Postfix Relay Acess denied

Discussion in 'Server Operation' started by rodobrist, Nov 24, 2010.

  1. rodobrist

    rodobrist New Member

    Hi All,

    ive set up postfix with courier imap/pop on ubuntu .... and i am trying to configure postfix

    everything works (i can email within my domain)
    ie [email protected] can email [email protected]

    i can login with outlook on a desktop far far away(i am saying this because i have read other forums who found the issue was in the client)

    i can even receive email from my hotmail
    [email protected]

    but i cannot send email... i have read around and tried numerous combinations for mydestination and myhost name... because that seems to be the common fix

    no sucsess

    this is the outlook error message
    The following recipient(s) cannot be reached:

    '[email protected]' on 24/11/2010 4:33 PM
    554 5.7.1 <not [email protected]>: Relay access denied

    this is an exerpt from netcat

    MAIL FROM:<[email protected]>
    #250 2.1.0 Ok
    #RCPT TO:<[email protected]>
    #554 5.7.1 <[email protected]>: Relay access denied
    #RCPT TO:<[email protected]>
    #250 2.1.5 Ok

    and here is the only relevent part of (relevent to my knowledge)

    myhostname =
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination =,,
    relayhost =
    mynetworks = [::ffff:]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    home_mailbox = Maildir/
    mailbox_command =

    I tried not to run to you guys for help, cause im sure your all busy... but im out of ideas and every solution to this problem(that i can find) is like minimum of 3 years old and does not work
    Last edited: Nov 24, 2010
  2. btb

    btb New Member

    I got the same error.

    I had to add the IP i was sending from to "mynetworks"

    My looks like this

    mynetworks_style = host
    mynetworks = xxx.yyy.zzz.qqq, qqq.sss.ttt.rrr

    (i anomized my ip's in the above, but the above config enable me to send from those 2 comma-seperated ip adresses)

    Best regards,
  3. rodobrist

    rodobrist New Member


    hey man,
    i have not seen mynetworks_style= in, i dont know if we have different versions or your file was modified but i cant find it

    but mynetworks is set on the loopback ip, which should be the home ip
    i also tried placing the local ip, the internet ip, commenting out the parts with [ ] ... does not seem to work

    no luck so far

    thanks for your help and if you got any more ideas keep em coming
  4. btb

    btb New Member

    My version is a freshly installed ubuntu 10.10, and then i did apt-get install postfix.

    In my config i have mydestination = all, maybe try that.

    And also try adding

    mynetworks_style = host
    mynetwork =, +the ip of the computer you are trying to send mail from(not the mailserver ip), maybe visit to get it

    Thats all I can think of trying.
  5. btb

    btb New Member

    Actually ignore the idea about mydestination=all, i just read the documentation and it says:

    The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine. So I guess you have it set correctly. I only needed postfix as outbound smtp so didnt care about that part.

    But I still think you should try adding mynetworks_style=host and then specifying IP. Its correct that that line is not in the default configuration file, but you can still add it.

    The default for that setting according to the docs is:

    •Specify "mynetworks_style = subnet" (the default) when Postfix should forward mail from SMTP clients in the same IP subnetworks as the local machine. On Linux, this works correctly only with interfaces specified with the "ifconfig" command.

    And please remember that if you are sending mails from your desktop computer through your linux server with postfix, then to my understanding you desktop computers IP also need to be specified in the mynetworks line. At least that is I would try first, and then go from there.
    Last edited: Nov 24, 2010
  6. rodobrist

    rodobrist New Member

    I tried adding in the extra mynetworks_style and/or the IP, but postfix does not even restart with those 2 options

    it does not make sense to me that i need the external IP of my remote computer ( as received from because the email system does not work when using telnet through SSH either (meaning the request comes from its own IP)... I still tried it though

    besides , outlook does not talk to postfix, it talks to courier through POP

    I really feel as if the issue is in mydestination or perhaps even in my resolv.conf... I don't really feel as if either of the two are correct


    I'm quite stumped...
  7. matty

    matty Member

    Where is the server in comparison to where you are sending email from, network wise? Are you on the same LAN, or are you across the internet somewhere?

    Generally, you only need to add your IPs to mynetworks if you're on a LAN (and restart postfix). It's potentially a little more effort if you're across the internet.
  8. rodobrist

    rodobrist New Member

    I have sent commands from the shell (SSH) which result in the same error. (to answer your question, the server is far far away in terms of IP)

    I am quite positive that outlook is conversing with courier, which relays the message to postfix with an internal IP anyway.

    If outlook can send emails locally, I don't see how that is a banned IP anyway.

    ... I am continually restarting postfix btw so its not that either.
    Last edited: Nov 25, 2010
  9. matty

    matty Member

    Creating an access list of authorised senders is good practice to stop your email server being abused by spammers. So, you need to tell postfix who is allowed to send mail through it. The default mynetworks allows localhost, so that's why that works.

    Nope. You are talking direct to postfix when sending.

    Just a quick something to try - configure your email client to check mail before sending mail, or set it to authenticate with your server when sending.
    Last edited: Nov 25, 2010
  10. rodobrist

    rodobrist New Member


    i dont get the error message anymore

    but i do not recieve the message in my hotmail account either

    ... i dont know how to check mail before sending, or to authenticate(i clicked test settings ... if thats what u mean)

    im not positive if outlook has check before send functionality
  11. rodobrist

    rodobrist New Member

    ok this is very weird

    from outlook and from telnet through (ssh)
    it gives no errors, but does not send

    but from netcat(which looks the same as telnet)
    it gives
    554 5.7.1 <[email protected]>: Relay access denied

    either way this new configuration has the same end goal of not being able to send.... just the error reporting method is different
  12. falko

    falko Super Moderator ISPConfig Developer

    Any errors in your mail log?
  13. rodobrist

    rodobrist New Member

    about 3,000 lines worth...
    I keep getting error when i try to upload it, so i have copy and pasted the last 20 lines.

    Nov 26 08:07:42 roderick postfix/smtp[3395]: 5B762E0A9B: to=<[email protected]>, relay=none, delay=53384, delays=53279/0.01/105/0, dsn=4.4.1, status=deferred (connect to[]:25: Connection timed out)
    Nov 26 08:07:55 roderick postfix/smtp[3399]: connect to[]:25: Connection timed out
    Nov 26 08:07:55 roderick postfix/smtp[3399]: 7B66DE0A68: to=<[email protected]>, relay=none, delay=105, delays=0.16/0.01/105/0, dsn=4.4.1, status=deferred (connect to[]:25: Connection timed out)
    Nov 26 08:10:57 roderick postfix/qmgr[32075]: B263CE099A: from=<[email protected]>, size=643, nrcpt=1 (queue active)
    Nov 26 08:10:57 roderick postfix/qmgr[32075]: 6028BE0A2B: from=<[email protected]>, size=658, nrcpt=1 (queue active)
    Nov 26 08:10:57 roderick postfix/error[3419]: B263CE099A: to=<[email protected]>, relay=none, delay=65717, delays=65717/0.01/0/0.09, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to[]:25: Connection timed out)
    Nov 26 08:10:58 roderick postfix/error[3420]: 6028BE0A2B: to=<[email protected]>, relay=none, delay=116598, delays=116598/0.01/0/0.12, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to[]:25: Connection timed out)
    Nov 26 08:15:57 roderick postfix/qmgr[32075]: 7B66DE0A68: from=<[email protected]>, size=401, nrcpt=1 (queue active)
    Nov 26 08:15:57 roderick postfix/qmgr[32075]: 2DC51E0A69: from=<[email protected]>, size=401, nrcpt=1 (queue active)
    Nov 26 08:15:57 roderick postfix/qmgr[32075]: C0A58E0A1A: from=<[email protected]>, size=658, nrcpt=1 (queue active)
    Nov 26 08:16:18 roderick postfix/smtp[3448]: connect to[]:25: Connection timed out
    Nov 26 08:16:18 roderick postfix/smtp[3450]: connect to[]:25: Connection timed out
    Nov 26 08:16:18 roderick postfix/smtp[3449]: connect to[]:25: Connection timed out
  14. matty

    matty Member

    The most likely reason for that error is the ISP that hosts your server is blocking outbound connections on port 25. I'm guessing you're using a residential style internet connection, which is why you are using dyndns. It's common for ISPs to block port 25 outbound from those kinds of connections to help stop spam from zombied home computers.

    Possibly, it may be your own firewall preventing outbound connections on port 25, but most allow all outbound connections by default. Either way, your problem is related to firewalling.
  15. rodobrist

    rodobrist New Member

    just called my ISP and they said that there was no blocking and its definately not my home router ....

    i found this on the internet:
    "Note : If you install Postfix/Dovecot mail server you will ONLY be able to send mail within your network. You can only send mail externally if you install SASL authentication with TLS. As otherwise you get “Relay Access Denied” error."

    im gonna give this a try in the next couple hours ill let you know how it goes
  16. matty

    matty Member

    From the information you've given, I suspect your server is on a Bigpond connection. They definitely do block port 25 outbound on most connections.
  17. matty

    matty Member

    I meant to add that if you find out the name of your ISP's mail server, you can just set postfix to send mail out through it to bypass the block. In /etc/postfix/, either edit or create the line

    relayhost =

    and restart postfix.
  18. falko

    falko Super Moderator ISPConfig Developer

  19. rodobrist

    rodobrist New Member

    matty was right

    my port is blocked by bigpond (who are now my least favourite ISP)

    i am on one black list, sorbs-duhl .... only because my ip is dynamic

    i used the ping smtp tool on and i got no reply, even though i can still recieve emails,

    i think the problem is definately blocked port

    im changing my internet connection very soon and this should solve the problem

    thank you very much guys, problem well solved

Share This Page