LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-12-2009, 06:22 AM   #1
simon.unix
LQ Newbie
 
Registered: Apr 2009
Posts: 10

Rep: Reputation: 0
Red face Postfix+Dovecot error : RELAY ACCESS DENIED when send mail out to Other domain


Hi Experts,
I had configured a mail server Postfix + Dovecot on Ubuntu Server , but i got a problem when i send email to other domain : gmail , yahoo ....
Client Thurnderbird login by : u1@zeha.vn (123) , send to simon.unix@gmail.com
Message: An error occured while sending email , the mail server : 5.7.1 <simon.unix@gmail.com> Relay access denied , pls check message recipients and try again !
This is terrible time , i got 3 days but can not fix up !!!! Grugru !!!
Below is main.cf :

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.zeha.vn
mydomain= zeha.vn
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = mail.zeha.vn, localhost.zeha.vn, , localhost
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
relayhost =
#relay_domains= hash:/etc/postfix/relay_domain
relay_domains=$mydestination
#transport_maps = hash:/etc/postfix/transport
notify_classes = protocol,resource,software
#local_transport = local
#defer_transports=smtp
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.conf -n -m "${EXTENSION}"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = zeha.vn
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,permit_sasl_authenticated
broken_sasl_auth_clients = yes
#smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom


Pls advice ! Thank so much !
Simon - Jen
 
Old 09-12-2009, 03:25 PM   #2
walruz
Member
 
Registered: Aug 2009
Location: Buenos Aires
Distribution: Debian/GNU Linux
Posts: 35

Rep: Reputation: 17
Hello, Simon. Can you post some real logs on this? Use pastebin.com to do so, so we can have a better understanding on what's going on, since i don't think postfix said "pls check message recipients and try again !" :P.
Also, this will show us how the mail traverses the server. Feel free to remove IP addresses from the logs (if you're sensitive about it).
 
Old 09-13-2009, 01:05 AM   #3
simon.unix
LQ Newbie
 
Registered: Apr 2009
Posts: 10

Original Poster
Rep: Reputation: 0
Red face Postfix+Dovecot error : RELAY ACCESS DENIED when send mail out to Other domain

Quote:
Originally Posted by walruz View Post
Hello, Simon. Can you post some real logs on this? Use pastebin.com to do so, so we can have a better understanding on what's going on, since i don't think postfix said "pls check message recipients and try again !" :P.
Also, this will show us how the mail traverses the server. Feel free to remove IP addresses from the logs (if you're sensitive about it).
Thanks for your support
Postfix not show this log , it was been showed from : Thurndervird Client Email , when click send email out from MailClient
This is my log :
Sep 13 10:27:47 mail postfix/local[4519]: 81953101DB: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=240503, delays=240502/1.1/0/0.36, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail deliver(root): chdir(/root) failed: Permission denied
Sep 13 10:27:47 mail postfix/local[4526]: 8318D101DD: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=348180, delays=348179/1.3/0/0.1, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail postfix/local[4516]: E25F1101C0: to=<root@mail.zeha.vn>, relay=local, delay=402878, delays=402876/1.1/0/0.37, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail deliver(root): chdir(/root) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)
Sep 13 10:27:47 mail deliver(root): msgid=<20090910030647.5E713101E2@mail.zeha.vn>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2009-09-13 10:27:46]
Sep 13 10:27:47 mail postfix/local[4522]: 225111020D: to=<root@mail.zeha.vn>, relay=local, delay=388048, delays=388046/1.3/0/0.19, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)
Sep 13 10:27:47 mail deliver(root): msgid=<20090908114458.D5FD2101D7@mail.zeha.vn>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2009-09-13 10:27:46]
Sep 13 10:27:47 mail postfix/local[4519]: 5E713101E2: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=260460, delays=260458/1.5/0/0.45, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail postfix/local[4540]: D5FD2101D7: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=402168, delays=402167/1.5/0/0.48, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 10:27:47 mail deliver(root): chdir(/root) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)
Sep 13 10:27:47 mail deliver(root): msgid=<20090910205439.301E8101E8@mail.zeha.vn>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2009-09-13 10:27:47]
Sep 13 10:27:47 mail postfix/local[4526]: 301E8101E8: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=196388, delays=196386/1.9/0/0.27, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 11:12:45 mail postfix/qmgr[517]: BD73D1020A: from=<u1@zeha.vn>, size=632, nrcpt=2 (queue active)
Sep 13 11:12:45 mail postfix/qmgr[517]: 98789101F3: from=<u2@zeha.vn>, size=608, nrcpt=2 (queue active)
Sep 13 11:13:18 mail postfix/smtp[4937]: BD73D1020A: host gmail-smtp-in.l.google.com[209.85.222.44] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your
IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Sen
ders Guidelines. 10si1091471pzk.51 (in reply to end of DATA command)
Sep 13 11:13:18 mail postfix/smtp[4938]: 98789101F3: host gmail-smtp-in.l.google.com[209.85.222.44] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your
IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Sen
ders Guidelines. 10si1106493pzk.17 (in reply to end of DATA command)
Sep 13 11:13:50 mail postfix/smtp[4938]: 98789101F3: to=<simon.unix@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.211.64]:25, delay=403298, delays=403233/0.02/34/32, dsn=4.7.0, status=deferred (host alt1.gmail-smt
p-in.l.google.com[209.85.211.64] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent fr
om your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 38si4350078ywh.122 (in reply to end of DATA comman
d))
Sep 13 11:13:51 mail postfix/smtp[4937]: BD73D1020A: to=<simon.unix@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.211.64]:25, delay=391765, delays=391700/0.01/34/32, dsn=4.7.0, status=deferred (host alt1.gmail-smt
p-in.l.google.com[209.85.211.64] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent fr
om your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 38si4350077ywh.122 (in reply to end of DATA comman
d))
Sep 13 10:03:51 mail postfix/smtp[4320]: BD73D1020A: to=<simon.unix@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.211.78]:25, delay=387566, delays=387500/0.03/34/32, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[209.85.211.78] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 10si4193529ywh.102 (in reply to end of DATA command))
Sep 13 11:13:50 mail postfix/smtp[4938]: 98789101F3: to=<simon.unix@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.211.64]:25, delay=403298, delays=403233/0.02/34/32, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[209.85.211.64] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 38si4350078ywh.122 (in reply to end of DATA command))
Sep 13 11:13:51 mail postfix/smtp[4937]: BD73D1020A: to=<simon.unix@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[209.85.211.64]:25, delay=391765, delays=391700/0.01/34/32, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[209.85.211.64] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 38si4350077ywh.122 (in reply to end of DATA command))
Sep 13 12:47:47 mail deliver(root): chdir(/root) failed: Permission denied
Sep 13 12:47:47 mail deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
Sep 13 12:47:47 mail deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)
Sep 13 12:47:47 mail deliver(root): msgid=<20090910205439.301E8101E8@mail.zeha.vn>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2009-09-13 12:47:47]
Sep 13 12:47:47 mail postfix/local[5811]: 301E8101E8: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=204788, delays=204786/1.6/0/0.08, dsn=4.3.0, status=deferred (temporary failure)
Sep 13 13:02:58 mail dovecot: imap-login: Login: user=<u1>, method=PLAIN, rip=115.72.215.1, lip=192.168.5.13, TLS
Sep 13 13:03:46 mail postfix/smtpd[6076]: connect from unknown[115.72.215.1]
Sep 13 13:03:46 mail postfix/smtpd[6076]: NOQUEUE: reject: RCPT from unknown[115.72.215.1]: 554 5.7.1 <simon.unix@gmail.com>: Relay access denied; from=<u1@zeha.vn> to=<simon.unix@gmail.com> proto=ESMTP helo=<[10.10.10.3]>

===> Pls help me , thanks so much !
Simon Jen
 
Old 09-13-2009, 01:49 PM   #4
walruz
Member
 
Registered: Aug 2009
Location: Buenos Aires
Distribution: Debian/GNU Linux
Posts: 35

Rep: Reputation: 17
Well.. there're a couple issues here

Code:
Sep 13 11:12:45 mail postfix/qmgr[517]: BD73D1020A: from=<u1@zeha.vn>, size=632, nrcpt=2 (queue active)
Sep 13 11:13:18 mail postfix/smtp[4937]: BD73D1020A: host gmail-smtp-in.l.google.com[209.85.222.44] said: 421-4.7.0 [118.69.224.5] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your
IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Sen
ders Guidelines. 10si1091471pzk.51 (in reply to end of DATA command)
This means that GMail servers are bouncing your messages because they think it's spam. Is it spam? Do you have a dynamic IP address? Is your domain blacklisted? You should check that your computer is not an open relay and it's being used a spam gateway.

Code:
Sep 13 10:27:47 mail deliver(root): chdir(/root) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
Sep 13 10:27:47 mail deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)
I believe you're using Dovecot's LDA Delivery Agent. You should carefully read LDA's Documentation, specially the security section. This may also mean that you have some issues with the security settings or umask on root's folder.

Code:
Sep 13 12:47:47 mail postfix/local[5811]: 301E8101E8: to=<root@mail.zeha.vn>, orig_to=<postmaster>, relay=local, delay=204788, delays=204786/1.6/0/0.08, dsn=4.3.0, status=deferred (temporary failure)
This means that there's no "postmaster" user on the system (which is usually what you want) and, in order to receive those mails, you should create an alias for it (like this). The Temporary Failurse means that there was some issue while looking up the database lists.. you should read these to get an idea of how Postfix looks up an address.

Hope this helps
 
Old 09-13-2009, 11:16 PM   #5
simon.unix
LQ Newbie
 
Registered: Apr 2009
Posts: 10

Original Poster
Rep: Reputation: 0
hi ,
i am using a statis IP !
I will try more but i not clear on this
"You should check that your computer is not an open relay and it's being used a spam gateway."

THanks
Simon - Jen
 
Old 09-16-2009, 07:37 AM   #6
simon.unix
LQ Newbie
 
Registered: Apr 2009
Posts: 10

Original Poster
Rep: Reputation: 0
Hi Walruz!
My problem with Gmail just one of various domain i will use for staff email communication (gmail , yahoo , msn , me.com , mac.com , simplesolutions.vn , .....)
If i can fix gmail problem how can we fix other !!!
Pls advice me , i really need help !
THanks
Simon
 
Old 09-16-2009, 10:54 AM   #7
walruz
Member
 
Registered: Aug 2009
Location: Buenos Aires
Distribution: Debian/GNU Linux
Posts: 35

Rep: Reputation: 17
Hello there, Simon

As i've told you before, you should check that your mail server is not an open relay. An open relay is a mail server that requires no authentication (wether it is SASL, TLS or other means) for mail sending/forwarding and enables spammers to use it as a spam gateway. Be certain that if you don't have an authentication method, spammers may be using it.
Gmail, and other mail services, and ISPs, use assorted blacklisting methods. If your mail server was used for spamming, it's surely blacklisted.
Try checking Spamhaus, Spamcop & MX Tool Box to check if your IP is blacklisted.
Try contacting hotmail, gmail & yahoo through their postmaster@ mail address and, politely, ask for removal.
Before doing this, you should be 100% that your server is correctly configured and is not a spam gateway, since if they remove you from the blacklist and your server keeps on spamming, they will enforce the ban not only for your IP address, but for your domains, etc.

You should read Postfix's documentation, which is vast & helpful, specially this section, which will give you some tips on how to enforce authentication.
 
  


Reply

Tags
access, denied, dovecot, mail, postfix, relay


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix Relay access denied outgoing mail alitrix Linux - Server 2 06-14-2008 03:38 PM
Postfix "Relay access denied" cant send to other domain Proxx Linux - Server 6 01-11-2008 09:10 AM
Postfix: Relay access denied whenever sending e-mail Doug52392 Linux - Server 1 11-11-2007 04:21 AM
Postfix as a mail relay (getting relay access denied) hypexr Linux - Software 3 09-13-2005 07:15 PM
Postfix error - Recipient address rejected: Relay access denied robbiemorgan Linux - Newbie 1 10-01-2004 03:57 AM


All times are GMT -5. The time now is 05:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration