Cannot send mail from external sources

Posted on 2004-11-08
Last Modified: 2010-04-24
I am having a small problem with Postfix. Everything is now working fine and I think I just need to fine tune it a little bit. I can send and receive mail no problem on my internal network. I can send and receive mail using Squirrelmail from internal and external. I can receive mail externally but cannot send mail externally. It comes up with error 550 cannot relay. Any hints would be much appreciated.
Question by:alfatec
    LVL 2

    Expert Comment

    Hi Alfatec, good to hear your sorted on your other problems, and this sounds like it's quite simple too.

    Which server is the 550 cannot relay coming from?

    My bet is it's your ISP's server.

    This normally means that they've not enabled you for smtp at all.

    Fix - Simple phone call.

    OR, that they have you registered for one domain and are sending on another.

    Are you still using internally? or did you change over.

    It also may be that if you are using your (cant' remember exactly what it was) and that's not set up as being allowed.

    So in summary, it sounds like you're doing simple forwarding of external mail, (rather than trying to be a "proper" mail server on your own)
    so you need to talk to the isp who provides you with that upstream mail server.

    Other than that, post back and I'll talk you through setting yourself up as a full mail server, although it's lots more hassle, and lots more maintenance.

    LVL 1

    Author Comment

    Hey Scorp, Nice to hear from you again. Yea just fine tuning the system now. Have got about 20 users trialing it out for me before the big chop over to 1200 users (no pressure then!!!). As I said everything works fine. Can send/receive when on internal network, can send/receive to external sources when on internal network. Can use webmail internally and externally (1 small weird thing is that the sent mails do not go into the sent folder after being sent). Only thing that is weird is when you use Outlook from external source you can receive but you cannot send. I think it might be a good idea if I set up my SMTP to be my own SMTP rather than my ISP's as at least then I will have total control over everything. Could you post setting up my SMTP server. That way I will feel alot more confident in controlling everything.
    Hope things are well with you and thanks for helping out again.

    Expert Comment

    I agree with "scorp888". This must be a configuration on your ISP's server.They need to enable the relay option.When you give them a call, find out if they don't have a different SMTP server that will allow relaying...
    LVL 1

    Author Comment

    Spoke to my ISP, about as much use as a chocolate fireguard. Appreciate the setup instructions so that I use my own SMTP server.
    LVL 2

    Expert Comment

    Can I just confirm that you're using postfix for the outgoing mail, and telnet 25 to the mail server produces somethiling like.

    SMTP blah postfix version ...

    Also, can I confirm that your dns is all fixed, and you're not using ?

    Otherwise setting up a "proper" smtp service is not going to work.

    LVL 1

    Author Comment

    Yea I am using postfix for the outgoing mail. When I telnet the server on port 25 I get the following:
    220 ESMTP postfix

    DNS now seems to work OK. Have been using the tools from DNS STUFF and it passes all the tests, so it seems OK.
    LVL 2

    Expert Comment

    Ok, can I ask you to post your postfix conf file, xxx out any information you don't think should be public, for example the last octet of an ip address.

    so becomes

    Then we can work through the conf and set you up.

    LVL 1

    Author Comment

    Sorry for the delay, here is the postfix conf file:
    alias_database = hash:/etc/postfix/aliases
    alias_maps = hash:/etc/postfix/aliases
    mydomain_fallback = localhost
    myhostname =
    mydomain =
    myorigin = $mydomain
    mailbox_transport = cyrus
    enable_server_options = yes
    luser_relay =
    maps_rbl_domains =
    message_size_limit = 10240000
    mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain,$mydomain
    smtpd_use_tls = no
    smtpd_enforce_tls = no
    smtpd_client_restrictions = reject_maps_rbl
    smtpd_sasl_local_domain = $mydomain
    smtpd_sasl_security_options = noanonymous
    smtpd_tls_loglevel = 0
    smtpd_sasl_auth_enable = yes
    smtpd_use_pw_server = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
    smtpd_pw_server_security_options = gssapi,cram-md5,login,plain
    server_enabled = 1
    relayhost =
    smtpd_client_restrictions = reject_maps_rbl
    always_bcc =
    mynetworks =,10.xx.xx.xx/32
    local_recipient_maps =
    unknown_local_recipient_reject_code = 450
    LVL 8

    Expert Comment

    by:Andrew Duffy
    550 is an authentication error. As you probably know, SMTP authentication is most commonly managed in two ways:

    a) A list of permitted subnets
    b) Username and password access

    I don't think b) is enabled by default so it's likely to be that, by default, an SMTP server will only accept mail relaying request from machines on the same subnet until you customise it. It should be that simple.

    As your mail server should be transmitting mail on the same subnet as your ISP I don't think it's got anything to do with them - it's an internal issue. So let's assume the email clients and your mail server are on different subnets. One way to diagnose the issue would be to set up a client on the same subnet as the mail server and try sending again. If it works, voila - all you'll need to do is add the clients' subnet to the authentication list (the documentation should give instructions on this - I don't know off-hand).

    If it still doesn't work, some deeper digging will be required. But it's definitely authentication.
    LVL 1

    Author Comment

    OK sorted this out. Just needed to add the external IP ranges for users who were coming in externally.
    Cheers for your help.
    LVL 1

    Accepted Solution

    PAQed with points refunded (500)

    EE Admin

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Suggested Solutions

    Apple's Mac OS X has become an official member of the malware club. The Flashback Trojan has affected over half million Macs, worldwide. It is behavior that ultimately gets malware onto a person’s computer. Obsolete or out-of-date software helps…
    There is a security feature on iOS devices that is nearly impenetrable when it has been activated.  This article will provide some possible solutions as well as necessary steps to take to ensure you do not end up with a locked device.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now