NOQUEUE: reject: RCPT from on freebsd and postfix

postfix smtp freebsd email-server
25,347

Solution 1

FYI, 454 4.7.1 <[email protected]: Relay access denied; was the result of defer_unauth_destination. It's slightly different with reject_unauth_destination, with reject means permanent error with code 550 and defer means temporary error with code 450.

But wait..., I don't have any parameter that use defer_unauth_destination. Where does the weird restriction come from?

Actually, postfix has one hidden restriction parameter called smtpd_relay_restriction. It is new feature so older tutorial may not covers it. By default, smtpd_relay_restriction has value

# postconf smtpd_relay_restriction
permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination

So, that explains where the defer_unauth_destination

But it didn't answered my question about my client getting rejected :(

The behavior of (defer|reject)_unauth_destination was documentation in postfix manual pages.

reject_unauth_destination

Reject the request unless one of the following is true:

  • Postfix is mail forwarder: the resolved RCPT TO domain matches $relay_domains or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),
  • Postfix is the final destination: the resolved RCPT TO domain matches $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).

In simple terms: postfix will check the recipient address. If domain part wasn't defined in relay_domains (or its subdmomain), $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains, then postfix will reject it.

In your logs above, the recipient was [email protected], so it is obvious why postfix rejecting it.

Solution 2

I'm using THUNDERBIRD as MUA and I have same issues. I solved adding the IP address of my home PC on mynetworks parameter on main.cf

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 MyIpAddress

P.S. I don't have a static ip for my home PC so when my ISP change it I ave to adjust every time.

Share:
25,347

Related videos on Youtube

mine
Author by

mine

Updated on September 18, 2022

Comments

  • mine
    mine almost 2 years

    I am building a server using this config -> http://www.purplehat.org/?page_id=4 and when trying to test basic email capabilities I get -> NOQUEUE: reject: RCPT from when try to send a test email.

    Below are my related configs

    How to I get postfix to send emails?

    Logs output:

    Feb 13 18:37:43 r2d2 dovecot: pop3-login: Login: user=<[email protected]>, method=PLAIN, rip=67.85.57.155, lip=107.191.60.48, mpid=13390, TLS, session=<QA0yiPwOiwBDVTmb>
Feb 13 18:37:43 r2d2 dovecot: pop3([email protected]): Disconnected: Logged out top=0/0, retr=0/0, del=0/4, size=68813
Feb 13 18:37:44 r2d2 postfix/smtpd[13391]: connect from ool-4355399b.dyn.optonline.net[67.85.57.155]
Feb 13 18:37:46 r2d2 postfix/smtpd[13391]: NOQUEUE: reject: RCPT from ool-4355399b.dyn.optonline.net[67.85.57.155]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<Bramini>
Feb 13 18:37:49 r2d2 postfix/smtpd[13391]: disconnect from ool-4355399b.dyn.optonline.net[67.85.57.155]

    postconf -n

    broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debug_peer_list = 127.0.0.1
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mailman_destination_recipient_limit = 1
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = ex-mailer.com
myhostname = r2d2.ex-mailer.com
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf list.ex-mailer.com
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
vacation_destination_recipient_limit = 1
virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_limit_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later.
virtual_minimum_uid = 125
virtual_overquota_bounce = yes
virtual_transport = virtual
virtual_uid_maps = static:125
postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: contencontent_filter=smtp-amavis:[127.0.0.1]:10024
postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes

    The domain telecomm.com was defined in relay_domains parameter. Here the content of /usr/local/etc/postfix/mysql_relay_domains_maps.cf

     user = doughnuts
 password = [redacted]
 hosts = localhost
 dbname = postfix
 query = SELECT domain FROM domain WHERE domain="%s" and backupmx ="0" and active ="1"

    netstat -an |less

    Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4       0      0 *.587                  *.*                    LISTEN
tcp4       0      0 127.0.0.1.10025        *.*                    LISTEN
tcp4       0      0 *.465                  *.*                    LISTEN
tcp4       0      0 *.25                   *.*                    LISTEN
tcp4       0    128 107.191.60.48.2222     67.85.57.155.51823     ESTABLISHED
tcp4       0      0 127.0.0.1.953          *.*                    LISTEN
tcp4       0      0 127.0.0.1.53           *.*                    LISTEN
tcp6       0      0 ::1.53                 *.*                    LISTEN
tcp4       0      0 107.191.60.48.53       *.*                    LISTEN
tcp6       0      0 2001:19f0:7000:8.53    *.*                    LISTEN
tcp4       0      0 *.8282                 *.*                    LISTEN
tcp6       0      0 *.8282                 *.*                    LISTEN
tcp4       0      0 *.8181                 *.*                    LISTEN
tcp6       0      0 *.8181                 *.*                    LISTEN
tcp4       0      0 107.191.60.48.2222     67.85.57.155.57964     ESTABLISHED
tcp46      0      0 *.3306                 *.*                    LISTEN
tcp4       0      0 127.0.0.1.10024        *.*                    LISTEN
tcp6       0      0 *.993                  *.*                    LISTEN
tcp4       0      0 *.993                  *.*                    LISTEN
tcp6       0      0 *.143                  *.*                    LISTEN
tcp4       0      0 *.143                  *.*                    LISTEN

    UPDATE 2/14/2015 1430 EST

    Verbose logging output:

    https://bpaste.net/show/6a2a70cb2ab5

    By setting test computer IP to mynetworks = IP, You can see mail getting much farther through the system, but then chokes match classes. How do I force Postfix to match 0.0.0.0 any IP source /and destination domain?

    cat /usr/local/etc/postfix/master.cf

    # ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
smtps     inet  n       -       n       -       -       smtpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

vacation  unix  -       n       n       -       -       pipe
  flags=DRhu user=vacation argv=/var/spool/vacation/vacation.pl

smtp-amavis unix - - n - 2 smtp
  -o smtp_data_done_timeout=2400
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks_style=host
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

mailman unix - n n - - pipe
  flags=FR user=mailman:nobody
  argv=/usr/local/mailman/postfix-to-mailman.py ${nexthop} ${user}

submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=may
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_delay_reject=yes
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o smtpd_data_restrictions=
  -o smtpd_sasl_authenticated_header=yes
  -o receive_override_options=no_address_mappings
  -o syslog_name=postfix/submission
    • Dan
      Dan over 9 years
      Neither from or to domains are local or configured as relay domains, therefore you get a relaying denied error
    • mine
      mine over 9 years
      @Dan it is supposed to be mapping that information from MySQL. mysql_relay_domains_maps.cf o.0
    • mine
      mine over 9 years
      @Dan and all database queries work as expected bpaste.net/show/e9be64528685
    • Dan
      Dan over 9 years
      nyctelecomm.com (as in your db) and telecomm.com (as in your logs) are not the same domain
    • mine
      mine over 9 years
      @Dan because bpaste deletes its self after 14 days. I don't want my data lingering on the www forever. One is edited, one is not :)
    • mine
      mine over 9 years
      @Dan you can see the queries hitting the database so postfix 'knows about' whom is authorized to send for. but postfix isn't using the information, just denying me bpaste.net/show/3fd3830402a7
    • Dan
      Dan over 9 years
      mysql_virtual_domains_maps.cf content (without db password of course)?
    • Dan
      Dan over 9 years
      Hmmm, I do not define the query itself, but use something like this bpaste.net/show/cf30f82a89e3
    • masegaloeh
      masegaloeh over 9 years
      @Dan, mysql maps like above (without query parameter) was also supported as backward compatibility. The docs suggest that you should use mysql maps with query parameter postfix.org/mysql_table.5.html
    • masegaloeh
      masegaloeh over 9 years
      @mine, could you enable postfix verbose mode like instructed in this page postfix.org/DEBUG_README.html#debug_peer? And don't forget to share the logs
    • mine
      mine over 9 years
      @masegaloeh It is failing on mynetworks. I have deleted everything related to mynetworks from main.cf but cannot get it to quit inspecting IP address. every email sender is dynamic IP bpaste.net/show/d2cfc0115883
    • mine
      mine over 9 years
      @Dan see above response
  • mine
    mine over 9 years
    I honestly thought you nailed. I ran into a similar issue some time ago. I make the change, I tried setting mynetworks to 0.0.0.0 and I even copied a config that address the exact issue you brought to light. Same error :( bpaste.net/show/a26076c941b4 bpaste.net/show/6def40226cea
  • masegaloeh
    masegaloeh over 9 years
    Don't set mynetworks to 0.0.0.0/0. Your server will turn into openrelay
  • masegaloeh
    masegaloeh over 9 years
    Still, I really don't know what are you trying to do... Your statement about 'test basic email capabilities' was still vague. This answer only explain why you get the error. No solution given here yet...
  • mine
    mine over 9 years
    it's a standard mailserver on a public IP. All clients are dynamic and routable. I just need to find the 'send all' button (not the open relay). i.e. sasl auth. It's hitting the database fine.
  • masegaloeh
    masegaloeh over 9 years
    Good. Now, we need to verify that SASL auth was properly configured on both server and client. Could you verified it by following [this docs](www.postfix.org/SASL_README.html#server_test)?
  • mine
    mine over 9 years
    I connect but auth fails but I 'do' see the query hit the database! o.0 -> 535 5.7.8 Error: authentication failed: -> bpaste.net/show/529eb6ccc11e
  • mine
    mine over 9 years
    I went ahead and checked it as right answer even though my issue ended up being a broken variable on relay_recipient_maps from screen breaking lines when pasting a config. Your answer is sooo correct in soooo many ways.
  • Lorenzo Lerate
    Lorenzo Lerate over 2 years
    0.0.0.0/0 will do the trick

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Relay access denied when using SMTP to external recipients POSTFIX FREEBSD
telnet localhost smtp gives warning: cannot connect to service
Zimbra doesn't send mail via smtp relay anmore
Mail not relaying in postfix
How to fix 'Relay Access Denied'
Settings to change to allow PostFix to accept outgoing mail from authenticated users
Reverse proxy for mailserver (SMTP + HTTP for web client)
What should I set in postfix's myhostname / mydestination?
POSTFIX cant connect from SMTP with TLS
How to stop or prevent Postfix / smtpd / Sasl brute forcing