Topic: Stuck debugging Relay access denied
============ Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: Ubuntu 16 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====
Hello!
What I noticed just now: When I click on "Preview topic" the "Required information" text block is inserted again on top of the already existing block.
So now, I have migrated from iRedMail 0.8.7 to latest versino on a new server.
Besides some MySQL struggles that seems to be fixed now (cause I missed a lot of updates), one customer got a strange problem with sending mails.
Customer and me are on same ISP dialup. First I noticed his ip range is blocked by spamhaus, disabled spamhaus, now he still cannot send mail (Relay access denied).
He is using "The Bat" client.
Here's the log when he tries to send a mail:
Sep 5 11:08:02 email postfix/postscreen[24309]: CONNECT from [1.2.3.4]:7332 to [9.8.7.6]:25
Sep 5 11:08:02 email postfix/postscreen[24309]: PASS OLD [1.2.3.4]:7332
Sep 5 11:08:02 email postfix/smtpd[25632]: connect from dsl.host.name[1.2.3.4]
Sep 5 11:08:03 email postfix/smtpd[25632]: Anonymous TLS connection established from dsl.host.name[1.2.3.4]: TLSv1 with cipher AES256-SHA (256/256 bits)
Sep 5 11:08:03 email postfix/smtpd[25632]: NOQUEUE: reject: RCPT from dsl.host.name[1.2.3.4]: 454 4.7.1 <to@domain.com>: Relay access denied; from=<from@domain.com> to=<to@domain.com> proto=ESMTP helo=<random.host.name>
Sep 5 11:08:04 email postfix/smtpd[25632]: disconnect from dsl.host.name[1.2.3.4] ehlo=2 starttls=1 mail=6 rcpt=0/6 rset=12 quit=1 commands=22/28Then I tried to setup his email account in my Thunderbird, and well it works without problems.
Here's the log when I send a mail:
Sep 5 12:13:16 email postfix/submission/smtpd[28421]: connect from dsl.host.name[2.3.4.5]
Sep 5 12:13:16 email postfix/submission/smtpd[28421]: Anonymous TLS connection established from dsl.host.name[2.3.4.5]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Sep 5 12:13:16 email postfix/submission/smtpd[28421]: 6E3B8208D7: client=dsl.host.name[2.3.4.5], sasl_method=PLAIN, sasl_username=from@domain.com
Sep 5 12:13:16 email postfix/cleanup[28300]: 6E3B8208D7: message-id=<29ecf35b-377a-4fe0-9f30-7bc357f341c3@domain.com>
Sep 5 12:13:16 email postfix/qmgr[28088]: 6E3B8208D7: from=<from@email.com>, size=314, nrcpt=1 (queue active)
Sep 5 12:13:16 email postfix/submission/smtpd[28421]: disconnect from dsl.host.name[2.3.4.5] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
Sep 5 12:13:16 email postfix/smtpd[28308]: connect from localhost[127.0.0.1]
Sep 5 12:13:16 email postfix/smtpd[28308]: 93643208D9: client=localhost[127.0.0.1]
Sep 5 12:13:16 email postfix/cleanup[28300]: 93643208D9: message-id=<29ecf35b-377a-4fe0-9f30-7bc357f341c3@domain.com>
Sep 5 12:13:16 email postfix/smtpd[28308]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Sep 5 12:13:16 email postfix/qmgr[28088]: 93643208D9: from=<from@domain.com>, size=727, nrcpt=1 (queue active)
Sep 5 12:13:16 email amavis[28116]: (28116-16) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [2.3.4.5]:59314 [2.3.4.5] <from@domain.com> -> <to@domain.com>, Queue-ID: 6E3B8208D7, Message-ID: <29ecf35b-377a-4fe0-9f30-7bc357f341c3@domain.com>, mail_id: J6BhHwp9PuX3, Hits: -0.002, size: 314, queued_as: 93643208D9, 113 ms, Tests: [NO_RECEIVED=-0.001,NO_RELAYS=-0.001]
Sep 5 12:13:16 email postfix/smtp[28304]: 6E3B8208D7: to=<to@domain.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.19, delays=0.07/0/0/0.11, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 93643208D9)
Sep 5 12:13:16 email postfix/qmgr[28088]: 6E3B8208D7: removed
Sep 5 12:13:16 email postfix/smtp[28481]: Untrusted TLS connection established to mx00.kundenserver.de[212.227.15.41]:25: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Sep 5 12:13:17 email postfix/smtp[28481]: 93643208D9: to=<to@domain.com>, relay=mx00.kundenserver.de[212.227.15.41]:25, delay=0.42, delays=0/0.02/0.17/0.21, dsn=2.0.0, status=sent (250 Requested mail action okay, completed: id=0MVF7J-1bYrcP3ZjZ-00YOfz)
Sep 5 12:13:17 email postfix/qmgr[28088]: 93643208D9: removedpostconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mail_owner = postfix
mailq_path = /usr/bin/mailq
message_size_limit = 15000000
mime_header_checks = regexp:/etc/postfix/header_checks
mydestination = $myhostname, localhost, localhost.localdomain
mydomain = email.server.com
myhostname = email.server.com
mynetworks = 127.0.0.1, external.web.server.ip/32
myorigin = email.server.com
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_dnsbl_sites =
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
queue_directory = /var/spool/postfix
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre
smtpd_tls_CAfile = /etc/apache2/ssl/RSA_SHA-2_under_SHA-2_Root_Intermediate_CA.crt
smtpd_tls_cert_file = /etc/apache2/ssl/email.server.com.crt
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/apache2/ssl/email.server.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
smtpd_use_tls = yes
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000
<For now it looks to me like it's his email client, but I cannot really believe cause it looks like the author of The Bat seems to put a lot effort in making his client RFC compliant.
What's confusing me most is that his and my log differs to much!
What could be the problem here?
-ted
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.
