Linux postfix/dovecot 554 Relay access denied
If you use a postfix version newer then 2.10, then you need to add the smtpd_relay_restrictions
option as described here:
# With Postfix 2.10 and later, the mail relay policy is
# preferably specified under smtpd_relay_restrictions.
/etc/postfix/main.cf:
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
# Older configurations combine relay control and spam control under
# smtpd_recipient_restrictions. To use this example with Postfix ≥
# 2.10 specify "smtpd_relay_restrictions=".
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
...other rules...
After that, any sasl authenticated user should be able to send mails through the server using smtp.
Postfix 554 Relay access denied Error
Try to fix it with following steps:
Run
/usr/local/psa/admin/sbin/mchk --without-spamStart service
/etc/init.d/pc-remote startCheck that 'Mail service' is enabled for the subscription at Subscription -> Mail -> Change Settings Activate mail service on domain. If it is not enabled, turn it on.
Postfix SMTP on Remote Server Responds 554 Relay Access Denied for rcpt (recipient). Works okay on 'localhost' smtp server
Postfix' default configuration on Ubuntu allows relay access only on the local interface (i.e. localhost). When connecting on other interfaces (VM network), it requires SMTP authentication.
So you could either add authentication to your SMTP call or add your host ip to the allowed relay networks.
To achive the later, find the line in your /etc/postfix/main.cf
file that reads
mynetworks = 127.0.0.0/8
and change it to
127.0.0.0/8,10.0.0.0/8
Then reload postfix with
sudo postfix reload
Edit:
Alternatively, you could set the mynetworks_style
setting to
mynetworks_style = subnet
See BASIC CONFIGURATION README
Sending and receiving mails using Postfix/Dovecot
Hope this helps you:
ex. You have:
- domain: mydomain.com
- mail domain : mail.mydomain.com
- Static IP: 123.123.123.123
- MTA: postfix
a little bit more effort is required here:
- ISPs
- Ask your ISP for reverse record (PTR) of the ip ie 123.123.123.123 to mail.mydomain.com
- Ask your ISP to open the smtp port for the IP 123.123.123.123 (also dns port if you want fail over with multiple ips)
- CPANEL
add A Records: Type: A TTL: 3600 Host: mail.mydomain.com Points To: 123.123.123.123
Add MX Record: Type: MX TTL: 3600 Host: mydomain.com Priority: 10 Points To: mail.mydomain.com
Add MX Record: Type: MX TTL: 3600 Host: mydomain.com Priority: 20 Points To: mydomain.com
Configure SPF + DKIM + DMARC Record IN cPANEL ( dkim + dmarc generator)
Check and remove your IP 123.123.123.123 from blacklist sites .
- Mail Server
hostname: mail.mydomain.com
firewall open ports: 80,443,25,143,587,993,995 for email
add packages fail2ban (protects from external attack), policyd (limits incoming and outgoing email), claimav(Virus-Scanning)
MY MAILSERVER WORKING conf (for centos7):
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_notice_recipient = postmaster@mydomain.com
broken_sasl_auth_clients = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 30
default_destination_rate_delay = 5s
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
fast_flush_domains = $mydomain
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 5242880
milter_default_action = accept
mydestination = $myhostname
mydomain = mydomain.com
myhostname = mail.mydomain.com
mynetworks = cidr:/etc/postfix/network_table
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_recipient_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name. Send us your mail..not your spam!!
smtpd_client_connection_count_limit = 30
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 30
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, check_recipient_access hash:/etc/postfix/protected_destinations, hash:/etc/postfix/bad_recipients, check_sender_access hash:/etc/postfix/sender_access, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_reverse_client_hostname, reject_invalid_helo_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org, permit
smtpd_reject_footer = \c. For assistance, Please provide the following information in your problem report: time ($localtime), client ($client_address) and server ($server_name).
smtpd_restriction_classes = insiders_only
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = $virtual_mailbox_maps
smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10031, reject_sender_login_mismatch, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/mydomain.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/mydomain.com.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_gid_maps = static:12
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_minimum_uid = 150
virtual_transport = dovecot
virtual_uid_maps = static:150
doveconf -n
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:30: 'imaps' protocol is no longer necessary, remove it
doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:30: 'imaps' protocol is no longer necessary, remove it
doveconf: Warning: service auth { client_limit=3000 } is lower than required under max. load (4000)
doveconf: Warning: service anvil { client_limit=3000 } is lower than required under max. load (3003)
# OS: Linux 3.10.0-693.21.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) xfs
# Hostname: mail.mydomain.com
auth_default_realm = mydomain.com
auth_failure_delay = 5 secs
auth_mechanisms = plain login
auth_realms = mydomain.com
auth_verbose = yes
default_client_limit = 3000
default_process_limit = 1000
dict {
sqldomainquota = mysql:/etc/dovecot/dovecot-sql-domain.conf
sqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf
}
first_valid_gid = 12
first_valid_uid = 150
last_valid_gid = 12
last_valid_uid = 150
listen = *,::
log_path = /var/log/dovecot.log
mail_debug = yes
mail_gid = mail
mail_location = maildir:/home/vmail/%d/%n
mail_plugins = " quota"
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
quota = dict:User Quota::proxy::sqluserquota
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_default = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/.sieve
sieve_global_dir = /var/lib/dovecot/sieve/
}
postmaster_address = postmaster@mydomain.com
protocols = imap sieve
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert = </etc/pki/tls/certs/mydomain.com.crt
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
verbose_proctitle = yes
protocol lda {
mail_plugins = " quota sieve quota"
}
protocol imap {
mail_plugins = " quota imap_quota"
}
protocol pop3 {
mail_plugins = " quota quota"
}
Roundcube Config
<?php
$config['db_dsnw'] = 'mysql://user:password@localhost/database';
$config['default_host'] = 'imaps://localhost';
$config['smtp_server'] = 'tls://localhost';
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['support_url'] = '';
$config['des_key'] = '5d4eed1d4eddizHjz6i6GTLb';
$config['username_domain'] = 'mydomain.com';
$config['product_name'] = 'Roundcube WebMail';
$config['plugins'] = array('archive','filters', 'globaladdressbook', 'hide_blockquote', 'identicon', 'jqueryui', 'markasjunk', 'new_user_identity', 'newmail_notifier', 'show_additional_headers','managesieve', 'zipdownload');
//clears trash when user logs out (if true)
#$config['logout_purge'] = true;
$config['default_port'] = 993;
$config['max_message_size'] = '5M';
This link might be a little help if you are working with debian.
Load postfix emails in Laravel
There's not ready out of the box on Laravel (or packages to it) that reads and parse postfix emails, at last I didn't found it.
But there's a great mail parser called php-mime-mail-parser
that you can use to parse the raw email from /var/mail
directory.
You will need to schedule a job to read this emails at every X minutes, store on a table, then remove them from /var/mail
.
It isn't so complicated to develop, actually looks simpler then receive emails from Mailgun api for example.
Sorry about the answer don't contain any code, this is really something that you will need to develop.
Related Topics
How to Properly Debug a Bash Script
The Difference Between Wait_Queue_Head and Wait_Queue in Linux Kernel
Automatically Adjusting Process Priorities Under Linux
Cargo Plugin Throws Cargoexception When Deploying on Glassfish - Deployment Has Failed: Null
Take The Last Part of The Folder Path in Shell
Elastic Beanstalk: Log Task Customization on Amazon Linux 2 Platforms
Why Does The Linker Modify a -Defsym "Absolute Address"
Diff Files Inside of Zip Without Extracting It
Alternative to Valgrind (Memcheck) for Finding Leaks on Linux
Is There an Os Command I Can Run to Determine If Running Inside a Xen Based Virtual Machine
Docker Create Two Bridges That Corrupts My Internet Access
How to Write Kernel Space Memory (Physical Address) to a File Using O_Direct
How to Pass Input to a Running Service or Daemon