trying to understand Relay access denied (in reply to RCPT TO command)
Hi,
I have some lists that have message delivery bounces returned and I can’t quite understand what’s going on.
I’m using Postfix on the mailman server. In sending messages to either gmail or yahoo recipients, it seems to only work when the receiving end relays from a certain server, but errors when relaying through a different one. Not sure how to better explain so I’ll copy the examples here.
The recipient addresses are people in Brazil, and the error cases are when mail is being relayed through there
successful deliveries to yahoo and gmail, the relay shows a yahoo and gmail server respectively: Oct 23 13:18:07 localhost postfix/smtp[6101]: 0B0B344071: to=<xxxxxxx@yahoo.com>, relay=mta6.am0.yahoodns.net[98.138.112.35]:25, delay=1.4, delays=0.01/0.19/0.15/1, dsn=2.0.0, status=sent (250 ok dirdel) Oct 23 13:18:30 localhost postfix/smtp[6099]: AC6FC44166: to=< xxxxxxx@yahoo.com>, relay=mta5.am0.yahoodns.net[98.138.112.33]:25, delay=22, delays=0.01/21/0.16/1, dsn=2.0.0, status=sent (250 ok dirdel 2/0) Oct 24 06:18:54 localhost postfix/smtp[8152]: 61EF744176: to=< xxxxxxx@yahoo.com>, relay=mta5.am0.yahoodns.net[98.136.216.25]:25, conn_use=5, delay=19, delays=0.01/16/0.02/2.9, dsn=2.0.0, status=sent (250 ok dirdel 2/0)
Oct 23 13:18:07 localhost postfix/smtp[6077]: 08E0F44070: to=<xxxxx@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.20.26]:25, delay=1, delays=0.01/0.61/0.05/0.33, dsn=2.0.0, status=sent (250 2.0.0 OK 1445631542 dl5si20130969pbb.108 - gsmtp) Oct 23 13:19:04 localhost postfix/smtp[6052]: 27EFF4448E: to=<xxxxx@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.20.26]:25, conn_use=57, delay=51, delays=0.01/50/0.03/0.39, dsn=2.0.0, status=sent (250 2.0.0 OK 1445631599 is2si31916407pbc.241 - gsmtp) Oct 23 13:26:59 localhost postfix/smtp[8446]: 220BF44B92: to=<xxxxx@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.28.26]:25, conn_use=4, delay=249, delays=0.01/248/0.06/0.43, dsn=2.0.0, status=sent (250 2.0.0 OK 1445632074 9si17275085ion.14 - gsmtp)
Bad delivery attempts to same recipients at yahoo and gmail, but this time it’s relaying through a server in Brazil: Oct 24 06:27:26 localhost postfix/smtp[11544]: B7064449E0: to=< xxxxxxx@yahoo.com>, relay=mx2.ibest.com.br[177.153.23.241]:25, conn_use=17, delay=501, delays=0.03/501/0.2/0.21, dsn=5.7.1, status=bounced (host mx2.ibest.com.br[177.153.23.241] said: 554 5.7.1 < xxxxxxx@yahoo.com>: Relay access denied (in reply to RCPT TO command))
Oct 23 13:26:45 localhost postfix/smtp[8446]: 2039444A28: to=<xxxxx@gmail.com>, relay=mx2.ibest.com.br[177.153.23.241]:25, conn_use=9, delay=498, delays=0.01/497/0.25/0.21, dsn=5.7.1, status=bounced (host mx2.ibest.com.br[177.153.23.241] said: 554 5.7.1 <xxxxx@gmail.com>: Relay access denied (in reply to RCPT TO command) Oct 24 06:27:22 localhost postfix/smtp[8165]: 334874492E: to=<xxxxx@gmail.com>, relay=mx2.ibest.com.br[177.153.23.241]:25, conn_use=2, delay=497, delays=0.03/497/0.2/0.22, dsn=5.7.1, status=bounced (host mx2.ibest.com.br[177.153.23.241] said: 554 5.7.1 <xxxxx@gmail.com>: Relay access denied (in reply to RCPT TO command)) Oct 24 06:27:26 localhost postfix/smtp[11417]: AFCF644249: to=<xxxxx@gmail.com>, relay=mx2.ibest.com.br[177.153.23.241]:25, conn_use=3, delay=501, delays=0.03/501/0.21/0.24, dsn=5.7.1, status=bounced (host mx2.ibest.com.br[177.153.23.241] said: 554 5.7.1 <xxxxx@gmail.com>: Relay access denied (in reply to RCPT TO command))
In all failure scenarios, the relaying server (for both yahoo and gmail recipients) was the same. But what exactly is the relay error? Is it complaining that my own server isn’t properly configured for relay, or is it a problem on mx2.ibest.com.br <http://mx2.ibest.com.br/>?
The info for my server and mailman is as follows: Server: relay1.americasnet.com <http://relay1.americasnet.com/> The lists address use either relay1.americasnet.com <http://relay1.americasnet.com/> or listas.americasnet.com <http://listas.americasnet.com/>. Both of these have MX and SPF records properly configured to point to relay1.americasnet.com <http://relay1.americasnet.com/>.
So I don’t understand why would any server be bouncing back with a relay error.
Does anyone have any ideas to help me out?
thanks Ricardo
Ricardo Kleemann writes:
successful deliveries to yahoo and gmail, the relay shows a yahoo and gmail server respectively: Oct 23 13:18:07 localhost postfix/smtp[6101]: 0B0B344071: to=<xxxxxxx@yahoo.com>, relay=mta6.am0.yahoodns.net[98.138.112.35]:25, delay=1.4, delays=0.01/0.19/0.15/1, dsn=2.0.0, status=sent (250 ok dirdel)
That's not a relay in the relevant sense. That host is already Yahoo. Everything past that is just internal details to Yahoo. The same is true of your gmail example.
Bad delivery attempts to same recipients at yahoo and gmail, but this time it’s relaying through a server in Brazil: Oct 24 06:27:26 localhost postfix/smtp[11544]: B7064449E0: to=<xxxxxxx@yahoo.com>, relay=mx2.ibest.com.br[177.153.23.241]:25, conn_use=17, delay=501, delays=0.03/501/0.2/0.21, dsn=5.7.1, status=bounced (host mx2.ibest.com.br[177.153.23.241] said: 554 5.7.1 < xxxxxxx@yahoo.com>: Relay access denied (in reply to RCPT TO command))
Almost certainly it's just telling you you don't have permission to relay through that host. Is there a reason you think that you should have permission, or did you just assume it would work? Or perhaps you had past experience but no contract, and they decided that being an open relay was a bad idea.
So I don’t understand why would any server be bouncing back with a relay error.
Actually, the question is why any server not operated by the recipient's ISP would allow you to relay. And the answer is simple. Either they are an external MX authorized by the recipient ISP to relay any mail to the recipient, or you have an explicit agreement with them to relay mail from you.
There's a third answer, which is that they let anyone relay. Such hosts are called "open relays," they are frequently used by spammers, and they tend to get blacklisted by the major providers and "black hole" lists very quickly. So nobody who has a reputation to protect allows open relay any more (or they learn very quickly that it's a bad idea).
Regards,
On 10/24/2015 10:58 AM, Ricardo Kleemann wrote:
Hi,
I have some lists that have message delivery bounces returned and I can’t quite understand what’s going on.
I’m using Postfix on the mailman server. In sending messages to either gmail or yahoo recipients, it seems to only work when the receiving end relays from a certain server, but errors when relaying through a different one. Not sure how to better explain so I’ll copy the examples here.
The recipient addresses are people in Brazil, and the error cases are when mail is being relayed through there
successful deliveries to yahoo and gmail, the relay shows a yahoo and gmail server respectively: Oct 23 13:18:07 localhost postfix/smtp[6101]: 0B0B344071: to=<xxxxxxx@yahoo.com>, relay=mta6.am0.yahoodns.net[98.138.112.35]:25, delay=1.4, delays=0.01/0.19/0.15/1, dsn=2.0.0, status=sent (250 ok dirdel) ... Oct 23 13:18:07 localhost postfix/smtp[6077]: 08E0F44070: to=<xxxxx@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.20.26]:25, delay=1, delays=0.01/0.61/0.05/0.33, dsn=2.0.0, status=sent (250 2.0.0 OK 1445631542 dl5si20130969pbb.108 - gsmtp) ...
Bad delivery attempts to same recipients at yahoo and gmail, but this time it’s relaying through a server in Brazil: Oct 24 06:27:26 localhost postfix/smtp[11544]: B7064449E0: to=< xxxxxxx@yahoo.com>, relay=mx2.ibest.com.br[177.153.23.241]:25, conn_use=17, delay=501, delays=0.03/501/0.2/0.21, dsn=5.7.1, status=bounced (host mx2.ibest.com.br[177.153.23.241] said: 554 5.7.1 < xxxxxxx@yahoo.com>: Relay access denied (in reply to RCPT TO command))
Oct 23 13:26:45 localhost postfix/smtp[8446]: 2039444A28: to=<xxxxx@gmail.com>, relay=mx2.ibest.com.br[177.153.23.241]:25, conn_use=9, delay=498, delays=0.01/497/0.25/0.21, dsn=5.7.1, status=bounced (host mx2.ibest.com.br[177.153.23.241] said: 554 5.7.1 <xxxxx@gmail.com>: Relay access denied (in reply to RCPT TO command) ...
In all failure scenarios, the relaying server (for both yahoo and gmail recipients) was the same. But what exactly is the relay error? Is it complaining that my own server isn’t properly configured for relay, or is it a problem on mx2.ibest.com.br <http://mx2.ibest.com.br/>?
The MTA at mx2.ibest.com.br is saying it cannot relay mail from you to yahoo.com and gmail.com.
Your postfix should always be relaying via one of the MX servers for yahoo.com or gmail.com. I.e.
$ dig mx yahoo.com ... ;; ANSWER SECTION: yahoo.com. 1800 IN MX 1 mta6.am0.yahoodns.net. yahoo.com. 1800 IN MX 1 mta7.am0.yahoodns.net. yahoo.com. 1800 IN MX 1 mta5.am0.yahoodns.net. ... $ dig mx gmail.com ... ;; ANSWER SECTION: gmail.com. 197 IN MX 10 alt1.gmail-smtp-in.l.google.com. gmail.com. 197 IN MX 30 alt3.gmail-smtp-in.l.google.com. gmail.com. 197 IN MX 40 alt4.gmail-smtp-in.l.google.com. gmail.com. 197 IN MX 20 alt2.gmail-smtp-in.l.google.com. gmail.com. 197 IN MX 5 gmail-smtp-in.l.google.com.
Possibly your Postfix configuration has some sender dependent transport mapping that specifies mx2.ibest.com.br as the relay for some mail or maybe your DNS is being corrupted somehow.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Mark Sapiro -
Ricardo Kleemann -
Stephen J. Turnbull