Relay access denied while I try to send emails

Question

Level 1

0 points

Relay access denied while I try to send emails

Hi list !

I am trying to set up mail server. Thanks to the list I have succeded in receiving emails on my Tiger mailserver. Unfortunately I have currently difficulties is just sending emails. (was thinking it was easier to set up emails going out than emails going in 🙂 )

each time I try to send emails (outside my domain) I get the following error message : "Relay access denied"

here is my postconf -n

Many thanks if someone can help me in solving this issue.

command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
enable serveroptions = yes
html_directory = no
inet_interfaces = all
local recipientmaps = proxy:unix:passwd.byname $alias_maps
luser_relay =
mail_owner = postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps rbldomains =
message sizelimit = 10485760
mydestination = $myhostname,localhost.$mydomain,localhost,youontheweb.net
mydomain = youontheweb.net
mydomain_fallback = localhost
myhostname = mail.youontheweb.net
mynetworks = 127.0.0.1/32,192.168.0.2/32,youontheweb.net
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd clientrestrictions = permit_mynetworks reject rblclient sbl-xbl.spamhaus.org permit
smtpd pw_server_securityoptions = none
smtpd recipientrestrictions = permit mynetworks,reject_unauthdestination,permit
smtpd sasl_authenable = no
smtpd tls_keyfile =
smtpd use_pwserver = no
unknown local_recipient_rejectcode = 550

Cube Mac OS X (10.4.4)

Posted on Jul 6, 2006 1:28 AM

Reply

Answer 1

UptimeJeff

Level 4

3,479 points

Jul 6, 2006 5:56 AM in response to eiffel

It's best to use SMTP Authentication, which you don't have enabled.
Otherwise, change:
mynetworks = 127.0.0.1/32,192.168.0.2/32,youontheweb.net

To:
mynetworks = 127.0.0.1/32,192.168.0.0/24

You can change the above directly in /etc/postfix/main.cf
or change in the GUI
ServerAdmin:Mail:Settings:Relay:Accept SMTP Relay only from these hosts

Jeff

Reply

Answer 2

eiffel Author

Level 1

0 points

Jul 7, 2006 1:33 AM in response to UptimeJeff

Many thanks for your help

but

are you sure that your proposal of

mynetworks = 127.0.0.1/32,192.168.0.0/24

this didn't work

I have changed to

mynetworks = 127.0.0.1/32,192.168.0.2/24

as 192.168.0.2 is the local network address of my tiger server.

I have been further with this parameter...
But now I get another error when I try to send an email from a user from my domain to outside.

I get a reverse DNS error.

What does it mean? what should I do ?
Best regards

Reply

Answer 3

davidh

Level 4

1,896 points

Jul 7, 2006 2:38 AM in response to eiffel

Are your clients pointed at an internal DNS server, or your ISPs ?
If it's not a DNS server within your LAN (192.168.0.0/24), or (for example) you point them at your router which itself is using your ISPs DNS servers, this will be seen as a disallowed relay attempt.

On one of your clients, fire up the Terminal (Applications/Utilities) and type in:
dig youontheweb.net

What IP comes back for the answer ?

As for Jeff's suggestion, please note:

whatmask 192.168.0.0/24

------------------------------------------------
TCP/IP NETWORK INFORMATION
------------------------------------------------
IP Entered = ..................: 192.168.0.0
CIDR = ........................: /24
Netmask = .....................: 255.255.255.0
Wildcard Bits = ...............: 0.0.0.255
------------------------------------------------
Network Address = .............: 192.168.0.0
Broadcast Address = ...........: 192.168.0.255
Usable IP Addresses = .........: 254
First Usable IP Address = .....: 192.168.0.1
Last Usable IP Address = ......: 192.168.0.254

whatmask 192.168.0.0/32

------------------------------------------------
TCP/IP NETWORK INFORMATION
------------------------------------------------
IP Entered = ..................: 192.168.0.0
CIDR = ........................: /32
Netmask = .....................: 255.255.255.255
Wildcard Bits = ...............: 0.0.0.0
------------------------------------------------
Network Address = .............: 192.168.0.0
Broadcast Address = ...........: 192.168.0.0
Usable IP Addresses = .........: 0
First Usable IP Address = .....: <none>
Last Usable IP Address = ......: <none>

It was necessary to change your subnetting/netmask from /32 to /24 as you can see. With a CIDR setting of 24 (subnet mask of 255.255.255.0) the available IP range is 192.168.0.0 - 192.168.0.255.

See http://www.postfix.org/basic.html#mynetworks

Reply

Answer 4

UptimeJeff

Level 4

3,479 points

Jul 7, 2006 6:59 AM in response to eiffel

I assumed you have a subnet of 255.255.2555.0
192.168.0.0/24 is correct if your clients are on 192.168.0.x addresses.

Did you stop/start mail service after making the change
You can use the GUI to stop/start or issue sudo postfix reload from terminal.

Also.. In the mail client, try entering the smtp server of 192.168.0.2 instead of the hostname you are probably using now.

Jeff

Reply

Answer 5

Jul 9, 2006 11:19 AM in response to eiffel

I had this exact problem while setting up my mail server and it was because I didn't have smtp authenitcation on and didn't have the client configured to authenticate. Also, make sure when setting up the client that it has the name of the server the same as you have it in server admin, and be sure that you have listed any names the mail might come to (i.e. you@example.com would need to say example.com) in server admin - mail/settings/Advanced/Hosting. I hope this is helpful.

Reply

Answer 6

eiffel Author

Level 1

0 points

Jul 9, 2006 3:03 PM in response to davidh

Hello,

Here is my Dig result. I have done this Dig command on the Tiger server.

Does it help you in any way ?

Fred

; <<>> DiG 9.2.2 <<>> youontheweb.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37856
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;youontheweb.net. IN A

;; ANSWER SECTION:
youontheweb.net. 28800 IN A 82.238.93.135

;; Query time: 135 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sun Jul 9 23:57:32 2006
;; MSG SIZE rcvd: 49

Reply

Answer 7

eiffel Author

Level 1

0 points

Jul 9, 2006 3:18 PM in response to UptimeJeff

Hi,

Yes my network subnet is 255.255.255.0
My Network router is 192.168.0.1
Same for my DNS Server.

They both point to my router.
DNS is managed by my ISP.

Yes I have tried using my Server IP address instead of domain name but without any success.

Fred

Reply

Answer 8

eiffel Author

Level 1

0 points

Jul 9, 2006 3:31 PM in response to UptimeJeff

Hi,

I still have the same problem.

When I try, via telnet, on the Tiger server, to send an email I get the following error :

500 no reverse path specified

Does it help you more?

Best regards,
Fred

Reply

Answer 9

eiffel Author

Level 1

0 points

Jul 10, 2006 4:42 AM in response to eiffel

Hi list.

I finally succeeded in resolving my problem.
I have set up in my ISP config a reverse DNS for mail.youontheweb.net

In the morning I was able to send some emails via my hosted email addresses.

It seems to be enough.

Many thanks for your help to all of you.

Fred

Reply

Answer 10

eiffel Author

Level 1

0 points

Jul 10, 2006 4:44 AM in response to eiffel

A DNS reverse on my machine was needed in my ISP config.

Reply