Level 1

0 points

Recipient address rejected : Access denied (in reply to RCPT TO command)

Hi,

I run Mac OS X Server 10.5.5 with mail service. smtp is on port 587. I created an account which only forward to another account on an external domain.

When trying to send a mail from outside to that account, the sender receive "554 5.7.1 <xavier@jehin.net>: Recipient address rejected : Access denied (in reply to RCPT TO command)".

Any idea?

Kind regards,

Xavier.

Here is my postconf:

command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
enable serveroptions = yes
html_directory = no
inet_interfaces = all
local recipientmaps =
luser_relay = xavier
mail_owner = _postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message sizelimit = 20971520
mydestination = $myhostname,localhost.$mydomain,localhost,jehin.net
mydomain = jehin.net
mydomain_fallback = localhost
myhostname = mail.jehin.net
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = relay.skynet.be
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpd enforcetls = no
smtpd pw_server_securityoptions = none
smtpd recipientrestrictions = permit mynetworks,reject_unauthdestination,permit
smtpd sasl_authenable = no
smtpd tls_certfile = /etc/certificates/Default.crt
smtpd tls_keyfile = /etc/certificates/Default.key
smtpd tlsloglevel = 0
smtpd use_pwserver = no
smtpd usetls = yes
unknown local_recipient_rejectcode = 550
virtual mailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp

iMac, Mac OS X (10.5.5)

Posted on Oct 26, 2008 8:27 AM

25 replies

xjehin Author

Level 1

0 points

Oct 28, 2008 9:03 AM in response to pterobyte

I dropped virtual domain.

I confirm xavier is mail enabled in WGM, more specifically set to Forward with the corresponding adress

What do you mean by 'has access rights set in Server Admin'?

Kind regards,

Xavier.

pterobyte

Level 6

11,104 points

Oct 28, 2008 12:51 PM in response to xjehin

Why do you set it to forward if you want to receive mail for it on your server?

Check Server Admin -> "hostname" -> Settings -> Access

xjehin Author

Level 1

0 points

Oct 28, 2008 2:04 PM in response to pterobyte

Hi Pterobyte,

This first account is mine, so I forward it to my professional address. As soon as the server will be ok, the plan is to recreate corresponding mailboxes for the other members of the family, and they will use in POP mode with their mail client, like with the current Windows server.

For 'Settings->Access': 'Services->mail' is set to "Allow all users and groups". Is it correct? I wonder if this is not an issue with local users vs network users. Do you have any advice to check that point?

Kind regards,

Xavier.

pterobyte

Level 6

11,104 points

Oct 29, 2008 1:33 AM in response to xjehin

First of all, take out the forward. The first rule when troubleshooting is to keep things simple.

xjehin Author

Level 1

0 points

Oct 29, 2008 10:54 AM in response to pterobyte

Here is the result with mail enabled:

Oct 29 18:52:50 jehin postfix/smtpd[46902]: NOQUEUE: reject: RCPT from mhfr-03-bos.mailhop.org[63.208.196.167]: 554 5.7.1 <xavier@jehin.net>: Recipient address rejected: Access denied; from=<Xavier.Jehin@sogeti.be> to=<xavier@jehin.net> proto=SMTP helo=<mhfr-03-bos.mailhop.org>
Oct 29 18:52:50 jehin postfix/smtpd[46902]: disconnect from mhfr-03-bos.mailhop.org[63.208.196.167]

pterobyte

Level 6

11,104 points

Oct 29, 2008 11:27 AM in response to xjehin

Assuming (as you confirmed previously), Xavier is mail enabled in WGM and SA, try and edit /etc/postfix/main.cf (in Terminal or a text editor, not Word) and:

add:
alias_maps = hash:/etc/aliases

remove:
local recipientmaps =
luser_relay = xavier

When done, issue:
cd /etc/postfix
sudo newaliases
sudo postalias aliases
sudo postfix reload

Also, in WGM, make sure the the shortname is xavier and not xavier@jehin.net

-

Failing that, please show what exactly you added to master.cf

xjehin Author

Level 1

0 points

Oct 29, 2008 12:08 PM in response to pterobyte

Here is the log:
Oct 29 20:05:19 jehin postfix/tlsmgr[47414]: warning: no entropy source specified with parameter tls randomsource
Oct 29 20:05:19 jehin postfix/tlsmgr[47414]: warning: encryption keys etc. may be predictable
Oct 29 20:05:19 jehin postfix/smtpd[47412]: connect from mhfr-05-bos.mailhop.org[63.208.196.175]
Oct 29 20:05:19 jehin postfix/smtpd[47412]: NOQUEUE: reject: RCPT from mhfr-05-bos.mailhop.org[63.208.196.175]: 554 5.7.1 <xavier@jehin.net>: Recipient address rejected: Access denied; from=<Xavier.Jehin@sogeti.be> to=<xavier@jehin.net> proto=SMTP helo=<mhfr-05-bos.mailhop.org>
Oct 29 20:05:19 jehin postfix/smtpd[47412]: disconnect from mhfr-05-bos.mailhop.org[63.208.196.175]

In WGM, the name in Xavier->Basic->name is 'xavier'. Is it the shortname you are referring to ?

Extract from main.cf:

# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases

readme_directory = /usr/share/doc/postfix
mydomain_fallback = localhost
message sizelimit = 20971520
myhostname = mail.jehin.net
mailbox_transport = cyrus
mailbox sizelimit = 0
enable serveroptions = yes
inet_interfaces = all
#local recipientmaps =
#luser_relay = xavier
mydomain = jehin.net
relayhost = relay.skynet.be
mydestination = $myhostname,localhost.$mydomain,localhost,jehin.net
smtpd use_pwserver = no
smtpd recipientrestrictions = permit mynetworks,reject_unauthdestination,permit
smtpd pw_server_securityoptions = none
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd sasl_authenable = no
mynetworks = 127.0.0.0/8
virtual_transport = virtual
virtual mailboxdomains =
smtpd usetls = yes
smtpd enforcetls = no
smtpd tls_certfile = /etc/certificates/Default.crt
smtpd tls_keyfile = /etc/certificates/Default.key
smtpd tlsloglevel = 0

pterobyte

Level 6

11,104 points

Oct 29, 2008 12:19 PM in response to xjehin

Need to see the changes you made to master.cf when you added port 587, not main.cf

xjehin Author

Level 1

0 points

Oct 29, 2008 12:26 PM in response to pterobyte

Here it is:
smtp inet n - n - - smtpd
587 inet n - n - - smtpd
-o smtpd clientrestrictions=
-o smtpd recipient_restrictions=permit_saslauthenticated,reject
-o content_filter=

pterobyte

Level 6

11,104 points

Oct 30, 2008 8:39 AM in response to xjehin

You are only allowing authenticated users on port 587. This setup is fine when used for your clients. It will not work when a relaying server needs to connect.

Either set the relaying server to authenticate, or remove:
-o smtpd clientrestrictions=
-o smtpd recipient_restrictions=permit_saslauthenticated,reject
-o content_filter=

Would be better to have it authenticate if possible.

(Actually it would be better to run a mail server off a static IP and avoid messy and error prone setups).

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Recipient address rejected : Access denied (in reply to RCPT TO command)