var/log/mail:
    part out of mail.info
    Code:
    NOQUEUE: reject: RCPT from server.domain[IP-Address]: 554 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<domain4.com>
    
    I hope you can tell me what's wrong...

    Best regards,
     
    Last edited: Jun 5, 2007
  2. falko

    falko Super Moderator ISPConfig Developer

    Either set up SMTP-AUTH on the mail server and enable "Server requires authentication." in your email client, or add your client's IP address/subnet to the mynetworks paramater in /etc/postfix/main.cf (comment out mynetworks_style then). Restart Postfix afterwards.
     
  3. barney.parker

    barney.parker New Member

    I was having that exact problem earlier, and discovered that same solution.

    I added my network IP and everything started to work better, however i now cannot seem to resolve MX records!

    As a result i seem to send mails into postfix, but get nothing out the other side, or anything to tell me there was an error!

    Thank the lord for the log files, but all they can tell me is they couldn;t find an MX record.



    When I dig MX hotmail.co.uk i get nothing, but when i check it on www.dnsstuff.com i find what i expected!




    any ideas?
     
  4. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/resolv.conf?
     
  5. barney.parker

    barney.parker New Member

    falco: OK, i should have thought of that!!!

    The only nameserver entry was the IP of my router, which seems to work fine with all but MX records!

    I added in an extra nameserver, using the one my router got from my ISP, now it works fine!!!


    Thanks
     
  6. schmidse

    schmidse New Member

    Hi falko,

    thanks for your help. I have changed the variable mynetworks as you suggested and after restarting postfix I was able to send mails even to external addresses. :)

    One question concerning smtp_auth - is this just to set these two variables to "yes"?
    Code:
    smtp_sasl_auth_enable = no
    smtpd_sasl_auth_enable = no
    
    or is there more to do? the service saslauthd is running at the moment.
     
  7. falko

    falko Super Moderator ISPConfig Developer

  8. ammartahir1978

    ammartahir1978 New Member

    Error 554 Relay Access Denied

    R: 554 5.7.1 <[email protected]>: Relay access denied

    i am trying to relay mail to linux box
    and ge this error i can send and receive emails through linux box.

    i know i have to do Mynetwork setting but can you please help me in correctly seting them up

    okay my linux box is 192.168.10.226 (IP) but 192.168.10.1 is the defualt gateway.

    now the email which i am relaying on to this linux machine is

    192.168.0.77 (ip) 192.168.0.1 defualt gateway

    how can i set it up , i dont want to setup SMTP AUth
     
  9. ammartahir1978

    ammartahir1978 New Member

    ERROR(23049093): SockCode=-10053 SeeCode=-52 PrevState=203 ThisState=204 NextState=204
    vSock write error.Connection timed-out or aborted.vSocket: 0 closed


    how can i fix this please
     
  10. falko

    falko Super Moderator ISPConfig Developer

    Add 192.168.0.77/32 to the mynetworks parameter in /etc/postfix/main.cf and restart Postfix.
     
  11. ammartahir1978

    ammartahir1978 New Member

    how to get query mail queue

    hi falks,

    thank you for your help, one more qustion is when i send emails out i get deferred mails, which are in deferred queue i want to copy all those emails to a csv file or excel how can i do it...please help
     
  12. falko

    falko Super Moderator ISPConfig Developer

    The
    Code:
    postqueue -p
    command could help you.
     

Share This Page