1 (edited by e.kubica 2013-03-07 19:43:37)

Topic: Relay access denied (in reply to RCPT TO command)

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu 12.04 LTS
- Related log if you're reporting an issue:
====

Hi again,

I resolved my prev. issue with connection timeout( i seted relayhost to my isp-s smtp server )

now i have problem that:

<erik.kubica@gmail.com>: host smtp.sevenet.sk[87.244.198.4] said: 554 5.7.1
    <erik.kubica@gmail.com>: Relay access denied (in reply to RCPT TO command)

Reporting-MTA: dns; ns.soft-tech-srv.tk
X-Postfix-Queue-ID: 6EDEA650C3
X-Postfix-Sender: rfc822; e.kubica@soft-tech-srv.tk
Arrival-Date: Thu,  7 Mar 2013 12:21:39 +0100 (CET)

Final-Recipient: rfc822; erik.kubica@gmail.com
Original-Recipient: rfc822;erik.kubica@gmail.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; smtp.sevenet.sk
Diagnostic-Code: smtp; 554 5.7.1 <erik.kubica@gmail.com>: Relay access denied

Return-Path: <e.kubica@soft-tech-srv.tk>
Received: from localhost (soft-tech-srv.tk [127.0.0.1])
    by ns.soft-tech-srv.tk (Postfix) with ESMTP id 6EDEA650C3
    for <erik.kubica@gmail.com>; Thu,  7 Mar 2013 12:21:39 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=soft-tech-srv.tk;
     h=user-agent:message-id:subject:subject:to:from:from:date:date
    :content-transfer-encoding:content-type:content-type
    :mime-version; s=dkim; t=1362655298; x=1363519298; bh=g3zLYH4xKx
    cPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; b=KO8cIl6OME1yeJsQLXapC/65Ck
    YtADp89TCBaNiyZMgsMRwWVNigsSsl8D38zlMeK73mCp/O+o53sW6//YQmM8E02j
    5dRUg2zMALVS4j9vFkn6h1c0mwGF1rygwAEDtbViZp2iuUE79GOPnxeQ4wv1gfun
    4bJHo9hDdeSXjAeCo=
X-Virus-Scanned: Debian amavisd-new at mx.soft-tech-srv.tk
Received: from ns.soft-tech-srv.tk ([127.0.0.1])
    by localhost (mx.soft-tech-srv.tk [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id QJ4EJv08PJNR for <erik.kubica@gmail.com>;
    Thu,  7 Mar 2013 12:21:38 +0100 (CET)
Received: from localhost (soft-tech-srv.tk [127.0.0.1])
    by ns.soft-tech-srv.tk (Postfix) with ESMTPA id 5440F650C2
    for <erik.kubica@gmail.com>; Thu,  7 Mar 2013 12:21:37 +0100 (CET)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 07 Mar 2013 12:21:37 +0100
From: e.kubica@soft-tech-srv.tk
To: Erik Kubica <erik.kubica@gmail.com>
Subject: test
Return-Receipt-To: e.kubica@soft-tech-srv.tk
Disposition-Notification-To: e.kubica@soft-tech-srv.tk
Message-ID: <d0a70be4a1f737e6167fb07601f040f1@soft-tech-srv.tk>
X-Sender: e.kubica@soft-tech-srv.tk
User-Agent: RoundCube WebMail

My Log:

Mar  7 12:24:13 soft-tech-srv postfix/pipe[3610]: 83790650C2: to=<e.kubica@soft-tech-srv.tk>, relay=dovecot, delay=0.36, delays=0.05/0.01/0/0.3, dsn=2.0.0, status=sent (delivered via dovecot service)
Mar  7 12:24:13 soft-tech-srv postfix/qmgr[3569]: 83790650C2: removed
Mar  7 12:24:53 soft-tech-srv kernel: [ 1174.241203] type=1400 audit(1362655493.260:31): apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/cupsd" pid=553 comm="cupsd" pid=553 comm="cupsd" capability=36  capname="block_suspend"
Mar  7 12:28:55 soft-tech-srv postfix/qmgr[3569]: 6EDEA650C3: from=<e.kubica@soft-tech-srv.tk>, size=1621, nrcpt=1 (queue active)
Mar  7 12:28:55 soft-tech-srv postfix/smtp[3688]: 6EDEA650C3: to=<erik.kubica@gmail.com>, relay=smtp.sevenet.sk[87.244.198.4]:25, delay=436, delays=436/0.02/0.26/0.06, dsn=5.7.1, status=bounced (host smtp.sevenet.sk[87.244.198.4] said: 554 5.7.1 <erik.kubica@gmail.com>: Relay access denied (in reply to RCPT TO command))
Mar  7 12:28:55 soft-tech-srv postfix/cleanup[3690]: 6FA4F650C2: message-id=<20130307112855.6FA4F650C2@ns.soft-tech-srv.tk>
Mar  7 12:28:55 soft-tech-srv postfix/bounce[3689]: 6EDEA650C3: sender non-delivery notification: 6FA4F650C2
Mar  7 12:28:55 soft-tech-srv postfix/qmgr[3569]: 6FA4F650C2: from=<>, size=3684, nrcpt=1 (queue active)
Mar  7 12:28:55 soft-tech-srv postfix/qmgr[3569]: 6EDEA650C3: removed
Mar  7 12:28:55 soft-tech-srv postfix/pipe[3692]: 6FA4F650C2: to=<e.kubica@soft-tech-srv.tk>, relay=dovecot, delay=0.32, delays=0.07/0.01/0/0.24, dsn=2.0.0, status=sent (delivered via dovecot service)
Mar  7 12:28:55 soft-tech-srv postfix/qmgr[3569]: 6FA4F650C2: removed
Mar  7 12:30:01 soft-tech-srv CRON[3711]: (www-data) CMD ([ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh)

main.cf

#myorigin = /etc/mailname
biff = no
append_dot_mydomain = no
#delay_warning_time = 4h
readme_directory = no

smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#default_transport = smtpd
#relay_transport = relay

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases


mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
virtual_alias_domains = 

relayhost = smtp.sevenet.sk
myhostname = ns.soft-tech-srv.tk
mydomain = soft-tech-srv.tk
myorigin = soft-tech-srv.tk
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mynetworks = 127.0.0.0/8,192.168.127.0/24
mynetworks_style = subnet

delay_warning_time = 0h
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions

smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, check_client_access
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = no
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:[127.0.0.1]:10031
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_tls_security_level = may
smtpd_tls_loglevel = 0
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = 
smtpd_sasl_type = dovecot
smtpd_sasl_path = ./dovecot-auth
smtp-amavis_destination_recipient_limit = 1
content_filter = smtp-amavis:[127.0.0.1]:10024

queue_run_delay = 300s
minimal_backoff_time = 300s
maximal_backoff_time = 4000s
enable_original_recipient = no
disable_vrfy_command = yes
home_mailbox = Maildir/
allow_min_user = no
message_size_limit = 15728640
virtual_minimum_uid = 1001
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf

broken_sasl_auth_clients = yes

tls_random_source = dev:/dev/urandom
mailbox_command = /usr/lib/dovecot/deliver
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
#smtp       inet  n       -       -       -       -       smtpd
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd 
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix    -    n    n    -    2    pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10025

# Use dovecot deliver program as LDA.
dovecot unix    -       n       n       -       -      pipe
    flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}

smtp-amavis unix -  -   -   -   2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -   -   -   -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_tls_security_level=none
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_end_of_data_restrictions=
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

# 578    inet    n    -    -    -    -    smtpd

MY hostname: soft-tech-srv.tk
resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search google.com
yesterday i cahnged the nameserver to google-s dns but after reboot its value was changed.


also i can give ssh acces if it helps

==============EDIT=================
in main.cf i changed  myhostname to soft-tech-srv.tk

2

Re: Relay access denied (in reply to RCPT TO command)

You need to check with your ISP to make sure that you can indeed use their SMTP server as an outbound relay server (ie smarhost).  If so, then they may have some sort of STARTTLS or authentication mechanism in place that you need to go through first.