Linux Postfix/Dovecot 554 Relay Access Denied

Linux postfix/dovecot 554 Relay access denied

If you use a postfix version newer then 2.10, then you need to add the smtpd_relay_restrictions option as described here:


# With Postfix 2.10 and later, the mail relay policy is
# preferably specified under smtpd_relay_restrictions.
/etc/postfix/main.cf:
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination

# Older configurations combine relay control and spam control under
# smtpd_recipient_restrictions. To use this example with Postfix ≥
# 2.10 specify "smtpd_relay_restrictions=".
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
...other rules...

After that, any sasl authenticated user should be able to send mails through the server using smtp.

Postfix 554 Relay access denied Error

Try to fix it with following steps:

  1. Run
    /usr/local/psa/admin/sbin/mchk --without-spam

  2. Start service
    /etc/init.d/pc-remote start

  3. Check that 'Mail service' is enabled for the subscription at Subscription -> Mail -> Change Settings Activate mail service on domain. If it is not enabled, turn it on.

Postfix SMTP on Remote Server Responds 554 Relay Access Denied for rcpt (recipient). Works okay on 'localhost' smtp server

Postfix' default configuration on Ubuntu allows relay access only on the local interface (i.e. localhost). When connecting on other interfaces (VM network), it requires SMTP authentication.

So you could either add authentication to your SMTP call or add your host ip to the allowed relay networks.

To achive the later, find the line in your /etc/postfix/main.cf file that reads

mynetworks = 127.0.0.0/8

and change it to

127.0.0.0/8,10.0.0.0/8

Then reload postfix with

sudo postfix reload

Edit:
Alternatively, you could set the mynetworks_style setting to

mynetworks_style = subnet

See BASIC CONFIGURATION README

Sending and receiving mails using Postfix/Dovecot

Hope this helps you:
ex. You have:

  • domain: mydomain.com
  • mail domain : mail.mydomain.com
  • Static IP: 123.123.123.123
  • MTA: postfix

a little bit more effort is required here:

- ISPs

  • Ask your ISP for reverse record (PTR) of the ip ie 123.123.123.123 to mail.mydomain.com
  • Ask your ISP to open the smtp port for the IP 123.123.123.123 (also dns port if you want fail over with multiple ips)

- CPANEL

  • add A Records: Type: A TTL: 3600 Host: mail.mydomain.com Points To: 123.123.123.123

  • Add MX Record: Type: MX TTL: 3600 Host: mydomain.com Priority: 10 Points To: mail.mydomain.com

  • Add MX Record: Type: MX TTL: 3600 Host: mydomain.com Priority: 20 Points To: mydomain.com

  • Configure SPF + DKIM + DMARC Record IN cPANEL ( dkim + dmarc generator)

  • Check and remove your IP 123.123.123.123 from blacklist sites .

- Mail Server

  • hostname: mail.mydomain.com

  • firewall open ports: 80,443,25,143,587,993,995 for email

  • add packages fail2ban (protects from external attack), policyd (limits incoming and outgoing email), claimav(Virus-Scanning)

MY MAILSERVER WORKING conf (for centos7):

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_notice_recipient = postmaster@mydomain.com
broken_sasl_auth_clients = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 30
default_destination_rate_delay = 5s
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
fast_flush_domains = $mydomain
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 5242880
milter_default_action = accept
mydestination = $myhostname
mydomain = mydomain.com
myhostname = mail.mydomain.com
mynetworks = cidr:/etc/postfix/network_table
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_recipient_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name. Send us your mail..not your spam!!
smtpd_client_connection_count_limit = 30
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_limit = 30
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10031, check_recipient_access hash:/etc/postfix/protected_destinations, hash:/etc/postfix/bad_recipients, check_sender_access hash:/etc/postfix/sender_access, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_reverse_client_hostname, reject_invalid_helo_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org, permit
smtpd_reject_footer = \c. For assistance, Please provide the following information in your problem report: time ($localtime), client ($client_address) and server ($server_name).
smtpd_restriction_classes = insiders_only
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = $virtual_mailbox_maps
smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10031, reject_sender_login_mismatch, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/mydomain.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/mydomain.com.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_gid_maps = static:12
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_minimum_uid = 150
virtual_transport = dovecot
virtual_uid_maps = static:150

doveconf -n

# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:30: 'imaps' protocol is no longer necessary, remove it
doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:30: 'imaps' protocol is no longer necessary, remove it
doveconf: Warning: service auth { client_limit=3000 } is lower than required under max. load (4000)
doveconf: Warning: service anvil { client_limit=3000 } is lower than required under max. load (3003)
# OS: Linux 3.10.0-693.21.1.el7.x86_64 x86_64 CentOS Linux release 7.4.1708 (Core) xfs
# Hostname: mail.mydomain.com
auth_default_realm = mydomain.com
auth_failure_delay = 5 secs
auth_mechanisms = plain login
auth_realms = mydomain.com
auth_verbose = yes
default_client_limit = 3000
default_process_limit = 1000
dict {
sqldomainquota = mysql:/etc/dovecot/dovecot-sql-domain.conf
sqluserquota = mysql:/etc/dovecot/dovecot-dict-sql-user.conf
}
first_valid_gid = 12
first_valid_uid = 150
last_valid_gid = 12
last_valid_uid = 150
listen = *,::
log_path = /var/log/dovecot.log
mail_debug = yes
mail_gid = mail
mail_location = maildir:/home/vmail/%d/%n
mail_plugins = " quota"
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
quota = dict:User Quota::proxy::sqluserquota
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_default = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/.sieve
sieve_global_dir = /var/lib/dovecot/sieve/
}
postmaster_address = postmaster@mydomain.com
protocols = imap sieve
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert = </etc/pki/tls/certs/mydomain.com.crt
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
verbose_proctitle = yes
protocol lda {
mail_plugins = " quota sieve quota"
}
protocol imap {
mail_plugins = " quota imap_quota"
}
protocol pop3 {
mail_plugins = " quota quota"
}

Roundcube Config

<?php

$config['db_dsnw'] = 'mysql://user:password@localhost/database';

$config['default_host'] = 'imaps://localhost';

$config['smtp_server'] = 'tls://localhost';

$config['smtp_user'] = '%u';

$config['smtp_pass'] = '%p';

$config['support_url'] = '';

$config['des_key'] = '5d4eed1d4eddizHjz6i6GTLb';

$config['username_domain'] = 'mydomain.com';

$config['product_name'] = 'Roundcube WebMail';

$config['plugins'] = array('archive','filters', 'globaladdressbook', 'hide_blockquote', 'identicon', 'jqueryui', 'markasjunk', 'new_user_identity', 'newmail_notifier', 'show_additional_headers','managesieve', 'zipdownload');

//clears trash when user logs out (if true)
#$config['logout_purge'] = true;

$config['default_port'] = 993;

$config['max_message_size'] = '5M';

This link might be a little help if you are working with debian.

Load postfix emails in Laravel

There's not ready out of the box on Laravel (or packages to it) that reads and parse postfix emails, at last I didn't found it.

But there's a great mail parser called php-mime-mail-parser that you can use to parse the raw email from /var/mail directory.

You will need to schedule a job to read this emails at every X minutes, store on a table, then remove them from /var/mail.

It isn't so complicated to develop, actually looks simpler then receive emails from Mailgun api for example.

Sorry about the answer don't contain any code, this is really something that you will need to develop.



Related Topics



Leave a reply



Submit