1 (edited by vmos 2013-09-02 21:53:43)

Topic: SOLVED - 554 5.7.1 Relay access denied

==== Required information ====
- iRedMail version: 0.8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Linux/BSD distribution name and version: ubuntu 13.04
- Related log if you're reporting an issue: Aug 29 22:40:29 core-01-mail postfix/smtpd[10120]: NOQUEUE: reject: RCPT from AAAAAAAAA.com[199.9.9.9]: 554 5.7.1 <AAAAAAAAA@gmail.com>: Relay access denied; from=<test@mydomain.com> to=<AAAAAAA@gmail.com> proto=ESMTP helo=<[192.168.4.15]>

====

Hello, I'm having a bit of a head scratcher here, basically I can't send mail. I can send mail to other domains on the same server, but not external. I can send using sogo, but not roundcube (although I don't think that's related) Right now I'm focussing on testing with a mail client and telnet. Just over port 25 for now with no ssl or tls or anything.
Here's my telnet sequence

telnet myserver 25
Trying myserver...
Connected to myserver.net
Escape character is '^]'.
220 ************************************
ehlo blah
250-core-01-mail.myserver.net
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-XXXXXXXA
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
dGVzdEBqYXlmaXR6c2ltbW9ASDFb20=
334 UGFzc3dvcmQ6
dGVzdDE=
235 2.7.0 Authentication successful
mail from:<test@mydomain.com>
250 2.1.0 Ok
rcpt to:<AAAAAAAAA@gmail.com>
554 5.7.1 <AAAAAAAA@gmail.com>: Relay access denied

Everything is fine up until I put the recipient in, I also get a similar error with the mail client.

As I understand it, it's the smptd recipient restrictions that control who can send out, but I don't see anything wrong with this.

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Does anyone have any other suggestions?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SOLVED - 554 5.7.1 Relay access denied

1) Show us output of command "postconf -n" to help troubleshoot.
2) Did you modify any Postfix settings?

3

Re: SOLVED - 554 5.7.1 Relay access denied

here it is

 # See /usr/share/postfix/main.cf.dist for a commented, more complete version
  smtpd_banner = $myhostname ESMTP $mail_name
  biff = no
  # appending .domain is the MUA's job.
  append_dot_mydomain = no
  # Uncomment the next line to generate "delayed mail" warnings
  #delay_warning_time = 4h
  myhostname = core-01-mail.mydomain.net
  alias_maps = hash:/etc/postfix/aliases
  alias_database = hash:/etc/postfix/aliases
  mydestination =  $myhostname, localhost, localhost.localdomain, localhost.$myhostname
  relayhost =
  mynetworks = 127.0.0.0/8
  mailbox_command = /usr/lib/dovecot/deliver
  mailbox_size_limit = 0
  recipient_delimiter = +
  inet_interfaces = all
  # debug_peer_list = all
  ######trying to get send-proxy working
  postscreen_upstream_proxy_protocol = haproxy
  #######
  inet_protocols = ipv4
  virtual_alias_domains =
  myorigin = core-01-mail.mydomain.net
  allow_percent_hack = no
  swap_bangpath = no
  mydomain = mydomain.net
  mynetworks_style = host
  smtpd_data_restrictions = reject_unauth_pipelining
  smtpd_reject_unlisted_recipient = yes
  smtpd_reject_unlisted_sender = yes
  smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
  delay_warning_time = 0h
  maximal_queue_lifetime = 4h
  bounce_queue_lifetime = 4h
  proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
  smtp_data_init_timeout = 240s
  smtp_data_xfer_timeout = 600s
  smtpd_helo_required = yes
  smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
  queue_run_delay = 300s
  minimal_backoff_time = 300s
  maximal_backoff_time = 4000s
  enable_original_recipient = no
  disable_vrfy_command = yes
  home_mailbox = Maildir/
  allow_min_user = no
  message_size_limit = 15728640
  virtual_minimum_uid = 2000
  virtual_uid_maps = static:2000
  virtual_gid_maps = static:2000
  virtual_mailbox_base = /data/vmail
  transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
  virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
  virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
  virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
  sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
  recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
  relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
  smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
  smtpd_sasl_auth_enable = yes
  smtpd_sasl_local_domain =
  broken_sasl_auth_clients = yes
  smtpd_sasl_security_options = noanonymous
  smtpd_sasl_authenticated_header = no

  smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
  smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
  smtpd_tls_security_level = may
  smtpd_tls_loglevel = 0
  smtpd_tls_key_file = /etc/ssl/wildcard.mydomain.net/wildcard.mydomain.net.key
  smtpd_tls_cert_file = /etc/ssl/wildcard.mydomain.net/wildcard.mydomain.net.crt
  smtpd_tls_CAfile = /etc/ssl/wildcard.mydomain.net/intermediate-ca.crt
  tls_random_source = dev:/dev/urandom
  virtual_transport = dovecot
  dovecot_destination_recipient_limit = 1
  smtpd_sasl_type = dovecot
  smtpd_sasl_path = ./dovecot-auth
  content_filter = smtp-amavis:[127.0.0.1]:10024
  smtp-amavis_destination_recipient_limit = 1

I'm using haproxy in front of this, so i added this

  postscreen_upstream_proxy_protocol = haproxy

and this to master.cf
smtp    inet    n       -       n       -       1       postscreen
smtpd   pass    -       -       n       -       -       smtpd

but apart from that and the certificates, no other changes

4 (edited by brainsage 2019-09-13 18:54:34)

Re: SOLVED - 554 5.7.1 Relay access denied

==== Required information ====
- iRedMail version: 0.8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Linux/BSD distribution name and version: ubuntu 13.04
- Related log if you're reporting an issue: Aug 29 22:40:29 core-01-mail https://writemyessaytoday.net/postfix/smtpd[10120]: NOQUEUE: reject: RCPT from AAAAAAAAA.com[199.9.9.9]: 554 5.7.1 <AAAAAAAAA@gmail.com>: Relay access denied; from=<test@mydomain.com> to=<AAAAAAA@gmail.com> proto=ESMTP helo=<[192.168.4.15]>

====

Hello, I'm having a bit of a head scratcher here, basically I can't send mail. I can send mail to other domains on the same server, but not external. I can send using sogo, but not roundcube (although I don't think that's related) Right now I'm focussing on testing with a mail client and telnet. Just over port 25 for now with no ssl or tls or anything.
Here's my telnet sequence

I managed to solve this issue. To send to all domains, you need to change the port to smtp to 2525 rather than  587 or 25. If you need to receive from all domains, perform the following:

/opt/iredapd/tools/wblist_admin.py  wblist_admin.py --add --whitelist @.
It may be an incorrect DNS record like the problem was mentioned here: https://forum.iredmail.org/topic13036-i … omain.html