Postfix can't receive mail, Relay access denied

Phliplip · November 11, 2010, 7:24pm

Hi All,

I’m currently having some troubles, i have recently setup a server with FreeBSD and Virtualmin/Webmin.

I have somehow changed something yesterday, while trying to get the SMTP to work. But now the server will not receive any mail.

Dovecot is still working, clients can log in and check mail.

Example from /var/log/maillog (i know the example probably is spam, but any how)

Nov 11 20:01:51 caesar postfix/smtpd[75689]: connect from unknown[92.26.57.17]
Nov 11 20:01:51 caesar postfix/smtpd[75689]: NOQUEUE: reject: RCPT from unknown
  [92.26.57.17]: 554 5.7.1 <info@divecenter-bornholm.com>: Relay access denied; 
  from=<quwefub4444@33.mn> to=<info@divecenter-bornholm.com> proto=ESMTP helo=<[92.28.14.92]>
Nov 11 20:01:51 caesar postfix/smtpd[75689]: disconnect from unknown[92.26.57.17]

I have used whole day today to get it to work, but i think i’m over my head with this one.

My primary hope is to get it to receive mail again, and if in the process the SMTP can get working at the same time its a big bonus.

I hope someone out there can help me. I can supply all the info required.

Additional info

# postconf -n

command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
unknown_local_recipient_reject_code = 550

Eric · November 11, 2010, 7:29pm

Hmm, it doesn’t look like you have a “mydestination” line there in Postfix.

What you’ll want to do is edit your main.cf file, and add a mydestination line that contains your server’s hostname. After that, restart Postfix, and see if that does the trick for you.

-Eric

Locutus · November 11, 2010, 9:35pm

I quite agree with Eric there. The default that Virtualmin enters there usually is:

mydestination = {hostname.hostdomain.tld}, localhost.{hostdomain.tld} , , localhost

(On one line, no linebreak!)

Without that, Postfix does not know for which domains it is responsible, interprets mail that is supposed to go to local recipient as “relaying” (sending mail to another system), and denies that for non-authenticated users.

Phliplip · November 11, 2010, 11:13pm

I changed the main.cf like you said, and added reference to virtual.db, and now it works

# postconf -n

command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = caesar.wulffit.dk, localhost.wulffit.dk, localhost, wulffit.dk, mail.wulffit.dk
mydomain = wulffit.dk
myhostname = caesar.wulffit.dk
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

Now while i have your attention, i wish to use the mail server as SMTP too… On the previous server at MediaTemple i had i set up so only authenticated user could use it, and they had to use port 587 instead of port 25.

While sending mail, using new server as SMTP, i get an error: 554 Relay access denied - Any ideas on how to solve that issue?

Eric · November 12, 2010, 2:15am

While sending mail, using new server as SMTP, i get an error: 554 Relay access denied - Any ideas on how to solve that issue

Typically when those errors arise, it’s because the email client isn’t setup to authenticate for outgoing SMTP.

By default, clients such as Outlook don’t authenticate when sending an email, you’d need to go into your Outlook settings and explicitly enable that option.

-Eric

Locutus · November 12, 2010, 11:00am

“You wish to use the mail server as SMTP too”? SMTP is also used for incoming mail.

You mean you wish to use it to send out mail too, right? Actually, you don’t even need to use the TRANSMISSION port (587) for that, but when properly set up, you can use the regular port 25 too.

There’s a certain config line in main.cf which dictates what Postfix will allow through when the RCPT TO command comes in. On a standard Virtualmin installation (with greylisting enabled) that looks like this:

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service inet:127.0.0.1:10023

It means: Allow SMTP if the sender is in the local LAN, allow when the sender has authenticated, reject if trying to send to external destination and not authenticated, then contact the greylisting service for approval.

Your main.cf is, interestingly, missing this line. How did you install your system? Did you use the install.sh from Virtualmin?

Phliplip · November 12, 2010, 5:21pm

Locutus: Yes i used the install.sh, and it worked great, even though it’s FreeBSD and not a grade-A OS… only minor dependency problems.

Why the default lines is missing i don’t know. But that said i have been doing some fudling around in the config files, trying to get it to send out emails.

I would like it to work on port 587, partly to minimize spam and partly because many ISP block port 25.

I added the lines you wrote, and now i have following errors:

Nov 12 18:14:42 caesar postfix/smtpd[18794]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
Nov 12 18:14:43 caesar postfix/master[18642]: warning: process /usr/local/libexec/postfix/smtpd pid 18794 exit status 1
Nov 12 18:14:43 caesar postfix/master[18642]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Nov 12 18:15:00 caesar sendmail[18800]: oACHF0E1018800: from=mailman, size=562, class=0, nrcpts=1, msgid=<201011121715.oACHF0E1018800@caesar.wulffit.dk>, relay=mailman@localhost

And it won’t receive mails, so i uncommented the lines again.

Locutus · November 26, 2010, 10:35pm

Sorry, can’t say much about FreeBSD and what caveats the installer might have there. Even if there’s no error, you see that obviously Postfix has some configuration discrepancies compared to Debian/CentOS.