Unusual "Relay access denied" error from Postfix

Hi,

I am running Virtualmin Pro on my CentOS 6 x64 server and have been running well for quite some time now. One of my sites, clients.airshock.net, is hosted on a server other than the machine where Virtualmin is installed, and is home to the client portal (shopping cart, billing system, etc.) for my company. The site is on a separate server so that, in he event the Virtualmin server becomes unavailable, clients can still log in to check system announcements and etc.

Anyway, I've configured the client portal software to send mail via the Virtualmin server and to use SMTP authentication via a username and password that I've set up in Virtualmin @airshock.net.

The problem arises when the client portal software actually tries to send mail. I always end up seeing a "Relay access denied" error in my mail logs and in the activity logs generated by the software.

Basically, the script at clients.airshock.net is trying to send mail through my Virtualmin server to users at Gmail, Yahoo, and other addresses, using SMTP authentication.

Is this possible? If so how do I fix the "Relay accesss denied" error?

Thanks. -Logan

Status: 
Active

Comments

Howdy -- a relay access denied error means that it's not actually authenticating when it attempts to relay the email.

I would suggest double-checking the email software you have to make sure it's configured to authenticate when sending email through your server.

Hi,

I at first thought it wasn't authenticating correctly as you described, but then saw this in /var/log/maillog:

Dec 11 17:29:21 rs1 postfix/smtpd[1482]: 27A8F20080: client=li1.airshock.net[66.175.214.36], sasl_method=LOGIN, sasl_username=notifications@airshock.net

"li1.airshock.net" is the hostname of the machine that runs the client management software mentioned in the original issue, and notifications@airshock.net is the e-mail address I've configured in Virtualmin and what the client portal software is set to authenticate as when it connects to the mail server. However, I'm still seing these "Relay access denied" errors.

What could be the problem?

Thanks.

When looking in the mail logs, do the relay access denied errors contain that same message ID that you're seeing with the SASL login?

That is, when you see that SASL login message, it shows the message ID "27A8F20080". Is it showing relay access denied for that same message ID, or a different one that's not associated with a login?

Hi Eric,

For some reason, there is only one line in the mail logs that contains that text (in this case the message ID), and it's the line I pasted in my last message.

Thanks, -Logan

That is an odd one... you should see authentication for each outgoing email; if not, that may be the problem. Without authentication before each email, your mail server isn't allowing the other server to relay mail.

The key would be to determine why your web app isn't authenticating each time it sends an email.

Hi,

After running through a few tests, it seems like the Web app I'm using, WHMCS (www.whmcs.com), authenticates some times and does not authenticate at other times, or fails to or something.

For example, soe messages fail to send and the WHMCS system log reports the "Relay access denied" error, but others, like invoice generation notices and the daily database backup that was sent when the cron job ran at midnight last night, are delivered to me and their intended recipients (in the case of invoice notifications) susccessfully. These messages also have an "authenticated sender: notifications@airshock.net" line in teir headers. The "notifications@airshock.net" e-mail address is the one I've got set up in Virtualmin and in WWHMCS to authenticate against when the script sends out e-mails.

So I'm not sure why some e-mails are going through, and authenticating correctly, and others are not.

Do you know of any possible explanations for this?

Thanks.

I unfortunately don't know what might cause that.

However, WHMCS has responsive support -- you may want to file a support request with them, and explain the behavior you're seeing. They should be able to help you out.

They're going to ask if you know which email messages it is that aren't going through properly If you happen to know anything about the email messages that are being rejected, I might suggest having that handy, as that may help them track down your issue.