This morning, in order to correct a problem with a name mismatch in the security certificate, I followed the recommended steps from How to fix mail server SSL?, but now, when attempting to send an email from a client (in this case the client is Windows Mail), I receive the following error.
The rejected e-mail address was '[email protected]'. Subject 'This is a test. ', Account: 'mail.domain.com', Server: 'mail.domain.com', Protocol: SMTP, Server Response: '554 5.7.1 : Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79
Edit: I can still retrieve emails from this account, and I send emails to other accounts at the same domain. I just can't send emails to recipients outside of our domain.
I tried disabling TLS altogether but no dice, I still get the same error.
When I check file mail.log
, I see the following.
Jul 18 08:24:41 company imapd: LOGIN, [email protected], ip=[::ffff:111.111.11.11], protocol=IMAP
Jul 18 08:24:42 company imapd: DISCONNECTED, [email protected], ip=[::ffff:111.111.11.11], headers=0, body=0, rcvd=83, sent=409, time=1
Jul 18 08:25:19 company postfix/smtpd[29282]: connect from company.university.edu[111.111.11.11]
Jul 18 08:25:19 company postfix/smtpd[29282]: NOQUEUE: reject: RCPT from company.university.edu[111.111.11.11]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<UserPC>
Jul 18 08:25:19 company postfix/smtpd[29282]: disconnect from company.university.edu[111.111.11.11]
Jul 18 08:25:22 company imapd: DISCONNECTED, [email protected], ip=[::ffff:111.111.11.11], headers=13, body=142579, rcvd=3289, sent=215892, time=79
File main.cf
looks like this:
#
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#
#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
#
# Some common configuration parameters;
#
inet_interfaces = all
mynetworks = 127.0.0.0/8
mynetworks_style = host
myhostname = mail.domain.com
mydomain = domain.com
myorigin = $mydomain
smtpd_banner = $myhostname ESMTP 2.4.7.1 (Debian/GNU)
setgid_group = postdrop
#
# Receiving messages parameters;
#
mydestination = localhost, company
append_dot_mydomain = no
append_at_myorigin = yes
transport_maps = mysql:/etc/postfix/transport.cf
#
# Delivering local messages parameters;
#
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"
biff = no
alias_database = hash:/etc/aliases
local_recipient_maps =
#
# Delivering virtual messages parameters;
#
virtual_mailbox_maps=mysql:/etc/postfix/mysql_virt.cf
virtual_uid_maps=mysql:/etc/postfix/uids.cf
virtual_gid_maps=mysql:/etc/postfix/gids.cf
virtual_mailbox_base=/usr/local/virtual
virtual_maps=mysql:/etc/postfix/virtual.cf
virtual_mailbox_domains=mysql:/etc/postfix/virtual_domains.cf
#
# SASL paramters;
#
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtp_tls_CAfile = /etc/postfix/ssl/smptd.pem
smtp_tls_cert_file = /etc/postfix/ssl/smptd.crt
smtp_tls_key_file = /etc/postfix/ssl/smptd.key
smtpd_tls_CAfile = /etc/postfix/ssl/smptd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smptd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smptd.key
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sender_restrictions =
permit_sasl_authenticated
permit_mynetworks
smtpd_recipient_restrictions =
permit_sasl_authenticated
check_recipient_access hash:/etc/postfix/filtered_domains
permit_mynetworks
reject_unauth_destination
As a side note, my employer wants to be able to send emails from clients (Thunderbird and Outlook) both from within our local network and outside it.
TLS just enables encryption on the smtp session and doesn't directly affect whether or not Postfix will be allowed to relay a message.
The relaying denied message occurs because the smtpd_recipient_restrictions rules was not matched. One of those conditions must be fulfilled to allow the message to go through:
To explain those rules:
permits authenticated senders through SASL. This will be necessary to authenticate users outside of your network which are normally blocked.
This will cause postfix to look in /etc/postfix/filtered_domains for rules based on the recipient address. (Judging by the file name on the file name, it is probably just blocking specific domains... Check to see if gmail.com is listed in there?)
This will permit hosts by IP address that match IP ranges specified in $mynetworks. In the main.cf you posted, $mynetworks was set to 127.0.0.1, so it will only relay emails generated by the server itself.
Based on that configuration, your mail client will need to use SMTP Authentication before being allowed to relay messages. I'm not sure what database SASL is using. That is specified in /usr/lib/sasl2/smtpd.conf Presumably it also uses the same database as your virtual mailboxes, so you should be able enable SMTP authentication in your mail client and be all set.
You've disabled TLS, so you now need to authorise your local network by adding it to
mynetworks
. For example,This will fix sending from your local network only. For sending email from outside your local network, you'll need to get TLS authentication working.
I think you miss you domain.com in mydestination, because the default
relay_domains=$mydestination
, so you you can append you configuration the line:or:
Dont forget to restart the postfix server (
service postfix restart
) every time you edit postfix conf file.I had the same issue in Outlook (with dovecote and postfix backend) and I spent two days looking for solution and tweaking my config files. All I needed to do was check "Server requires authentication" in the Outgoing tab in mail settings in outlook and my messages are now sent to gmail. See detailed instruction on how to find the setting here http://support.bluetie.com/node/440.
This problem was bugging me for a while. I was trying to connect from server1.domain.com to server2.domain.com.
Here's how I fixed this -
You also need to make sure that you have set /etc/hosts and /etc/hostname properly and make sure that you run the following after networking changes -
and the following after postfix configuration changes
Many answers to this problem on the Internet mention adding
permit_mynetworks
tosmtpd_recipient_restrictions
. But it does not seem to be enough these days.To get it work, I had to add
permit_mynetworks
tosmtpd_relay_restrictions
as well (Postfix 3.4.14).For me: I had to add
localhost
tomynetworks
regardless of the fact127.0.0.0/8
already was there. So, now it looks:mynetworks = 1.1.1.1/32, 127.0.0.0/8, localhost