"Relay acces denied" when trying to send an email to the host (postfix)

ellion0815 · 03-13-2008, 08:06 PM

Hi there,

I found a lot of sites regarding "relay access denied", but nothing for this particular problem. Which is as follows:

Im using postfix and dovecot with virtual users and domains stored in a mysql-db. Reading mails via imap and pop3 aswell as sending mails to other hosts works like a charm with my mail client. What doesnt is sending mails to my host from another smtp server. Then I get "relay access denied". Using telnet on localhost and using anything for "mail from" and an existing virtual user as rcpt to works. I just cant figure out why. mail.log doesnt say anything about this, clearing it and then sending a mail doesnt append any line

My postfix config looks like this:

Code:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = lvps87-230-92-40.dedicated.hosteurope.de, localhost
myhostname = lvps87-230-94-105.dedicated.hosteurope.de
mynetworks = 127.0.0.0/8, 87.230.94.105/32
myorigin = /etc/mailname
recipient_delimiter = +
relayhost = localhost
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.pem
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000

I thought reject_unauth_destination in smtpd_recipient_restrictions should allow any mails for any exisiting virtual user. The user definetly exists and using telnet on localhost does this job fine, just with a mail client from outside it doesnt

Im tired as hell so I guess Im missing something here, hope you can point me to the right direction

Thanks in advance,
daniel

billymayday · 03-13-2008, 08:37 PM

I'm not sure if this is part of the problem, but why did you set relayhost=localhost? I'd comment that line out.

ellion0815 · 03-14-2008, 04:56 AM

ah no, that was just one of my desperate tries yesterday

Disregard that

billymayday · 03-14-2008, 05:08 AM

OK, so what's with virtual transport = dovecot?

Dovecot is an imap/pop server, not a transfer agent

billymayday · 03-14-2008, 05:10 AM

While you're at it, have a good read of http://www.postfix.org/VIRTUAL_README.html

datopdog · 03-14-2008, 05:14 AM

Am guessing the domains are not being pulled from the sql database.

ellion0815 · 03-14-2008, 05:21 AM

Quote:

Originally Posted by billymayday

OK, so what's with virtual transport = dovecot?

Dovecot is an imap/pop server, not a transfer agent

No, you can use dovecot for delivering. I put this into my master.cf
"dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}"

As I said, sending and receiving works, sending mails to my host jsut works locally, so it has to be something about virtual_domains I guess. Im currently making a hashfile out of it to check.

My mysql-virtual-mailbox-domains.cf:

Code:

# mysql connection stuff
query = SELECT 1 FROM virtual_domains WHERE name='%s'

and mysql-virtual-alias-domains.cf:

Code:

query = SELECT 1 FROM virtual_domains WHERE name='%s'

It seems like postfix thinks it isnt responsible for this domain, however, querying these with postmap -q works

billymayday · 03-14-2008, 05:57 AM

Fair cop on the dovecot - you learn something every day

ellion0815 · 03-14-2008, 07:31 AM

aargh - okay, forget it. I was definetly too tired yesterday. Wasnt a postfix or dovecot issue, I forgt the mx entries for my domains

sorry for the inconvenience :/

trickykid · 03-14-2008, 08:23 AM

Quote:

Originally Posted by ellion0815

aargh - okay, forget it. I was definetly too tired yesterday. Wasnt a postfix or dovecot issue, I forgt the mx entries for my domains

sorry for the inconvenience :/

Doh! That should always be the first step. Setup Mailserver, dig domain.com MX to verify the MX records, then proceed with testing..

ellion0815 · 03-14-2008, 08:27 AM

The stupidest part about this is: I have about 100 mailer daemon mails in my inbox which say in the last line:

Quote:

Remote-MTA: dns; mx00.udag.de

well, that isnt my host ......

At least you people have a good laugh