Cannot send mail from external sources

I am having a small problem with Postfix. Everything is now working fine and I think I just need to fine tune it a little bit. I can send and receive mail no problem on my internal network. I can send and receive mail using Squirrelmail from internal and external. I can receive mail externally but cannot send mail externally. It comes up with error 550 cannot relay. Any hints would be much appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi Alfatec, good to hear your sorted on your other problems, and this sounds like it's quite simple too.

Which server is the 550 cannot relay coming from?

My bet is it's your ISP's server.

This normally means that they've not enabled you for smtp at all.

Fix - Simple phone call.

OR, that they have you registered for one domain and are sending on another.

Are you still using internally? or did you change over.

It also may be that if you are using your (cant' remember exactly what it was) and that's not set up as being allowed.

So in summary, it sounds like you're doing simple forwarding of external mail, (rather than trying to be a "proper" mail server on your own)
so you need to talk to the isp who provides you with that upstream mail server.

Other than that, post back and I'll talk you through setting yourself up as a full mail server, although it's lots more hassle, and lots more maintenance.

alfatecAuthor Commented:
Hey Scorp, Nice to hear from you again. Yea just fine tuning the system now. Have got about 20 users trialing it out for me before the big chop over to 1200 users (no pressure then!!!). As I said everything works fine. Can send/receive when on internal network, can send/receive to external sources when on internal network. Can use webmail internally and externally (1 small weird thing is that the sent mails do not go into the sent folder after being sent). Only thing that is weird is when you use Outlook from external source you can receive but you cannot send. I think it might be a good idea if I set up my SMTP to be my own SMTP rather than my ISP's as at least then I will have total control over everything. Could you post setting up my SMTP server. That way I will feel alot more confident in controlling everything.
Hope things are well with you and thanks for helping out again.
I agree with "scorp888". This must be a configuration on your ISP's server.They need to enable the relay option.When you give them a call, find out if they don't have a different SMTP server that will allow relaying...
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

alfatecAuthor Commented:
Spoke to my ISP, about as much use as a chocolate fireguard. Appreciate the setup instructions so that I use my own SMTP server.
Can I just confirm that you're using postfix for the outgoing mail, and telnet 25 to the mail server produces somethiling like.

SMTP blah postfix version ...

Also, can I confirm that your dns is all fixed, and you're not using ?

Otherwise setting up a "proper" smtp service is not going to work.

alfatecAuthor Commented:
Yea I am using postfix for the outgoing mail. When I telnet the server on port 25 I get the following:
220 ESMTP postfix

DNS now seems to work OK. Have been using the tools from DNS STUFF and it passes all the tests, so it seems OK.
Ok, can I ask you to post your postfix conf file, xxx out any information you don't think should be public, for example the last octet of an ip address.

so becomes

Then we can work through the conf and set you up.

alfatecAuthor Commented:
Sorry for the delay, here is the postfix conf file:
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
mydomain_fallback = localhost
myhostname =
mydomain =
myorigin = $mydomain
mailbox_transport = cyrus
enable_server_options = yes
luser_relay =
maps_rbl_domains =
message_size_limit = 10240000
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain,$mydomain
smtpd_use_tls = no
smtpd_enforce_tls = no
smtpd_client_restrictions = reject_maps_rbl
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_tls_loglevel = 0
smtpd_sasl_auth_enable = yes
smtpd_use_pw_server = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
smtpd_pw_server_security_options = gssapi,cram-md5,login,plain
server_enabled = 1
relayhost =
smtpd_client_restrictions = reject_maps_rbl
always_bcc =
mynetworks =,10.xx.xx.xx/32
local_recipient_maps =
unknown_local_recipient_reject_code = 450
Andrew DuffyTechnical Services CoordinatorCommented:
550 is an authentication error. As you probably know, SMTP authentication is most commonly managed in two ways:

a) A list of permitted subnets
b) Username and password access

I don't think b) is enabled by default so it's likely to be that, by default, an SMTP server will only accept mail relaying request from machines on the same subnet until you customise it. It should be that simple.

As your mail server should be transmitting mail on the same subnet as your ISP I don't think it's got anything to do with them - it's an internal issue. So let's assume the email clients and your mail server are on different subnets. One way to diagnose the issue would be to set up a client on the same subnet as the mail server and try sending again. If it works, voila - all you'll need to do is add the clients' subnet to the authentication list (the documentation should give instructions on this - I don't know off-hand).

If it still doesn't work, some deeper digging will be required. But it's definitely authentication.
alfatecAuthor Commented:
OK sorted this out. Just needed to add the external IP ranges for users who were coming in externally.
Cheers for your help.
PAQed with points refunded (500)

EE Admin

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apple OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.