Results 1 to 3 of 3

Thread: Postscript Final steps: Relay access denied

  1. #1

    Default Postscript Final steps: Relay access denied

    We have successfully navigated the many rivers of setting up a website and mail server with SSL/TLS but one:
    Relay access denied for outgoing mail to external addressee from an offsite client through our own Postfix SMTP server. Everything else works great.

    Any ideas? Details below.

    Thank you, Andy
    We have Postfix Version: 3.2.0-1.4 under opensuse Leap 42.3. Other relevants include Dovecot 2.2.31 (65cde28)

    • Receive mail (Dovecot) works under all options at both internal (lavarre) and external (spectre) sites.

    Send mail from internal and external clients tested with:
    telnet 587
    openssl s_client -connect -starttls smtp
    (it fails if -starttls tag is not included: No peer certificate...)
    • Send mail from internal (within the server) to both internal and external addressees works.
    • Send mail from external clients to internal addressees ( works.
    • Send mail from external clients to external addressees suffers Relay access denied.

    We have done the following with /etc/postfix/
    • Created /etc/postfix/sender_access with postmap to explicitly include as authorized senders:
    • Updated the line
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
    to use that access database.

    • Commented out
    to preclude restrictions on addressees

    • Not found
    • Commented out
    relayhost =
    The only thing that works to date is to explicitly add our external IP address to mynetworks:
    mynetworks =,,
    but even that doesn't work with the Evolution email client:
    "Bad authentication response from server."

    So I would deeply appreciate help in sorting this last bit out...

    Thanks again.

  2. #2
    Join Date
    Sep 2012

    Default Re: Postscript Final steps: Relay access denied

    Relaying is controller by smtpd_relay_restrictions which defaults to local networks and authenticated users. Controlling relaying based on who client pretends to be will result in widely open relay as anyone can put anything in SEND FROM line.

  3. #3
    Join Date
    Jun 2008
    San Diego, Ca, USA
    Blog Entries

    Default Re: Postscript Final steps: Relay access denied


    Believe the configuration you want to set up is described in the following link

    General configuration limitations as described by arvidjaar in the following documentation

    Beginner Wiki Quickstart -
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts