Relay access denied

25 posts / 0 new
Last post
#1 Fri, 11/21/2008 - 22:26
PaulSommer

Relay access denied

I thought I'd submitted a question on this before, but since I can't list topics I've authored, I can't seem to find it.

I'm sending from an external location. Things connect with postfix, but the message is rejected with "Relay access denied".

However, the account 'ezms' does in fact exist within the 'ez-ms.com' domain and the user is setup to have mail delivered to a local mailbox.

The directory /home/ezms/Maildir exists, but I have no idea what I'm looking for in postfix.

Also, in VM, the Edit Mailbox page keeps putting 'ezms' into the 'Additional Email Addresses' textbox but when I save it doesn't like it. So I remove it and it saves but next time I open it it's back again.

Here's info from maillog if anyone can help.

tony

[code:1] Nov 22 00:15:31 linux1 postfix/smtpd[16836]: connect from sterling-imail2.sterlink.net[199.108.225.98] Nov 22 00:15:31 linux1 postfix/smtpd[16836]: NOQUEUE: reject: RCPT from sterling-imail2.sterlink.net[199.108.225.98]: 554 5.7.1 <ezms@ez-ms.com>: Relay access denied; from=<tonyb@1sit.com> to=<ezms@ez-ms.com> proto=ESMTP helo=<sterling.net> Nov 22 00:15:31 linux1 postfix/smtpd[16836]: disconnect from sterling-imail2.sterlink.net[199.108.225.98] [/code:1]

Tue, 02/06/2007 - 09:55
ConRadical

make sure in your mail client you have the setting for &quot;out going mail server requires authentication&quot;

Tue, 02/06/2007 - 09:56
ConRadical

I mean, make sure that setting is checked. Same as the incoming server.

Tue, 02/06/2007 - 13:59
Joe
Joe's picture

Hey Paul,

No need to wait around for 6 weeks! We're always happy to help, and we can usually fix this kind of thing for you in a few minutes.

You haven't mentioned what OS this is running on, so I can't be specific about how to fix it...but the problem is definitely that SMTP authentication isn't working (or you haven't enabled it in the client as Conrad mentioned.

There is a known bug in the Debian/Ubuntu installer for setting up this feature (Debian/Ubuntu chroot postfix, which makes the configuration a bit trickier--the next release of virtualmin-base will handle the setup correctly, though folks already installed will need to run a script or set it up manually--that solution will be posted in the news soon), but I believe it is handled correctly on all other supported systems.

--

Check out the forum guidelines!

Thu, 02/08/2007 - 16:38 (Reply to #4)
PaulSommer

You see me ashamed :-(
Authentication was disabled in the mail client.

Unfortunately, when enabled it leads straight to the next problem:

Now, my mail-client says:

* Connecting to SMTP server: lvps87-230-11-195.dedicated.hosteurope.de ...
[[23:29:47]] SMTP&lt; 220 lvps87-230-11-195.dedicated.hosteurope.de ESMTP Postfix (Debian/GNU)
[[23:29:47]] ESMTP&gt; EHLO localhost.localdomain
[[23:29:47]] ESMTP&lt; 250-lvps87-230-11-195.dedicated.hosteurope.de
[[23:29:47]] ESMTP&lt; 250-PIPELINING
[[23:29:47]] ESMTP&lt; 250-SIZE 10240000
[[23:29:47]] ESMTP&lt; 250-VRFY
[[23:29:47]] ESMTP&lt; 250-ETRN
[[23:29:47]] ESMTP&lt; 250-STARTTLS
[[23:29:47]] ESMTP&lt; 250-ENHANCEDSTATUSCODES
[[23:29:47]] ESMTP&lt; 250-8BITMIME
[[23:29:47]] ESMTP&lt; 250 DSN
** SMTP AUTH not available
[[23:29:47]] ESMTP&gt; STARTTLS
[[23:29:47]] ESMTP&lt; 220 2.0.0 Ready to start TLS
[[23:29:47]] ESMTP&gt; EHLO localhost.localdomain
[[23:29:47]] ESMTP&lt; 250-lvps87-230-11-195.dedicated.hosteurope.de
[[23:29:47]] ESMTP&lt; 250-PIPELINING
[[23:29:47]] ESMTP&lt; 250-SIZE 10240000
[[23:29:47]] ESMTP&lt; 250-VRFY
[[23:29:47]] ESMTP&lt; 250-ETRN
[[23:29:47]] ESMTP&lt; 250-ENHANCEDSTATUSCODES
[[23:29:47]] ESMTP&lt; 250-8BITMIME
[[23:29:47]] ESMTP&lt; 250 DSN
** SMTP AUTH not available
[[23:29:47]] ESMTP&gt; MAIL FROM:&lt;lvps87-230-11-195@lvps87-230-11-195.dedicated.hosteurope.de&gt; SIZE=399
[[23:29:47]] SMTP&lt; 250 2.1.0 Ok
[[23:29:47]] SMTP&gt; RCPT TO:&lt;newsreply@web.de&gt;
[[23:29:47]] SMTP&lt; 554 5.7.1[newsreply@web.de&gt;: Relay access denied
** error occurred on SMTP session
*** Error occurred while sending the message:
554 5.7.1[newsreply@web.de&gt;: Relay access denied

Postfix says:

Feb 8 23:36:35 lvps87-230-11-195 postfix/smtpd[[23760]]: connect from p5481A031.dip0.t-ipconnect.de[[84.129.160.49]]
Feb 8 23:36:36 lvps87-230-11-195 postfix/trivial-rewrite[[23763]]: warning: do not list domain lvps87-230-11-195.dedicated.hosteurope.de in BOTH mydestination and virtual_alias_domains
Feb 8 23:36:36 lvps87-230-11-195 postfix/smtpd[[23760]]: NOQUEUE: reject: RCPT from p5481A031.dip0.t-ipconnect.de[[84.129.160.49]]: 554 5.7.1[newsreply@web.de&gt;: Relay access denied; from=&lt;lvps87-230-11-195@lvps87-230-11-195.dedicated.hosteurope.de&gt; to=&lt;newsreply@web.de&gt; proto=ESMTP helo=&lt;localhost.localdomain&gt;
Feb 8 23:36:36 lvps87-230-11-195 postfix/smtpd[[23760]]: lost connection after RCPT from p5481A031.dip0.t-ipconnect.de[[84.129.160.49]]
Feb 8 23:36:36 lvps87-230-11-195 postfix/smtpd[[23760]]: disconnect from p5481A031.dip0.t-ipconnect.de[[84.129.160.49]]

Buuuhhhh!! :-(

P.S. Postfix is running on Debian testing

Besides postfix (and its dependencies) only libsasl2-modules is installed. Is there any other package required?

P.P.S.

Tue, 02/13/2007 - 02:10
PaulSommer

No idea about that subject from anyone?

Seems I have to struggle for another 6 weeks or so :-(
Thanks nevertheless for your effort.

Paul

Tue, 02/13/2007 - 08:59 (Reply to #6)
Blueforce

Hi Paul,

Here is a link to some info regarding this,
http://www.virtualmin.com/faq/one-faq?faq_id=1511#33021

Regards,
Leif

Wed, 02/14/2007 - 09:29
DanLong

Does your dialup service employ port 25 blocking? If they do you will still have to give them your domain name/IP address and ask permission to include it in their allowed relay list.

Port 25 blocking was employed in the late 90's to stop or slow spammers using desktop mail servers. Broadband connections don't employ port 25 filtering but many dialups still do even though spammers rely totally on hijacking wide open DSL or cable connected computers.

hope that helps.

Dan

Wed, 02/14/2007 - 09:42 (Reply to #8)
ADobkin

I thought this might be part of this issue also (and it may still be), but according to the logs snippets posted earlier, it looks like the relaying is denied by his own mail server (Postfix), before it even has a chance to send the message out.

If your ISP is blocking port 25 however, you may still have another hurdle to go through, either by asking them to open the port for you, or by relaying your messages their &quot;smart host&quot;.

Sat, 11/15/2008 - 16:01
andreychek

What shows up in the error log on the server? It'd be either /var/log/maillog or /var/log/mail.log.
-Eric

Sat, 11/15/2008 - 16:42 (Reply to #10)
azadmin

Here are some of the contents of:
File /var/log/maillog

Nov 15 18:33:53 the-hood dovecot: IMAP(beverly): Connection closed
Nov 15 18:35:14 the-hood dovecot:last message repeated 4 times
Nov 15 18:35:14 the-hood dovecot: imap-login: Login: user=&lt;beverly&gt;, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Nov 15 18:35:14 the-hood dovecot:last message repeated 4 times
Nov 15 18:35:14 the-hood dovecot: IMAP(beverly): Connection closed
Nov 15 18:35:47 the-hood dovecot:last message repeated 4 times
Nov 15 18:35:47 the-hood postfix/smtpd[11258]: warning: 210.213.251.197: address not listed for hostname 210.213.251.197.pldt.net
Nov 15 18:35:47 the-hood postfix/smtpd[11258]: connect from unknown[210.213.251.197]
Nov 15 18:35:51 the-hood postfix/smtpd[11258]: NOQUEUE: reject: RCPT from unknown[210.213.251.197]: 554 5.7.1 &lt;bob@azfisher.com&gt;: Relay access denied; from=&lt;yaoundel586@bcwinstitute.com&gt; to=&lt;bob@azfisher.com&gt; proto=ESMTP helo=&lt;210.213.251.197.pldt.net&gt;
Nov 15 18:35:52 the-hood postfix/smtpd[11258]: disconnect from unknown[210.213.251.197]
Nov 15 18:37:15 the-hood postfix/smtpd[11258]: connect from 87-185-58-66.gci.net[66.58.185.87]
Nov 15 18:37:15 the-hood postfix/smtpd[11258]: NOQUEUE: reject: RCPT from 87-185-58-66.gci.net[66.58.185.87]: 554 5.7.1 &lt;bob@azfisher.com&gt;: Relay access denied; from=&lt;bjake@surfstation.com&gt; to=&lt;bob@azfisher.com&gt; proto=SMTP helo=&lt;medd7f6d132f71&gt;
Nov 15 18:37:15 the-hood postfix/smtpd[11258]: NOQUEUE: reject: RCPT from 87-185-58-66.gci.net[66.58.185.87]: 554 5.7.1 &lt;coyote@azfisher.com&gt;: Relay access denied; from=&lt;bjake@surfstation.com&gt; to=&lt;coyote@azfisher.com&gt; proto=SMTP helo=&lt;medd7f6d132f71&gt;
Nov 15 18:37:15 the-hood postfix/smtpd[11258]: lost connection after RCPT from 87-185-58-66.gci.net[66.58.185.87]
Nov 15 18:37:15 the-hood postfix/smtpd[11258]: disconnect from 87-185-58-66.gci.net[66.58.185.87]

Sat, 11/15/2008 - 16:47 (Reply to #11)
andreychek

Mmm -- so, is your system setup to receive email for the domain &quot;azfisher.com&quot; (or at least, was that your intention ;-), or is there another system out there on the Net that handles that domains email?
-Eric

Sat, 11/15/2008 - 16:53 (Reply to #12)
azadmin

azfisher is one of my hosted domains. I have about 5 install at this point but I cant start on the others until I get everything working

Sat, 11/15/2008 - 16:50
azadmin

I've noticed another issue. I just created a new user in one of my domains, example.com. I then tried to log in at example.com:20000 but login failed for the new user
Maybe I should fall back and punt eg, reload and start over

Sat, 11/15/2008 - 16:58 (Reply to #14)
andreychek

Well, I don't really recommend re-installing.

Not everything always goes the way one expect (or hope!) when setting up a server.

It's a bit like taking a Math test in school. If you take a test and fail, you can't ask for new test and just start over... there's no reason to expect that it'll go any better the next time, as you haven't learned what mistakes were made when you first took the test.

If you start over, you'll likely end up needing to resolve these same problems next time too :-)

I'm not sure what distro you're using there -- but in either /var/log/secure or /var/log/auth, you should see the reason that the user wasn't able to log in.

But whatever issues you're having, we should be able to resolve them!
-Eric

Sat, 11/15/2008 - 17:20 (Reply to #15)
azadmin

If we can get email working the rest is no problem, I can deal with them one at a time. I can send mail no problem but I cant receive any. Usually its <b>relay access denied</b>

Sat, 11/15/2008 - 17:45 (Reply to #16)
azadmin

Text of <b>/var/log/secure</b>
<div class='quote'>
Nov 15 18:55:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 15 18:55:03 the-hood su: pam_unix(su:session): session closed for user postgres
Nov 15 19:00:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 15 19:00:03 the-hood su: pam_unix(su:session): session closed for user postgres
Nov 15 19:05:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 15 19:05:03 the-hood su: pam_unix(su:session): session closed for user postgres
Nov 15 19:10:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 15 19:10:03 the-hood su: pam_unix(su:session): session closed for user postgres
Nov 15 19:15:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 15 19:15:03 the-hood su: pam_unix(su:session): session closed for user postgres
Nov 15 19:20:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 15 19:20:03 the-hood su: pam_unix(su:session): session closed for user postgres
Nov 15 19:25:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 15 19:25:03 the-hood su: pam_unix(su:session): session closed for user postgres
Nov 15 19:30:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 15 19:30:03 the-hood su: pam_unix(su:session): session closed for user postgres
Nov 15 19:35:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 15 19:35:03 the-hood su: pam_unix(su:session): session closed for user postgres
Nov 15 19:40:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 15 19:40:03 the-hood su: pam_unix(su:session): session closed for user postgres</div>

Sun, 11/16/2008 - 03:31 (Reply to #17)
azadmin

I have roundcude installed at VH mydomain.com and I can login without any problems. When I try to telent in I get this:

telnet mydomain 110
+OK Dovecot ready.
user beverly.mydomain.com
+OK
pass mypass
-ERR Authentication failed.

mypass is the same pass I use to login to roundcube
So this tells me that there is an issue with the authentication in Dovecot from the outside.

Sun, 11/16/2008 - 08:49 (Reply to #18)
andreychek

So in your logs, you aren't seeing any reference to the user &quot;beverly.mydomain.com&quot;?

If not in /var/log/secure, perhaps in /var/log/maillog?

If it doesn't let you in, it should at least give you some details as to why that's the case (in theory!).
-Eric

Sun, 11/16/2008 - 09:30 (Reply to #19)
azadmin

Text from Log /var/log/secure (XXX.XXX.XXX.XXX is my IP)

Nov 16 11:22:40 the-hood dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Nov 16 11:22:40 the-hood dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=XX.XX0.XXX.236
Nov 16 11:22:40 the-hood dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user beverly.beverlyellis.com
Nov 16 11:25:03 the-hood su: pam_unix(su:session): session opened for user postgres by (uid=0)
Nov 16 11:25:03 the-hood su: pam_unix(su:session): session closed for user postgres
Nov 16 11:25:53 the-hood dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Nov 16 11:25:53 the-hood dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=XX.XXX.XXX.236
Nov 16 11:25:53 the-hood dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user beverly.Mydomain.com

Mon, 11/17/2008 - 07:33 (Reply to #20)
andreychek

Okay, assuming you hadn't yet found a fix for this, would you mind if I logged into your system and looked at this issue?

If that's okay, what I'd need is for you to send an email to eric@virtualmin.com, containing a link to this post, along with login information for the root user, as well as an email user.

Thanks,
-Eric

Thu, 11/20/2008 - 00:48 (Reply to #21)
sgrayban

I fixed it already :) But he seems to be having a issue with a install script and pointed him to the bug tracker since I don't support that type of help.

Wed, 11/19/2008 - 23:47
jdamron

This is because Relaying is denied you have to turn Relaying on or add your domain to the Relaying in the Postfix

Fri, 11/21/2008 - 22:31 (Reply to #23)
tbirnseth

Well, this is goofy! I guess having the same subject as another topic causes them to get linked together and I loose all the info I put in the original!!!!!

Gotta love it! I will try again with a different topic and do a short message and then edit it so I don't get caught by this again!!

Fri, 11/21/2008 - 22:36
tbirnseth

Repost since my last one had the same subject as some other post!

I'm getting Relay access denied when sending inbound mail. I am sending via ESMTP through an ISP. The user 'ezms' exists within the domain 'ez-ms.com'.

There is a /home/ezms/Maildir directory with &quot;stuff&quot; in it.

Also, in VM, on the Edit Mailbox page it keeps adding an &quot;Additional email address of 'ezms', but then the Save fails. I remove it and it saves, but next time I open that page it's back again.

Excerpt from the maillog is below. I do not know postfix but used to hack sendmail a long time ago! But things are different nowadays.

Any pointers or help is greatly appreciated.

tony
[code:1]
Nov 22 00:15:31 linux1 postfix/smtpd[16836]: connect from sterling-imail2.sterlink.net[199.108.225.98]
Nov 22 00:15:31 linux1 postfix/smtpd[16836]: NOQUEUE: reject: RCPT from sterling-imail2.sterlink.net[199.108.225.98]: 554 5.7.1 &lt;ezms@ez-ms.com&gt;: Relay access denied; from=&lt;tonyb@1sit.com&gt; to=&lt;ezms@ez-ms.com&gt; proto=ESMTP helo=&lt;sterling.net&gt;
Nov 22 00:15:31 linux1 postfix/smtpd[16836]: disconnect from sterling-imail2.sterlink.net[199.108.225.98]
[/code:1]

Topic locked