Re: 554 5.7.1 relay access denied

Tue, 16 Feb 2010 10:53:05 -0800 

Jeff Lacki(j...@rahul.net)@Tue, Feb 16, 2010 at 10:37:24AM -0800:
(stuff)
> Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: NOQUEUE: reject: RCPT from 
> 99-74-xxx-xxx.lightspeed.cicril.sbcglobal.net[99.74.xxx.xxx]: 554 5.7.1 
> <j...@ra
> hul.net>: Relay access denied; from=<j...@mydomain.com> to=<j...@rahul.net> 
> proto=ESMTP helo=<[192.168.2.11]>
> Feb 17 13:29:06 202010-1 postfix/smtpd[21553]: disconnect from 
> 99-74-xxx-xxx.lightspeed.cicril.sbcglobal.net[99.74.xxx.xxx]
> 
> It appears (afaik) that Im authenticating from the log file above.
> I also set 'smtpd_tls_auth_only = no' and manually tested the
> authentication as working via telnet.
> 
> 250-PIPELINING
> 250-SIZE 15000000
> 250-ETRN
> 250-STARTTLS
> 250-AUTH PLAIN LOGIN
> 250-AUTH=PLAIN LOGIN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> auth plain AGplZmYAYkhrb3FhMjI=
> 235 2.7.0 Authentication successful
> quit
> 221 2.0.0 Bye

I think you know this, but just in case: that password is trivially
decodable.  If it's a real one, go change it quick :)

> I still cant seem to get remote relay access (smtp relaying)
> to work for single users (u...@mydomain.com).  Ive used
> mynetworks to relay for static ip's just fine, however I
> need it to work with my users who can be located anywhere,
> not just from a single static IP address.
> 
> Ive gone through the docs several times (and possibly
> missed things), but as far as I can tell, Im suppossed to
> use:
> 
> relay_recipient_maps = hash:/etc/postfix/relay_recipients
> relay_domains = hash:/etc/postfix/relay_domains
> 
> to get this to work.  
> 
> relay_recipients contains:
>       j...@mydomain.com      ok
> 
> relay_domains contains:
>       mydomain.com   relay

Do you have something like this in your main.cf:

smtpd_recipient_restrictions =
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    permit_mynetworks,
    permit_sasl_authenticated,

?

That "permit_sasl_authenticated" is what makes it work for my site.

Also, you're saying to allow relaying with a recipient of
"j...@mydomain.com", but your test email is to "j...@rahul.net".  A =/= B.

How about some "postconf -n" output for us?  Apologies if you've sent it
before, but it sounds like you've been making some changes.

-- 
Bill Weiss
 
There are two ways to write error-free programs; only the third one
works.

Reply via email to