# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
# Basic configuration
# myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 172.17.0.0/16 172.17.0.0/16
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_CAfile=
#smtp_tls_CAfile=
smtpd_tls_security_level = may
smtpd_use_tls=yes
smtp_tls_security_level = may
smtp_tls_loglevel = 1
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
smtpd_tls_CApath = /etc/ssl/certs
smtp_tls_CApath = /etc/ssl/certs
# Settings to prevent SPAM early
smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination,
reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain,
reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_type = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
# Mail directory
virtual_mailbox_base = /var/mail
virtual_mailbox_domains = /etc/postfix/vhost
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
# Enable Dovecot Sieve
virtual_transport = dovecot
# Additional option for filtering
content_filter = smtp-amavis:[127.0.0.1]:10024
# Milters used by DKIM
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301,inet:localhost:54321
non_smtpd_milters = inet:localhost:12301,inet:localhost:54321
I’ve setup a working postfix server except that all incoming mail is rejected.
When I try to send mail via telnet:
MAIL FROM: <tom@valid.domain.com>
250 2.1.0 Ok
RCPT TO: <tom@mydomain.com>
554 5.7.1 <my.host.name[1.2.3.4]>: Client host rejected: Access denied
My postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = no
config_directory = /etc/postfix
delay_warning_time = 4h
inet_interfaces = all
mailbox_size_limit = 0
masquerade_domains = mail.mydomain.com www.mydomain.com
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = techxonline.net
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_hard_error_limit = 12
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = static:5000
In /var/log/syslog after sending from Gmail:
Oct 18 21:30:01 appman postfix/smtpd[25307]: connect from mail-gx0-f181.google.com[209.85.161.181]
Oct 18 21:30:01 appman postfix/smtpd[25307]: NOQUEUE: reject: RCPT from mail-gx0-f181.google.com[209.85.161.181]: 554 5.7.1 <mail-gx0-f181.google.com[209.85.161.181]>: Client host rejected: Access denied; from=<tom@valid.domain.com> to=<tom@mydomain.com> proto=ESMTP helo=<mail-gx0-f181.google.com>
Oct 18 21:30:01 appman postfix/smtpd[25307]: disconnect from mail-gx0-f181.google.com[209.85.161.181]
How can I get my postfix server to accept mail? If there is any other information I can provide please let me know.
EDIT:
It seems like the server is requiring authentication to receive mail here. It doesn’t seem to be host-restricted—using telnet from the server itself still causes the mail to be rejected. Authenticating with SASL and then sending the email works fine.
So, it seems that the problem is the server expects authentication for mail to be delivered at the final destination, which it shouldn’t. Ideas?
Messages from localhost is working normally, but when I try to send mail from i.e. gmail to my domain (as in virtual domain mapping) postfix is denying it with error (554 5.7.1 : Client host rejected: Access denied).
main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = ***
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = *** my hostname ***
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous noplaintext
smtpd_tls_security_level = may
virtual_alias_domains = *** my virtual alias domains ***
virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_tls_auth_only = yes
smtpd_client_restrictions = permit_mynetworks, reject
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
smtp_sasl_auth_enable = no
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, hash:/etc/postfix/sender_access, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/sender_access, reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, reject_unauth_destination, reject_non_fqdn_recipient, permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_rbl_client relays.ordb.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, check_policy_service unix:private/spfpolicy, check_policy_service inet:127.0.0.1:10023, permit
transport_maps = hash:/etc/postfix/transport
0
1
Приветствую уважаемое комюнити,
прошу помочь разобраться с проблемой:
постфикс отказывается принимать почту. Если отправлять через mail client, то имеется:
an folgende Adresse nicht zustellen:<dmitriy@mydomain.com> (mail.mydomain.com: Cannot connect to remote
host)
и в логах при этом нет ничего,
если же отправлять через telnet, то сразу после RCPT TO: получаю ошибку
554 5.7.1 <neptun.custom.de[213.168.83.250]>: Client host rejected: Access denied
вот конфиг postfix’a
address_verify_sender = postmaster@mydomain.com
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
debug_peer_level = 2
disable_vrfy_command = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
milter_default_action = accept
myhostname = mail.mydomain.com
mynetworks = 127.0.0.0/8 127.0.0.1/32 222.222.222.222/32 [::1]/128
myorigin = /etc/mailname
receive_override_options = no_address_mappings
recipient_delimiter = +
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 6
smtpd_client_message_rate_limit = 6
smtpd_client_recipient_rate_limit = 1
smtpd_delay_reject = yes
smtpd_discard_ehlo_keywords = etrn, silent-discard
smtpd_forbidden_commands = CONNECT GET POST
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/mail.mydomain.com.crt
smtpd_tls_key_file = /etc/ssl/private/mail.mydomain.com.key
smtpd_tls_loglevel = 4
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_limit = 0
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
ЧЯДНТ??
спасибо!
З.Ы. c localhost все работает без проблем
When sending an email, you should take into account two mailing servers: yours and the recipients.
As you can see, your email can be rejected either by your mail server, as a sender’s, or your recipient’s server.
Reasons for a 554 5 7 1 SMTP Error
- Your sender IP may be blacklisted by spam filters due to spam-like content. You can use special resources to find out whether you’re on a blacklist or not;
- You could be on the personal blacklist of a recipient, as a source of spam, because of different reasons and it’s complicated to get to know them;
- Before sending an email, if you haven’t properly authenticated your mail server for the recipient’s mail server to know that you are a reliable source, not a spammer.
- You may have failed security checks. Perhaps, a recipient has their own anti-spam policy, and you haven’t managed to follow it.
How to Avoid a 554 5 7 1 SMTP Error
- Make sure that “From” and “Recipient addresses are correct”;
- Install special software to check for spam and be sure that there are no viruses;
- Check the server authentication configurations, especially if it was updated. You may have to change settings manually;
- Follow the anti-spam policy of your mail server;
- Recipients may have their own anti-spam rules, and you may discuss with them one of them to be disabled;
- If you send a large number of emails, use a third-party — SMTP service since it will free you from the restrictions on the number of emails sent and increase the delivery speed.
To be sure that you’re not blacklisted, use these tools:
- MX Toolbox blacklist check
- DNSBL blacklist check
In case you were mistakenly added to a blacklist, you can get help with a removal form.
The Most Common 554 5 7 1 messages
- 554 5.7.1: Client host rejected: Access denied
- 554 5.7.1: Service unavailable; Client host X.X.X.X blocked using zen.spamhaus.org
- 554 5.7.1: Relay access denied
- 554 5.7.1: Recipient address rejected: Access denied
- 554 5.7.1: Message cannot be accepted, rules rejection
- 554 5.7.1: Message refused by Dictionary check
- 554 5.7.1: Relay Access Denied for One Domain
- 554 5.7.1: Message cannot be received, spam rejection
- 554 5.7.1: Message refused by DNSBL check
- 554 5.7.1: Sender address rejected: Access denied
Last Updated: 30.01.2020
Rate this article about «The 554 5.7.1 SMTP Error»
Popular in Our Blog