This discussion is locked
Scott Howe

Q: Relay access denied

Hi,

Ive been doing some research on this issue and I seem to be finding only the OPPOSITE of what I'm experinecing. I can send emails find but any email I send from another account returns the error "Relay access denied." I don't know how to fix this because it's my understanding that the server admin settings exist to prevent your server from being used to send unauthorized emails. Receiving should have nothing to do with these settings correct?

Thanks for any help.

Home: Dual 2Ghz PowerMac, 2 MacBooks, 2.66 GHz MacBook Pro, Mac OS X (10.6.3), Work: 10 PowerMac G5s, 18 Intel iMacs, 2 Intel XServes

Posted on Nov 27, 2010 9:09 AM

Close

Q: Relay access denied

  • All replies
  • Helpful answers

Previous Page 2
  • by UptimeJeff,

    UptimeJeff UptimeJeff Nov 28, 2010 7:09 AM in response to Scott Howe
    Level 4 (3,477 points)
    Nov 28, 2010 7:09 AM in response to Scott Howe
    give me an email address I can try...

    and repost results of this command run in terminal:
    postconf -n
  • by Scott Howe,

    Scott Howe Scott Howe Nov 28, 2010 8:22 AM in response to UptimeJeff
    Level 1 (125 points)
    Nov 28, 2010 8:22 AM in response to UptimeJeff
    Scotthowe@sapowe.com

    Let me know when you've sent.
  • by UptimeJeff,

    UptimeJeff UptimeJeff Nov 28, 2010 8:26 AM in response to Scott Howe
    Level 4 (3,477 points)
    Nov 28, 2010 8:26 AM in response to Scott Howe
    OK. that helped....

    please post the results of this command run from terminal:
    postconf -n
  • by Scott Howe,

    Scott Howe Scott Howe Nov 28, 2010 8:37 AM in response to UptimeJeff
    Level 1 (125 points)
    Nov 28, 2010 8:37 AM in response to UptimeJeff
    biff = no
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter = smtp-amavis:[127.0.0.1]:10024
    daemon_directory = /usr/libexec/postfix
    debugpeerlevel = 2
    enableserveroptions = yes
    header_checks = pcre:/etc/postfix/customheaderchecks
    html_directory = /usr/share/doc/postfix/html
    inet_interfaces = all
    mail_owner = _postfix
    mailboxsizelimit = 0
    mailbox_transport = dovecot
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    mapsrbldomains =
    messagesizelimit = 0
    mydestination = $myhostname, localhost.$mydomain, localhost, sapowe.com, $mydomain
    mydomain = sapowe.com
    mydomain_fallback = localhost
    myhostname = mail.sapowe.com
    mynetworks = 10.0.0.0/8,127.0.0.0/8
    newaliases_path = /usr/bin/newaliases
    queue_directory = /private/var/spool/postfix
    readme_directory = /usr/share/doc/postfix
    recipient_delimiter = +
    relayhost =
    sample_directory = /usr/share/doc/postfix/examples
    sendmail_path = /usr/sbin/sendmail
    setgid_group = _postdrop
    smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org reject
    smtpdenforcetls = no
    smtpdhelorequired = yes
    smtpdhelorestrictions = rejectinvalid_helohostname rejectnon_fqdn_helohostname
    smtpdpw_server_securityoptions = gssapi,cram-md5
    smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit
    smtpdsasl_authenable = yes
    smtpdtlsCAfile = /etc/certificates/macserver.sapowe.com.F6CB094EA1F7F45E3C7EEE9E5CAAB3CF80D1739A .chain.pem
    smtpdtls_certfile = /etc/certificates/macserver.sapowe.com.F6CB094EA1F7F45E3C7EEE9E5CAAB3CF80D1739A .cert.pem
    smtpdtls_excludeciphers = SSLv2, aNULL, ADH, eNULL
    smtpdtls_keyfile = /etc/certificates/macserver.sapowe.com.F6CB094EA1F7F45E3C7EEE9E5CAAB3CF80D1739A .key.pem
    smtpduse_pwserver = yes
    smtpdusetls = yes
    tlsrandomsource = dev:/dev/urandom
    unknownlocal_recipient_rejectcode = 550
    virtualaliasmaps = $virtual_map
  • by UptimeJeff,

    UptimeJeff UptimeJeff Nov 28, 2010 8:48 AM in response to Scott Howe
    Level 4 (3,477 points)
    Nov 28, 2010 8:48 AM in response to Scott Howe
    edit the following lines in /etc/postfix/main.cf

    Change from:


    smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org reject


    To this:
    smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org permit



    then stop/start mail service and test again.
  • by Scott Howe,

    Scott Howe Scott Howe Nov 28, 2010 8:53 AM in response to UptimeJeff
    Level 1 (125 points)
    Nov 28, 2010 8:53 AM in response to UptimeJeff
    done
  • by UptimeJeff,

    UptimeJeff UptimeJeff Nov 28, 2010 8:56 AM in response to Scott Howe
    Level 4 (3,477 points)
    Nov 28, 2010 8:56 AM in response to Scott Howe
    you should be all set now...

    because you have greylisting enabled, you may experience a short delay for some mail from new locations...

    Jeff
  • by MrHoffman,

    MrHoffman MrHoffman Nov 28, 2010 9:14 AM in response to UptimeJeff
    Level 6 (15,637 points)
    Mac OS X
    Nov 28, 2010 9:14 AM in response to UptimeJeff
    Wouldn't that open up non-authenticated access?
  • by UptimeJeff,

    UptimeJeff UptimeJeff Nov 28, 2010 9:24 AM in response to MrHoffman
    Level 4 (3,477 points)
    Nov 28, 2010 9:24 AM in response to MrHoffman
    break it down....


    smtpdclientrestrictions =


    permit_mynetworks

    allows clients on your LAN to bypass restrictions

    permitsaslauthenticated

    allows authenticated smtp sessions to bypass restrictions

    rejectrblclient zen.spamhaus.org

    this is the meat of the line, it blocks any servers listed in this rbl

    permit

    You need to permit smtp clients (other servers) to connect if they aren't listed in the rbl
    If you change this to reject, then you allow mynetworks and sasl_auth but reject EVERYTHING else (like valid smtp servers)
  • by Scott Howe,

    Scott Howe Scott Howe Nov 28, 2010 10:40 AM in response to UptimeJeff
    Level 1 (125 points)
    Nov 28, 2010 10:40 AM in response to UptimeJeff
    Thanks. Worked. Thanks for sticking with me on this guys.
Previous Page 2