Resolved NOQUEUE: reject: RCPT 454 4.7.1

[netsetter]

Hey together,

since 3 days, after moving to a new server with Plesk running, our web script isn't sending mails anymore via smtp.
Sending emails via Outlook (local pc) works well, but emails generated by the web script is causing following errors in the mail log of postfix:

Mar 24 11:34:50 myhostname postfix/smtpd[8478]: connect from myhostname.mydomain.com[::1]
Mar 24 11:34:50 myhostname postfix/smtpd[8478]: NOQUEUE: reject: RCPT from myhostname.mydomain.com[::1]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<localhost>
Mar 24 11:34:50 myhostname postfix/smtpd[8478]: disconnect from myhostname.mydomain.com[::1]

Do you got any idea how to fix this?

 

[UFHH01]

Hi netsetter,

Do you got any idea how to fix this?

Due to missing informations from you, I only can GUESS, that this thread/posts ( => #2 ) and the recommended suggestions could solve your issue(s).

 

[netsetter]

Due to missing informations from you, I only can GUESS, that this thread/posts ( => #2 ) and the recommended suggestions could solve your issue(s).

Which information I may provide to you exactly?

postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_size_limit = 0
mailman_destination_recipient_limit = 1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 10240000
milter_default_action = accept
mydestination = localhost.$mydomain, localhost, localhost.localdomain
mynetworks =
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
plesk_virtual_destination_recipient_limit = 1
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_send_xforward_command = yes
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_milters = inet:127.0.0.1:8891
smtpd_proxy_timeout = 3600s
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_timeout = 3600s
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_ciphers = medium
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = TLSv1 TLSv1.1 TLSv1.2 !SSLv2 !SSLv3
smtpd_tls_protocols = TLSv1 TLSv1.1 TLSv1.2 !SSLv2 !SSLv3
smtpd_tls_security_level = may
smtpd_use_tls = yes
tls_medium_cipherlist = HIGH:!aNULL:!MD5
transport_maps = , hash:/var/spool/postfix/plesk/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:30

 

[UFHH01]

Hi netsetter,

first of all, you should consider to post YOUR current operating system and the current Plesk version ( incl. #MU ) - due to the fact that Plesk supports several linux distribution.


Now that I saw in your postfix configuration and didn't modify it. You have quite a few standart settings, which are either not necessary, or not valid. Pls. consider to use the commands:

mv /etc/postfix/main.cf /etc/postfix/main.cf_backup
mv /etc/postfix/master.cf /etc/postfix/master.cf_backup

plesk repair mail -y -v​

Which should repair your now missing postfix configuration files, with creating standart Plesk ones. Afterwards the repair utility will start postfix again. If it doesn't start automatically, pls. use the command: service postfic restart​

I can show you some misconfigurations:

mynetworks =

This setting should edited and would normally look like:

Example:

mynetworks = , 127.0.0.0/8 [::1]/128 XXX.XXX.XXX.XX1/32 XXX.XXX.XXX.XX2/32

( where "XXX.XXX.XXX.XX1" and "XXX.XXX.XXX.XX2" are possible IPv4 - addresses for your server )​

After your changes and the restart, pls. send another eMail over your script and inspect the mail.log for possible issues/errors/problems.
In case that you experience further issues/errors/problems, pls. don't forget that you now have to provide the new issues/errors/problems from your mail.log and don't forget as well, that we need the new configuration files, to be able to investigate possible misconfigurations.

 

[netsetter]

It's CentOS 7, latest Plesk 12.5.30 #MU installed (autoupdates)

When trying your command (plesk repair mail -y -v), I get following error:

Reconfiguring the mail service ...................................... [ERROR]
The domain -v was not found.

 

[UFHH01]

Hi netsetter,

Reconfiguring the mail service ...................................... [ERROR]
The domain -v was not found.

This indicates, that your migration wasn't successfull finished and you didn't create the depending domain on your server correctly. Pls. consider to inspect your migration logs ( maybe retry it as well ) and/or use as well the commands afterwards:

plesk repair installation -y -v
plesk repair all -y -v​

 

[netsetter]

plesk repair installation -y -v
**** Product repair completed successfully.
(/var/log/plesk/install/plesk_12.5.30_repair_problems.log is empty)

plesk repair all -y -v
The domain -v was not found.
exit status 1

However, plesk repair mail -y -v seems working only if I don't move/rename the main.cf and master.cf as you suggested:
Repairing the mail server configuration
Reconfiguring all domains and mailboxes ......................... [OK]
Error messages: 0; Warnings: 0; Errors resolved: 0

The result of postconf -n looks like before.

The problem Relay access denied still remains when sending mails via php/apache webscript, but working nice when I send from local computer via Outlook.
What's the difference here? Port? TLS? I got SSL running on the domain, if important to know...

My /etc/hosts file got these entries (just replaced hostname and domain name for this thread):
5.xxx.250.xxx myhostname.mydomain.com myhostname localhost localhost.localdomain localhost4 localhost4.localdomain4
127.0.0.1 myhostname.mydomain.com myhostname localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 myhostname.mydomain.com myhostname localhost localhost.localdomain localhost6 localhost6.localdomain6

By the way, in the maillog, always ::1 is taken, and denied. Could this be a hint?
NOQUEUE: reject: RCPT from myhostname.mydomain.com[::1]: 454 4.7.1

 

[netsetter]

UPDATE: It is working now, for some reason... Perhaps because I added the IP address under mynetworks like you suggested in main.cf and reloaded postfix a few times. Thanks a lot!

Not sure if it's offtopic, but now these strange warnings are popping up in the maillog:

Mar 25 03:51:14 myhostname postfix/smtpd[13506]: warning: hostname dedic869.hidehost.net does not resolve to address 91.200.12.61: Name or service not known
Mar 25 03:51:14 myhostname postfix/smtpd[13506]: connect from unknown[91.200.12.61]
Mar 25 03:51:14 myhostname plesk_saslauthd[13510]: listen=6, status=5, dbpath='/var/spool/postfix/plesk/passwd.db', keypath='/var/spool/postfix/plesk/passwd_db_key', chroot=0, unprivileged=1
Mar 25 03:51:14 myhostname plesk_saslauthd[13510]: privileges set to (89:89) (effective 89:89)
Mar 25 03:51:14 myhostname plesk_saslauthd[13510]: Invalid mail address 'sales@'
Mar 25 03:51:14 myhostname postfix/smtpd[13506]: warning: unknown[91.200.12.61]: SASL LOGIN authentication failed: authentication failure
Mar 25 03:51:14 myhostname postfix/smtpd[13506]: lost connection after AUTH from unknown[91.200.12.61]
Mar 25 03:51:14 myhostname postfix/smtpd[13506]: disconnect from unknown[91.200.12.61]
Mar 25 03:51:44 myhostname plesk_saslauthd[13510]: select timeout, exiting
Mar 25 03:54:26 myhostname postfix/smtpd[13753]: warning: hostname dedic878.hidehost.net does not resolve to address 91.200.12.202: Name or service not known
Mar 25 03:54:26 myhostname postfix/smtpd[13753]: connect from unknown[91.200.12.202]
Mar 25 03:54:26 myhostname plesk_saslauthd[13756]: listen=6, status=5, dbpath='/var/spool/postfix/plesk/passwd.db', keypath='/var/spool/postfix/plesk/passwd_db_key', chroot=0, unprivileged=1
Mar 25 03:54:26 myhostname plesk_saslauthd[13756]: privileges set to (89:89) (effective 89:89)
Mar 25 03:54:26 myhostname plesk_saslauthd[13756]: Invalid mail address 'visit@'
Mar 25 03:54:26 myhostname postfix/smtpd[13753]: warning: unknown[91.200.12.202]: SASL LOGIN authentication failed: authentication failure
Mar 25 03:54:26 myhostname postfix/smtpd[13753]: lost connection after AUTH from unknown[91.200.12.202]
Mar 25 03:54:26 myhostname postfix/smtpd[13753]: disconnect from unknown[91.200.12.202]

Seems to me just like "evil" login attemps, since dedic869.hidehost.net is not our host, and 91.200.12.202 is not our IP address. Can I do something about it?

 

[UFHH01]

Hi netsetter,

you should consider to change your mail - software from postfix to qmail and backwards to postfix, because, as already stated, you have a few missing entries in your configuration file. Compare them with for example with the uploaded files at => #16

plesk installer --select-product-id plesk --select-release-current --install-component qmail

Afterwards:

plesk installer --select-product-id plesk --select-release-current --install-component postfix

The latest log - file entries are not relevant for your issue... these are just "normal" spammers/bots/script-kiddies.


In addition, I suggest to read the WHOLE thread, which I just posted the link of - there are a lot of hints, where you might have some issues right now.


If you need further help, you should consider to step out of your anonymity, because this is FAR easier to investigate then, than guessing and hoping to spot the right place of your current misconfigurations.

 

[netsetter]

Well, for now I'm just happy it's working and I will keep an eye on it the next hours.
Thanks a lot UFHH01 for helping me out on this. Danke dir vielmals!