Issue Relay access denied on an external mail server

[tizgal]

Server operating system version

CentOS Linux 7.9.2009 (Core)

Plesk version and microupdate number

Obsidian 18.0.44 Update #1

Hi,

I have one domain with MX records that point to an external mail server; the Mail service for the domain is disabled.
Everything works without any problem except for one specific sender. Every email from this specific ended domain gets rejected with the following error:

"Plesk server domain" gave this error:
<recipient on external mail server>: Relay access denied

We have whitelisted the sender domain on the external mail server but didn't solve the problem.
Can you help me investigate this problem?

Thanks.

 

[WebHostingAce]

I'm not sure If I understand correctly.

I have one domain with MX records that point to an external mail server

If you have a domain with MX point to an external mail server, The emails to this domain should have never reached the Plesk Server.

 

[WebHostingAce]

In addition to my previous reply.

This sender may be using your old record of MX which is still point to your Plesk server.

 

[tizgal]

This is what I thought.
How can I check this?

 

[mow]

This is what I thought.
How can I check this?

Check the listed IPs to see if the mail really is rejected by the server it should go to.
Then check the mail logs of that server for the actual error (the message given might be misleading).

 

[A_SH]

Hello Tizgal,

I believe that there are two common reasons for getting this error.

The sender did not authenticate to the outgoing mail server due to some misconfigurations
Another reason is, that the recipient’s server has identified the sender’s server to be a spam source, or that it had failed security checks.

When Recipient’s MX rejects the mail,

So, If the email was successfully sent from Sender’s MX, then the issue might appear with the recipient’s MX. It will accept a mail only if:

- The Sender’s MX passed all security checks/spam filters
- The Recipient’s MX doesn’t have any misconfigurations

There are some common misconfigurations on the recipient’s MX as below
- Incorrect MX records
- If MX has some database errors
- If SMTP authentication settings are disabled
- If DNS MX records are pointing to the wrong server
- If Recipient’s email invalid/inactive/canceled

When Relay Access Denied error on the mail server-side,

There are two common situations that a server owner may face with a such or similar error.

when the end-users attempt to send an email, they may receive and send this error in a bounce-back. The person trying to send an email to a user on your server receives an error and they report it to you.

You need to check your log files. And also Pay attention to the error codes. As there are some versions of that.

454 4.7.1 Relay Access Denied – This error code is observed inside server logs when the recipient's server is temporarily incapable to receive emails. In such a case, another attempt to send mail will take place later.

554 5.7.1 Relay Access Denied – When an email is rejected, you can see this error code in the recipient’s mail server logs.

1)If User authentication fails

You should review the server authentication configurations. if you are using a Postfix server, you must ensure that SMTP authentication is enabled. check the configuration file and ensure that the

“smtpd_recipient_restrictions” is configured as follows:
smtpd_recipient_restrictions = permit_sasl_authenticated

In server software update, It may change the configurations. if your mail server was running smoothly all the time, and then it suddenly stops, most likely the reason is the latest software update.

So, If you have used to updating your server manually, you should consider having a test server setup similar to your live server.

2) If An Authentication database is corrupted

You can perform the below command
mysqlcheck -r psa smtp_poplocks -uadmin -p

It will help to check the table “smtp_poplocks” and fix it if it turns out that it’s broken.

3) External mail server failed anti-spam to check on your server

If someone sends mail to your end-users and sender’s emails may be rejected by spam filters configured on your mail server.
It happens because of simply the Sender Verify spam rule.
You need to investigate mail logs. If this happens with a trustworthy mailbox and emails from this address are blocked due to anti-spam checks too often. Then it’s better to consider updating and disabling that anti-spam rule.
Reach the owner of the sending email server, and request him to re-configure his server in such a way to be compliant with your anti-spam rules and checks.


4) Anti-spam rules on the recipient server are bouncing back your user’s emails

If it happens that your end users are sending emails and in response, they are receiving them back with the below error code:
454 4.7.1: Relay access denied
Here, your server is not passing the recipient’s server anti-spam rules and checks it may get on the firewall blacklist on the recipient’s side.

you should firstly review the headers of the bounced emails. It will give you more details on why the email was rejected. Usually, it’s provoked when your server gets on RBL’s (Real-time Blackhole List).

These sites as MxToolbox and MultiRBL will help you to figure this out and check if your server is located in blacklists. Information that you will get from those sites will tell you about any blacklists that you may be on and usually refer to these RBL’s, so you can request them to delist you from those RBLs. However, before asking to delist your server you need to ensure and resolve the origin of getting blacklisted. For example, if a spammer was detected on your server then you have to remove him before asking to remove your server from the blacklist.