When I try to send a mail by SMTP and Postfix I got a error "5.7.1 unable to relay".
After lot of config changing it worked for me to send email to the same domain as server (to other accounts on that host) by:
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
But I stil got this error when sending to other domains.
Dovecot is installed on my server.
How to allow relay to any domain but with simple authentication on SMTP on port 25 ? Without SSL/TLS etc.
If I add the domain which I use as recipient for test to my destinations:
mydestination = o2.pl
I got:
Recipient address rejected: User unknown in local recipient table
Sample log when configured without mydestination:
Oct 6 00:50:40 XXXXXXX postfix/smtpd[5409]: NOQUEUE: reject: RCPT from MY_HOME_HOST: 554 5.7.1 <TARGET_EMAIL@o2.pl>: Relay access denied; from=<TEST_ACCOUN@MY_DOMAIN.pl> to=<TARGET_EMAIL@o2.p> proto=ESMTP helo=<[127.0.0.1]>
After removing:
reject_unauth_destination
Thunderbird just hungs when I try to send email. It hung on "Connected to MY_OWN_DOMAIN…"
I switched TLS to "no" but it not helped.
When I telnet to port 25 on localhost, I don't get a welcome message from SMTP
Propably because of:
"smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
But when I have added "check_relay_domains" I got a error from thunderbird, that SMTP server send broken welcome message.
Finally I got new error:
Recipient address rejected: Relay access denied.
My whole main.cf:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
readme_directory = no
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
#smtpd_client_restrictions = permit
smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
check_relay_domains
smtpd_data_restrictions = reject_unauth_pipelining
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = MY_OWN_DOMAIN.pl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = MY_OWN_DOMAIN.pl
relay_domains = $mydomain
mydestinations = $mydomain, $myhostname, localhost, localhost.localdomain
relayhost =
inet_interfaces = all
mynetworks_style = host
home_mailbox = Maildir/
#mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
Best Answer
This looks less like an SSL issue than like an authentication problem; if Postfix recognizes you as an authorized sender then it should not be talking about relaying. Is your SMTP client configured to authenticate to the server? If not, set it up that way and try again.
One more thing: You've got
permit_sasl_authenticatedin yoursmtpd_recipient_restrictions, but I don't see any SASL auth configuration in your main.cf -- this may be the problem;If Postfix is expecting to authenticate you via SASL, but doesn't have an SASL provider against which to do so, it will treat you as it would any other unauthenticated user. A full resolution is beyond the scope of this answer, but I'd recommend starting with the Postfix SASL howto, which helped me greatly when setting up my own Postfix server.