Ständig "Relay access denied" nach Update



Hallo zusammen,

ich habe heute die aktuelle Updates installiert, das System weist mir Stand 4.3-3 errata411 aus.

Nun bekomme ich keine Mail mehr an extern raus, ich verwende dazu den Server meines Providers als Relay. Die Konfiguration hat sich nicht geändert, die relevanten Stellen in der bzw. UCR-Registry habe ich laut Handbuch geprüft. Ist alles noch drin (relayhost usw.). Die Fehlermeldung lautet:

Feb 3 20:17:20 srv-dc postfix/smtp[1964]: BE2CA1200091: to=<***@***.de>,[89.*.*.*]:587, delay=21, delays=0.02/0.02/0.54/20, dsn=5.7.1, status=bounced (host[89.*.*.*] said: 554 5.7.1 <***@***.de>: Relay access denied (in reply to RCPT TO command))

Intern mailen funktioniert, externe Mails können problemlos empfangen werden. Ich habe den Eindruck, als ob sich Postfix am externen Server nicht mehr anmeldet obwohl es so konfiguriert ist. Kann ich das irgendwie testen bzw. mehr dazu loggen lassen?




for the benefit of our international readers I’ll answer in English. If that’s a problem for you, just give me a shout & I’ll continue in German.

The summary of the problem is that Postfix doesn’t seem to authenticate against its relay server when sending mails after having upgraded UCS to 4.3-3 errata 411 earlier today. It used to work, and the question is how to debug this.

Well, let’s make sure that Postfix’ configuration is correct. Please run the following commands and post their output (skip the lines beginning with #; they’re just explanations for what the commands will do):

# This verifies that UCS templates haven't been modified;
# ideally it shouldn't output anything:
# This reconstructs Postfix' configuration files from UCS template files
# and reloads the configuration:
ucr commit /etc/postfix/{main,master}.cf
postfix reload
# Let's look at some relevant options and values:
postconf smtp_sasl_auth_enable smtp_sasl_password_maps

Kind regards




Thank for your reply and help. Here are the output of the commands:

root@srv-dc:~# univention-check-templates 
root@srv-dc:~# ucr commit /etc/postfix/{main,master}.cf
Multifile: /etc/postfix/
Multifile: /etc/postfix/
root@srv-dc:~# postfix reload
postfix: Postfix is running with backwards-compatible default settings
postfix: See for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
postfix/postfix-script: refreshing the Postfix mail system
root@srv-dc:~# postconf smtp_sasl_auth_enable smtp_sasl_password_maps 
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth

As far as i can see it looks okay, isn’t it?



yeah, that looks fine so far. So let’s continue with some more information, please:

postconf relayhost
awk '/^[^#]/ { print $1 }' /etc/postfix/smtp_auth
ls -lrt /etc/postfix/smtp_auth*

The second command will only output the host names from the smtp_auth file, not the passwords. It should be safe to run & post here.



Hi Moritz,

thank you very much for your support! There was indeed an issue between the ucr registry value and the server name in the smtp_auth. Not sure why this works till the update :thinking:
But now everything is okay :grinning:



You’re quite welcome.