LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-19-2012, 06:38 AM   #1
Gargravarr2112
LQ Newbie
 
Registered: Jul 2011
Distribution: Debian
Posts: 13

Rep: Reputation: Disabled
Postfix: SMTP Relay Access Denied with external auth'd clients


Hi all,

I successfully set up a mail server for my domain yesterday. Everything works fine from within the LAN; clients can connect to the server via IMAP/SMTP and send and receive mail. I've even set up SSL and DNS so I can send and receive mail externally, but this is giving me a problem. I'm receiving 'Relay Access Denied' when I connect with an external client (Thunderbird or Email on my Android phone). All Google seems to tell me is that I've got some kind of restriction in place, but I have Postfix configured to allow SASL authenticated users SMTP access, and I'm logged into the server properly from what I can tell (no SASL auth errors in the mail logs). Postfix is configured to use Dovecot's SASL auth methods, and I'm connecting externally via port 465 using SSL.

My logs look like this every time I try to send mail externally. I should add that I can receive it externally.
Code:
Jan 19 12:23:17 Excalibur postfix/smtpd[20879]: connect from <hostname>[<remote IP>]
Jan 19 12:23:18 Excalibur postfix/smtpd[20879]: NOQUEUE: reject: RCPT from <hostname>[<remote IP>]: 554 5.7.1 <<destination GMail>>: Relay access denied; from=<<domain email>> to=<<destination GMail> proto=ESMTP helo=<<hostname>>
My Postfix main.cf looks like this:
Code:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = mydomain.co.uk
smtpd_recepient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destrination
smtpd_sasl_security_options = noanonymous

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/QPR/qpr.pem
smtpd_tls_key_file=/etc/ssl/certs/QPR/ca.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

myhostname = myhostname.mydomain.co.uk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mydomain.co.uk, myinternallan.net, localhost.myinternallan, localhost
relayhost = 
mynetworks = 127.0.0.0/8, 192.168.1.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 10737418240
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
Have I missed something? Any hints would be greatly appreciated.
Cheers,
Gargravarr
 
Old 01-19-2012, 07:59 AM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
first, check your spelling (smtpd_recepient_restrictions). if this typo does not appear in your postfix config, then check to make sure your client is really authenticating. an sasl-authenticated client looks like this:
Code:
Jan 18 23:42:09 host postfix/smtpd[28697]: C18816686A: client=unknown[xxx.xxx.xxx.xxx], sasl_method=PLAIN, sasl_username=user@example.com
as a sidenote, if you use PLAIN authentication, you might consider adding "smtpd_tls_auth_only = yes" (and make the correspoding adjustment to the clients) to prevent anyone from transmitting the password in the clear.
 
1 members found this post helpful.
Old 01-19-2012, 08:29 AM   #3
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
I could only point you to some how-to's on SMTP Auth and relaying

- SMTP Authentication with Postfix
- postfix relay
- smtp auth mailservers

good luck, I know mail server is a lot of mastering to set up.

Last edited by lithos; 01-19-2012 at 08:34 AM.
 
Old 02-12-2012, 08:29 AM   #4
Gargravarr2112
LQ Newbie
 
Registered: Jul 2011
Distribution: Debian
Posts: 13

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Berhanie View Post
first, check your spelling (smtpd_recepient_restrictions). if this typo does not appear in your postfix config, then check to make sure your client is really authenticating. an sasl-authenticated client looks like this:
Code:
Jan 18 23:42:09 host postfix/smtpd[28697]: C18816686A: client=unknown[xxx.xxx.xxx.xxx], sasl_method=PLAIN, sasl_username=user@example.com
as a sidenote, if you use PLAIN authentication, you might consider adding "smtpd_tls_auth_only = yes" (and make the correspoding adjustment to the clients) to prevent anyone from transmitting the password in the clear.
*facepalm*

I do not believe this one eluded me for so long. Even though you highlighted it, it didn't immediately register - I thought you were suggesting the correct spelling!

As soon as I put in 'recipient' it worked.

Thanks for your help!
 
  


Reply

Tags
postfix


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix relay to ISP's auth smtp server henkie32 Linux - Server 5 08-30-2012 03:20 AM
POSTFIX & SMTP Relay Denied pau_kacang Slackware 4 03-29-2010 07:37 AM
Relay access denied while sending from external mail clients spokz Linux - Server 2 11-16-2008 08:47 AM
Postfix returns "Relay Access Denied (smtp code 554)" bornfree Linux - Server 3 09-30-2008 11:01 AM
Postfix as a mail relay (getting relay access denied) hypexr Linux - Software 3 09-13-2005 07:15 PM


All times are GMT -5. The time now is 10:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration