KB ID 0000883
Problem
I built a Postfix mail server with Dovecat on CentOS 6.4 installed last week. To read my emails I installed SquirrelMail on the same server, and surprisingly it all went well. However If I attempted to send mail from Microsoft Outlook on my laptop, or from my iPhone this happened;
The following recipient(s) cannot be reached: 'name@domain-name.com' on 22/11/2013 22:21 Server error: '554 5.7.1 <name@domain-name.com>: Relay access denied'
Solution
In fact the only way I made any progress with this error was when I ‘briefly’ made the server an open relay. What you need to do, is grant a remote ‘user’ the right to relay mail though the server ONLY once they have authenticated. To do this you can use SASL authentication. Luckily I’d installed Dovecot, and the newer version of that will do the hard work for me.
1. Firstly make sure you are in the same boat as me, issue the following command and ensure ‘dovecot’ is available, if not you might want to update Postfix and Dovecot.
[box]
postconf -a[/box]
2. Fist you will need to add some lines to the dovecot.conf file, below I’m using nano to open and edit the file.
3. Paste the following to the end of the config file, then save and exit nano.
[box]
# Added for Dovecot to Postfix SASL SMTP Authentication auth default { socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } mechanisms = plain login }
[/box]
4. Now you need to edit the main.cf config file for Postfix, once again here I’m using nano.
5. Locate the mynetworks line and ensure it is set to 127.0.0.0/8 (Note: If you have multiple servers you might want to add your servers network IP in here, I’ve only got one).
Warning: DO NOT enter 0.0.0.0/0 this will make you an open relay!
6. Paste the following onto the end of the file, then save and exit.
[box]
#Added for SASL SMTP Authentication from Dovecot to Postfix smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination broken_sasl_auth_clients = yes
[/box]
To See if SASL Authentication has Started Working
7. If you telnet to your mail server you can see the ‘verbs’ you are presented with.
Without Authentication Enabled
With Authentication Enabled
Connecting Microsoft Outlook to a Postfix Email Account
While setting up the account in Outlook, make sure that on the account, under ‘More Settings’ > Outgoing Server > Tick ‘My outgoing server (SMTP) requires authentication’ > Select ‘Use same settings as my incoming mail server’
Related Articles, References, Credits, or External Links
NA