Postfix 554 error relay access denied

[altiris]

I would appreciate it if someone here could help me get rid of this error. I am copying already configured files from another Centos 6 system I set up and is confirmed to be working correctly (just checked a few minutes ago). I copied the config files to this new server and made sure to edit them accordingly (hostname/domain name etc) and when I try sending out an email to an external domain such as @yahoo.com using roundcube, I get this in a popup message

Code: Select all

SMTP Error (554): Failed to add recipient "emailhere@yahoo.com" (5.7.1 <emailhere@yahoo.com>: Relay access denied

/var/log/maillog just shows essentially the same thing (Note that I have replaced my hostname/domainname for privacy reasons)

Code: Select all

NOQUEUE: reject: RCPT from static-IPHERE.fios.verizon.net[IPHERE]: 554 5.7.1 <emailhere@yahoo.com>: Relay access denied; from=<bob@centosserver> to=<emailhere@yahoo.com> proto=ESMTP helo=<centosserver>

Here is my /etc/postfix/main.cf file (note that I also replaced actual hostname/domainname again, for privacy reasons)

Code: Select all

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = myhostname.mydomain.com
mydomain = mydomain.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 192.168.5.0/24, 127.0.0.0/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
smtpd_sasl_local_domain =
smtpd_client_restrictions = sleep 5
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client dnsbl-1.uceprotect.net, permit
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_unknown_sender_domain,
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/tls/private/mail.mydomain.com.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.mydomain.com.crt
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 0
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
content_filter=amavisfeed:[127.0.0.1]:10024
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit
unknown_address_reject_code  = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code   = 554

[avij]

NOQUEUE: reject: RCPT from static-IPHERE.fios.verizon.net[IPHERE]: 554 5.7.1 <emailhere@yahoo.com>: Relay access denied; from=<bob@centosserver> to=<emailhere@yahoo.com> proto=ESMTP helo=<centosserver>
mynetworks = 192.168.5.0/24, 127.0.0.0/8

I believe static-IPHERE.fios.verizon.net does not match that "mynetworks" definition. You could either add your server's IP address to "mynetworks", or alternatively, configure roundcube to use 127.0.0.1 as the SMTP server. I would prefer the latter approach.

[altiris]

NOQUEUE: reject: RCPT from static-IPHERE.fios.verizon.net[IPHERE]: 554 5.7.1 <emailhere@yahoo.com>: Relay access denied; from=<bob@centosserver> to=<emailhere@yahoo.com> proto=ESMTP helo=<centosserver>
mynetworks = 192.168.5.0/24, 127.0.0.0/8

I believe static-IPHERE.fios.verizon.net does not match that "mynetworks" definition. You could either add your server's IP address to "mynetworks", or alternatively, configure roundcube to use 127.0.0.1 as the SMTP server. I would prefer the latter approach.

I shouldn't have to do that though because the other server that is confirmed working (where I copied the config files from) also gives out that name externally (different IP) and I don't have it listed in mynetworks like that. Also since I enabled SASL/TLS I thought the mynetworks listings are not very crucial?

[avij]

Perhaps your new Roundcube setup does not use authentication when sending emails?

[altiris]

Perhaps your new Roundcube setup does not use authentication when sending emails?

I am not sure, I remember seeing something about AUTH=PLAIN not showing when doing "telnet localhost 25" however I remember doing "disable_plaintext = yes" or something.