Relay access denied when using SMTP to external recipients

Discussion in 'Installation/Configuration' started by Kamran Shah, Oct 10, 2005.

  1. falko

    falko Super Moderator

    Please start saslauthd:
    Code:
    /etc/init.d/saslauthd start
     
  2. Desp

    Desp Member

    Postfix Relay access denied !

    Please some help before losing my mind ! :mad:
    I have setup postfix with smtp/imap and using squirrelmail on ubuntu . The problem is that I cant send emails outside the box getting the error Relay access denied . have tested many ways to solve this problem with no luck , The only good thing that happend is that the error msg disapeard but the problem remained . I have added my Wan ip to my networks =
    take a look at my main.cf + /etc/hosts and logs :

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = /usr/share/doc/postfix

    # TLS parameters
    smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
    smtpd_tls_key_file = /etc/ssl/private/smtpd.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname = trinity.selman.us
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = selman.us, trinity.selman.us, localhost.selman.us, , localhost
    relayhost =
    mynetworks = 213.112.127.0/24, 127.0.0.0/8, 192.168.1.0/24 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    home_mailbox = Maildir/
    mailbox_command =
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination # I guess here is the problem but how to solve it !!
    smtp_tls_security_level = may
    smtpd_tls_security_level = may
    smtpd_tls_auth_only = no
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom

    /etc/hosts :

    192.168.1.64 trinity.selman.us # Added by NetworkManager
    127.0.0.1 localhost.localdomain localhost
    ::1 trinity localhost6.localdomain6 localhost6
    127.0.1.1 trinity.selman.us
    213.112.127.168 trinity.selman.us
    213.112.127.168 selman.us
    213.112.127.168 smtp.selman.us
    213.112.127.168 webmail.selman.us
    # The following lines are desirable for IPv6 capable hosts
    ::1 localhost ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts

    and mail.log

    Jan 18 18:50:20 trinity postfix/qmgr[12712]: 2CBF44A16AF: from=<mahmoud@selman.us>, size=713, nrcpt=1 (queue active)
    Jan 18 18:50:41 trinity postfix/smtp[13262]: connect to mx1.hotmail.com[65.55.37.104]:25: Connection timed out
    Jan 18 18:51:02 trinity postfix/smtp[13262]: connect to mx2.hotmail.com[65.55.37.72]:25: Connection timed out
    Jan 18 18:51:23 trinity postfix/smtp[13262]: connect to mx2.hotmail.com[65.54.188.110]:25: Connection timed out
    Jan 18 18:51:44 trinity postfix/smtp[13262]: connect to mx1.hotmail.com[65.54.188.72]:25: Connection timed out
    Jan 18 18:52:05 trinity postfix/smtp[13262]: connect to mx4.hotmail.com[65.55.92.184]:25: Connection timed out
    Jan 18 18:52:05 trinity postfix/smtp[13262]: 2CBF44A16AF: to=<desp@live.com>, relay=none, delay=3351, delays=3246/0.01/105/0, dsn=4.4.1, status=deferred (connect to mx4.hotmail.com[65.55.92.184]:25: Connection timed out)

    some more info:
    root@trinity:~# dig selman.us mx

    ; <<>> DiG 9.7.1-P2 <<>> selman.us mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8061
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;selman.us. IN MX

    ;; ANSWER SECTION:
    selman.us. 3600 IN MX 10 selman.us.
    selman.us. 3600 IN MX 0 selman.us.

    ;; Query time: 143 msec
    ;; SERVER: 192.168.1.254#53(192.168.1.254)
    ;; WHEN: Tue Jan 18 18:58:46 2011
    ;; MSG SIZE rcvd: 59

    root@trinity:~# cat /etc/resolv.conf
    # Generated by NetworkManager
    domain lan
    search lan selman.us
    nameserver 192.168.1.254
    nameserver 195.54.122.199
    nameserver 195.54.122.204
    search selman.us

    Thank you in advance !
     
  3. Desp

    Desp Member

    ehlo trinity.selman.us
    250-trinity.selman.us
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
     
  4. falko

    falko Super Moderator

    Does this happen just for Hotmail, or for all emails you send to remote servers?
    You can search for Hotmail here on the forums, there are a lot of threads already about this.
    Also, make sure that your server isn't blacklisted: http://mxtoolbox.com/blacklists.aspx
     
  5. Desp

    Desp Member

    Thank you for your respond Falko , it happen for all emails outside my box .
     
  6. Desp

    Desp Member

    It's blacklisted in 2 destinations :
    SORBS-DUHL LISTED Dynamic IP Addresses See: Detail
    Return codes were: 127.0.0.10 3600 234
    Spamhaus-ZEN LISTED Detail
    Return codes were: 127.0.0.11 900 265

    could this be the problem, I have conacted them to remove my ip .
     
  7. Desp

    Desp Member


    Finaly I found the problem was with my ISP , they blocked port 25 from sending emails :confused: now I have to use their SMTP insted .
    anyway I really thankfull for your help Falko .
     
    Last edited: Jan 20, 2011
  8. klaipedaville

    klaipedaville New Member

    I understand this post is a bit too old but I would like to say thank you to Torgny as his/her post gave me an idea. I had exactly the same problem and what saved me was entering my ISP's IP for "mynetworks" and it started to work. I am not sure though but it looks like my ISP has some slightly misconfigured parts in their Postfix. Could anyone also comment on IP for "mynetworks", please? Thanks!
     
  9. hklcf

    hklcf New Member

    Code:
    [root@server ~]# postconf -n
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    body_checks = regexp:/etc/postfix/body_checks
    broken_sasl_auth_clients = yes
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter = amavis:[127.0.0.1]:10024
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    debug_peer_level = 2
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = no
    inet_interfaces = all
    inet_protocols = all
    mail_owner = postfix
    mailbox_size_limit = 0
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    message_size_limit = 0
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    mydestination = server.hklcf.homeip.net, localhost, localhost.localdomain
    myhostname = server.hklcf.homeip.net
    mynetworks = 127.0.0.0/8 [::1]/128
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    newaliases_path = /usr/bin/newaliases.postfix
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
    receive_override_options = no_address_mappings
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    relayhost =
    sample_directory = /usr/share/doc/postfix-2.6.6/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_path = private/auth
    smtpd_sasl_type = dovecot
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_security_level = may
    smtpd_use_tls = yes
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    unknown_local_recipient_reject_code = 550
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_gid_maps = static:5000
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_transport = dovecot
    virtual_uid_maps = static:5000
    
    i can receive email but can't send out email...
     
  10. klaipedaville

    klaipedaville New Member

    I strongly suggest you study the mailbox_command in your configuration. If you have Procmail and it sounds you have it because you are on Ubuntu, you have to set this parameter first (it's absolutely mandatory to set) otherwise emails will not go anywhere.
    Removing this parameter won't help, unless you remove entire Procmail.

    The next option please, try setting your ISP's IP address in $mynetworks parameter and restart your posrfix. If it starts working then it will mean that either your ISP is not SASL authenticated or you have misconfigured your SASL. This simple test won't do any harm

     
  11. slayt12

    slayt12 New Member

    reject_unauth_destination

    Make sure that
    reject_unauth_destination
    is not in your setup unless you have a map in
    relay_domains
     
  12. cristopher

    cristopher New Member

    Thanks for the information, It was really useful.
     

Share This Page