incoming mail, relay access denied

Been trying to figure this out…

On a shared ip, I have one domain that, when someone tries to mail to it, they get a bounce saying:

Final-recipient: rfc822; (username)@(domainname).org
Action: failed
Status: 5.1.1
Diagnostic-Code: smtp; 554 5.7.1 : Relay access denied

and I get a ‘Relay access denied’ message in the maillog. Like this:

May 24 11:02:55 jessica postfix/smtpd[31268]: NOQUEUE: reject: RCPT from qmta04.westchester.pa.mail.comcast.net[76.96.62.40]: 554 5.7.1 <test@(domainname).org>: Relay access denied; from=<chris@(mydomain).com> to=<test@(domainname).org> proto=ESMTP helo=<QMTA04.westchester.pa.mail.comcast.net>

I’ve checked the dns (and the connection is making it to the server), it appears ok.

All the other domains are receiving ok. I don’t see anything that I’ve set differently for this one.

In a “could this be related?”… the shared ip this domain was blacklisted on trendmicro’s dul list a few days ago. I wrote them and they said the issue was rdns related (getting the rdns pointed to my server was on my list, but I had not done that yet). I wrote back and they removed me from the blacklist, and I contacted my host and the reverse dns is being set.

However, even after being removed from the blacklist (I have confirmed this), I’m still getting the ‘relay access denied’ message, and just on that one domain. If they had blacklisted, wouldn’t it affect all the sites on that ip?

Would postfix have access to the blacklist and have caused a block somehow, I had assumed only spamassassin would do that, after the email was accepted. If postfix does check blacklists, is there a way to have it’s cache flushed? I did have postgrey on, but that is disabled right now until I can fix this, just to make sure it wasn’t doing anything.

Thanks for any thoughts you can provide on this, cause I’m lost on finding a solution…

Chris

and what relay might this be referring to, since the domain is on the server? Postfix to - ?

That’s probably a useful clue. Postfix probably doesn’t think it is responsible for this domain…and so it’s trying to send it somewhere else, but can’t.

Check your MX records to start with, and make sure the virtual maps file has valid configuration for this domain and this email address.

Joe, where would I find the virtual maps file? (centos 5.2).

Thanks, Chris

Found it… /etc/postfix/virtual

ok, every domain except this one has a line that goes:

domainName.com domainName.com

Would that be the issue? I will enter it and restart postfix.

If that is a (the) problem, what might have caused me to lose it?

oh, found a second domain with the same issue, one I don’t use much so I didn’t notice it before.

though the second one does have an entry like this:

domainName.com domainName //no tld

but I get the same ‘relay access denied’ message if email is sent to it.

Ok, entered the:

domainName.org domainName.org

saved and restarted postfix

but still getting ‘relay access denied’.

Should I remove the changes I made, reboot the server maybe, or…?

Well, it’s not quite enough to just save the file – you have to “regenerate” the database.

Once you’ve saved the file, the next step is to run:

postmap /etc/postfix/virtual

Behind the scenes, that command updates the "/etc/postfix/virtual.db" file.
-Eric

Two days and nights of stress, trying to figure this out, fixed.

Joe and Eric, thank you very much.

Any ideas on what would have caused that to go bad?

Chris

These were imported domains, right? I’m guessing the original configuration for those domains was strange somehow, and Virtualmin tried not to break it (but failed).

The one with the missing TLD was probably due to a weirdness in the hostnames involved. I don’t know exactly where it would have come from…but not having a TLD is definitely a problem.