Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Getting Relay Access Denied Errors

  1. #1
    pwalborn is offline Junior Member
    Join Date
    Aug 2009
    Location
    Klamath Falls, OR
    Posts
    5
    Rep Power
    5

    Default Getting Relay Access Denied Errors

    I am evaluating Zimbra for the possible use for all of our International offices and having some difficulities with setting up Zimbra. I have read through tons of info on the forum and googled everything I can think of, but still having some minor problems. Actually, I am able to login to the mailbox locally and send/recieve email internally and externally. The problem occurs when I try to setup POP3 access from the client computer in our UK office. We get the relay access denied error as well as an error in the zimbra log.

    Aug 18 10:16:43 zmail postfix/smtpd[24863]: connect from unknown[77.44.37.200]
    Aug 18 10:16:43 zmail postfix/smtpd[24863]: warning: restriction `blacklist_from' after `permit' is ignored
    Aug 18 10:16:43 zmail postfix/smtpd[24863]: A72C9BB05AA: client=unknown[77.44.37.200]
    Aug 18 10:16:44 zmail postfix/smtpd[24863]: warning: restriction `blacklist_from' after `permit' is ignored
    Aug 18 10:16:44 zmail postfix/smtpd[24863]: 790EFBB05AA: client=unknown[77.44.37.200]


    I think the problem exists with using virtual domains and how the email header is being read externally. I have the primary domain setup and it works with no problems internally/externally or POP3. I have one virtual domain setup and when you look at the header info, it looks like it is coming from the primary domain. We are so close to getting this to work, but have spent so much time looking at it that I am probably just missing some simple.

    Here is the results of the normally asked configs:

    cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1 localhost.localdomain localhost
    192.168.253.55 zmail.simplexityhealth.net zmail

    cat /etc/resolv.conf
    domain simplexityhealth.net
    nameserver 192.168.253.30
    nameserver 192.168.252.30

    dig simplexityhealth.net mx

    ; <<>> DiG 9.4.0 <<>> simplexityhealth.net mx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8467
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;simplexityhealth.net. IN MX

    ;; ANSWER SECTION:
    simplexityhealth.net. 3600 IN MX 10 zmail.simplexityhealth.net.

    ;; ADDITIONAL SECTION:
    zmail.simplexityhealth.net. 3600 IN A 192.168.253.55

    ;; Query time: 23 msec
    ;; SERVER: 192.168.253.30#53(192.168.253.30)
    ;; WHEN: Thu Aug 13 12:48:27 2009
    ;; MSG SIZE rcvd: 76

    dig simplexityhealth.net any

    ; <<>> DiG 9.4.0 <<>> simplexityhealth.net any
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57770
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7

    ;; QUESTION SECTION:
    ;simplexityhealth.net. IN ANY

    ;; ANSWER SECTION:
    simplexityhealth.net. 3600 IN NS srv2.celltech.local.
    simplexityhealth.net. 3600 IN NS srv1.celltech.local.
    simplexityhealth.net. 3600 IN SOA srv1.celltech.local. hostmaster.celltech.local. 10 900 600 86400 3600
    simplexityhealth.net. 3600 IN MX 10 zmail.simplexityhealth.net.

    ;; ADDITIONAL SECTION:
    srv2.celltech.local. 3600 IN A 192.168.253.7
    srv2.celltech.local. 3600 IN A 192.168.253.11
    srv2.celltech.local. 3600 IN A 192.168.253.34
    srv2.celltech.local. 3600 IN A 192.168.253.15
    srv2.celltech.local. 3600 IN A 192.168.252.30
    srv1.celltech.local. 3600 IN A 192.168.253.30
    zmail.simplexityhealth.net. 3600 IN A 192.168.253.55

    ;; Query time: 1 msec
    ;; SERVER: 192.168.253.30#53(192.168.253.30)
    ;; WHEN: Thu Aug 13 12:48:34 2009
    ;; MSG SIZE rcvd: 271

    [root@zmail zimbra]# host `hostname`
    zmail.simplexityhealth.net has address 192.168.253.55


    Any assistance would be appreciated and also know that I am extremely new to Linux and Zimbra. This has been a trial by fire experience for me, a little frustrating, but fun.

    Thanks,
    -Paul-

  2. #2
    cesarflet is offline Junior Member
    Join Date
    Aug 2009
    Location
    Colombia
    Posts
    6
    Rep Power
    5

    Default

    I suggest to test to see if your domains are spam lists. I use Email Blacklist Check - See if your server is blacklisted to start.

    Also tested the mx lookup in MX Lookup Tool - Check your DNS MX Records online to corroborate if it is responding adequately

  3. #3
    pwalborn is offline Junior Member
    Join Date
    Aug 2009
    Location
    Klamath Falls, OR
    Posts
    5
    Rep Power
    5

    Default MX Toolbox

    Not reported on any blacklists.

    I had already checked the MX Toolbox Diags.

    RESULT: zmail.simplexityhealth.net ***primary domain***
    Banner: 220 zmail.simplexityhealth.net ESMTP Postfix
    Connect Time: 0 seconds - Good
    Transaction Time: 0.547 seconds - Good
    Relay Check: OK - This server is not an open relay.
    Rev DNS Check: OK - 208.35.137.64 resolves to zmail.simplexityhealth.net
    GeoCode Info: Geocoding server is unavailable
    Session Transcript: HELO please-read-policy.mxtoolbox.com
    250 zmail.simplexityhealth.n [94 ms]
    MAIL FROM:
    250 2.1.0 [266 ms]
    RCPT TO:
    554 5.7.1 : Relay access deni [94 ms]
    QUIT
    221 2.0.0 B [94 ms]

    RESULT: mail.simplexityhealth.co.uk ***virtual domain***
    Banner: 220 zmail.simplexityhealth.net ESMTP Postfix
    Connect Time: 0 seconds - Good
    Transaction Time: 0.406 seconds - Good
    Relay Check: OK - This server is not an open relay.
    Rev DNS Check: OK - 208.35.137.64 resolves to mail.simplexityhealth.co.uk
    GeoCode Info: Geocoding server is unavailable
    Session Transcript: HELO please-read-policy.mxtoolbox.com
    250 zmail.simplexityhealth.n [109 ms]
    MAIL FROM:
    250 2.1.0 [94 ms]
    RCPT TO:
    554 5.7.1 : Relay access deni [94 ms]
    QUIT
    221 2.0.0 B [109 ms]


    I just noticed that I am getting the "relay access denied" error on my primary domain. I could have sworn that it was working outside my network, but after the countless hours working on this I'm not sure anymore.

    Thanks for the advice.
    -Paul-

  4. #4
    soxfan is offline Moderator
    Join Date
    Mar 2006
    Location
    Massachusetts
    Posts
    965
    Rep Power
    10

    Default

    You may want to take a look at the Split DNS wiki entry. Based on the info that you've posted it looks like your internal DNS may be setup correctly. But what about your external (Internet facing) DNS? From this entry that you posted:
    Aug 18 10:16:43 zmail postfix/smtpd[24863]: connect from unknown[77.44.37.200]
    it would seem like your email server is not being resolved on the Internet.

  5. #5
    pwalborn is offline Junior Member
    Join Date
    Aug 2009
    Location
    Klamath Falls, OR
    Posts
    5
    Rep Power
    5

    Default

    Quote Originally Posted by soxfan View Post
    You may want to take a look at the Split DNS wiki entry. Based on the info that you've posted it looks like your internal DNS may be setup correctly. But what about your external (Internet facing) DNS? From this entry that you posted:

    it would seem like your email server is not being resolved on the Internet.
    I've ran both of these domains on DNS Stuff and they look good. We are running split DNS and that appears to be working. Like I said, sitting at my desk logging into the accounts, I can email internally and externally with no problems. It's setting up access externally that appears to be the problem.

    The part of the log with 77.44.37.200 address is from the UK ISP. It looked to me like it giving an error that we were trying to use their services for relaying,,, weird.

    Thanks again for the input.
    -Paul-

  6. #6
    soxfan is offline Moderator
    Join Date
    Mar 2006
    Location
    Massachusetts
    Posts
    965
    Rep Power
    10

    Default

    Well the "connect from unknown..." definitely indicates that the system with an IP address of 77.44.37.200 is trying to send an email message. What email client is being used externally (Outlook, Thunderbird, Zimbra Web Client, etc.)? Maybe it is just a matter of changing the outgoing SMTP server.

  7. #7
    pwalborn is offline Junior Member
    Join Date
    Aug 2009
    Location
    Klamath Falls, OR
    Posts
    5
    Rep Power
    5

    Default

    Quote Originally Posted by soxfan View Post
    Well the "connect from unknown..." definitely indicates that the system with an IP address of 77.44.37.200 is trying to send an email message. What email client is being used externally (Outlook, Thunderbird, Zimbra Web Client, etc.)? Maybe it is just a matter of changing the outgoing SMTP server.
    They are using Outlook 2007. I am able to get the web client to work fine from their end, but I believe that it isn't using POP3 to send/receive.

    I have the "Inbound SMTP Host Name" set to mail.mydomain.co.uk. Without it it gives me an error when I do "Check MX Record" in the admin console. I don't see where you can set the outgoing SMTP server in the console, is that configured somewhere else?

    Thanks,
    -Paul-

  8. #8
    philpw99 is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    18
    Rep Power
    5

    Default

    I am new to Zimbra, so here is just an idea.
    The "554 5.7.1 relay access deni" error looks like the recipient address is not in the domain of simplexityhealth.net. Maybe the MX toolbox is trying to send a test email with a wrong recipient name?
    But most importantly, you are setting up POP3 clients, which is receiving. So it has nothing to do with the sending error. Since the DNS server resolves correctly, and you can send and receive email from U.S. So the only possible reason is maybe in U.K. some firewall has block the port 110? Did you try port 995 for POPS ?

    You don't need to put anything in the inbound SMTP server. Check MX record doesn't really mean anything. If you can receive and send mails in U.S., it's ok.

    The outgoing SMTP should be the "Relay MTA for external delivery" in the server MTA settings.
    Last edited by philpw99; 08-20-2009 at 10:58 PM.

  9. #9
    soxfan is offline Moderator
    Join Date
    Mar 2006
    Location
    Massachusetts
    Posts
    965
    Rep Power
    10

    Default

    They are using Outlook 2007. I am able to get the web client to work fine from their end, but I believe that it isn't using POP3 to send/receive.
    If the external people are using Outlook 2007 with POP3 and the web client works fine from their end then this is really more of an Outlook configuration issue than a problem with Zimbra. You would need to go into Tools --> Accounts (or whatever it is now with 2007) and make sure the outgoing SMTP server is setup properly for the account. Unless you are going to do SMTP authentication or something like that you would be better off having them use their ISP's SMTP server; otherwise you will end up with a lot of relay access denied errors.

  10. #10
    pwalborn is offline Junior Member
    Join Date
    Aug 2009
    Location
    Klamath Falls, OR
    Posts
    5
    Rep Power
    5

    Default rDNS with Virtual Domains

    Quote Originally Posted by soxfan View Post
    If the external people are using Outlook 2007 with POP3 and the web client works fine from their end then this is really more of an Outlook configuration issue than a problem with Zimbra. You would need to go into Tools --> Accounts (or whatever it is now with 2007) and make sure the outgoing SMTP server is setup properly for the account. Unless you are going to do SMTP authentication or something like that you would be better off having them use their ISP's SMTP server; otherwise you will end up with a lot of relay access denied errors.
    I guess I am still unclear as to how Zimbra uses Virtual Domains. Sending email from mydomain.co.uk still looks like it is coming from mydomain.net. Some larger email services, suchsas AOL, do a reverse DNS lookup for the domain the they will see the email coming from mydoman.co.uk, but the sending server will mydomain.net??? I've dealt with AOL quite a bit as most of our distributors are on AOL. They are very picky.

    Any thoughts???

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Help!!! Moving ZCS does not work!
    By ASebestian in forum Migration
    Replies: 7
    Last Post: 02-12-2009, 06:06 PM
  2. Relay Access Denied
    By AutootuA in forum Administrators
    Replies: 34
    Last Post: 02-07-2008, 09:26 AM
  3. Backup issues
    By telescop in forum Administrators
    Replies: 3
    Last Post: 03-01-2007, 06:09 PM
  4. Replies: 12
    Last Post: 03-14-2006, 12:02 PM
  5. Move server to different OS
    By EriSan500 in forum Administrators
    Replies: 7
    Last Post: 03-05-2006, 01:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •