Relay access denied (in reply to RCPT TO command) Postfix Issue

ubuntu postfix email-server smtp

I am trying to configure my server for email taking reference form this link: SMTP Relaying Outgoing Mail in Postfix - using Webmin. I used Mandrill smtp server in my case. I have also configured a vagrent instance before configuring the main server. But when I try to send email from the server (both vagrant and main) using:

sendemail -f [email protected] -t <myemail>@gmail.com -m "Message Body" -u "Message Subject"

The messages get queued in postfix and never reach the destination.

/var/log/mail.log file shows:

precise64 postfix/smtpd[16542]: connect from localhost[127.0.0.1]
precise64 postfix/smtpd[16542]: 116033A4253: client=localhost[127.0.0.1]
precise64 postfix/cleanup[16545]: 116033A4253: message-id=<621108.689435886-sendEmail@precise64>
precise64 postfix/qmgr[12672]: 116033A4253: from=<[email protected]>, size=916, nrcpt=1 (queue active)
precise64 postfix/smtpd[16542]: disconnect from localhost[127.0.0.1]
precise64 postfix/smtp[16546]: Untrusted TLS connection established to smtp.mandrillapp.com[54.195.231.78]:587: TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)
precise64 postfix/smtp[16546]: 116033A4253: host smtp.mandrillapp.com[54.195.231.78] said: 454 4.7.1 <[email protected]>: Relay access denied (in reply to RCPT TO command)
precise64 postfix/smtp[16546]: Untrusted TLS connection established to smtp.mandrillapp.com[54.247.27.189]:587: TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)
precise64 postfix/smtp[16546]: 116033A4253: to=<[email protected]>, relay=smtp.mandrillapp.com[54.247.27.189]:587, delay=4.3, delays=0.06/0.01/4/0.28, dsn=4.7.1, status=deferred (host smtp.mandrillapp.com[54.247.27.189] said: 454 4.7.1 <[email protected]>: Relay access denied (in reply to RCPT TO command))

And the /etc/postfix/main.cf file:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = precise64
# myhostname = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = precise64, localhost.localdomain, , localhost
relayhost = smtp.mandrillapp.com:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
# mynetworks = example.com
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
virtual_alias_maps = hash:/etc/postfix/generic

smtp_tls_loglevel = 1
smtp_tls_security_level = encrypt
smtp_sasl_security_options = noanonymous
smtp_generic_maps = hash:/etc/postfix/generic

Need some suggestion. Whats going wrong here? I am very new in mail server configuration. Please pardon me if there are silly mistakes.


The problem here is that you configured your server so that it should relay any outbound email to a server, namely smtp.mandrillapp.com. That server, in turn, is not accepting to relay your mail.

I don't know this company, but my guess is that they only relay mails from authenticated customers, and your are not logging-in.

You should probably have something like the following line somewhere in your main.cf

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/remote_passwords
smtp_sasl_security_options = noplaintext,noanonymous
smtp_sasl_tls_security_options = noanonymous

The file /etc/postfix/remote_passwords should look like

smtp.mandrillapp.com:587 login:password

with your login/password from mandrillapp.

Also, I see in your config file a smtpd_sasl_auth_enable (note the 'd' at the end of smtp) that is only relevant if you expect client to log in into your server, and I don't see quite enough configuration for that. You should make sure it is necessary.


Where are you defining the Mandrill API key? I think you are missing smtp_sasl_password_maps directive in main.cf. Please see the following:

Can I configure Postfix to send through Mandrill?


Turns out the port is actually super important in this case, where you specify the username/password combo for your relay. My mail server was hung up for ages because I failed to append :588 to the end of the servername I was using. What a PITA.

Related

nginx loading page very slow
Postfix seems to send spam
Script for getting last reboot timestamp (2008r2)
Want to understand XFS strangeness
TLS 1.2 Not showing by default in Windows Server 2012 R2
DHCP: Create a scope within a scope
RHEL Nginx SSL versus non SSL performance huge difference.
Yum is interrupted and now gives conflicts
HP ProCurve 5412zl warm-boots on power failure while attached to UPS
Can I tell MySQL to store specific databases in specific folders?
Inserting elements in multidimensional Vector
Fortran array cannot be returned in function: not a DUMMY variable