I'm stuck with postfix on debian: 554 5.7.1 Relay access denied
I'm really stuck with a problem on my postfix installation for a few days ago. I know there is a lot of stuff about this on the net, but none of what I tried worked.
Here is my problem: I can send and receive (and read) emails to/from outside using my terminal on the server, thought SSH. I mean, when logged in my server. But I can't send email with a SMTP client through my server (outside my server network).
My server is Debian 9. I enabled SASL authentication with Cyrus SASL following the Debian wiki: https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL.
When I do telnet mail.myserver.com 25 and run EHLO I get:
250-mail.myserver.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
I can also authenticate with base64 from telnet:
AUTH PLAIN <base64_string>
235 2.7.0 Authentication successful
On my /etc/postfix/main.cf I have:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
And the problem is as follow:
I connected my server email address (myserveruser@myserver.com) to my personal Gmail address thought Settings > Accounts and import > "Send mail as" on my Gmail web client. I set my smtp server, user and user password. I used port 587 and TLS. It authenticated successfully and I completed the verification process.
However, when I use Gmail to send a email with "Send as myserveruser@myserver.com", it bounces on my server. From /var/log/mail.log I can read:
postfix/smtpd[1968]: connect from mail-ed1-f47.google.com[209.85.208.47]
postfix/smtpd[1968]: Anonymous TLS connection established from mail-ed1-f47.google.com[209.85.208.47]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
postfix/smtpd[1968]: NOQUEUE: reject: RCPT from mail-ed1-f47.google.com[209.85.208.47]: 554 5.7.1 <destination@notmydomain.com>: Relay access denied; from=<myserveruser@myserver.com> to=<destination@notmydomain.com> proto=ESMTP helo=<mail-ed1-f47.google.com>
postfix/smtpd[1968]: disconnect from mail-ed1-f47.google.com[209.85.208.47] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=6/8
As I said, sending a email to destination@notmydomain.com from my server terminal just works fine, with SPF, DKIM and DMARC pass.
I don't know what to do. I really appreciate if someone can help me with this.
email debian smtp postfix relay
asked Jan 17 at 19:37
Aitor AlonsoAitor Alonso
1
add a comment |
I'm really stuck with a problem on my postfix installation for a few days ago. I know there is a lot of stuff about this on the net, but none of what I tried worked.
Here is my problem: I can send and receive (and read) emails to/from outside using my terminal on the server, thought SSH. I mean, when logged in my server. But I can't send email with a SMTP client through my server (outside my server network).
My server is Debian 9. I enabled SASL authentication with Cyrus SASL following the Debian wiki: https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL.
When I do telnet mail.myserver.com 25 and run EHLO I get:
250-mail.myserver.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
I can also authenticate with base64 from telnet:
AUTH PLAIN <base64_string>
235 2.7.0 Authentication successful
On my /etc/postfix/main.cf I have:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
And the problem is as follow:
I connected my server email address (myserveruser@myserver.com) to my personal Gmail address thought Settings > Accounts and import > "Send mail as" on my Gmail web client. I set my smtp server, user and user password. I used port 587 and TLS. It authenticated successfully and I completed the verification process.
However, when I use Gmail to send a email with "Send as myserveruser@myserver.com", it bounces on my server. From /var/log/mail.log I can read:
postfix/smtpd[1968]: connect from mail-ed1-f47.google.com[209.85.208.47]
postfix/smtpd[1968]: Anonymous TLS connection established from mail-ed1-f47.google.com[209.85.208.47]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
postfix/smtpd[1968]: NOQUEUE: reject: RCPT from mail-ed1-f47.google.com[209.85.208.47]: 554 5.7.1 <destination@notmydomain.com>: Relay access denied; from=<myserveruser@myserver.com> to=<destination@notmydomain.com> proto=ESMTP helo=<mail-ed1-f47.google.com>
postfix/smtpd[1968]: disconnect from mail-ed1-f47.google.com[209.85.208.47] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=6/8
As I said, sending a email to destination@notmydomain.com from my server terminal just works fine, with SPF, DKIM and DMARC pass.
I don't know what to do. I really appreciate if someone can help me with this.
email debian smtp postfix relay
asked Jan 17 at 19:37
Aitor AlonsoAitor Alonso
1
2
Why does your config require authentication on port 25? That's the server-to-server port, and random third-party servers aren't going to log in with username/password whenever they want to deliver you mail. Authentication only makes sense on client-submission ports.
– grawity
Jan 17 at 19:47
add a comment |
I'm really stuck with a problem on my postfix installation for a few days ago. I know there is a lot of stuff about this on the net, but none of what I tried worked.
Here is my problem: I can send and receive (and read) emails to/from outside using my terminal on the server, thought SSH. I mean, when logged in my server. But I can't send email with a SMTP client through my server (outside my server network).
My server is Debian 9. I enabled SASL authentication with Cyrus SASL following the Debian wiki: https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL.
When I do telnet mail.myserver.com 25 and run EHLO I get:
250-mail.myserver.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
I can also authenticate with base64 from telnet:
AUTH PLAIN <base64_string>
235 2.7.0 Authentication successful
On my /etc/postfix/main.cf I have:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
And the problem is as follow:
I connected my server email address (myserveruser@myserver.com) to my personal Gmail address thought Settings > Accounts and import > "Send mail as" on my Gmail web client. I set my smtp server, user and user password. I used port 587 and TLS. It authenticated successfully and I completed the verification process.
However, when I use Gmail to send a email with "Send as myserveruser@myserver.com", it bounces on my server. From /var/log/mail.log I can read:
postfix/smtpd[1968]: connect from mail-ed1-f47.google.com[209.85.208.47]
postfix/smtpd[1968]: Anonymous TLS connection established from mail-ed1-f47.google.com[209.85.208.47]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
postfix/smtpd[1968]: NOQUEUE: reject: RCPT from mail-ed1-f47.google.com[209.85.208.47]: 554 5.7.1 <destination@notmydomain.com>: Relay access denied; from=<myserveruser@myserver.com> to=<destination@notmydomain.com> proto=ESMTP helo=<mail-ed1-f47.google.com>
postfix/smtpd[1968]: disconnect from mail-ed1-f47.google.com[209.85.208.47] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=6/8
As I said, sending a email to destination@notmydomain.com from my server terminal just works fine, with SPF, DKIM and DMARC pass.
I don't know what to do. I really appreciate if someone can help me with this.
email debian smtp postfix relay
asked Jan 17 at 19:37
Aitor AlonsoAitor Alonso
1
I'm really stuck with a problem on my postfix installation for a few days ago. I know there is a lot of stuff about this on the net, but none of what I tried worked.
Here is my problem: I can send and receive (and read) emails to/from outside using my terminal on the server, thought SSH. I mean, when logged in my server. But I can't send email with a SMTP client through my server (outside my server network).
My server is Debian 9. I enabled SASL authentication with Cyrus SASL following the Debian wiki: https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL.
When I do telnet mail.myserver.com 25 and run EHLO I get:
250-mail.myserver.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
I can also authenticate with base64 from telnet:
AUTH PLAIN <base64_string>
235 2.7.0 Authentication successful
On my /etc/postfix/main.cf I have:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
And the problem is as follow:
I connected my server email address (myserveruser@myserver.com) to my personal Gmail address thought Settings > Accounts and import > "Send mail as" on my Gmail web client. I set my smtp server, user and user password. I used port 587 and TLS. It authenticated successfully and I completed the verification process.
However, when I use Gmail to send a email with "Send as myserveruser@myserver.com", it bounces on my server. From /var/log/mail.log I can read:
postfix/smtpd[1968]: connect from mail-ed1-f47.google.com[209.85.208.47]
postfix/smtpd[1968]: Anonymous TLS connection established from mail-ed1-f47.google.com[209.85.208.47]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
postfix/smtpd[1968]: NOQUEUE: reject: RCPT from mail-ed1-f47.google.com[209.85.208.47]: 554 5.7.1 <destination@notmydomain.com>: Relay access denied; from=<myserveruser@myserver.com> to=<destination@notmydomain.com> proto=ESMTP helo=<mail-ed1-f47.google.com>
postfix/smtpd[1968]: disconnect from mail-ed1-f47.google.com[209.85.208.47] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=6/8
As I said, sending a email to destination@notmydomain.com from my server terminal just works fine, with SPF, DKIM and DMARC pass.
I don't know what to do. I really appreciate if someone can help me with this.
email debian smtp postfix relay
email debian smtp postfix relay
asked Jan 17 at 19:37
Aitor AlonsoAitor Alonso
1
asked Jan 17 at 19:37
Aitor AlonsoAitor Alonso
1
asked Jan 17 at 19:37
Aitor AlonsoAitor Alonso
1
asked Jan 17 at 19:37
Aitor AlonsoAitor Alonso
1
asked Jan 17 at 19:37
Aitor AlonsoAitor Alonso
1
1
2
Why does your config require authentication on port 25? That's the server-to-server port, and random third-party servers aren't going to log in with username/password whenever they want to deliver you mail. Authentication only makes sense on client-submission ports.
– grawity
Jan 17 at 19:47
add a comment |
2
Why does your config require authentication on port 25? That's the server-to-server port, and random third-party servers aren't going to log in with username/password whenever they want to deliver you mail. Authentication only makes sense on client-submission ports.
– grawity
Jan 17 at 19:47
2
2
Why does your config require authentication on port 25? That's the server-to-server port, and random third-party servers aren't going to log in with username/password whenever they want to deliver you mail. Authentication only makes sense on client-submission ports.
– grawity
Jan 17 at 19:47
Why does your config require authentication on port 25? That's the server-to-server port, and random third-party servers aren't going to log in with username/password whenever they want to deliver you mail. Authentication only makes sense on client-submission ports.
– grawity
Jan 17 at 19:47
add a comment |
1 Answer
1
active
oldest
votes
Solved. Just had to add permit_sasl_authenticated to smtpd_relay_restrictions too, not only to smtpd_recipient_restrictions
answered Jan 18 at 0:18
Aitor AlonsoAitor Alonso
1
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395511%2fim-stuck-with-postfix-on-debian-554-5-7-1-relay-access-denied%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Solved. Just had to add permit_sasl_authenticated to smtpd_relay_restrictions too, not only to smtpd_recipient_restrictions
answered Jan 18 at 0:18
Aitor AlonsoAitor Alonso
1
add a comment |
Solved. Just had to add permit_sasl_authenticated to smtpd_relay_restrictions too, not only to smtpd_recipient_restrictions
answered Jan 18 at 0:18
Aitor AlonsoAitor Alonso
1
add a comment |
Solved. Just had to add permit_sasl_authenticated to smtpd_relay_restrictions too, not only to smtpd_recipient_restrictions
answered Jan 18 at 0:18
Aitor AlonsoAitor Alonso
1
Solved. Just had to add permit_sasl_authenticated to smtpd_relay_restrictions too, not only to smtpd_recipient_restrictions
answered Jan 18 at 0:18
Aitor AlonsoAitor Alonso
1
answered Jan 18 at 0:18
Aitor AlonsoAitor Alonso
1
answered Jan 18 at 0:18
Aitor AlonsoAitor Alonso
1
answered Jan 18 at 0:18
Aitor AlonsoAitor Alonso
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1395511%2fim-stuck-with-postfix-on-debian-554-5-7-1-relay-access-denied%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Why does your config require authentication on port 25? That's the server-to-server port, and random third-party servers aren't going to log in with username/password whenever they want to deliver you mail. Authentication only makes sense on client-submission ports.
– grawity
Jan 17 at 19:47