Postfix returns "Relay Access Denied (smtp code 554)"

bornfree · 09-29-2008, 11:41 PM

Dear Experts
i am having trouble setting up an antispam system for my mail server. here is my situation.
i have a mail server running on novell groupwise, it is hosting 2 different domains.
now i wan to implement an antispam system for it, on CentOS 5.2. the CentOS is created on a virtual box using vmware, with 30gb of free space and 256mb ram. on the centos hosts postfix, mailscanner, spamassassin and clamav.
i manage to install these components without any problem. after the setup, from the local network, i can telnet into the antispam and send a test mail. if i telnet from an external location, it will give me the error message at the "rcpt to:test@example.com" saying relay access denied.

below is the settings of my /etc/postfix.main.cf

Code:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = antispam.example.com
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
local_recipient_maps =
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
luser_relay = $user@mailserver

debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
header_checks = regexp:/etc/postfix/header_checks
transport_maps = hash:/etc/postfix/transport

there is a firewall(shorewall) to divert the mail to the antispam server. for now the mails are directed into the mail server.

i am not sure what more information you need. feel free to ask me.

Thanks a million!

Mr. C. · 09-30-2008, 12:47 AM

Show postconf -n output please, and the actual log message(s) relevant to the problem.

bornfree · 09-30-2008, 03:29 AM

Dear Mr C.
output of postconf -n

Code:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
local_recipient_maps =
luser_relay = $user@10.10.10.3
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = antispam.example.com
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550

this is the error message from my email to the antispam

Code:

Sep 28 04:18:12 antispam postfix/smtp[17126]: connect to mx.domain.com[202.186.166.226]: Connection refused (port 25)
Sep 28 04:18:12 antispam postfix/smtp[17125]: connect to mx.domain.com[202.186.166.226]: Connection refused (port 25)
Sep 28 04:18:13 antispam postfix/smtp[17125]: E70823000CD: to=<jason@domain.com>, relay=none, delay=126712, delays=126701/0.24/11/0, dsn=4.4.1, status=deferred (connect to mx.domain.com[202.186.166.226]: Connection refused)
Sep 28 04:18:13 antispam postfix/smtp[17126]: B3B8F3000C8: to=<jason@domain.com>, relay=none, delay=127057, delays=127046/0.1/11/0, dsn=4.4.1, status=deferred (connect to mx.domain.com[202.186.166.226]: Connection refused)

also i found it kept generating the following every 2-3 seconds.. and my maillog on the antispam is growing very fast..and now it grew to over 800k lines.

Code:

Sep 28 04:18:19 antispam MailScanner[17141]: Using SpamAssassin results cache
Sep 28 04:18:19 antispam MailScanner[17141]: Connected to SpamAssassin cache database
Sep 28 04:18:19 antispam MailScanner[17141]: Enabling SpamAssassin auto-whitelist functionality...
Sep 28 04:18:21 antispam MailScanner[17141]: Using locktype = flock
Sep 28 04:18:21 antispam MailScanner[17141]: New Batch: Scanning 1 messages, 15465 bytes
Sep 28 04:18:21 antispam MailScanner[17141]: Spam Checks: Starting
Sep 28 04:18:24 antispam MailScanner[17146]: MailScanner E-Mail Virus Scanner version 4.64.3 starting...
Sep 28 04:18:24 antispam MailScanner[17146]: Read 850 hostnames from the phishing whitelist
Sep 28 04:18:24 antispam MailScanner[17146]: Read 5139 hostnames from the phishing blacklist
Sep 28 04:18:24 antispam MailScanner[17146]: Config: calling custom init function SQLBlacklist
Sep 28 04:18:24 antispam MailScanner[17146]: Config: calling custom init function MailWatchLogging
Sep 28 04:18:24 antispam MailScanner[17146]: Started SQL Logging child
Sep 28 04:18:24 antispam MailScanner[17146]: Config: calling custom init function SQLWhitelist
Sep 28 04:18:24 antispam MailScanner[17146]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp

is this normal?

Thank you very much!!

Mr. C. · 09-30-2008, 11:01 AM

Ok, so we need to see the log message and postconf -n from the antispam machine,
as that is the machine doing the rejecting. The actual connection was refused, so
something on your system is disallowing the postfix smtp client from even making the connection.

The mailscanner (startup) messages you see in the log file every 2 - 3 seconds might be the result of:

http://forums.theplanet.com/index.php?showtopic=88194
or
http://lists.mailscanner.info/piperm...er/078532.html