Not able to send mails to external domain

[chandu]

Hi,

Our users are facing one strange issue. They are getting below error message while sending mail to external domain through ourlook express.


#################################################

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was test@yahoo.com. Subject '', Account: mail.example.com, Server: mail.example.com, Protocol: SMTP, Server Response: '554 5.7.1 <test@yahoo.com>: Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79

#################################################

And at server end I am getting below mentioned error :

###############################################

Jul 16 17:37:32 mail postfix/smtpd[22186]: NOQUEUE: reject: RCPT from unknown[161.231.232.1]: 554 5.7.1 <test@yahoo.com>: Relay access denied; from=<user@example.com> to=<test@yahoo.com> proto=SMTP helo=<01HW162613>

###############################################


I checked outlook configuration...everything is fine.."my server need authentication" and "same setting for my incoming server" is checked ..SSL for IMAP and POP3 is unchecked under Advanced.
SSL for IMAP and POP3 is unchecked at server end as well..

Only one strange thing i found that everytime its giving above mentioned error for IP with "unknown" mark....

SO for testing purpose I added user's desktop m/c ip in mail server's postconfig mynetwork and it worked...that particular user was able to send mail.....i never faced this issue.....
This is not the solution....is there any specific configuration i need to checked ??? my postfix mynetwork is as below :
mynetworks = 127.0.0.0/8 <mail server ip network> /24

And one more thing, through web interface user are able to send / recevie mails w/o any isuse..only the problem with outlook express and ms outlook while sending mails to external domain.


Please help me...i did all testing..but no luck


Thanks

[chandu]

I am really stuck.and not able to figure out what can be the reason for this issue..Please help...

Thanks

[phoenix]

Search the forums for '0x800CCC79'.

[chandu]

Hi Bill,

Thanks for your reply...I have already gone through all related links and tried most of the stuff...let me explain my config :

##################################################

[zimbra@mail ~]$ zmprov gs mail.example.com | grep -i auth
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: mail.example.com
zimbraMtaAuthTarget: TRUE
zimbraMtaAuthURL: http://mail.example.com :8100/service/soap/
zimbraMtaTlsAuthOnly: FALSE
[zimbra@mail ~]$


[zimbra@mail ~]$ zmprov gs mail.example.com | grep -i mode
zimbraBackupMode: Standard
zimbraMailMode: http
zimbraMailReferMode: wronghost
zimbraReverseProxyImapStartTlsMode: only
zimbraReverseProxyPop3StartTlsMode: only
[zimbra@mail ~]$


[zimbra@mail ~]$ zmprov gs mail.example.com | grep -i mta
zimbraMtaAntiSpamLockMethod: flock
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: mail.example.com
zimbraMtaAuthTarget: TRUE
zimbraMtaAuthURL: http://mail.example.com :8100/service/soap/
zimbraMtaDnsLookupsEnabled: TRUE
zimbraMtaMyDestination: localhost
zimbraMtaMyNetworks: 127.0.0.0/8 <mail server network>/24
zimbraMtaTlsAuthOnly: FALSE
aW9uIFN1aXRlMRgwFgYDVQQDEw90Y3MtaXRvbnRhcC5jb20wHh cNMDkwNzA3MTA1
OTA1WhcNMTAwNzA3MTA1OTA1WjB/MQswCQYDVQQGEwJVUzEMMAoGA1UECBMDTi9B
zimbraServiceEnabled: mta
zimbraServiceInstalled: mta
[zimbra@mail ~]$


##################################################

TLS connection is disabled at server end..only clear text login is enabled. .and at outlook side we have checked my server requires authentication....

########################################

In above config..I have highlighted one line for MTA config which i couldnt understand...what it mean...i never seen this line before...how to remove it ??

If u need any more details then please let me know...

Pls help...

Thanks

[phoenix]

Quote:

Originally Posted by chandu

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was test@yahoo.com. Subject '', Account: mail.example.com, Server: mail.example.com, Protocol: SMTP, Server Response: '554 5.7.1 <test@yahoo.com>: Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79

Quote:

Originally Posted by chandu

TLS connection is disabled at server end..only clear text login is enabled.

That statement and the one above in red contradict each other.

The error code 0x800CCC79 indicates that you're not Authenticating against the Zimbra server, you have a configuration problem.

Under no circumstances (if you care about security) should you have Clear Text login enabled on a public service, anyone can sniff your connection and get username/password details.

[sn00p]

Phoenix, Secure(SSL): No. It seems that problem is not with ssl and so on.

Try to check postfix configuration, especially mynetworks. Be sure that computers with outlook have correct ip-addresses, mentioned in mynetworks directive.

(c)Postfix.org
What clients to relay mail for
By default, Postfix will relay mail for clients in authorized networks.
Authorized client networks are defined by the mynetworks parameter. The default is to authorize all clients in the IP subnetworks that the local machine is attached to.

[chandu]

Hi sn00p...thanks for your inputs.

Please find my setting in /opt/zimbra/postfix/conf/main.cf related to mynetwork

###############################################
mynetworks = 127.0.0.0/8 <mail server ip network>/24
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, permit
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated

############################################


one domain is not on MPLS ( private network ) so i can not mentioned client's network in mynetwork ...ip range can be anything....as they are trying to access my server through internet.

Outgoing mails are not getting authenticated through my server..i knw this is the problem...n i checked all realted stuff...which looks like fine..but still its not working....

Bill,

as u suggested..i just tried with MTA - TLS authentication ON and reload MTA...but same error....


Please suggest....


And yes can anyone pls tell me why am I getting below lines in my MTA config as mentioned above :

aW9uIFN1aXRlMRgwFgYDVQQDEw90Y3MtaXRvbnRhcC5jb20wHh cNMDkwNzA3MTA1
OTA1WhcNMTAwNzA3MTA1OTA1WjB/MQswCQYDVQQGEwJVUzEMMAoGA1UECBMDTi9B

Please help.

Thanks

[uxbod]

Quote:

Originally Posted by chandu

aW9uIFN1aXRlMRgwFgYDVQQDEw90Y3MtaXRvbnRhcC5jb20wHh cNMDkwNzA3MTA1
OTA1WhcNMTAwNzA3MTA1OTA1WjB/MQswCQYDVQQGEwJVUzEMMAoGA1UECBMDTi9B

Where are you seeing this information

[chandu]

zimbra@mail ~]$ zmprov gs mail.example.com | grep -i mta
zimbraMtaAntiSpamLockMethod: flock
zimbraMtaAuthEnabled: TRUE
zimbraMtaAuthHost: mail.example.com
zimbraMtaAuthTarget: TRUE
zimbraMtaAuthURL: http://mail.example.com :8100/service/soap/
zimbraMtaDnsLookupsEnabled: TRUE
zimbraMtaMyDestination: localhost
zimbraMtaMyNetworks: 127.0.0.0/8 <mail server network>/24
zimbraMtaTlsAuthOnly: FALSE
aW9uIFN1aXRlMRgwFgYDVQQDEw90Y3MtaXRvbnRhcC5jb20wHh cNMDkwNzA3MTA1
OTA1WhcNMTAwNzA3MTA1OTA1WjB/MQswCQYDVQQGEwJVUzEMMAoGA1UECBMDTi9B
zimbraServiceEnabled: mta
zimbraServiceInstalled: mta
[zimbra@mail ~]$

I have found tht when tried to checked MTA config as above.

[sn00p]

Weird set of letters )) I don't have such set in our config files.

Postfix sends letters to outer world only from ip-addresses mentioned in mynetworks directive. Otherwise you could use SSL and so on.

Next idea is NAT and masquerading. You could aggregate ip-addresses used by your clients and NAT that addressses to one or more address ))) This procedure hides real network from outer world.

By the way. What problem do you want to resolve ?)