Login/Register
Linux postfix/dovecot 554 Relay access denied
Asked Answered
Solved linuxsmtppostfix-mtamail-serverdovecot
U

2

6

I have this error 554 Relay access denied when trying to send email from my outlook client.

I can read incoming mails but cannot send.

If i connect with telnet localhost 25 i can send external emails, but with outlook client it doesn't work.

Here's my postfix and dovecot config :

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = localhost
myhostname = mail.mydomain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

doveconf -n

# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.9.3-x86_64-linode33 x86_64 Ubuntu 13.04 ext3
auth_mechanisms = plain login
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
protocols = imap pop3 lmtp
service auth-worker {
  user = vmail
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = dovecot
}
service imap-login {
  inet_listener imap {
    port = 0
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
}
ssl = required
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
  driver = static
}
userdb {
  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
  driver = static
}

Any thoughts?

Umeh answered 19/8, 2013 at 16:35 Comment(9)
where is your 'outlook client' connecting from? Are you using authentication? You're only having localhost in mynetworks, you may want to add the network computers should be allowed to send mails from there.Pontone
it's at my home computer. Yes i use ssl. mynetwork ? So i should add my home computer inet ip ??Umeh
no, I dont't mean ssl (encryption) but authentication (have you set up outlook to authenticate your user when sending messages over smtp via postfix?). mynetwork allows relay access without authentication from local networks, if your server is somewhere on the internet then you should better use smtp_auth.Pontone
@Pontone Ok i had not set smtp authentification in outlook. But i still have the error with authenticate. So i should add something with smtp_auth in the postfix config ?Umeh
no, that's the sasl part - read postfix.org/SASL_README.html#server_sasl_authz_relay for more information about how relay access using authentication works (also, the reset of the document explains how to set up sasl).Pontone
ok but if you watch my config file you'll see i already have thatUmeh
yea, but depending on your postfix version, you should add the smtpd_relay_restrictions option mentioned.Pontone
I ran postconf -a and it seems i have not postfix compiled with support for Dovecot SASL. The command shows cyrus, dovecot Is it good ?Umeh
@Pontone hey i added smtpd_relay_restrictions with same parameters as smtpd_recipient_restrictions and it works! I just saw that smtpd_recipient_restrictions was to allow only email to be sent locally! Thanks a lot. You could add answer and i would accept it if you wishUmeh
P
6

If you use a postfix version newer then 2.10, then you need to add the smtpd_relay_restrictions option as described here:

# With Postfix 2.10 and later, the mail relay policy is
# preferably specified under smtpd_relay_restrictions.
/etc/postfix/main.cf:
    smtpd_relay_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination

# Older configurations combine relay control and spam control under
# smtpd_recipient_restrictions. To use this example with Postfix ≥
# 2.10 specify "smtpd_relay_restrictions=".
/etc/postfix/main.cf:
    smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
        ...other rules...

After that, any sasl authenticated user should be able to send mails through the server using smtp.

Pontone answered 20/8, 2013 at 8:50 Comment(0)
A
0

For my postfix 2.6.6 on Amazon AWS EC2, it turned out that i had wrong configuration of "mydestination" and "relay_domains" settings in main.cf. Correct values (ones which worked for me), were:

mydestination = $myhostname, $mydomain, localhost relay_domains = $mydestination

Amorphous answered 23/4, 2015 at 10:0 Comment(1)
my domain name is necktwi.com. I have renamed server to ec2 so myhostname= ec2.necktwi.com and mydomain = necktwi.com. yet I get the same errorAntinomy

© 2022 - 2024 — McMap. All rights reserved.