Results 1 to 6 of 6

Thread: Relay access denied (another)

  1. #1
    aepittman is offline Member
    Join Date
    Sep 2012
    Posts
    10
    Rep Power
    2

    Default Relay access denied (another)

    Hi,
    I've been scratching my head on this. I've searched the forum and haven't come across anything that helps.

    I'm trying to receive mail from gmail and from verizon.net and get this error:

    Code:
    Sep 16 19:18:20 mail postfix/smtpd[24541]: NOQUEUE: reject: RCPT from mail-ob0-f175.google.com[209.85.214.175]: 554 5.7.1 <alan.pittman@mail-highlandscofc.org>: Relay access denied; from=<aepittman@gmail.com> to=<alan.pittman@mail-highlandscofc.org> proto=ESMTP helo=<mail-ob0-f175.google.com>
    
    Sep 16 21:12:31 mail postfix/smtpd[23640]: NOQUEUE: reject: RCPT from vms173007pub.verizon.net[206.46.173.7]: 554 5.7.1 <alan.pittman@mail-highlandscofc.org>: Relay access denied; from=<aepittman1@verizon.net> to=<alan.pittman@mail-highlandscofc.org> proto=ESMTP helo=<vms173007pub.verizon.net>
    I'm not sure if this is an issue or then issue, but is part of my problem the fact that my server's hostname is the same as the external DNS entry? Internally, the hostname and IP is mail.mail-hoghlandscofc.org (192.168.2.11), externally, it's mail.mail-highlandscofc.org (70.110.73.154). I do run split DNS via dnsmasq and the use of the nslookup command seems to return proper information.

    I did follow the steps for setting the lmtp option (zmlocalconfig -e postfix_lmtp_host_lookup=native). Didn't help. So it most likely wasn't the problem.

    Any assistance would be appreciated.

    Alan

    Version info: ZCS 8, CentOS6.3.

    Here my DNS info:

    Code:
    [zimbra@mail log]$ dig mail-highlandscofc.org mx
    
    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.3 <<>> mail-highlandscofc.org mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55562
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mail-highlandscofc.org.                IN      MX
    
    ;; ANSWER SECTION:
    mail-highlandscofc.org. 3600    IN      MX      5 pop.mail-highlandscofc.org.
    mail-highlandscofc.org. 3600    IN      MX      0 smtp.mail-highlandscofc.org.
    mail-highlandscofc.org. 3600    IN      MX      10 mail.mail-highlandscofc.org.
    
    ;; Query time: 172 msec
    ;; SERVER: 4.2.2.1#53(4.2.2.1)
    ;; WHEN: Sun Sep 16 21:14:27 2012
    ;; MSG SIZE  rcvd: 102

    Code:
    [zimbra@mail log]$ dig mail-highlandscofc.org any
    
    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.3 <<>> mail-highlandscofc.org any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 566
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mail-highlandscofc.org.                IN      ANY
    
    ;; ANSWER SECTION:
    mail-highlandscofc.org. 3600    IN      A       70.110.73.154
    mail-highlandscofc.org. 3564    IN      MX      5 pop.mail-highlandscofc.org.
    mail-highlandscofc.org. 3564    IN      MX      0 smtp.mail-highlandscofc.org.
    mail-highlandscofc.org. 3564    IN      MX      10 mail.mail-highlandscofc.org.
    mail-highlandscofc.org. 3600    IN      NS      ns11.domaincontrol.com.
    mail-highlandscofc.org. 3600    IN      NS      ns12.domaincontrol.com.
    mail-highlandscofc.org. 3600    IN      SOA     ns11.domaincontrol.com. dns.jomax.net. 2012082603 28800 7200 604800 3600
    
    ;; Query time: 79 msec
    ;; SERVER: 4.2.2.1#53(4.2.2.1)
    ;; WHEN: Sun Sep 16 21:15:03 2012
    ;; MSG SIZE  rcvd: 222
    Code:
    [zimbra@mail log]$ cat /etc/hosts
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    192.168.2.11    mail.mail-highlandscofc.org     mail
    Code:
    [root@mail etc]# cat ./resolv.conf
    # Generated by NetworkManager
    search mail-highlandscofc.org
    nameserver 127.0.0.1
    nameserver 4.2.2.1

    Code:
    [root@mail etc]# cat ./dnsmasq.conf.local
    server=4.2.2.1
    server=68.238.112.12
    server=4.2.2.2
    server=68.238.96.12
    
    listen-address=127.0.0.1
    
    domain=mail-highlandscofc.org
    
    mx-host=mail-highlandscofc.org,mail.mail-highlandscofc.org,10

    [
    Code:
    zimbra@mail ~]$ host `hostname`
    mail.mail-highlandscofc.org has address 192.168.2.11
    mail.mail-highlandscofc.org is an alias for mail-highlandscofc.org.
    mail.mail-highlandscofc.org is an alias for mail-highlandscofc.org.
    mail-highlandscofc.org mail is handled by 5 pop.mail-highlandscofc.org.
    mail-highlandscofc.org mail is handled by 0 smtp.mail-highlandscofc.org.
    mail-highlandscofc.org mail is handled by 10 mail.mail-highlandscofc.org.

    Code:
    [zimbra@mail ~]$ zmprov gd mail.mail-highlandscofc.org
    # name mail.mail-highlandscofc.org
    dc: mail
    o: mail.mail-highlandscofc.org domain
    objectClass: dcObject
    objectClass: organization
    objectClass: zimbraDomain
    objectClass: amavisAccount
    zimbraAdminConsoleCatchAllAddressEnabled: FALSE
    zimbraAdminConsoleDNSCheckEnabled: FALSE
    zimbraAdminConsoleLDAPAuthEnabled: FALSE
    zimbraAdminConsoleSkinEnabled: FALSE
    zimbraAutoProvBatchSize: 20
    zimbraAutoProvNotificationBody: Your account has been auto provisioned.  Your email address is ${ACCOUNT_ADDRESS}.
    zimbraAutoProvNotificationSubject: New account auto provisioned
    zimbraBasicAuthRealm: Zimbra
    zimbraCreateTimestamp: 20120916220332Z
    zimbraDomainAggregateQuota: 0
    zimbraDomainAggregateQuotaPolicy: ALLOWSENDRECEIVE
    zimbraDomainAggregateQuotaWarnPercent: 80
    zimbraDomainMandatoryMailSignatureEnabled: FALSE
    zimbraDomainName: mail.mail-highlandscofc.org
    zimbraDomainStatus: active
    zimbraDomainType: local
    zimbraExternalShareInvitationUrlExpiration: 0
    zimbraFileUploadMaxSizePerFile: 2147483648
    zimbraFreebusyExchangeCachedInterval: 60d
    zimbraFreebusyExchangeCachedIntervalStart: 7d
    zimbraFreebusyExchangeServerType: webdav
    zimbraGalAccountId: 187b14e8-962c-4d63-98b8-d37ed41dfa7a
    zimbraGalAlwaysIncludeLocalCalendarResources: FALSE
    zimbraGalAutoCompleteLdapFilter: externalLdapAutoComplete
    zimbraGalGroupIndicatorEnabled: TRUE
    zimbraGalInternalSearchBase: DOMAIN
    zimbraGalLdapAttrMap: (binary) userSMIMECertificate=userSMIMECertificate
    zimbraGalLdapAttrMap: (certificate) userCertificate=userCertificate
    zimbraGalLdapAttrMap: co=workCountry
    zimbraGalLdapAttrMap: company=company
    zimbraGalLdapAttrMap: description=notes
    zimbraGalLdapAttrMap: displayName,cn=fullName,fullName2,fullName3,fullName4,fullName5,fullName6,fullName7,fullName8,fullName9,fullName10
    zimbraGalLdapAttrMap: facsimileTelephoneNumber,fax=workFax
    zimbraGalLdapAttrMap: givenName,gn=firstName
    zimbraGalLdapAttrMap: homeTelephoneNumber,homePhone=homePhone
    zimbraGalLdapAttrMap: initials=initials
    zimbraGalLdapAttrMap: l=workCity
    zimbraGalLdapAttrMap: mobileTelephoneNumber,mobile=mobilePhone
    zimbraGalLdapAttrMap: msExchResourceSearchProperties=zimbraAccountCalendarUserType
    zimbraGalLdapAttrMap: objectClass=objectClass
    zimbraGalLdapAttrMap: ou=department
    zimbraGalLdapAttrMap: pagerTelephoneNumber,pager=pager
    zimbraGalLdapAttrMap: physicalDeliveryOfficeName=office
    zimbraGalLdapAttrMap: postalCode=workPostalCode
    zimbraGalLdapAttrMap: sn=lastName
    zimbraGalLdapAttrMap: st=workState
    zimbraGalLdapAttrMap: street,streetAddress=workStreet
    zimbraGalLdapAttrMap: telephoneNumber=workPhone
    zimbraGalLdapAttrMap: title=jobTitle
    zimbraGalLdapAttrMap: whenChanged,modifyTimeStamp=modifyTimeStamp
    zimbraGalLdapAttrMap: whenCreated,createTimeStamp=createTimeStamp
    zimbraGalLdapAttrMap: zimbraCalResBuilding=zimbraCalResBuilding
    zimbraGalLdapAttrMap: zimbraCalResCapacity,msExchResourceCapacity=zimbraCalResCapacity
    zimbraGalLdapAttrMap: zimbraCalResContactEmail=zimbraCalResContactEmail
    zimbraGalLdapAttrMap: zimbraCalResFloor=zimbraCalResFloor
    zimbraGalLdapAttrMap: zimbraCalResLocationDisplayName=zimbraCalResLocationDisplayName
    zimbraGalLdapAttrMap: zimbraCalResSite=zimbraCalResSite
    zimbraGalLdapAttrMap: zimbraCalResType,msExchResourceSearchProperties=zimbraCalResType
    zimbraGalLdapAttrMap: zimbraDistributionListSubscriptionPolicy=zimbraDistributionListSubscriptionPolicy
    zimbraGalLdapAttrMap: zimbraDistributionListUnsubscriptionPolicy=zimbraDistributionListUnsubscriptionPolicy
    zimbraGalLdapAttrMap: zimbraId=zimbraId
    zimbraGalLdapAttrMap: zimbraMailDeliveryAddress,zimbraMailAlias,mail=email,email2,email3,email4,email5,email6,email7,email8,email9,email10,email11,email12,email13,email14,email15,email16
    zimbraGalLdapAttrMap: zimbraMailForwardingAddress=member
    zimbraGalLdapAttrMap: zimbraPhoneticCompany,ms-DS-Phonetic-Company-Name=phoneticCompany
    zimbraGalLdapAttrMap: zimbraPhoneticFirstName,ms-DS-Phonetic-First-Name=phoneticFirstName
    zimbraGalLdapAttrMap: zimbraPhoneticLastName,ms-DS-Phonetic-Last-Name=phoneticLastName
    zimbraGalLdapPageSize: 1000
    zimbraGalLdapValueMap: zimbraAccountCalendarUserType: Room|Equipment RESOURCE
    zimbraGalLdapValueMap: zimbraCalResType: Room Location
    zimbraGalMaxResults: 100
    zimbraGalSyncLdapPageSize: 1000
    zimbraGalSyncMaxConcurrentClients: 2
    zimbraGalSyncTimestampFormat: yyyyMMddHHmmss'Z'
    zimbraGalTokenizeAutoCompleteKey: and
    zimbraGalTokenizeSearchKey: and
    zimbraId: 65868ae4-f298-42a6-ad14-89e6d343c09e
    zimbraInternalSharingCrossDomainEnabled: TRUE
    zimbraMailDomainQuota: 0
    zimbraMailSSLClientCertPrincipalMap: SUBJECT_EMAILADDRESS=name
    zimbraMailStatus: enabled
    zimbraReverseProxyClientCertMode: off
    zimbraSkinLogoURL: Zimbra offers Open Source email server software and shared calendar for Linux and the Mac.
    zimbraWebClientMaxInputBufferLength: 1024
    zimbraZimletDataSensitiveInMixedModeDisabled: TRUE
    Last edited by phoenix; 09-16-2012 at 11:30 PM.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Your resolv.conf contains the IP addresses of two DNS servers, one local and one external - it should only contain the DNS LAN IP server. Your DNS output is also from the external DNS server not the LAN. You need to fix the resolv file and post the output again and try the send from google to your server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    aepittman is offline Member
    Join Date
    Sep 2012
    Posts
    10
    Rep Power
    2

    Default

    Hi,
    I corrected the /etc/resolv.conf file as suggested:
    Code:
    [root@mail log]# cat /etc/resolv.conf
    # Generated by NetworkManager
    search mail-highlandscofc.org
    nameserver 127.0.0.1

    Then I attempted to send mail from my gmail.com and verizon.net accounts. I'm still getting the relay access denied messages:

    Code:
    Sep 17 18:19:43 mail postfix/smtpd[12899]: NOQUEUE: reject: RCPT from vms173011pub.verizon.net[206.46.173.11]: 554 5.7.1 <alan.pittman@mail-highlandscofc.org>: Relay access denied; from=<aepittman1@verizon.net> to=<alan.pittman@mail-highlandscofc.org> proto=ESMTP helo=<vms173011pub.verizon.net>
    
    
    Sep 17 18:18:40 mail postfix/smtpd[12899]: NOQUEUE: reject: RCPT from mail-oa0-f47.google.com[209.85.219.47]: 554 5.7.1 <alan.pittman@mail-highlandscofc.org>: Relay access denied; from=<aepittman@gmail.com> to=<alan.pittman@mail-highlandscofc.org> proto=ESMTP helo=<mail-oa0-f47.google.com>
    Did I miss a step somewhere? Do I need to add domain information in the admin GUI?

    Here's the updated information:

    Code:
    [root@mail log]# dig mail-highlandscofc.org mx
    
    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.3 <<>> mail-highlandscofc.org mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31943
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mail-highlandscofc.org.                IN      MX
    
    ;; ANSWER SECTION:
    mail-highlandscofc.org. 0       IN      MX      10 mail.mail-highlandscofc.org.
    
    ;; ADDITIONAL SECTION:
    mail.mail-highlandscofc.org. 0  IN      A       192.168.2.11
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Sep 17 18:27:11 2012
    ;; MSG SIZE  rcvd: 99

    Code:
    [root@mail log]# dig mail-highlandscofc.org any
    
    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.3 <<>> mail-highlandscofc.org any
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48055
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mail-highlandscofc.org.                IN      ANY
    
    ;; ANSWER SECTION:
    mail-highlandscofc.org. 0       IN      MX      10 mail.mail-highlandscofc.org.
    
    ;; ADDITIONAL SECTION:
    mail.mail-highlandscofc.org. 0  IN      A       192.168.2.11
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Sep 17 18:27:34 2012
    ;; MSG SIZE  rcvd: 99

    Code:
    [root@mail log]# host `hostname`
    mail.mail-highlandscofc.org has address 192.168.2.11
    mail.mail-highlandscofc.org is an alias for mail-highlandscofc.org.
    mail.mail-highlandscofc.org is an alias for mail-highlandscofc.org.
    mail-highlandscofc.org mail is handled by 0 smtp.mail-highlandscofc.org.
    mail-highlandscofc.org mail is handled by 10 mail.mail-highlandscofc.org.
    mail-highlandscofc.org mail is handled by 5 pop.mail-highlandscofc.org.
    Code:
    [root@mail log]# cat /etc/hosts
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    192.168.2.11    mail.mail-highlandscofc.org     mail
    Code:
    [root@mail log]# cat /etc/dnsmasq.conf.local
    server=4.2.2.1
    server=68.238.112.12
    server=4.2.2.2
    server=68.238.96.12
    
    listen-address=127.0.0.1
    
    domain=mail-highlandscofc.org
    
    mx-host=mail-highlandscofc.org,mail.mail-highlandscofc.org,10
    Last edited by phoenix; 09-18-2012 at 02:59 AM.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Have you made any configuration changes to Zimbra? I've just done a check on your DNS records and your appear to have an invalid reverse-DNS record, that will cause you problems at some time. Ialso should have spotted this earlier but...... your internal DNS records are correct but your external records do not have a valid A recprd for your domain:

    Code:
    dig mail-highlandscofc.org mx
    
    ; <<>> DiG 9.8.3-P3 <<>> mail-highlandscofc.org mx
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32896
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;mail-highlandscofc.org.                IN      MX
    
    ;; ANSWER SECTION:
    mail-highlandscofc.org. 3091    IN      MX      5 pop.mail-highlandscofc.org.
    mail-highlandscofc.org. 3091    IN      MX      10 mail.mail-highlandscofc.org.
    mail-highlandscofc.org. 3091    IN      MX      0 smtp.mail-highlandscofc.org.
    
    ;; ADDITIONAL SECTION:
    mail-highlandscofc.org. 3091    IN      A       70.110.73.154
    
    ;; Query time: 1 msec
    ;; SERVER: 192.168.1.10#53(192.168.1.10)
    ;; WHEN: Tue Sep 18 12:17:09 2012
    ;; MSG SIZE  rcvd: 118
    The highlighted line should look like this:

    Code:
    mail.mail-highlandscofc.org. 3091    IN      A       70.110.73.154
    Why do you also have three MX records for your server, in the format you're using them they serve no useful purpose that I can see.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    aepittman is offline Member
    Join Date
    Sep 2012
    Posts
    10
    Rep Power
    2

    Default

    Hi,
    I managed to get this working and thought I would give an update. After testing multiple things, I discovered that I was able to receive mail if I changed the domain portion of the email address from me.user@mail-highlandscofc.org to me.user@mail.mail-highlandscofc.org. That lead me to the thought of changing the MX to point to just mail-highlandscofc.org. Well, that alone didn't fix it. I then had to create an alias to my me.user@mail.mail-highlandscofc.org to be me.user@mail-highlandscofc.org with in zimbra. I think it's because the zimbra domain was initially defined as mail.mail-highlandscofc.org. I'm not really sure though because this is my first experience with setting any type of e-mail server. If Bill (phoenix) has anything to add, that would be great, but it's working and that's what matters right now.

    Alan

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    I'm glad you've got it working but none of what you've done should have been necessary. I see you have modified the external records but you didn't make the change, why did you not do that?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Relay access denied
    By neepie in forum Administrators
    Replies: 2
    Last Post: 03-06-2012, 01:57 PM
  2. Relay access denied
    By jpbuse in forum Installation
    Replies: 4
    Last Post: 02-15-2008, 05:10 PM
  3. 554 Relay Access Denied
    By eran in forum Administrators
    Replies: 12
    Last Post: 07-27-2007, 08:55 AM
  4. relay access denied
    By dadosah in forum Installation
    Replies: 3
    Last Post: 04-25-2007, 12:53 AM
  5. Relay Access Denied
    By kbarnd in forum Installation
    Replies: 2
    Last Post: 02-07-2007, 10:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •