No Email Reception - Relay Access Denied

[Mastacheata]

Hello,
my server is set up correctly since several months but as I didn't use E-Mail on that specific server I haven't noticed that it wasn't working.
I can't receive any email from outside.

It's all being rejected by postfix without giving me a true reason.

In the Delivery Failure Notification Mail it says:

Code:

Diagnostic code: smtp;554 5.7.1 <is-a-catch-all@thematrix-reloaded.de>: Relay access denied

which is pretty much the same as in the mail.log where it says:

Code:

Jun 10 02:01:30 xenzilla postfix/smtpd[9362]: NOQUEUE: reject: RCPT from mta-1.ms.rz.RWTH-Aachen.DE[134.130.7.72]: 554 5.7.1 <is-a-catch-all@thematrix-reloaded.de>: Relay access denied; from=<my.name@rwth-aachen.de> to=<is-a-catch-all@thematrix-reloaded.de> proto=ESMTP helo=<mta-1.ms.rz.rwth-aachen.de>

That's way too general to get any good info out of it. All I found in the Internet and especially in this forum was related to SENDING mail and problems with the Allowed Hosts in postfix main.cf resp. /etc/hosts.
But I've double if not triple checked those problems.

main.cf

Code:

#
# ispCP Ï (OMEGA) a Virtual Hosting Control System
#
# @copyright    2001-2006 by moleSoftware GmbH
# @copyright    2006-2008 by ispCP | http://isp-control.net
# @version              SVN: $Id$
# @link                 http://isp-control.net
# @author               ispCP Team
#
# @license
#   This program is free software; you can redistribute it and/or modify it under
#   the terms of the MPL General Public License as published by the Free Software
#   Foundation; either version 1.1 of the License, or (at your option) any later
#   version.
#   You should have received a copy of the MPL Mozilla Public License along with
#   this program; if not, write to the Open Source Initiative (OSI)
#   http://opensource.org | osi@opensource.org
#
################################################################################​

# Postfix directory settings; These are critical for normal Postfix MTA functionallity
command_directory            = /usr/sbin
daemon_directory             = /usr/lib/postfix

# Some common configuration parameters
inet_interfaces              = all
mynetworks_style             = host

mynetworks                   = 127.0.0.0/8
myhostname                   = xenzilla.de
mydomain                     = xenzilla.de.local
myorigin                     = $myhostname

smtpd_banner                 = $myhostname ESMTP ispCP 1.0.0 OMEGA Managed
setgid_group                 = postdrop

# Receiving messages parameters
mydestination                = $mydomain
append_dot_mydomain          = no
append_at_myorigin           = yes
local_transport              = local
virtual_transport            = virtual
transport_maps               = hash:/etc/postfix/ispcp/transport
alias_maps                   = hash:/etc/aliases
alias_database               = hash:/etc/aliases

# Delivering local messages parameters
mail_spool_directory         = /var/mail

# Mailboxquota
# => 0 for unlimited
# => 104857600 for 100 MB
mailbox_size_limit           = 0
mailbox_command              = procmail -a "$EXTENSION"

# Message size limit
# => 0 for unlimited
# => 104857600 for 100 MB
message_size_limit           = 0

biff                         = no
recipient_delimiter          = +

local_destination_recipient_limit = 1
local_recipient_maps         = unix:passwd.byname $alias_database

# ispCP Autoresponder parameters
ispcp-arpl_destination_recipient_limit = 1

# Delivering virtual messages parameters
virtual_mailbox_base         = /var/mail/virtual
virtual_mailbox_limit        = 0

virtual_mailbox_domains      = hash:/etc/postfix/ispcp/domains
virtual_mailbox_maps         = hash:/etc/postfix/ispcp/mailboxes

virtual_alias_maps           = hash:/etc/postfix/ispcp/aliases

virtual_minimum_uid          = 1001
virtual_uid_maps             = static:1001
virtual_gid_maps             = static:8

# SASL paramters
smtpd_sasl_auth_enable       = yes
smtpd_sasl_security_options  = noanonymous
smtpd_sasl_local_domain      =
broken_sasl_auth_clients     = yes

smtpd_helo_required          = yes

smtpd_helo_restrictions      = permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_invalid_helo_hostname,
                               reject_non_fqdn_helo_hostname

smtpd_sender_restrictions    = reject_non_fqdn_sender,
                               reject_unknown_sender_domain,
                               permit_mynetworks,
                               permit_sasl_authenticated

smtpd_recipient_restrictions = reject_non_fqdn_recipient,
                               reject_unknown_recipient_domain,
                               permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               reject_unlisted_recipient,
                               check_policy_service inet:127.0.0.1:12525,
                               check_policy_service inet:127.0.0.1:60000,
                               permit

smtpd_data_restrictions      = reject_multi_recipient_bounce,
                               reject_unauth_pipelining

# TLS parameters; activate, if avaible/used
#smtpd_use_tls               = yes
#smtpd_tls_loglevel          = 2
#smtpd_tls_cert_file         = /etc/postfix/cert.pem
#smtpd_tls_key_file          = /etc/postfix/privkey.pem
#smtpd_tls_auth_only         = no
#smtpd_tls_received_header   = yes

# AMaViS parameters; activate, if available/used
#content_filter               = amavis:[127.0.0.1]:10024

# Quota support; activate, if available/used
#virtual_create_maildirsize     = yes
#virtual_mailbox_extended       = yes
#virtual_mailbox_limit_maps     = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message  = "The user you're trying to reach is over mailbox quota."
#virtual_overquota_bounce       = yes

mail.log (restarted postfix, sent 1 mail and then cut out that part of the logfile)

Code:

Jun 10 02:34:06 xenzilla postfix/master[9598]: daemon started -- version 2.5.5, configuration /etc/postfix
Jun 10 02:35:03 xenzilla postfix/smtpd[9606]: connect from mta-2.ms.rz.RWTH-Aachen.DE[134.130.7.73]
Jun 10 02:35:03 xenzilla postfix/smtpd[9606]: NOQUEUE: reject: RCPT from mta-2.ms.rz.RWTH-Aachen.DE[134.130.7.73]: 554 5.7.1 <is-a-catch-all@thematrix-reloaded.de>: Relay access denied; from=<my.name@rwth-aachen.de> to=<is-a-catch-all@thematrix-reloaded.de> proto=ESMTP helo=<mta-2.ms.rz.rwth-aachen.de>
Jun 10 02:35:03 xenzilla postfix/smtpd[9606]: disconnect from mta-2.ms.rz.RWTH-Aachen.DE[134.130.7.73]

I censored the mail adresses a bit but on the thematrix-reloaded.de domain everything in front of the @ has to work.

[kilburn]

"Relay access denied" is quite a strong reason, and it should indicate that the domain "thematrix-reloaded.de" is not listed in /etc/postfix/ispcp/domains, can you check this?

Now, the panel should add the corresponding domain automatically whenever you add the first mail for a domain. Did you use a "catchall"? Try creating a normal mail...

[Mastacheata]

(06-10-2009 03:45 PM)kilburn Wrote:  "Relay access denied" is quite a strong reason, and it should indicate that the domain "thematrix-reloaded.de" is not listed in /etc/postfix/ispcp/domains, can you check this?

Now, the panel should add the corresponding domain automatically whenever you add the first mail for a domain. Did you use a "catchall"? Try creating a normal mail...

Damn i missed that file just checked the mailboxes file there yesterday.
ISPCP seems not to create that entries since abi2006gat.de and thematrix-reloaded.de are alias domains.
I just tried to reproduce that case with some test domains. All with the same result:
Subdomains and "Main" Domains get an entry in the domains file at the time they are created (no e-mail accounts created or even no mail accounts allowed). If you create an Alias Domain there won't be an entry for that domain in the file. I suppose this is a bug and not a feature is it?

[kilburn]

Have you "activated" the aliases? (Switch to the reseller account, then choose "User Admin" on top and "Domain Alias" on the left menu).

I suspect this is the problem

[Mastacheata]

Yes the aliases are all activated, status ok and working except from email.
Good idea but not the root of the problem.

By the way: Someone should've told me I had to regenerate my domains.db (postmap /etc/postfix/ispcp/domains) since I forgot to do so and was wondering why it still didn't work.

[kilburn]

Okay, at this point I'm quite sure you've hit a bug. Can you open a ticket, including your problem description (alias domains not added to /etc/postfix/ispcp/domains) and some debug information please?

It would be great if you can provide:

1. OS/Distro and version of your server
2. Ispcp version (any patches or modifications?)
3. Enable debug mode in /etc/ispcp/ispcp.conf and add a domain alias (activate it also). Then attach the corresponding /var/log/ispcp/ispcp-als-mngr.{stdout,stderr} files

Thanks

[Mastacheata]

Quote:1. OS/Distro and version of your server

Debian Lenny 5.0 Kernel 2.6.26-1-686 running on KVM

Quote:2. Ispcp version (any patches or modifications?)

ispCP 1.0.0 OMEGA
build: 20090225
Codename: Priamos

Quote:3. Enable debug mode in /etc/ispcp/ispcp.conf and add a domain alias (activate it also). Then attach the corresponding /var/log/ispcp/ispcp-als-mngr.{stdout,stderr} files

stderr is empty everything else should be done any minute (I'm writing the ticket at the moment)

Here we go Ticket #1862

The log only says that the domains.db is updated but not where or if the domains plaintext file is updated at all.

[soxin]

Hello,

i have the same problem at my debian lenny root server.

I can't send mails .."Relay access denied" ...

Have you now find any solutions?

Thanks

[kilburn]

You do have the same error, but under different circumstances. Notice that he was getting it when RECEIVING mails, and you are getting it when SENDING mails. This is quite different, and means that either (1) you didn't configure your mail client to use user and pass when sending or (2) the server isn't performing this authorization step correctly.

Please provide relevant postfix logs where a delivery attempt is made so we can discover which of these two situations you are facing.

[multimatica]

Hello, i have the same problem - server ubuntu server lts 8.04.3

I can't recevied mails .."Relay access denied" ...

It's is the same, the domain (not alias), isn't listed on /etc/postfix/ispcp/domains
I think this bug happend when deactivated an user and reactivated later.
I do this many times and never happend...

Thanks