User profile for user: xjehin
xjehin Author
User level: Level 1
0 points

Recipient address rejected : Access denied (in reply to RCPT TO command)

Hi,

I run Mac OS X Server 10.5.5 with mail service. smtp is on port 587. I created an account which only forward to another account on an external domain.

When trying to send a mail from outside to that account, the sender receive "554 5.7.1 <xavier@jehin.net>: Recipient address rejected : Access denied (in reply to RCPT TO command)".

Any idea?

Kind regards,

Xavier.

Here is my postconf:

command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
enable serveroptions = yes
html_directory = no
inet_interfaces = all
local recipientmaps =
luser_relay = xavier
mail_owner = _postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message sizelimit = 20971520
mydestination = $myhostname,localhost.$mydomain,localhost,jehin.net
mydomain = jehin.net
mydomain_fallback = localhost
myhostname = mail.jehin.net
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = relay.skynet.be
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpd enforcetls = no
smtpd pw_server_securityoptions = none
smtpd recipientrestrictions = permit mynetworks,reject_unauthdestination,permit
smtpd sasl_authenable = no
smtpd tls_certfile = /etc/certificates/Default.crt
smtpd tls_keyfile = /etc/certificates/Default.key
smtpd tlsloglevel = 0
smtpd use_pwserver = no
smtpd usetls = yes
unknown local_recipient_rejectcode = 550
virtual mailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp

iMac, Mac OS X (10.5.5)

Posted on Oct 26, 2008 8:27 AM

Reply
25 replies
User profile for user: xjehin
xjehin Author
User level: Level 1
0 points

Oct 27, 2008 4:36 AM in response to pterobyte

Dear Pterobyte,

Thanks a lot for your answer. This is however not the source of my issue.

My LAN is connected thru a VDSL line (dynamic IP) and my ISP blocks port 25. Thus, I am using DynDSN update client/server as a dynamic IP forwarding for jehin.net. And I use their port forwarding feature for the MX record. My mail server is not relayed thru theirs, this is only port forwarding to my submission port. I am sure that part of the config is ok because (until the Mac Mail server is ok) I am running the mail server on a Windows with the same config (dynamic dns, port forwarding) and it works. The only thing I change when testing Mac Mail Server is to update my routing table to port 587 of Mac Server instead of port 587 of Windows Server.

Do you have any other idea?

Kind regards,

Xavier.
Reply
User profile for user: pterobyte
pterobyte
User level: Level 6
11,104 points

Oct 27, 2008 4:42 AM in response to xjehin

$ dig jehin.net mx

;; QUESTION SECTION:
;jehin.net. IN MX

;; ANSWER SECTION:
jehin.net. 43200 IN MX 20 mx2.mailhop.org.
jehin.net. 43200 IN MX 10 mx1.mailhop.org.

-

$ telnet mx1.mailhop.org 25
Trying 63.208.196.176...
Connected to mx1.mailhop.org.
Escape character is '^]'.
220 mhfr-06-bos.mailhop.org ESMTP Exim 4.68 Mon, 27 Oct 2008 07:37:49 -0400
quit

-

This is clearly mailhop answering and not your server.

-

If you are sure, external mail actually does reach your server, send yourself a message from outside your network and check /var/log/mail.log for more clues. You should see the message being rejected in your logs.
Reply
User profile for user: xjehin
xjehin Author
User level: Level 1
0 points

Oct 27, 2008 5:56 AM in response to pterobyte

I am currently at the office, outside my LAN. This morning, I routed WAN submission port of my router to the old Windows mail server submission port (like before, in order to keep the mail server online for jehin.net during Mac setting-up issue). So, I just sent a mail (from my office) to xavier@jehin.net and received the mail back in the external mailbox to which xavier@jehin.net is forwarded by Windows mail server. I guess that it means that current DynDNS MX setting is well forwarding incoming mails to submission port at jehin.net, and then Windows mail server is well forwarding xavier@jehin.net to the other mail address? I also asked DynDNS support what they think about the issue you pointed out. But, in between, it looks like it works with windows server. So, it should have another issue in the Mac config? Do you see something else wrong in my config, or do you need more information about other log? Thanks a lot for your helpful time!
Reply
User profile for user: xjehin
xjehin Author
User level: Level 1
0 points

Oct 27, 2008 12:43 PM in response to pterobyte

Here is the result:

Oct 27 20:42:12 jehin postfix/tlsmgr[14805]: warning: no entropy source specified with parameter tls randomsource
Oct 27 20:42:12 jehin postfix/tlsmgr[14805]: warning: encryption keys etc. may be predictable
Oct 27 20:42:12 jehin postfix/smtpd[14804]: connect from mhfr-08-bos.mailhop.org[63.208.196.182]
Oct 27 20:42:12 jehin postfix/smtpd[14804]: disconnect from mhfr-08-bos.mailhop.org[63.208.196.182]

Kind regards,
Xavier.
Reply
User profile for user: xjehin
xjehin Author
User level: Level 1
0 points

Oct 27, 2008 1:44 PM in response to pterobyte

I tried to telnet the server, just to see. Look at this:

sh-3.2# telnet jehin.net 587
Trying 81.245.99.141...
Connected to jehin.net.
Escape character is '^]'.
220 mail.jehin.net ESMTP Postfix
helo me
250 mail.jehin.net
mail from
530 5.7.0 Must issue a STARTTLS command first
quit
221 2.0.0 Bye
Connection closed by foreign host.

And in the log:
Oct 27 20:42:12 jehin postfix/tlsmgr[14805]: warning: no entropy source specified with parameter tls randomsource
Oct 27 20:42:12 jehin postfix/tlsmgr[14805]: warning: encryption keys etc. may be predictable
Oct 27 20:42:12 jehin postfix/smtpd[14804]: connect from mhfr-08-bos.mailhop.org[63.208.196.182]
Oct 27 20:42:12 jehin postfix/smtpd[14804]: disconnect from mhfr-08-bos.mailhop.org[63.208.196.182]
Oct 27 20:45:32 jehin postfix/anvil[14806]: statistics: max connection rate 1/60s for (587:63.208.196.182) at Oct 27 20:42:12
Oct 27 20:45:32 jehin postfix/anvil[14806]: statistics: max connection count 1 for (587:63.208.196.182) at Oct 27 20:42:12
Oct 27 20:45:32 jehin postfix/anvil[14806]: statistics: max cache size 1 at Oct 27 20:42:12
Oct 27 21:38:09 jehin postfix/smtpd[15211]: connect from mhfr-02-bos.mailhop.org[63.208.196.166]
Oct 27 21:38:09 jehin postfix/smtpd[15211]: disconnect from mhfr-02-bos.mailhop.org[63.208.196.166]
Oct 27 21:40:13 jehin postfix/smtpd[15219]: connect from unknown[10.185.112.199]
Oct 27 21:41:04 jehin postfix/smtpd[15219]: disconnect from unknown[10.185.112.199]

Message was edited by: xjehin
Reply
User profile for user: pterobyte
pterobyte
User level: Level 6
11,104 points

Oct 27, 2008 1:50 PM in response to xjehin

This means you changed your configuration since you opened this thread. You would never have received a "recipient address rejected" rejection message otherwise.
It is important you follow instructions and answer questions without fiddling around in between, otherwise it becomes impossible to help.

In master.cf where you added the submission port, remove:
-o smtpd enforcetls = yes
Reply
User profile for user: xjehin
xjehin Author
User level: Level 1
0 points

Oct 27, 2008 2:32 PM in response to pterobyte

I apologize... Was trying to find a solution too and looks like I forgot to inform you about that point ...

This is the new result in log (for an outside mail):
Oct 27 22:26:54 jehin postfix/tlsmgr[15509]: warning: no entropy source specified with parameter tls randomsource
Oct 27 22:26:54 jehin postfix/tlsmgr[15509]: warning: encryption keys etc. may be predictable
Oct 27 22:26:54 jehin postfix/smtpd[15508]: connect from mhfr-03-bos.mailhop.org[63.208.196.167]
Oct 27 22:26:55 jehin postfix/trivial-rewrite[15511]: warning: do not list domain jehin.net in BOTH mydestination and virtual mailboxdomains
Oct 27 22:26:55 jehin postfix/smtpd[15508]: NOQUEUE: reject: RCPT from mhfr-03-bos.mailhop.org[63.208.196.167]: 554 5.7.1 <xavier@jehin.net>: Recipient address rejected: Access denied; from=<Xavier.Jehin@sogeti.be> to=<xavier@jehin.net> proto=SMTP helo=<mhfr-03-bos.mailhop.org>
Oct 27 22:26:55 jehin postfix/smtpd[15508]: disconnect from mhfr-03-bos.mailhop.org[63.208.196.167]

Telnet test:
sh-3.2# telnet jehin.net 587
Trying 81.245.99.141...
Connected to jehin.net.
Escape character is '^]'.
220 mail.jehin.net ESMTP Postfix
helo me
250 mail.jehin.net
mail from:
250 2.1.0 Ok
rcpt to:<xavier@jehin.net>
554 5.7.1 <xavier@jehin.net>: Recipient address rejected: Access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.

its log:
Oct 27 22:29:02 jehin postfix/smtpd[15528]: connect from unknown[10.185.112.199]
Oct 27 22:30:11 jehin postfix/trivial-rewrite[15532]: warning: do not list domain jehin.net in BOTH mydestination and virtual mailboxdomains
Oct 27 22:30:11 jehin postfix/smtpd[15528]: NOQUEUE: reject: RCPT from unknown[10.185.112.199]: 554 5.7.1 <xavier@jehin.net>: Recipient address rejected: Access denied; from= to=<xavier@jehin.net> proto=SMTP helo=<me>
Oct 27 22:30:20 jehin postfix/smtpd[15528]: disconnect from unknown[10.185.112.199]
Reply
User profile for user: xjehin
xjehin Author
User level: Level 1
0 points

Oct 27, 2008 5:02 PM in response to davidh

Here it is:

command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
enable serveroptions = yes
html_directory = no
inet_interfaces = all
local recipientmaps =
luser_relay = xavier
mail_owner = _postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message sizelimit = 20971520
mydestination = $myhostname,localhost.$mydomain,localhost,jehin.net
mydomain = jehin.net
mydomain_fallback = localhost
myhostname = mail.jehin.net
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = relay.skynet.be
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpd enforcetls = no
smtpd pw_server_securityoptions = none
smtpd recipientrestrictions = permit mynetworks,reject_unauthdestination,permit
smtpd sasl_authenable = no
smtpd tls_certfile = /etc/certificates/Default.crt
smtpd tls_keyfile = /etc/certificates/Default.key
smtpd tlsloglevel = 0
smtpd use_pwserver = no
smtpd usetls = yes
unknown local_recipient_rejectcode = 550
virtual mailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Recipient address rejected : Access denied (in reply to RCPT TO command)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up