Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Cannot send mail from external sources

Posted on 2004-11-08
Medium Priority
Last Modified: 2010-04-24
I am having a small problem with Postfix. Everything is now working fine and I think I just need to fine tune it a little bit. I can send and receive mail no problem on my internal network. I can send and receive mail using Squirrelmail from internal and external. I can receive mail externally but cannot send mail externally. It comes up with error 550 cannot relay. Any hints would be much appreciated.
Question by:alfatec

Expert Comment

ID: 12548540
Hi Alfatec, good to hear your sorted on your other problems, and this sounds like it's quite simple too.

Which server is the 550 cannot relay coming from?

My bet is it's your ISP's server.

This normally means that they've not enabled you for smtp at all.

Fix - Simple phone call.

OR, that they have you registered for one domain and are sending on another.

Are you still using sale.com internally? or did you change over.

It also may be that if you are using your salegrammer.ac.uk (cant' remember exactly what it was) and that's not set up as being allowed.

So in summary, it sounds like you're doing simple forwarding of external mail, (rather than trying to be a "proper" mail server on your own)
so you need to talk to the isp who provides you with that upstream mail server.

Other than that, post back and I'll talk you through setting yourself up as a full mail server, although it's lots more hassle, and lots more maintenance.


Author Comment

ID: 12552862
Hey Scorp, Nice to hear from you again. Yea just fine tuning the system now. Have got about 20 users trialing it out for me before the big chop over to 1200 users (no pressure then!!!). As I said everything works fine. Can send/receive when on internal network, can send/receive to external sources when on internal network. Can use webmail internally and externally (1 small weird thing is that the sent mails do not go into the sent folder after being sent). Only thing that is weird is when you use Outlook from external source you can receive but you cannot send. I think it might be a good idea if I set up my SMTP to be my own SMTP rather than my ISP's as at least then I will have total control over everything. Could you post setting up my SMTP server. That way I will feel alot more confident in controlling everything.
Hope things are well with you and thanks for helping out again.

Expert Comment

ID: 12554518
I agree with "scorp888". This must be a configuration on your ISP's server.They need to enable the relay option.When you give them a call, find out if they don't have a different SMTP server that will allow relaying...
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Author Comment

ID: 12564556
Spoke to my ISP, about as much use as a chocolate fireguard. Appreciate the setup instructions so that I use my own SMTP server.

Expert Comment

ID: 12580517
Can I just confirm that you're using postfix for the outgoing mail, and telnet 25 to the mail server produces somethiling like.

SMTP blah postfix version ...

Also, can I confirm that your dns is all fixed, and you're not using sale.com ?

Otherwise setting up a "proper" smtp service is not going to work.


Author Comment

ID: 12585880
Yea I am using postfix for the outgoing mail. When I telnet the server on port 25 I get the following:
220 mail.salegrammar.co.uk ESMTP postfix

DNS now seems to work OK. Have been using the tools from DNS STUFF and it passes all the tests, so it seems OK.

Expert Comment

ID: 12638932
Ok, can I ask you to post your postfix conf file, xxx out any information you don't think should be public, for example the last octet of an ip address.

so becomes 10.1.2.xxx

Then we can work through the conf and set you up.


Author Comment

ID: 12667975
Sorry for the delay, here is the postfix conf file:
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
mydomain_fallback = localhost
myhostname = mail.salegrammar.co.uk
mydomain = salegrammar.co.uk
myorigin = $mydomain
mailbox_transport = cyrus
enable_server_options = yes
luser_relay =
maps_rbl_domains = sbl-xbl.spanhaus.org
message_size_limit = 10240000
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain,$mydomain
smtpd_use_tls = no
smtpd_enforce_tls = no
smtpd_client_restrictions = reject_maps_rbl
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_tls_loglevel = 0
smtpd_sasl_auth_enable = yes
smtpd_use_pw_server = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
smtpd_pw_server_security_options = gssapi,cram-md5,login,plain
server_enabled = 1
relayhost =
smtpd_client_restrictions = reject_maps_rbl
always_bcc =
mynetworks =,10.xx.xx.xx/32
local_recipient_maps =
unknown_local_recipient_reject_code = 450

Expert Comment

by:Andrew Duffy
ID: 12673773
550 is an authentication error. As you probably know, SMTP authentication is most commonly managed in two ways:

a) A list of permitted subnets
b) Username and password access

I don't think b) is enabled by default so it's likely to be that, by default, an SMTP server will only accept mail relaying request from machines on the same subnet until you customise it. It should be that simple.

As your mail server should be transmitting mail on the same subnet as your ISP I don't think it's got anything to do with them - it's an internal issue. So let's assume the email clients and your mail server are on different subnets. One way to diagnose the issue would be to set up a client on the same subnet as the mail server and try sending again. If it works, voila - all you'll need to do is add the clients' subnet to the authentication list (the documentation should give instructions on this - I don't know off-hand).

If it still doesn't work, some deeper digging will be required. But it's definitely authentication.

Author Comment

ID: 12892404
OK sorted this out. Just needed to add the external IP ranges for users who were coming in externally.
Cheers for your help.

Accepted Solution

Computer101 earned 0 total points
ID: 15696973
PAQed with points refunded (500)

EE Admin

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Even though Mac OS X has been around for many years now, certain well-liked and eminently useful software apps never made the jump from Mac OS 9 to Mac OS X. Ever used Word Perfect for Mac? Version 3.5 was the last version, built for Mac OS 9. Who c…
Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question