LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Postfix+Dovecot error : RELAY ACCESS DENIED when send mail out to Other domain (http://www.linuxquestions.org/questions/linux-networking-3/postfix-dovecot-error-relay-access-denied-when-send-mail-out-to-other-domain-754613/)

simon.unix 09-12-2009 07:22 AM

Postfix+Dovecot error : RELAY ACCESS DENIED when send mail out to Other domain
 
Hi Experts,
I had configured a mail server Postfix + Dovecot on Ubuntu Server , but i got a problem when i send email to other domain : gmail , yahoo ....
Client Thurnderbird login by : u1@zeha.vn (123) , send to simon.unix@gmail.com
Message: An error occured while sending email , the mail server : 5.7.1 <simon.unix@gmail.com> Relay access denied , pls check message recipients and try again !
This is terrible time , i got 3 days but can not fix up !!!! Grugru !!!
Below is main.cf :

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.zeha.vn
mydomain= zeha.vn
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = mail.zeha.vn, localhost.zeha.vn, , localhost
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
relayhost =
#relay_domains= hash:/etc/postfix/relay_domain
relay_domains=$mydestination
#transport_maps = hash:/etc/postfix/transport
notify_classes = protocol,resource,software
#local_transport = local
#defer_transports=smtp
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.conf -n -m "${EXTENSION}"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = zeha.vn
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,permit_sasl_authenticated
broken_sasl_auth_clients = yes
#smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom


Pls advice ! Thank so much !
Simon - Jen

walruz 09-12-2009 04:25 PM

Hello, Simon. Can you post some real logs on this? Use pastebin.com to do so, so we can have a better understanding on what's going on, since i don't think postfix said "pls check message recipients and try again !" :P.
Also, this will show us how the mail traverses the server. Feel free to remove IP addresses from the logs (if you're sensitive about it).

simon.unix 09-13-2009 02:05 AM

Postfix+Dovecot error : RELAY ACCESS DENIED when send mail out to Other domain
 
Quote:

Originally Posted by walruz (Post 3680322)
Hello, Simon. Can you post some real logs on this? Use pastebin.com to do so, so we can have a better understanding on what's going on, since i don't think postfix said "pls check message recipients and try again !" :P.
Also, this will show us how the mail traverses the server. Feel free to remove IP addresses from the logs (if you're sensitive about it).

Thanks for your support
Postfix not show this log , it was been showed from : Thurndervird Client Email , when click send email out from MailClient
This is my log :
Sep 13 10:27:47 mail postfix/local[4519]: 81953101DB: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=240503, delays=240502/1.1/0/0.36, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail deliver(root): chdir(/root) failed: Permission denied
Sep 13 10:27:47 mail postfix/local[4526]: 8318D101DD: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=348180, delays=348179/1.3/0/0.1, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail postfix/local[4516]: E25F1101C0: to=<root@mail.zeha.vn>, relay=local, delay=402878, delays=402876/1.1/0/0.37, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail deliver(root): chdir(/root) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)
Sep 13 10:27:47 mail deliver(root): msgid=<20090910030647.5E713101E2@mail.zeha.vn>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2009-09-13 10:27:46]
Sep 13 10:27:47 mail postfix/local[4522]: 225111020D: to=<root@mail.zeha.vn>, relay=local, delay=388048, delays=388046/1.3/0/0.19, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)
Sep 13 10:27:47 mail deliver(root): msgid=<20090908114458.D5FD2101D7@mail.zeha.vn>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2009-09-13 10:27:46]
Sep 13 10:27:47 mail postfix/local[4519]: 5E713101E2: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=260460, delays=260458/1.5/0/0.45, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail postfix/local[4540]: D5FD2101D7: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=402168, delays=402167/1.5/0/0.48, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail deliver(root): chdir(/root) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)
Sep 13 10:27:47 mail deliver(root): msgid=<20090910205439.301E8101E8@mail.zeha.vn>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2009-09-13 10:27:47]
Sep 13 10:27:47 mail postfix/local[4526]: 301E8101E8: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=196388, delays=196386/1.9/0/0.27, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 11:12:45 mail postfix/qmgr[517]: BD73D1020A: from=<u1@zeha.vn>, size=632, nrcpt=2 (queue active)
Sep 13 11:12:45 mail postfix/qmgr[517]: 98789101F3: from=<u2@zeha.vn>, size=608, nrcpt=2 (queue active)
Sep 13 11:13:18 mail postfix/smtp[4937]: BD73D1020A: host gmail-smtp-in.l.google.com[209.85.222.44] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your
IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Sen
ders Guidelines. 10si1091471pzk.51 (in reply to end of DATA command)
Sep 13 11:13:18 mail postfix/smtp[4938]: 98789101F3: host gmail-smtp-in.l.google.com[209.85.222.44] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your
IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Sen
ders Guidelines. 10si1106493pzk.17 (in reply to end of DATA command)
Sep 13 11:13:50 mail postfix/smtp[4938]: 98789101F3: to=<simon.unix@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.211.64]:25, delay=403298, delays=403233/0.02/34/32, dsn=4.7.0, status=deferred (host alt1.gmail-smt
p-in.l.google.com[209.85.211.64] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent fr
om your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 38si4350078ywh.122 (in reply to end of DATA comman
d))
Sep 13 11:13:51 mail postfix/smtp[4937]: BD73D1020A: to=<simon.unix@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.211.64]:25, delay=391765, delays=391700/0.01/34/32, dsn=4.7.0, status=deferred (host alt1.gmail-smt
p-in.l.google.com[209.85.211.64] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent fr
om your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 38si4350077ywh.122 (in reply to end of DATA comman
d))
Sep 13 10:03:51 mail postfix/smtp[4320]: BD73D1020A: to=<simon.unix@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.211.78]:25, delay=387566, delays=387500/0.03/34/32, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[209.85.211.78] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 10si4193529ywh.102 (in reply to end of DATA command))
Sep 13 11:13:50 mail postfix/smtp[4938]: 98789101F3: to=<simon.unix@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.211.64]:25, delay=403298, delays=403233/0.02/34/32, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[209.85.211.64] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 38si4350078ywh.122 (in reply to end of DATA command))
Sep 13 11:13:51 mail postfix/smtp[4937]: BD73D1020A: to=<simon.unix@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.211.64]:25, delay=391765, delays=391700/0.01/34/32, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[209.85.211.64] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 38si4350077ywh.122 (in reply to end of DATA command))
Sep 13 12:47:47 mail deliver(root): chdir(/root) failed: Permission denied
Sep 13 12:47:47 mail deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
Sep 13 12:47:47 mail deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)
Sep 13 12:47:47 mail deliver(root): msgid=<20090910205439.301E8101E8@mail.zeha.vn>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2009-09-13 12:47:47]
Sep 13 12:47:47 mail postfix/local[5811]: 301E8101E8: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=204788, delays=204786/1.6/0/0.08, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 13:02:58 mail dovecot: imap-login: Login: user=<u1>, method=PLAIN, rip=115.72.215.1, lip=192.168.5.13, TLS
Sep 13 13:03:46 mail postfix/smtpd[6076]: connect from unknown[115.72.215.1]
Sep 13 13:03:46 mail postfix/smtpd[6076]: NOQUEUE: reject: RCPT from unknown[115.72.215.1]: 554 5.7.1 <simon.unix@gmail.com>: Relay access denied; from=<u1@zeha.vn> to=<simon.unix@gmail.com> proto=ESMTP helo=<[10.10.10.3]>

===> Pls help me , thanks so much !
Simon Jen

walruz 09-13-2009 02:49 PM

Well.. there're a couple issues here

Code:

Sep 13 11:12:45 mail postfix/qmgr[517]: BD73D1020A: from=<u1@zeha.vn>, size=632, nrcpt=2 (queue active)
Sep 13 11:13:18 mail postfix/smtp[4937]: BD73D1020A: host gmail-smtp-in.l.google.com[209.85.222.44] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your
IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Sen
ders Guidelines. 10si1091471pzk.51 (in reply to end of DATA command)

This means that GMail servers are bouncing your messages because they think it's spam. Is it spam? Do you have a dynamic IP address? Is your domain blacklisted? You should check that your computer is not an open relay and it's being used a spam gateway.

Code:

Sep 13 10:27:47 mail deliver(root): chdir(/root) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)

I believe you're using Dovecot's LDA Delivery Agent. You should carefully read LDA's Documentation, specially the security section. This may also mean that you have some issues with the security settings or umask on root's folder.

Code:

Sep 13 12:47:47 mail postfix/local[5811]: 301E8101E8: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=204788, delays=204786/1.6/0/0.08, dsn=4.3.0, status=deferred (temporary failure)
This means that there's no "postmaster" user on the system (which is usually what you want) and, in order to receive those mails, you should create an alias for it (like this). The Temporary Failurse means that there was some issue while looking up the database lists.. you should read these to get an idea of how Postfix looks up an address.

Hope this helps :)

simon.unix 09-14-2009 12:16 AM

hi ,
i am using a statis IP !
I will try more but i not clear on this
"You should check that your computer is not an open relay and it's being used a spam gateway."

THanks
Simon - Jen

simon.unix 09-16-2009 08:37 AM

Hi Walruz!
My problem with Gmail just one of various domain i will use for staff email communication (gmail , yahoo , msn , me.com , mac.com , simplesolutions.vn , .....)
If i can fix gmail problem how can we fix other !!!
Pls advice me , i really need help !
THanks
Simon

walruz 09-16-2009 11:54 AM

Hello there, Simon

As i've told you before, you should check that your mail server is not an open relay. An open relay is a mail server that requires no authentication (wether it is SASL, TLS or other means) for mail sending/forwarding and enables spammers to use it as a spam gateway. Be certain that if you don't have an authentication method, spammers may be using it.
Gmail, and other mail services, and ISPs, use assorted blacklisting methods. If your mail server was used for spamming, it's surely blacklisted.
Try checking Spamhaus, Spamcop & MX Tool Box to check if your IP is blacklisted.
Try contacting hotmail, gmail & yahoo through their postmaster@ mail address and, politely, ask for removal.
Before doing this, you should be 100% that your server is correctly configured and is not a spam gateway, since if they remove you from the blacklist and your server keeps on spamming, they will enforce the ban not only for your IP address, but for your domains, etc.

You should read Postfix's documentation, which is vast & helpful, specially this section, which will give you some tips on how to enforce authentication.


All times are GMT -5. The time now is 09:41 PM.