Relay access denied

[Goldy]

Hi every body.
I'm new at Proxmox and want to test it as a smart host for our internal mail server.
No mater what I try, I can't get it running.

1. I can receive mails.
2. i can ping and trace rout to the world.
3. it's behind firewall (in the same net as the internal mail server).
4. I'm getting the following error:

2024-08-05T10:31:43.725289+03:00 pmg postfix/smtpd[11750]: connect from unknown[10.90.1.10]
2024-08-05T10:31:43.737716+03:00 pmg postfix/smtpd[11750]: NOQUEUE: reject: RCPT from unknown[10.90.1.10]: 554 5.7.1 <yago@dest.com>: Relay access denied; from=<yoyo@mail.hit.com> to=< yago@dest.com> proto=ESMTP helo=< yago@dest.com>
2024-08-05T10:31:43.737912+03:00 pmg postfix/smtpd[11750]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient " yago@dest.com " from client "unknown[10.90.1.10]"
2024-08-05T10:31:43.750256+03:00 pmg postfix/smtpd[11750]: disconnect from unknown[10.90.1.10] ehlo=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=3/5

any idea what i am doing wrong?

Any help will be appreciate...

 

[mira]

Is the sending server (internal mail server) IP in the list of trusted networks? [0]
Are you sending to the internal port, rather than the external one? That's important because on the external port only recipient domains in the list of `Relay Domains` are accepted, while on the internal port all domains will be accepted.
The internal port is used for an internal mail server to send to the outside. By default it is port 26.


[0] https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_mailproxy_networks

 

[Goldy]

Thanks
1. Is the sending server (internal mail server) IP in the list of trusted networks? [0] - Yes. All the scope.
2. Are you sending to the internal port, rather than the external one?
That's important because on the external port only recipient domains in the list of `Relay Domains` are accepted, while on the internal port all domains will be accepted. - Not sure. Where can I find this?
3. The internal port is used for an internal mail server to send to the outside. By default it is port 26. - I had to change it to 25, since that is the port defined in my Mail server.

PS: so far great software...

 

[mira]

Thanks
1. Is the sending server (internal mail server) IP in the list of trusted networks? [0] - Yes. All the scope.
2. Are you sending to the internal port, rather than the external one?
That's important because on the external port only recipient domains in the list of `Relay Domains` are accepted, while on the internal port all domains will be accepted. - Not sure. Where can I find this?
3. The internal port is used for an internal mail server to send to the outside. By default it is port 26. - I had to change it to 25, since that is the port defined in my Mail server.

PS: so far great software...

3. If you changed the internal port to 25, did you change the external one to 26?
Did you make sure that mail coming from outside is forwarded to port 25? By default mail servers expect it to be 25, so you have to use a firewall rule or something else that forwards it to the other port.

2. On your internal mail server, if no port is specified, it will be port 25. But you've already answered that in 3.

1. That's good!

Can you provide the output of the following command? pmgconfig dump | grep port

 

[Goldy]

OK.
I clanged the external to 26, and no it seems to work (Thanks...), but now i'm getting :


024-08-05T14:42:47.189326+03:00 pmg postfix/smtpd[13201]: connect from unknown[10.90.1.10]

2024-08-05T14:42:47.203496+03:00 pmg postfix/smtpd[13201]: NOQUEUE: client=unknown[10.90.1.10]

2024-08-05T14:42:47.319956+03:00 pmg pmg-smtp-filter[9936]: 14123866B0BAB748E3B: new mail message-id=<WC20240805130027.27000A@mail.hit.com>#012

2024-08-05T14:42:47.364441+03:00 pmg postfix/smtpd[13207]: connect from localhost.localdomain[127.0.0.1]

2024-08-05T14:42:47.371711+03:00 pmg postfix/smtpd[13207]: 5AB87141239: client=localhost.localdomain[127.0.0.1], orig_client=unknown[10.90.1.10]

2024-08-05T14:42:47.414702+03:00 pmg postfix/cleanup[13208]: 5AB87141239: message-id=<WC20240805130027.27000A@mail.hit.com>

2024-08-05T14:42:47.421528+03:00 pmg postfix/qmgr[13122]: 5AB87141239: from=<yoyo@mail.hit.com>, size=2108, nrcpt=1 (queue active)

2024-08-05T14:42:47.427123+03:00 pmg postfix/smtpd[13207]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5

2024-08-05T14:42:47.427408+03:00 pmg pmg-smtp-filter[9936]: 14123866B0BAB748E3B: accept mail to <yaron.gold@gmail.com> (5AB87141239) (rule: default-accept)

2024-08-05T14:42:47.428678+03:00 pmg pmg-smtp-filter[9936]: 14123866B0BAB748E3B: processing time: 0.123 seconds (0, 0.033, 0)

2024-08-05T14:42:47.429227+03:00 pmg postfix/smtpd[13201]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (14123866B0BAB748E3B); from=<yoyo@mail.hit.com> to=<yaron.gold@gmail.com> proto=ESMTP helo=<mail.hit.com>

2024-08-05T14:42:47.440390+03:00 pmg postfix/smtpd[13201]: disconnect from unknown[10.90.1.10] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

2024-08-05T14:42:48.362927+03:00 pmg postfix/smtp[13209]: 5AB87141239: to=<yaron.gold@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.184.27]:25, delay=0.98, delays=0.05/0.02/0.19/0.72, dsn=5.7.26, status=bounced (host gmail-smtp-in.l.google.com[64.233.184.27] said: 550-5.7.26 Your email has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM. 550-5.7.26 550-5.7.26 Authentication results: 550-5.7.26 DKIM = did not pass 550-5.7.26 SPF [mail.hit.com] with ip: [80.188.251.28] = did not pass 550-5.7.26 550-5.7.26 For instructions on setting up authentication, go to 550 5.7.26 https://support.google.com/mail/answer/81126#authentication ffacd0b85a97d-36bbd2a828csi4136879f8f.1052 - gsmtp (in reply to end of DATA command))

2024-08-05T14:42:48.368413+03:00 pmg postfix/qmgr[13122]: 5AB87141239: removed.

 

[mira]

That's great!

2024-08-05T14:42:48.362927+03:00 pmg postfix/smtp[13209]: 5AB87141239: to=<yaron.gold@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.184.27]:25, delay=0.98, delays=0.05/0.02/0.19/0.72, dsn=5.7.26, status=bounced (host gmail-smtp-in.l.google.com[64.233.184.27] said: 550-5.7.26 Your email has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM. 550-5.7.26 550-5.7.26 Authentication results: 550-5.7.26 DKIM = did not pass 550-5.7.26 SPF [mail.hit.com] with ip: [80.188.251.28] = did not pass 550-5.7.26 550-5.7.26 For instructions on setting up authentication, go to 550 5.7.26 https://support.google.com/mail/answer/81126#authentication ffacd0b85a97d-36bbd2a828csi4136879f8f.1052 - gsmtp (in reply to end of DATA command))

That already says it. You have to either configure SPF [0] or DKIM [1] for your domain. WIthout any of those Gmail won't accept the mail.

[0] https://en.wikipedia.org/wiki/Sender_Policy_Framework
[1] https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

 

[Goldy]

Hi Mira.
Thanks

I Dkim seems to be config and SPf is on

 

[Goldy]

HI.
Mail to Gmail and 365 get blocked.
Others seemsto work ok
Dkim in Proxmox (See attached Pict) seems Ok and also SPF check looks ok.

What do I miss?

Thanks...

 

[sw-omit]

You might be on a blocklist (now) for (trying to) send too many mails incorrectly.

Maybe try https://mxtoolbox.com/deliverability or https://www.mail-tester.com/ and send an email to the address shown there to see there is something else wrong with your email or if you're on some kind of blacklist?

 

[Goldy]

Thanks Sw-omit.

I'll try this.
I think Something is misconfigure between my Firewall, mail server and Proxmox, since my normal mail works great