NOQUEUE: reject: RCPT from on freebsd and postfix
Solution 1
FYI, 454 4.7.1 <[email protected]: Relay access denied;
was the result of defer_unauth_destination. It's slightly different with reject_unauth_destination, with reject means permanent error with code 550 and defer means temporary error with code 450.
But wait..., I don't have any parameter that use defer_unauth_destination. Where does the weird restriction come from?
Actually, postfix has one hidden restriction parameter called smtpd_relay_restriction
. It is new feature so older tutorial may not covers it. By default, smtpd_relay_restriction has value
# postconf smtpd_relay_restriction
permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
So, that explains where the defer_unauth_destination
But it didn't answered my question about my client getting rejected :(
The behavior of (defer|reject)_unauth_destination was documentation in postfix manual pages.
reject_unauth_destination
Reject the request unless one of the following is true:
- Postfix is mail forwarder: the resolved RCPT TO domain matches $relay_domains or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),
- Postfix is the final destination: the resolved RCPT TO domain matches $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).
In simple terms: postfix will check the recipient address. If domain part wasn't defined in relay_domains
(or its subdmomain), $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains, then postfix will reject it.
In your logs above, the recipient was [email protected], so it is obvious why postfix rejecting it.
Solution 2
I'm using THUNDERBIRD as MUA and I have same issues. I solved adding the IP address of my home PC on mynetworks parameter on main.cf
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 MyIpAddress
P.S. I don't have a static ip for my home PC so when my ISP change it I ave to adjust every time.
Related videos on Youtube
mine
Updated on September 18, 2022Comments
-
mine almost 2 years
I am building a server using this config -> http://www.purplehat.org/?page_id=4 and when trying to test basic email capabilities I get -> NOQUEUE: reject: RCPT from when try to send a test email.
Below are my related configs
How to I get postfix to send emails?
Logs output:
Feb 13 18:37:43 r2d2 dovecot: pop3-login: Login: user=<[email protected]>, method=PLAIN, rip=67.85.57.155, lip=107.191.60.48, mpid=13390, TLS, session=<QA0yiPwOiwBDVTmb> Feb 13 18:37:43 r2d2 dovecot: pop3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/4, size=68813 Feb 13 18:37:44 r2d2 postfix/smtpd[13391]: connect from ool-4355399b.dyn.optonline.net[67.85.57.155] Feb 13 18:37:46 r2d2 postfix/smtpd[13391]: NOQUEUE: reject: RCPT from ool-4355399b.dyn.optonline.net[67.85.57.155]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<Bramini> Feb 13 18:37:49 r2d2 postfix/smtpd[13391]: disconnect from ool-4355399b.dyn.optonline.net[67.85.57.155]
postconf -n
broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debug_peer_list = 127.0.0.1 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = /usr/local/share/doc/postfix inet_protocols = ipv4 mail_owner = postfix mailman_destination_recipient_limit = 1 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, localhost.$mydomain, localhost mydomain = ex-mailer.com myhostname = r2d2.ex-mailer.com mynetworks_style = host newaliases_path = /usr/local/bin/newaliases proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf list.ex-mailer.com sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/usr/local/etc/postfix/transport unknown_local_recipient_reject_code = 550 vacation_destination_recipient_limit = 1 virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:125 virtual_mailbox_base = /usr/local/virtual virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_limit_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later. virtual_minimum_uid = 125 virtual_overquota_bounce = yes virtual_transport = virtual virtual_uid_maps = static:125 postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: contencontent_filter=smtp-amavis:[127.0.0.1]:10024 postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
The domain
telecomm.com
was defined inrelay_domains
parameter. Here the content of/usr/local/etc/postfix/mysql_relay_domains_maps.cf
user = doughnuts password = [redacted] hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain="%s" and backupmx ="0" and active ="1"
netstat -an |less
Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 *.587 *.* LISTEN tcp4 0 0 127.0.0.1.10025 *.* LISTEN tcp4 0 0 *.465 *.* LISTEN tcp4 0 0 *.25 *.* LISTEN tcp4 0 128 107.191.60.48.2222 67.85.57.155.51823 ESTABLISHED tcp4 0 0 127.0.0.1.953 *.* LISTEN tcp4 0 0 127.0.0.1.53 *.* LISTEN tcp6 0 0 ::1.53 *.* LISTEN tcp4 0 0 107.191.60.48.53 *.* LISTEN tcp6 0 0 2001:19f0:7000:8.53 *.* LISTEN tcp4 0 0 *.8282 *.* LISTEN tcp6 0 0 *.8282 *.* LISTEN tcp4 0 0 *.8181 *.* LISTEN tcp6 0 0 *.8181 *.* LISTEN tcp4 0 0 107.191.60.48.2222 67.85.57.155.57964 ESTABLISHED tcp46 0 0 *.3306 *.* LISTEN tcp4 0 0 127.0.0.1.10024 *.* LISTEN tcp6 0 0 *.993 *.* LISTEN tcp4 0 0 *.993 *.* LISTEN tcp6 0 0 *.143 *.* LISTEN tcp4 0 0 *.143 *.* LISTEN
UPDATE 2/14/2015 1430 EST
Verbose logging output:
https://bpaste.net/show/6a2a70cb2ab5
By setting test computer IP to mynetworks = IP, You can see mail getting much farther through the system, but then chokes match classes. How do I force Postfix to match 0.0.0.0 any IP source /and destination domain?
cat /usr/local/etc/postfix/master.cf
# ========================================================================== smtp inet n - n - - smtpd smtps inet n - n - - smtpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache vacation unix - n n - - pipe flags=DRhu user=vacation argv=/var/spool/vacation/vacation.pl smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=2400 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings mailman unix - n n - - pipe flags=FR user=mailman:nobody argv=/usr/local/mailman/postfix-to-mailman.py ${nexthop} ${user} submission inet n - n - - smtpd -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_delay_reject=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_data_restrictions= -o smtpd_sasl_authenticated_header=yes -o receive_override_options=no_address_mappings -o syslog_name=postfix/submission
-
Dan over 9 yearsNeither from or to domains are local or configured as relay domains, therefore you get a relaying denied error
-
mine over 9 years@Dan it is supposed to be mapping that information from MySQL. mysql_relay_domains_maps.cf o.0
-
mine over 9 years@Dan and all database queries work as expected bpaste.net/show/e9be64528685
-
Dan over 9 yearsnyctelecomm.com (as in your db) and telecomm.com (as in your logs) are not the same domain
-
mine over 9 years@Dan because bpaste deletes its self after 14 days. I don't want my data lingering on the www forever. One is edited, one is not :)
-
mine over 9 years@Dan you can see the queries hitting the database so postfix 'knows about' whom is authorized to send for. but postfix isn't using the information, just denying me bpaste.net/show/3fd3830402a7
-
Dan over 9 years
mysql_virtual_domains_maps.cf
content (without db password of course)? -
Dan over 9 yearsHmmm, I do not define the query itself, but use something like this bpaste.net/show/cf30f82a89e3
-
masegaloeh over 9 years@Dan, mysql maps like above (without
query
parameter) was also supported as backward compatibility. The docs suggest that you should use mysql maps withquery
parameter postfix.org/mysql_table.5.html -
masegaloeh over 9 years@mine, could you enable postfix verbose mode like instructed in this page postfix.org/DEBUG_README.html#debug_peer? And don't forget to share the logs
-
mine over 9 years@masegaloeh It is failing on mynetworks. I have deleted everything related to mynetworks from main.cf but cannot get it to quit inspecting IP address. every email sender is dynamic IP bpaste.net/show/d2cfc0115883
-
mine over 9 years@Dan see above response
-
-
mine over 9 yearsI honestly thought you nailed. I ran into a similar issue some time ago. I make the change, I tried setting mynetworks to 0.0.0.0 and I even copied a config that address the exact issue you brought to light. Same error :( bpaste.net/show/a26076c941b4 bpaste.net/show/6def40226cea
-
masegaloeh over 9 yearsDon't set mynetworks to 0.0.0.0/0. Your server will turn into openrelay
-
masegaloeh over 9 yearsStill, I really don't know what are you trying to do... Your statement about 'test basic email capabilities' was still vague. This answer only explain why you get the error. No solution given here yet...
-
mine over 9 yearsit's a standard mailserver on a public IP. All clients are dynamic and routable. I just need to find the 'send all' button (not the open relay). i.e. sasl auth. It's hitting the database fine.
-
masegaloeh over 9 yearsGood. Now, we need to verify that SASL auth was properly configured on both server and client. Could you verified it by following [this docs](www.postfix.org/SASL_README.html#server_test)?
-
mine over 9 yearsI connect but auth fails but I 'do' see the query hit the database! o.0 -> 535 5.7.8 Error: authentication failed: -> bpaste.net/show/529eb6ccc11e
-
mine over 9 yearsI went ahead and checked it as right answer even though my issue ended up being a broken variable on relay_recipient_maps from screen breaking lines when pasting a config. Your answer is sooo correct in soooo many ways.
-
Lorenzo Lerate over 2 years0.0.0.0/0 will do the trick