Sending email problems: Relay access denied

Discussion in 'HOWTO-Related Questions' started by jaffaizal, Mar 15, 2006.

  1. jaffaizal

    jaffaizal New Member

    Falko/Till,

    Me and my clients are having problems sending email to say, gmail and yahoo.
    Also a few other email address:

    salleh@matrade.gov.my
    cmkasule@nssfug.org
    mfaicsl@yahoo.com


    Tried to send a test email to my gmail account (jaffaizal@gmail.com ). Got the following error message:

    Sending failed:
    Message sending failed since the following recipients were rejected by the server:
    jaffaizal@gmail.com (The server responded: "<jaffaizal@gmail.com>: Recipient address rejected: Relay access denied")
    The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder.
    The following transport protocol was used:
    PLANIMA

    Your help is appreciated.
    JafFaizal
     
  2. till

    till Super Moderator

    You will have to check "Server needs authentication" in the smtp settings of your email client.
     
  3. jaffaizal

    jaffaizal New Member

    Did what you requested.

    Got following error msg popup:

    ----------------------------------------------------------------
    Sending failed:
    Unknown error code 50
    Your SMTP server does not support TLS. Disable TLS, if you want to connect without encryption.
    Please send a full bug report at http://bugs.kde.org.
    The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder.
    The following transport protocol was used:
    PLANIMA
    ----------------------------------------------------------------

    This is what I did:

    Check what the server support click in KMAIL for receiving email from pop.planima.com.

    KMAIL do the setting as:

    Use TLS for secure mail download
    &
    Authentication method as : Clear text.

    Therefore I set the sending account (using smtp.planima.com:25) accordingly as:

    Encryption : TLS
    Authentication method : PLAIN

    Set server requires authentication and used the login/password as created in ISPconfig.

    What is wrong?

    Thanks,
    JafFaizal
     
  4. falko

    falko Super Moderator

    Please disable TLS in your email client and try again.
     
  5. jaffaizal

    jaffaizal New Member

    Disabled the TLS in KMail.
    Current setting in KMail for, Accounts->Sending->Transport:SMTP->General Tab. I checked the Server requires authentication and use,

    Login->web???? (ie. the same UID setup in ISPConfig. This is the same UID for my pop.planima.com)

    Password->******** (ie. the same PWD setup in ISPConfig. This is the same UID for my pop.planima.com)

    Setting for Accounts->Sending->Transport:SMTP->Security Tab: Encryption->None Authentication Method->LOGIN (other options are, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM, GSSAPI)

    Are the above setting correct?

    Now receive this popup error message: ----------------------------------------------------------
    Sending failed: Authentication failed.
    Most likely the password is wrong.
    The server responded: "Error: authentication failed" The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder.
    The following transport protocol was used: PLANIMA ----------------------------------------------------------

    If I used PLAIN, got following error msg: ----------------------------------------------------------
    Sending failed: Your SMTP server does not support PLAIN.
    Choose a different authentication method.
    The server responded: "Error: authentication failed" The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder.
    The following transport protocol was used:pLANIMA ----------------------------------------------------------

    BTW, following is the ehlo localhost output:
    ----------------------------------------------------------
    suse1:~ # telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 suse1.mileswork.com ESMTP Postfix
    ehlo localhost
    250-suse1.mileswork.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250 8BITMIME
    --------------------------------------------------------

    Any other setting I need to setup at the Server or KMail?

    Thank
    JafFaizal
     
    Last edited: Mar 16, 2006
  6. jaffaizal

    jaffaizal New Member

    Falko/Till,

    BTW, I was informed by my client that those email that bounce now, he could sent emails to them before.

    Now, I'm curious that maybe external parties is using my ISPConfig email server to relay SPAM. Therefore it is blacklisted now.

    How can I confirm this?
    If YES, what is the remedy (how to stop this)?

    But, the gmail and yahoomail is a separate issues.

    Thanks,
    JafFaizal
     
  7. falko

    falko Super Moderator

    Make sure you use the correct usernames. For the ISPConfig webmail package, you must use an email address as username, but for an email client like KMail, it's the real username (e.g. web1_someuser) that you must use.

    Can you send emails eithout authentication? What's in /etc/postfix/main.cf?
     
  8. jaffaizal

    jaffaizal New Member

    This is what pop up if no authentication:

    ------------------------------------------------------------
    Sending failed:
    Message sending failed since the following recipients were rejected by the server:
    jaffaizal@gmail.com (The server responded: "<jaffaizal@gmail.com>: Recipient address rejected: Relay access denied")
    The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder.
    The following transport protocol was used:
    PLANIMA

    ------------------------------------------------------------
    There is a lot in /etc/postfix/main.cf (which part do you want to know?)

    JafFaizal
     
  9. falko

    falko Super Moderator

    Then your server is not an open relay which is good.

    Post the whole file without comments.
     
  10. jaffaizal

    jaffaizal New Member

    The file as requested... appreciated the help.

    JafFaizal

    ---------------------------------------------------

    queue_directory = /var/spool/postfix

    command_directory = /usr/sbin

    daemon_directory = /usr/lib/postfix

    mail_owner = postfix

    unknown_local_recipient_reject_code = 550


    debug_peer_level = 2

    debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    xxgdb $daemon_directory/$process_name $process_id & sleep 5

    sendmail_path = /usr/sbin/sendmail

    newaliases_path = /usr/bin/newaliases

    mailq_path = /usr/bin/mailq

    setgid_group = maildrop

    html_directory = /usr/share/doc/packages/postfix/html

    manpage_directory = /usr/share/man

    sample_directory = /usr/share/doc/packages/postfix/samples

    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    inet_protocols = all
    biff = no
    mail_spool_directory = /var/mail
    canonical_maps = hash:/etc/postfix/canonical
    #virtual_maps = hash:/etc/postfix/virtual
    relocated_maps = hash:/etc/postfix/relocated
    transport_maps = hash:/etc/postfix/transport
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    masquerade_exceptions = root
    masquerade_classes = envelope_sender, header_sender, header_recipient
    myhostname = suse1.$mydomain
    program_directory = /usr/lib/postfix
    inet_interfaces = all
    masquerade_domains =
    #mydestination = $myhostname, localhost.$mydomain
    defer_transports =
    disable_dns_lookups = no
    relayhost =
    mailbox_command =
    mailbox_transport =
    smtpd_sender_restrictions = hash:/etc/postfix/access
    smtpd_client_restrictions =
    smtpd_helo_required = no
    smtpd_helo_restrictions =
    strict_rfc821_envelopes = no
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
    smtp_sasl_auth_enable = no
    smtpd_sasl_auth_enable = yes
    smtpd_use_tls = yes
    smtp_use_tls = yes
    alias_maps = hash:/etc/aliases
    mailbox_size_limit = 0
    message_size_limit = 10240000
    mydomain = mileswork.com
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_tls_auth_only = no
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    home_mailbox = Maildir/

    virtual_maps = hash:/etc/postfix/virtusertable

    mydestination = /etc/postfix/local-host-names

    --------------------------------------------------------------
     
  11. jaffaizal

    jaffaizal New Member

    Does this email I received meant that someone is using my server for relay?

    And that my IP is not recognised?


    JafFaizal
    -------------------------------------------------------------------------

    Could not deliver message to the following recipient(s):

    Failed Recipient: rich@galichon.net
    Reason: Recipient spam or content filter rejected the message

    * *-- The header and top 20 lines of the message follows --

    Received: from UnknownHost [202.157.203.30] by Mail46.webcontrolcenter.com with SMTP;
    * *Fri, 17 Mar 2006 03:33:56 -0700
    Received: by suse1.mileswork.com (Postfix, from userid 10024)
    ********id C15AA2C275; Fri, 17 Mar 2006 18:34:34 +0800 (MYT)
    To: rich@galichon.net
    References: <20060317103423.0914A2C211@suse1.mileswork.com>
    In-Reply-To: <20060317103423.0914A2C211@suse1.mileswork.com>
    From: admispconfig@localhost.mileswork.com
    Subject: Suspicious Attachment
    Message-Id: <20060317103434.C15AA2C275@suse1.mileswork.com>
    Date: Fri, 17 Mar 2006 18:34:34 +0800 (MYT)

    ----------------------------------------------------------------------
    Warning: Message delivery wasn't performed.

    Reason: Our virus scanner detected very suspicious code in
    the attachment of a mail addressed to a user of our system.

    The following message will not be delivered:

    From: rich@galichon.net
    To: jaf@mileswork.com
    Subj: Important
    Date: Fri, 17 Mar 2006 10:33:47 +0000
    Virus: Worm.SomeFool.Z

    Feel free to contact admispconfig@localhost if you can't cope with it.
    ----------------------------------------------------------------------

    This mail was automatically generated by TrashScan v0.12
     
  12. falko

    falko Super Moderator

    This means that someone sent you a virus, and the virus scanner detected it.
     
  13. falko

    falko Super Moderator

    Regarding your main.cf: please post the output of
    Code:
    postconf -d|grep mynetworks
     
  14. jaffaizal

    jaffaizal New Member

    Falko,

    The output of, postconf -d|grep mynetworks

    ----------------------------------------------------------------------
    parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
    smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
    smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

    ----------------------------------------------------------------------

    JafFaizal
     
  15. falko

    falko Super Moderator

    Please run
    Code:
    postconf -e 'mynetworks = 127.0.0.0/8'
    and restart Postfix.
     
  16. jaffaizal

    jaffaizal New Member

    Falko,
    Did what you requested.
    This is the output of, postconf -d|grep mynetworks -----------------------------------------------------------
    mynetworks = 127.0.0.0/8 192.168.0.0/24
    mynetworks_style = subnet
    parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
    smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
    smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

    ----------------------------------------------------------------
    Retarted postfix, /etc/init.d/postfix restart
    Sending to jaffaizal@gmail.com, still got the following message from the server: ------------------------------------------------------------------------
    Sending failed: Authentication failed. Most likely the password is wrong. The server responded: "Error: authentication failed" The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder. The following transport protocol was used: PLANIMA
    ------------------------------------------------------------------------
    The password entered is correct. I know this because it is the same password for downloading email from my pop3 server. Also if sending from Uebimiau. It works.
    So, what else could be wrong?

    BTW, I can send to email to jaf@planima.com without the "server requires authentication" selected. But the same error message as above if "server requires authentication" selected.

    JafFaizal
     
    Last edited: Mar 19, 2006
  17. falko

    falko Super Moderator

    Please restart saslauthd:
    Code:
    /etc/init.d/saslauthd restart
    If it doesn't help, reboot the system.
     
  18. jaffaizal

    jaffaizal New Member

    Hi Falko/Till,

    Sorry for the long delays... have been busy with works. I am still experiencing the above problem even after reboot. Following is the output when sending email after reboot:

    ---------------------------------------------------------------------------

    Sending failed:
    Authentication failed.
    Most likely the password is wrong.
    The server responded: "Error: authentication failed"
    The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder.
    The following transport protocol was used:
    MILESWORK

    ---------------------------------------------------------------------------

    When I click on 'Check what the server support' button, KMail returns:
    ---------------------------------------------------------------------------

    Unknown error code 50
    Your SMTP server does not support TLS. Disable TLS, if you want to connect without encryption.

    ---------------------------------------------------------------------------

    What should my setting be in KMAIL transport setup for sending thru SMTP?
    Do I need to select the 'Send custom hostname to server'? IF Yes, what is the hostname?

    BTW, my system is SUSE and I did use the 'The Perfect Setup' method.

    Your help is very much appreciated.

    Thanks...
    Jaf
     
    Last edited: Apr 7, 2006
  19. falko

    falko Super Moderator

    What's in your mail log?

    You should use normal settings in your email client, i.e., specify the smtp and pop3 server, your username and password, enable "Server requires authentication."; please do not use TLS for now.
     
  20. jaffaizal

    jaffaizal New Member

    I am still having the same problem... following is the mail log:

    --------------------------------------------------------------------------------------------
    pr 7 19:29:24 suse1 pop3d: Connection, ip=[::ffff:219.95.159.31]
    Apr 7 19:29:25 suse1 pop3d: LOGIN, user=web22_jaf, ip=[::ffff:219.95.159.31]
    Apr 7 19:29:25 suse1 pop3d: LOGOUT, user=web22_jaf, ip=[::ffff:219.95.159.31], top=0, retr=0, time=0, stls=1
    Apr 7 19:29:26 suse1 postfix/anvil[23477]: statistics: max connection rate 1/60s for (smtp:219.95.159.31) at Apr 7 19:26$
    Apr 7 19:29:26 suse1 postfix/anvil[23477]: statistics: max connection count 1 for (smtp:219.95.159.31) at Apr 7 19:26:05
    Apr 7 19:29:26 suse1 postfix/anvil[23477]: statistics: max cache size 1 at Apr 7 19:26:05
    Apr 7 19:29:39 suse1 pop3d: Connection, ip=[::ffff:202.157.203.30]
    Apr 7 19:31:16 suse1 postfix/smtpd[23577]: warning: connect to private/tlsmgr: No such file or directory
    Apr 7 19:31:17 suse1 postfix/smtpd[23577]: warning: connect to private/tlsmgr: No such file or directory
    Apr 7 19:31:17 suse1 postfix/smtpd[23577]: warning: problem talking to server private/tlsmgr: No such file or directory
    Apr 7 19:31:17 suse1 postfix/smtpd[23577]: warning: no entropy for TLS key generation: disabling TLS support
    Apr 7 19:31:17 suse1 postfix/smtpd[23577]: warning: 219.95.159.31: hostname tm.net.my verification failed: Name or servic$
    Apr 7 19:31:17 suse1 postfix/smtpd[23577]: connect from unknown[219.95.159.31]
    Apr 7 19:31:18 suse1 postfix/smtpd[23577]: warning: unknown[219.95.159.31]: SASL LOGIN authentication failed
    Apr 7 19:31:18 suse1 postfix/smtpd[23577]: lost connection after AUTH from unknown[219.95.159.31]
    Apr 7 19:31:18 suse1 postfix/smtpd[23577]: disconnect from unknown[219.95.159.31]

    -----------------------------------------------------------------------------
     

Share This Page