SMTP: Relay access denied

Discussion in 'Installation/Configuration' started by vaio1, Feb 19, 2009.

  1. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Hi guys

    I have some problem with the SMTP server. I have followed the CentOs tutorial on this site.

    The problem is send the email to an external domain.
    I have already read the last post but I have not found any solution.

    Code:
    helo mail.mydomain.com
    mail from:<[email protected]>
    rcpt to:<[email protected]>
    data
    subject: This is a test mail
    to: [email protected]
    This is the text of my test mail.
    .

    Code:
    220 myserver.mydomain.com ESMTP Postfix
    helo mail.mydomain.com
    mail from:<[email protected]>
    rcpt to:<[email protected]>
    data
    subject: This is a test mail
    to: [email protected]
    This is the text of my test mail.
    .250 myserver.mydomain.com
    250 2.1.0 Ok
    [B]554 5.7.1 <[email protected]>: Relay access denied[/B]
    554 5.5.1 Error: no valid recipients
    221 2.7.0 Error: I can break rules, too. Goodbye.
    
    Maillog
    Code:
    Feb 19 19:01:50 myserver postfix/smtpd[14596]: NOQUEUE: reject: RCPT from host84-42-dynamic.183-80-r.retail.telecomitalia.it[80.183.42.84]: 554 5.7.1 <[email protected]>: [B]Relay access denied;[/B] from=<[email protected]> to=<[email protected]> proto=SMTP helo=<mail.mydomain.com>
    
    Code:
    [[email protected] ~]# postconf -n
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    broken_sasl_auth_clients = yes
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    debug_peer_level = 2
    home_mailbox = Maildir/
    html_directory = no
    inet_interfaces = all
    mail_owner = postfix
    mailbox_command =
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    mydestination = /etc/postfix/local-host-names
    myhostname = myserver.mydomain.com
    mynetworks = 127.0.0.0/8
    newaliases_path = /usr/bin/newaliases.postfix
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
    relayhost = mail.mydomain.com
    sample_directory = /usr/share/doc/postfix-2.3.3/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options =
    smtp_tls_note_starttls_offer = yes
    smtp_use_tls = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_auth_only = no
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    smtpd_use_tls = yes
    tls_random_source = dev:/dev/urandom
    unknown_local_recipient_reject_code = 550
    
    
    any idea?
     
  2. Angelito

    Angelito New Member

    Authentication needed ?

    You might have to authenticate yourself first,
    try:
    Code:
    EHLO mail.mydomain.com
    and look for something like this:

    If you see anything that starts with AUTH, it means you will have to supply a username and password.

    Try that

    Angel
     
  3. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    but the problem persist :(
    nothing to do
     
  4. Angelito

    Angelito New Member

    You MUST first supply a user name and a password.

    Your post confirms what I said, you are being required to authenticate yourself.
    Most likely the server is set to use AUTH LOGIN if so type in right after EHLO:

    Code:
    AUTH LOGIN
    then you should get:

    Code:
    VXN1cm5hbWU6
    which stands for username, then you should supply your email address encoded in base64. Then you will be required for your password encode it and send it as well.

    Good luck.
     
  5. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer


    Code:
    220 myserver.mydomain.com ESMTP Postfix
    helo mail.mydomain.com
    250 myserver.mydomain.com
    EHLO mail.mydomain.com
    250-myserver.mydomain.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    AUTH LOGIN
    334 VXNlcm5hbWU6
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    334 UGFzc3dvcmQ6
    xxxxxxxxxxxx
    235 2.0.0 Authentication successful
    mail from:<[email protected]>
    250 2.1.0 Ok
    [B]rcpt to:<[email protected]>
    250 2.1.5 Ok[/B]
    data
    subject: This is a test mail
    to: [email protected]
    This is the text of my test mail.
    .354 End data with <CR><LF>.<CR><LF>
    

    Ok I have not understood. Now the email seems to me accepted but I don't receive nothing. what happens now? Any idea?

    thanks
     
  6. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Now in the log file I can see:

    Code:
    
    Feb 20 16:29:39 myserver postfix/qmgr[28529]: 8ED615300AE: to=<[email protected]>, relay=none, delay=0.65, delays=0.65/0.01/0/0, dsn=4.3.5, status=deferred ([B]delivery temporarily suspended[/B]: mail for mail.mydomain.com loops back to myself)
    
    
    any idea?
     
  7. falko

    falko Super Moderator ISPConfig Developer

    Please add mail.mydomain.com to /etc/postfix/local-host-names and restart Postfix.
     
  8. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Hi Falko,

    the problem persists.

    Code:
    Feb 20 19:50:19 myserver postfix/smtp[21789]: 246A3530088: to=<[email protected]>, relay=none, delay=0.18, delays=0.18/0/0/0, dsn=4.3.5, status=deferred (mail for mail.mydomain.com loops back to myself)
    
     
  9. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/postfix/local-host-names and /etc/postfix/main.cf?

    Does this happen when you send a mail to a remote server or this server?
     
  10. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Hi Falko,

    It happens when I send the email by thunderbird to an external email address.

    in the /etc/postfix/local-host-names there are all the domain and subdomains, mail.mydomain.com included

    Code:
    [[email protected] ~]# postconf -n
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    broken_sasl_auth_clients = yes
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    debug_peer_level = 2
    home_mailbox = Maildir/
    html_directory = no
    inet_interfaces = all
    mail_owner = postfix
    mailbox_command = 
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    mydestination = /etc/postfix/local-host-names
    myhostname = myserver.mydomain.com
    mynetworks = 127.0.0.0/8
    newaliases_path = /usr/bin/newaliases.postfix
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
    relayhost = mail.mydomain.com
    sample_directory = /usr/share/doc/postfix-2.3.3/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = 
    smtp_tls_note_starttls_offer = yes
    smtp_use_tls = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_local_domain = 
    smtpd_sasl_security_options = noanonymous
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_auth_only = no
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    smtpd_use_tls = yes
    tls_random_source = dev:/dev/urandom
    unknown_local_recipient_reject_code = 550
    
    This is the message on the maillog:
    Feb 21 21:42:00 myserver postfix/smtp[23403]: D8C66C28008: to=<[email protected]>, relay=none, delay=0.2, delays=0.19/0.01/0/0, dsn=4.3.5, status=deferred (mail for mail.mydomain.com loops back to myself)

    If I delete the config row: relayhost = mail.mydomain.com it works! But in the header inside the email received in the GMAIL service I can see this message:

    Received-SPF: neutral (google.com: xxx.xxx.xxx.xxx is neither permitted nor denied by best guess record for domain of [email protected]) client-ip= xxx.xxx.xxx.xxx;

    Where xxx.xxx.xxx.xxx is my IP.

    thanks
     
    Last edited: Feb 21, 2009
  11. falko

    falko Super Moderator ISPConfig Developer

    Why do you want to relay through the same server? :confused:

    Please set up an SPF record for your domain.
     
  12. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    how have I set the SPF Record by ISPConfig?
     
  13. falko

    falko Super Moderator ISPConfig Developer

Share This Page