Some trouble getting Google Apps to work (554 5.7.1 Relay access denied)

6 posts / 0 new
Last post
#1 Wed, 07/07/2010 - 12:15
Rizvi

Some trouble getting Google Apps to work (554 5.7.1 Relay access denied)

Hi there.

I am having some trouble getting Google Apps to work correctly on my new server build.

I've tried various things, but here is how things are set up right now:

  • I have "Mail for Domain" enabled under Features
  • I don't currently have it enabled for this specific virtual server (mydomain.com)
  • I have the Google MX records added, and they appear to be correct
  • I can receive e-mail to my Google Apps account if I sent from GMAIL but if I sent from Hotmail or my corporate e-mail I get the error "Relay Access Denied" in the maillog.

Jul 7 12:46:34 cp postfix/smtpd[28626]: NOQUEUE: reject: RCPT from exprod5og102.obsmtp.com[64.18.0.143]: 554 5.7.1 reza@mydomain.com: Relay access denied; from=rerizvi@myoffice.com to=reza@mydomain.com proto=ESMTP helo=<exprod5og102.obsmtp.com>

Jul 7 10:45:09 cp postfix/smtpd[20440]: NOQUEUE: reject: RCPT from col0-omc4-s10.col0.hotmail.com[65.55.34.212]: 554 5.7.1 reza.rizvi@anotherdomain.com: Relay access denied; from=me@hotmail.com to=reza.rizvi@anotherdomain.com proto=ESMTP helo=<col0-omc4-s10.col0.hotmail.com>

A few other things I checked:

-Hostname is good:

[root@cp public_html]# hostname -f cp.datacolony.com

-RDNS is good:

C:\Users\rerizvi>nslookup 216.38.22.106 Name: cp.datacolony.com Address: 216.38.22.106

Postfix is the default settings after Virtualmin install. Any idea what's going on or what I should be checking?

Thanks. RR

Wed, 07/07/2010 - 12:30
andreychek

So it sounds like what you're trying to do is have email for a given domain go to Google apps, but keep website traffic going to your server?

If that's the case, you'll want to disable Mail for Domain -- you'd only enable that if you want email for that domain delivered locally.

Beyond that, you just need to make sure that all the DNS MX records point to Google Apps, and not your server. In some cases, it could take a day or two for the DNS records to propagate -- they may show up using the old address for a day or two if the old record is cached.

-Eric

Wed, 07/07/2010 - 22:29
Rizvi

Yep you are correct, that's exactly what I'm trying to do.

So the strange thing is I have two Google Apps enabled domains hosted on my server seemingly configured the exact same way. One of them I can receive e-mail from Hotmail and Gmail, and my corporate e-mail which uses Postini for outbound e-mails. The other domain I can receive from Gmail only (no Hotmail, no Postini).

I am almost certain this is a DNS issue but I just can't seem to figure it out. It's been well over 24 hours since I first created these domains on the system, and TTL is 38400 seconds (11 hrs).

When I try sending from my corporate e-mail I am now getting this response:

Postini #<Postini #5.0.0 smtp;550 MX records inaccessible for too long for domain:mydomain.com - psmtp> #SMTP#

Can you take a look at my zone records, do they look okay?

$ttl 38400 @ IN SOA ns1.datacolony.com. hostmaster.datacolony.com. ( 1278449491 10800 3600 604800 38400 ) @ IN NS ns1.datacolony.com. @ IN NS ns2.datacolony.com. mydomain.com. IN A 216.38.22.109 www.mydomain.com. IN A 216.38.22.109 ftp.mydomain.com. IN A 216.38.22.109 m.mydomain.com. IN A 216.38.22.109 localhost.mydomain.com. IN A 127.0.0.1 webmail.mydomain.com. IN A 216.38.22.109 admin.mydomain.com. IN A 216.38.22.109 mydomain.com. IN TXT "v=spf1 a mx a:mydomain.com ip4:216.38.22.109 include:aspmx.googlemail.com ~all" mydomain.com. IN MX 1 aspmx.l.google.com. mydomain.com. IN MX 5 alt1.aspmx.l.google.com. mydomain.com. IN MX 5 alt2.aspmx.l.google.com. mydomain.com. IN MX 10 aspmx2.googlemail.com. mydomain.com. IN MX 10 aspmx3.googlemail.com. mydomain.com. IN MX 10 aspmx4.googlemail.com. mydomain.com. IN MX 10 aspmx5.googlemail.com. mail.mydomain.com. IN CNAME ghs.google.com. calendar.mydomain.com. IN CNAME ghs.google.com. docs.mydomain.com. IN CNAME ghs.google.com. start.mydomain.com. IN CNAME ghs.google.com.

Thanks for the help!

Wed, 07/07/2010 - 22:30
Rizvi

Also I disabled Mail for Domain as you suggested earlier, which I think helped to get the other domain working.. Just this one domain is having the MX records issue.

Thu, 07/08/2010 - 09:29
andreychek

Hmm, is there any chance you could tell us the domain name in question that's not working? You can always edit your post when things are up and running, and mask it out.

There might be a problem with the DNS settings that would show up with some tests.

Another idea might be to simply try restarting BIND, and then look in the log files to see if BIND displays any errors in there.

-Eric

Thu, 07/08/2010 - 09:58
Rizvi

It is working now!

The problem:

When I created the datacolony.com DNS records I was missing the A records for the two name servers. After running a check on www.intodns.com (which is a great tool btw) I added those last night, and this morning it's all good!

Thanks for your help.