Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Relay access denied (in reply to RCPT TO command))

1,308 views
Skip to first unread message

Orestes Leal

unread,
Nov 1, 2007, 1:40:43 PM11/1/07
to
First of all my greetings to all members of the list,
I need some help here, yesterday my ISP has decided activate
SMTP_AUTH on my relay server ( running postfix on centos5), so I
configured postfix to do this, I've configured
sasl2 auth based on the Book Of Postfix and everything good,
I configured postfix too and all good, but, I only can send
email from my clientes to my domain, let's say to *@cha.jovenclub.cu and
works good, but then I tried to send an email to any other domain
I get this error in /var/mail/mail.log:


=================================================================
Nov 1 11:28:21 webdeveloper postfix/smtp[5856]: 3960FEE5A2:
to=<ad...@cenpalab.inf.cu>, relay=192.168.54.3[192.168.54.3]:25, delay=2,
delays=1.7/0.01/0.23/0.08, dsn=5.7.1, status=bounced (host
192.168.54.3[192.168.54.3] said: 554 5.7.1 <ad...@cenpalab.inf.cu>: Relay
access denied (in reply to RCPT TO command))
==================================================================

My domain it's cha.jovenclub.cu

My postconf -n:


==========================================

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_dns_lookups = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $mydomain, $myhostname
mydomain = jccestgo.cha.jovenclub.cu
myhostname = jccestgo
mynetworks = 192.168.3.0/24, 127.0.0.0/8
mynetworks_style = class
myorigin = mail.cha.jovenclub.cu
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = cha.jovenclub.cu
relayhost = [192.168.54.3]
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550

=====================================================

Any idea? I've doing several changes of the main.cf,
all other but the error it's the same, could be
a missconfiguration from my ISP?

Thanks for your time.

olr
===


Orestes Leal

unread,
Nov 1, 2007, 2:05:47 PM11/1/07
to

El Jue, 1 de Noviembre de 2007, 12:56 pm, Victor Duchovni escribió:

> On Thu, Nov 01, 2007 at 12:40:43PM -0500, Orestes Leal wrote:
>
>> =================================================================
>> Nov 1 11:28:21 webdeveloper postfix/smtp[5856]: 3960FEE5A2:
>> to=<ad...@cenpalab.inf.cu>, relay=192.168.54.3[192.168.54.3]:25,
>> delay=2,
>> delays=1.7/0.01/0.23/0.08, dsn=5.7.1, status=bounced (host
>> 192.168.54.3[192.168.54.3] said: 554 5.7.1 <ad...@cenpalab.inf.cu>:
>> Relay
>> access denied (in reply to RCPT TO command))
>> ==================================================================
>>
>> relayhost = [192.168.54.3]
>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>
> What is the lookup key for the SASL password in the "sasl_passwd" file?
> It should be "[192.168.54.3]":
>
> sasl_passwrd:
> # nexthop user:pass
> [192.168.54.3] aladdin:open_sesame
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majo...@postfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>

[192.168.54.3] orestesleal13022:password
[192.168.54.3] adrian13024:password
[192.168.54.3] jldiazvichot13021:password
[192.168.54.3] richardlrp13023:password
[192.168.54.3] david13027:password
[192.168.54.3] yutmely13026:password


Let's say like this?

However I get the same error 'Relay Acces Denied ( IN REPLY TO RCPT TO
command ) what do you think?

olr
===


Victor Duchovni

unread,
Nov 1, 2007, 2:11:36 PM11/1/07
to
On Thu, Nov 01, 2007 at 01:05:47PM -0500, Orestes Leal wrote:

> > What is the lookup key for the SASL password in the "sasl_passwd" file?
> > It should be "[192.168.54.3]":
> >
> > sasl_passwrd:
> > # nexthop user:pass
> > [192.168.54.3] aladdin:open_sesame
>

> [192.168.54.3] orestesleal13022:password
> [192.168.54.3] adrian13024:password
> [192.168.54.3] jldiazvichot13021:password
> [192.168.54.3] richardlrp13023:password
> [192.168.54.3] david13027:password
> [192.168.54.3] yutmely13026:password
>

What do you expect from multiple entries with the same lookup key?
Only the first one is added to the lookup table by "postmap". Which
*single* username/password is actually valid for relaying via this ISP?

Orestes Leal

unread,
Nov 1, 2007, 2:18:03 PM11/1/07
to

El Jue, 1 de Noviembre de 2007, 1:11 pm, Victor Duchovni escribió:
> On Thu, Nov 01, 2007 at 01:05:47PM -0500, Orestes Leal wrote:
>
>> > What is the lookup key for the SASL password in the "sasl_passwd"
>> file?
>> > It should be "[192.168.54.3]":
>> >
>> > sasl_passwrd:
>> > # nexthop user:pass
>> > [192.168.54.3] aladdin:open_sesame
>>
>> [192.168.54.3] orestesleal13022:password
>> [192.168.54.3] adrian13024:password
>> [192.168.54.3] jldiazvichot13021:password
>> [192.168.54.3] richardlrp13023:password
>> [192.168.54.3] david13027:password
>> [192.168.54.3] yutmely13026:password
>>
>

[192.168.54.3]:
orestesleal13022:pass
adrian13024:pass
jldiazvichot13021:pass
richardlrp13023:pass
david13027:pass
yutmely13026:pass
~
Like this?

Now I get this error from postmap

postmap: warning: /etc/postfix/sasl_passwd, line 7: record is in "key:
value" format; is this an alias file?

'Sorry' but can you give me a real example because my english
It's no so good to understand what do you mean.

olr
===

> What do you expect from multiple entries with the same lookup key?
> Only the first one is added to the lookup table by "postmap". Which
> *single* username/password is actually valid for relaying via this ISP?
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majo...@postfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>


love, peace and fuck the police ;-)


Victor Duchovni

unread,
Nov 1, 2007, 2:27:24 PM11/1/07
to
On Thu, Nov 01, 2007 at 01:18:03PM -0500, Orestes Leal wrote:

>
> El Jue, 1 de Noviembre de 2007, 1:11 pm, Victor Duchovni escribi??:


> > On Thu, Nov 01, 2007 at 01:05:47PM -0500, Orestes Leal wrote:
> >
> >> > What is the lookup key for the SASL password in the "sasl_passwd"
> >> file?
> >> > It should be "[192.168.54.3]":
> >> >
> >> > sasl_passwrd:
> >> > # nexthop user:pass
> >> > [192.168.54.3] aladdin:open_sesame
> >>
> >> [192.168.54.3] orestesleal13022:password
> >> [192.168.54.3] adrian13024:password
> >> [192.168.54.3] jldiazvichot13021:password
> >> [192.168.54.3] richardlrp13023:password
> >> [192.168.54.3] david13027:password
> >> [192.168.54.3] yutmely13026:password
>
> [192.168.54.3]:
> orestesleal13022:pass
> adrian13024:pass
> jldiazvichot13021:pass
> richardlrp13023:pass
> david13027:pass
> yutmely13026:pass
> ~
> Like this?

No. What problem are you trying to solve with multiple user:pass values?
Are you looking for:

http://www.postfix.org/postconf.5.html#smtp_sender_dependent_authentication

If so, the password lookup key is the sender address, not the nexthop and
is usually used with:

http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps

Orestes Leal

unread,
Nov 1, 2007, 2:32:35 PM11/1/07
to

Well, what's the real menaning then for the sasl_auth file?
I have 7 clients from my local network and my postfix servers
that relays to the postfix at my ISP, and I want to my users send
email without getting the Relay Access Denied in the ISP's server
response, so the question is: That Relay Access Denied Comes From
my missconfiguration of the sasl_auth file?

> http://www.postfix.org/postconf.5.html#smtp_sender_dependent_authentication
>
> If so, the password lookup key is the sender address, not the nexthop and
> is usually used with:
>
> http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majo...@postfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>

mouss

unread,
Nov 1, 2007, 2:46:42 PM11/1/07
to
Orestes Leal wrote:
>
> [192.168.54.3]:
> orestesleal13022:pass
> adrian13024:pass
> jldiazvichot13021:pass
> richardlrp13023:pass
> david13027:pass
> yutmely13026:pass
> ~
> Like this?
>

No. you can only use _one_ login:pass for a system. postfix is not a MUA
(Mail User Agent).

does your ISP require that sender address matches the login? If not,
chose one account and use it to authenticated. otherwise, you need a
more elaborate setup (based on sender dependent relay host and using
multiple instances...). it may be easier to deliver mail to a program
that does the routing to the ISP. This is not hard to write in perl (or
whatever poison your prefer). or you can try esmtp (see
http://esmtp.sourceforge.net/manual.html) but I have no experience with
this.

Ralf Hildebrandt

unread,
Nov 1, 2007, 2:49:30 PM11/1/07
to
* mouss <mlist...@free.fr>:

> Orestes Leal wrote:
> >
> > [192.168.54.3]:
> > orestesleal13022:pass
> > adrian13024:pass
> > jldiazvichot13021:pass
> > richardlrp13023:pass
> > david13027:pass
> > yutmely13026:pass
> > ~
> > Like this?
> >
>
> No. you can only use _one_ login:pass for a system. postfix is not a MUA
> (Mail User Agent).

Well, you can use sender based authentication...

sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_sasl_password_maps = hash:/etc/postfix/smtp_passwords
smtp_sender_dependent_authentication = yes

--
Ralf Hildebrandt (Ralf.Hil...@charite.de) pl...@charite.de
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
"It's 806 miles to Chicago, we've got a full tank of coffee, half a
fsckload of Y2K crap, it's dark, and we're wearing sunglasses."
"Hit it".

Orestes Leal

unread,
Nov 1, 2007, 6:36:15 PM11/1/07
to

uff, My system setup is:

1) 7 users, using Outlook, sylpheed.
2) 1 local area network connected to my dell server.
3) With that server I ran postfix 2.3
4) I have a relay host that 'needs' auth procedures.
5) I have sasl configured, all works inside my network.


My needs:

( I suppose )
One way to get the SMTP_AUTH login and password from the client
and my postfix server pass all this info to my relay server, that must let
me send emails to the outside world not only in my domain. It's this
possible?

Can be a missconfiguration at my ISP?

Thanks a lot.

olr
===


0 new messages