Postfix & Dovecot - "Relay access denied"

Discussion in 'Server Operation' started by hsa2, Jan 20, 2010.

  1. hsa2

    hsa2 New Member

    Hello,
    I am trying to build a webserver using postfix and dovecot-postfix on Ubuntu 9.10. I've been working on it about 5 hours ( i did the same for last 6-7 nights ). And finally, I can send mails from my server, using Squirrelmail web client. But when I try to send mail from another address to my server ( tried from google apps based domain ), it gives an error: 554 554 5.7.1: Relay access denied

    Please help me :confused: ( BTW, I really researched a lot about it )

    While building mail server, I followed this tutorial.

    Edit: I realised that I can send only from Squirrelmail, when I try to a client ( evolution ) with authentication enabled, it still says "Relay access denied".
     
    Last edited: Jan 20, 2010
  2. rekurs

    rekurs New Member

    You have trouble with authentication, post here your postfix config.
     
    Last edited: Jan 20, 2010
  3. hsa2

    hsa2 New Member

    Sure, here is my main.cf:

    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = no
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
    smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    #myhostname = karincayiyen.difuzyonhosting.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    #mydestination = difuzyonhosting.com, karincayiyen.difuzyonhosting.com, localhost.difuzyonhosting.com, localhost
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    
    virtual_minimum_uid = 150
    virtual_uid_maps = static:150
    virtual_gid_maps = static:8
    virtual_mailbox_base = /var/vmail
    virtual_transport = dovecot
    dovecot_destination_recipient_limit = 1
    
    virtual_alias_maps = proxy:mysql:/etc/postfix/my_alias_maps.cf
    virtual_mailbox_limit = proxy:mysql:/etc/postfix/my_mailbox_limits.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/my_domains_maps.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/my_mailbox_maps.cf
    and my master.cf

    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    submission inet n       -       -       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #smtps     inet  n       -       -       -       -       smtpd
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628      inet  n       -       -       -       -       qmqpd
    pickup    fifo  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       -       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       -       -       -       smtp
    	-o smtp_fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    
    dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.conf -f ${sender} -d $(recipient)
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix	-	n	n	-	2	pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
     
  4. falko

    falko Super Moderator

    What's the output of
    Code:
    telnet localhost 25
    and then
    Code:
    ehlo localhost
    ?

    Did you enable "Server requires authentication" in your email client?

    Any errors in your mail log?
     
  5. hsa2

    hsa2 New Member

    Hello falko,
    I am using 587 ( submission ) port for smtp.

    Code:
    root@karincayiyen:/etc/ssl/private# telnet localhost 587
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    220 karincayiyen.difuzyonhosting.com ESMTP Postfix (Ubuntu)
    ehlo localhost
    250-karincayiyen.difuzyonhosting.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    
     
  6. carlosinfl

    carlosinfl New Member

    This is very easy. You can send from Webmail because your Squirrelmail application is 127.0.0.1. According to your mynetworks parameter in main.cf, it allows connections from 127.0.0.0/8. You need to add your client network that clients will be sending email from to your 'mynetworks' parameter in main.cf.

    For example...

    My mail server = 127.0.0.1
    My PC = 192.168.0.100/255.255.255.0

    Then you need to add the following to 'mynetworks'

    mynetworks = 127.0.0.0/8, 192.168.0.0/24

    Reload Postfix and it should work! The reason you're getting 'relay access denied' is by default Postfix by default does not allow anyone to relay mail. This prevents you from being an 'open relay' which is very very bad!
     
    Last edited: Jan 20, 2010
  7. hsa2

    hsa2 New Member

    Thanks for your reply. I changed the line as follows:
    Code:
    mynetworks = 127.0.0.0/8, 192.168.0.0/24
    However, nothing has changed and still 'relay access denied' :(
     
  8. carlosinfl

    carlosinfl New Member

    I am hoping you did not forget to reload Postfix:

    Code:
    /etc/init.d/postfix restart
    I am guessing your same server running Postfix & Squirrelmail is also running Dovecot, correct?

    What is the IP address and subnet mask of the PC you're using to connect to Postfix / Dovecot to send / receive email. What client are you using? Thunderbird?
     
  9. hsa2

    hsa2 New Member

    No no, I reloaded postfix. And yes, I'm running Dovecot on the same server.

    Code:
    root@karincayiyen:~# telnet localhost pop3
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    +OK Dovecot ready.
    My IP adress ( the pc that I'm using, not server :) ) is 144.122.116.246, and my subnet mask is 255.255.255.0.
     
  10. carlosinfl

    carlosinfl New Member

    Then in your main.cf where your line has 'mynetworks = 127.0.0.0/8...'

    You need to add the following:

    Code:
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 144.122.116.0/24,
    Then run this command:

    Code:
    sudo apt-get -y install dig && sudo postfix reload
    Let me know what happens? It failed because you were taking my example of 192.168.0.0/24 literally and not applying it to your network parameters for your personal PC. Hope that works for you!
     
  11. hsa2

    hsa2 New Member

    I've made the changes.

    I've edit mynetworks line as:

    Code:
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 144.122.116.0/24,
    and problem is still the same.
     
  12. carlosinfl

    carlosinfl New Member

    What are you using to attempt to send email from? What client? Mozilla Thunderbird or Evolution? How is the client configured to download email? POP or IMAP? Can you download email without any issues? Can you post your Dovecot.conf file here so I can see it?
     
  13. carlosinfl

    carlosinfl New Member

    Looking at your main.cf closer. Please back your main.cf up and use this one I am providing as a test.

    Code:
    mv /etc/postfix/main.cf /etc/postfix/main.1_20_2010
    Now create a new main.cf and copy and paste my entire code in there:

    Code:
    vim /etc/postfix/main.cf
    Now copy and paste the text in there. Make sure you press 'i' for insert first and you don't cut out any of the code.

    Now restart Postfix again. Also restart Dovecot and try again:

    Code:
    /etc/init.d/postfix restart && /etc/init.d/dovecot restart
    COPY AND PASTE THIS INTO YOUR MAIN.CF

    Code:
    smtpd_banner = $myhostname ESMTP
    biff = no
    
    append_dot_mydomain = no
    
    readme_directory = no
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
    smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    myhostname = karincayiyen.difuzyonhosting.com
    mydomain = difuzyonhosting.com
    myorigin = $mydomain
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    
    mydestination = $myhostname, $mydomain, karincayiyen.$mydomain, 
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 144.122.116.0/24,
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    relay_domains =
    
    virtual_minimum_uid = 150
    virtual_uid_maps = static:150
    virtual_gid_maps = static:8
    virtual_mailbox_base = /var/vmail
    virtual_transport = dovecot
    dovecot_destination_recipient_limit = 1
    
    virtual_alias_maps = proxy:mysql:/etc/postfix/my_alias_maps.cf
    virtual_mailbox_limit = proxy:mysql:/etc/postfix/my_mailbox_limits.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/my_domains_maps.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/my_mailbox_maps.cf
     
  14. hsa2

    hsa2 New Member

    Hi,
    I did just like you said. I tried changing 'mydestination' value before. I am trying to send hsa2@domain.com, hsa2 is the user that I created from 'postfixadmin', and it says hsa2 is unknown user.

    EDIT: But I can connect to smtp and pop3 flawlessly, problem is i can't send mail to myself from my google apps based gmail address.
     
    Last edited: Jan 20, 2010
  15. carlosinfl

    carlosinfl New Member

    Sorry man. That is far as I think I will be able to help. Maybe someone else can shine better light on this subject. I am interested to see what it says...also check your logs on your mail server when you get the 'relay access denied' error.

    Run this command:

    Code:
    tail -f /var/log/mail.err
    I think that is what it is in Debian / Ubuntu and then when you send from your PC. Look at the error that pops up and post it here. It should tell you exactly what is causing the reject.
     
  16. hsa2

    hsa2 New Member

    Thanks for your effort @carlwill, I hope someone else can suggest something.
     
  17. carlosinfl

    carlosinfl New Member

    Welcome. You should post your error logs from when you try and send mail from the client. That will better narrow down the issue.
     
  18. hsa2

    hsa2 New Member

    Gmail says:
    Code:
    This is the mail system at host karincayiyen.difuzyonhosting.com.
    
    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.
    
    For further assistance, please send mail to postmaster.
    
    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.
    
                      The mail system
    
    <hsa2@difuzyonhosting.com>: unknown user: "hsa2"
    
    Final-Recipient: rfc822; hsa2@difuzyonhosting.com
    Original-Recipient: rfc822;hsa2@difuzyonhosting.com
    Action: failed
    Status: 5.1.1
    Diagnostic-Code: X-Postfix; unknown user: "hsa2"
     
  19. carlosinfl

    carlosinfl New Member

    What do your Postfix logs report?
     
  20. hsa2

    hsa2 New Member

    /var/log/mail.log
    Code:
    Jan 20 23:46:02 karincayiyen postfix/smtpd[15906]: connect from mail-ew0-f209.google.com[209.85.219.209]
    Jan 20 23:46:02 karincayiyen postfix/smtpd[15906]: 7952AF208EE: client=mail-ew0-f209.google.com[209.85.219.209]
    Jan 20 23:46:02 karincayiyen postfix/cleanup[15910]: 7952AF208EE: message-id=<552ad4a51001201246l45faa0fbpb2096721338c20c9@mail.gmail.com>
    Jan 20 23:46:02 karincayiyen postfix/qmgr[15787]: 7952AF208EE: from=<hsa2@difuzyon.net>, size=1237, nrcpt=1 (queue active)
    Jan 20 23:46:02 karincayiyen postfix/local[15911]: 7952AF208EE: to=<hsa2@difuzyonhosting.com>, relay=local, delay=0.39, delays=0.38/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "hsa2")
    Jan 20 23:46:02 karincayiyen postfix/cleanup[15910]: BACCEF208F0: message-id=<20100120204602.BACCEF208F0@karincayiyen.difuzyonhosting.com>
    Jan 20 23:46:02 karincayiyen postfix/qmgr[15787]: BACCEF208F0: from=<>, size=3169, nrcpt=1 (queue active)
    Jan 20 23:46:02 karincayiyen postfix/bounce[15912]: 7952AF208EE: sender non-delivery notification: BACCEF208F0
    Jan 20 23:46:02 karincayiyen postfix/qmgr[15787]: 7952AF208EE: removed
    Jan 20 23:46:03 karincayiyen postfix/smtp[15914]: BACCEF208F0: to=<hsa2@difuzyon.net>, relay=ASPMX.L.GOOGLE.COM[209.85.221.51]:25, delay=0.72, delays=0.01/0/0.11/0.59, dsn=2.0.0, status=sent (250 2.0.0 OK 1264020362 17si587211qyk.35)
    Jan 20 23:46:03 karincayiyen postfix/qmgr[15787]: BACCEF208F0: removed
    
     

Share This Page