1

Topic: 454 4.7.1 Relay access denied for unauthed addresses of same domain

==== Required information ====
- iRedMail version: iRedMail-0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Linux/BSD distribution name and version: FreeBSD 10.1
- iRedAdmin-Pro-LDAP-2.1.2
====

Hi ZhangHuangbin and iRedmail Team,

I have an issue that I can't seem to resolve at first sight. I've seen similar posts, but no solution so far:

I have a customer whoose Domain is on the iRedMail server. We have a separate host that is sending newsletters via a newsletter tool. But people from the same domain cannot receive it, because an address like <newsletter@domain.tld> cannot reach users of the domain <user1@domain.tld>, etc. , as the mail is rejected with
454 4.7.1 <user1@domain.tld> Relay access denied

If I understand correctly this issue is probably related to smtpd_recipient_restrictions? I have put the IP of the newsletter tool into mynetworks, but it did not help. Also did not help to try to remove "reject_sender_login_mismatch" from "smtpd_sender_restrictions" for testing.

Ideally, there would be some place in the iRedAdmin Pro interface or in LDAP to define addresses which may mismatch, such as the newsletter sender address.

Any pointer here would be greatly appreciated!

Greetings and Regards,

Lorenzo

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: 454 4.7.1 Relay access denied for unauthed addresses of same domain

Ideally, adding IP address of your newsletter server to 'mynetworks=' in Postfix should fix this issue.

Could you please show me output of "postconf -n" command, and FULL log in /var/log/maillog related to a testing email?

3

Re: 454 4.7.1 Relay access denied for unauthed addresses of same domain

Hi Zhang,

Thanx for your quick reply as always smile

I just realized that it is an internal routing/NAT problem, the mails were reaching out to the wrong postfix. Now it is clear why all of my changes did not have any effect, including mynetworks. So please apologize for disturbing/posting it earlier. I think from here I can use the past posts on the subject. Of course a whitelist for these cases via iRedAPD would be even nicer, but I think you already posted how to achieve it in another post. So please apologize and close or delete this thread, it is misleading..!

Greetings,

Lorenzo