# Relay access denied after using postmap command [SOLVED]

## Thingee

Hey guys, I'm back again with another mail server problem.  I attempted to make my server send out through port 587 instead of 25 and ended up making nothing work.  This is what I get when I send an email out through pop3.

```

Oct  6 02:31:50 eagle postfix/smtpd[8217]: NOQUEUE: reject: RCPT from 31.32.40.170.ontrca.adelphia.net[31.32.40.170]: 554 5.7.1 <mikeee@gmail.com>: Relay access denied; fro

m=<blah@domain.com> to=<mikeee@gmail.com> proto=ESMTP helo=<[192.168.1.103]>

```

31.32.40.170 = this is me, but a fake replacement ip address for this post

mikeee@gmail.com = my gmail account that I'm trying to send an email to

blah@example.com = the username on the mail server that is trying to send out an email.

To setup my mail server to send mail through port 587 I followed this guide: http://www.freebsddiary.org/postfix-transport.php

I believe my problem came from the command "postmap" since I'm using postgresql for lookup (refer to my main.cf file below)... =/ oops

```

postmap /etc/postfix/transport 

```

Can anyone please tell me how to turn off this postmap from doing a lookup through /etc/postfix/transport since I already have postgresql doing lookups for me?  I already restored my main.cf and master.cf back to the last working settings but still no luck.

Here is my main.cf file:

```
queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

myhostname = host.example.com

mydomain = example.com

myorigin = $mydomain

mydestination =

#inet_interfaces = all

unknown_local_recipient_reject_code = 550

mynetworks_style = host

alias_maps = hash:/etc/mail/aliases

alias_database = hash:/etc/mail/aliases

home_mailbox = .maildir/

default_destination_concurrency_limit = 2

local_destination_concurrency_limit = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = /usr/share/doc/postfix-2.3.0/html

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.3.0/readme

virtual_mailbox_base = /home/vmail

virtual_mailbox_domains = pgsql:/etc/postfix/pgsql/pgsql-virtual-domains.cf

virtual_mailbox_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-maps.cf

virtual_uid_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-uid.cf

virtual_gid_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual-gid.cf

virtual_alias_maps = pgsql:/etc/postfix/pgsql/pgsql-virtual.cf

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =

        permit_sasl_authenticated,

        permit_mynetworks,

        check_relay_domains 
```

----------

## badchien

 *Thingee wrote:*   

> Hey guys, I'm back again with another mail server problem.  I attempted to make my server send out through port 587 instead of 25 and ended up making nothing work. 

 First things first... you mean you attempted to make your server listen on port 587 instead of 25. Not trying to be a jerk, but using the correct terminology will make it easier for people to understand the problem.

 *Quote:*   

>  This is what I get when I send an email out through pop3.

 You can only download email using POP3. SMTP is used for sending.

 *Quote:*   

> I believe my problem came from the command "postmap" since I'm using postgresql for lookup (refer to my main.cf file below)... =/ oops
> 
> ```
> 
> postmap /etc/postfix/transport 
> ...

 The only thing 'postmap' does is to create a hashed version of the target file, giving it a '.db' extension. If you are not referencing the hash that postmap created, (and your aren't) then it has no bearing on your config or your problem.

As for the real cause of your problem... you are trying to relay mail through your server, but your client does not appear to be authenticating in order to send, nor have you granted permission for relaying from your IP in your config. If you have a static IP at your location(x.x.x.x.ontrca.adelphia.net), then you could allow relay without authentication from your IP, otherwise you just need to set your mail client to authenticate before sending mail.

----------

## Thingee

Sorry about my terminology.  I was freaking out I screwed up a production server.  I have no idea why I said send out through pop3  :Razz: .

Anyways for some reason I've been having no trouble sending mail without setting my mail client to authenicate up till now.  I went ahead and set it and it works fine now, thanks!

Do you know how I could set my server to listen on port 587 instead of 25?

----------

## badchien

 *Thingee wrote:*   

> Sorry about my terminology.  I was freaking out I screwed up a production server.  I have no idea why I said send out through pop3 .

 No problem  :Smile: 

 *Quote:*   

> Anyways for some reason I've been having no trouble sending mail without setting my mail client to authenicate up till now.  I went ahead and set it and it works fine now, thanks!

 That might mean you were running an open relay, so this can only be a good thing.

 *Quote:*   

> Do you know how I could set my server to listen on port 587 instead of 25?

 You probably want to make it listen on both. What does your /etc/postfix/master.cf look like now?

----------

## Thingee

 *badchien wrote:*   

> You probably want to make it listen on both. What does your /etc/postfix/master.cf look like now?

 

Here it is:

```

#

# Postfix master process configuration file.  For details on the format

# of the file, see the master(5) manual page (command: "man 5 master").

#

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

smtp      inet  n       -       n       -       -       smtpd

#submission inet n       -       n       -       -       smtpd

#  -o smtpd_enforce_tls=yes

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

#smtps     inet  n       -       n       -       -       smtpd

#  -o smtpd_tls_wrappermode=yes

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

#628      inet  n       -       n       -       -       qmqpd

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       n       300     1       oqmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay     unix  -       -       n       -       -       smtp

        -o fallback_relay=

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# Many of the following services use the Postfix pipe(8) delivery

# agent.  See the pipe(8) man page for information about ${recipient}

# and other message envelope options.

# ====================================================================

#

# maildrop. See the Postfix MAILDROP_README file for details.

# Also specify in main.cf: maildrop_destination_recipient_limit=1

#

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

#

# The Cyrus deliver program has changed incompatibly, multiple times.

#

old-cyrus unix  -       n       n       -       -       pipe

  flags=R user=cyrus argv=/usr/lib/cyrus/deliver -e -m ${extension} ${user}

# Cyrus 2.1.5 (Amos Gouaux)

# Also specify in main.cf: cyrus_destination_recipient_limit=1

cyrus     unix  -       n       n       -       -       pipe

  flags=hu user=cyrus argv=/usr/lib/cyrus/deliver -e -r ${sender} -m ${extension} ${user}

# Cyrus with "virtdomains: yes"

# Also specify in main.cf: virtual_transport = virt-cyrus

virt-cyrus     unix  -       n       n       -       -       pipe

  flags=hu user=cyrus argv=/usr/lib/cyrus/deliver -e -r ${sender} -m ${recipient} ${user}

#

# See the Postfix UUCP_README file for configuration details.

#

uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

#

# Other external delivery methods.

#

ifmail    unix  -       n       n       -       -       pipe

  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp     unix  -       n       n       -       -       pipe

  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

```

The tutorial I was reading suggested this line which didn't work for me:

```

<SERVER IP>:587 inet n - n - - smtpd

```

Thanks for helping me with this  :Smile: .

----------

## badchien

 *Thingee wrote:*   

> 
> 
> ```
> 
> #submission inet n       -       n       -       -       smtpd
> ...

 No problem. You already have the config you need, you just need to uncomment it and restart postfix. Port 587 is also called smtp "submission". Uncomment the three lines you need like this:

```
submission inet n       -       n       -       -       smtpd

#  -o smtpd_enforce_tls=yes

  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
```

----------

## Thingee

I uncommented those three lines and reloaded postfix.  After setting my mail client to override port 25 with 587 it was unable to connect to the server when it was trying to send my message.

----------

## badchien

The same change works on my postfix server.

What happens if you telnet to the server on port 587?

If that fails with connection refused, can you ssh to the server and telnet to localhost 587 from there to see what you get?

----------

## Thingee

 *badchien wrote:*   

> What happens if you telnet to the server on port 587?
> 
> 

 

```
mike # telnet host.domain.com 587

Trying XX.XX.XXX.XXX...

telnet: Unable to connect to remote host: Connection refused

```

 *badchien wrote:*   

> If that fails with connection refused, can you ssh to the server and telnet to localhost 587 from there to see what you get?
> 
> 

 

```

server # telnet localhost 587

Trying 127.0.0.1...

telnet: Unable to connect to remote host: Connection refused

```

Current master.cf

```

smtp      inet  n       -       n       -       -       smtpd -v

submission inet n       -       n       -       -       smtpd

#  -o smtpd_enforce_tls=yes

  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

```

----------

## badchien

Try stopping postfix completely. Make sure that it is no longer listening on port 25, then start it again and check ports 25 and 587 again.

If you still get conn. refused on 587, check the mail log to see if there are any clues when postfix is starting.

----------

## Thingee

Doing a full stop and then start up did the trick.  Thanks!

----------

