'553 sorry, sorry, that domain isn't allowed to relay

I setup a qmail server that can send and receive mail using pine. When I try to use Outlook to send mail, I get the error 553 sorry, sorry, that domain isn't allowed to relay. I have setup a tcp-smtp file. I tried to search for that error but all I get is a response in chinese. I am trying to send to a yahoo.com address and my server name is in my rcpthosts.


This is the tcp.smtp. 192.124.60 is my network, but my clients are on a private 10 network.

0.:allow,RELAYCLIENT=""
127.:allow,RELAYCLIENT=""
192.124.60.:allow,RELAYCLIENT=""
192.124.60.133:allow,RELAYCLIENT=""

Any suggestions?

Is your pine running on the same machine that's running qmail? You said your clients are on a "private 10 network". If that's so, then you'd want to put this IP into tcp.smtp also.

The line where you have... 192.124.60.133 is unnecessary. The line right before that allows any machines on the 192.124.60 network to relay. The first line is unnecessary. The 127. line takes care of the localhost, which is all you need.

When you get done modifying the tcp.smtp file, you need to run qmailctl cdb to rebuild the tcp.smtp file. Hopefully your qmailctl script is setup to do this properly. If you're in doubt, you should post the "CDB" section of that script here.

Pine is running on the same machine as qmail. I added the line into tcp.smtp and ran the qmailctl cdb, with no change.

127.:allow,RELAYCLIENT=""
10.1.1.:allow,RELAYCLIENT=""
192.123.60.:allow,RELAYCLIENT=""


Here is the section of code for cdb.

;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;

Hmmm... well, everything seems to be configured OK so far. Maybe you should post the headers of one of these messages so I can see everything. That error is not a standard response from qmail (as far as I know), so it must be coming from somewhere else. Maybe its from the remote host you're trying to deliver mail to?

I also recommend trying to deliver mail using telnet. This is an excellent way to see exactly what's wrong because you can watch the responses from the remote server.

Try this...

telnet 127.0.0.1 25

Notice there is a space between the ip address and the 25 which is the port number. You should get something like this...

[root@falcon root]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 hostname.yourdomain.com ESMTP
helo anything
250 hostname.yourdomain.com
mail from: me@mydomain.com
250 ok
rcpt to: user@yourdomain.net
250 ok
data
354 go ahead
something blah,blah blah
.
250 ok 1090602878 qp 13724
quit
221 hostname.yourdomain.com
Connection closed by foreign host.

The helo, mail from, rcpt to, and data commands are commands you input yourself at the command line. When you're done typing the body of your message (like something, blah, blah etc) just put a single dot and hit enter to end the body section. Then type quit and the connection will be closed. Hopefully you should get all positive responses from your smtp server.

You may also want to run the command /var/qmail/bin/qmail-showctl and post the output here. This will show how you've got everything configured and makes it easier to discuss (and make modifications to) your configuration.

This was the output.

220 mail5.pulver.com ESMTP
helo christine
220 mail5.pulver.com
mail from: cross@pulver.cm
250 ok
rcpt to: cross@yahoo.com
553 sorry, sorry, that domain isn't allowed to relay <#5.7.1>




I am able to send mail to the same yahoo account using pine if I am logged in. When I tried to use Helo as the first line, I got unimplements.

How can I set that up more descriptive logging? I don't believe rcpthosts doesn't come into play here.
----------------------------------------
Here is the output from showctl

[root@mail5 control]# /var/qmail/bin/qmail-showctl
qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 509.
subdirectory split: 23.
user ids: 501, 502, 505, 0, 504, 506, 507, 508.
group ids: 501, 502.

badmailfrom: (Default.) Any MAIL FROM is allowed.

bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.

bouncehost: (Default.) Bounce host name is mail5.pulver.com.

concurrencylocal: (Default.) Local concurrency is 10.

concurrencyremote: (Default.) Remote concurrency is 20.

databytes: (Default.) SMTP DATA limit is 0 bytes.

defaultdomain: Default domain name is pulver.com.

defaulthost: (Default.) Default host name is mail5.pulver.com.

doublebouncehost: (Default.) 2B recipient host: mail5.pulver.com.

doublebounceto: (Default.) 2B recipient user: postmaster.

envnoathost: (Default.) Presumed domain name is mail5.pulver.com.

helohost: (Default.) SMTP client HELO host name is mail5.pulver.com.

idhost: (Default.) Message-ID host name is mail5.pulver.com.

localiphost: (Default.) Local IP address becomes mail5.pulver.com.

locals:
Messages for mail5.pulver.com are delivered locally.

me: My name is mail5.pulver.com.

percenthack: (Default.) The percent hack is not allowed.

plusdomain: Plus domain name is pulver.com.

qmqpservers: (Default.) No QMQP servers.

queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.

rcpthosts:
SMTP clients may send messages to recipients at mail5.pulver.com.

morercpthosts: (Default.) No effect.

morercpthosts.cdb: (Default.) No effect.

smtpgreeting: (Default.) SMTP greeting: 220 mail5.pulver.com.

smtproutes: (Default.) No artificial SMTP routes.

timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.

timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.

timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.

virtualdomains: (Default.) No virtual domains.

defaultdelivery: I have no idea what this file does.

concurrencyincoming: I have no idea what this file does.

[root@mail5 control]#

The previous posting was the results I got when I telnetted into the mail server on port 25. I got a successful session when I was on the machine and I telnetted in to 127.0.0.1 25.

Wait a minute.... Ok, first off... You're trying to use SMTP to relay mail to another domain (in this case, yahoo.com). So that telnet session isn't going to work. Sorry for leading you astray on that. I guess I didn't quite understand what you were trying to do (sorry... it being monday and all.)

Looking back at your original post, I see you are wanting to do this using Outlook. Well, you have a few different options. First is to add the IP address of all your people who will relay into the /etc/tcp.smtp file. This can be tedious and annoying to add them all unless you're running a small server.

Another way is to apply the smtp auth patch to qmail. You can google for this patch easily. This means the user will have to go into their outlook settings and put in their usernaeme and password for POP3 as well as smtp. This is fairly easy to install.

Another way is to apply pop-before-smtp which allows a user to authenticate himself using pop3 and they are allowed to relay for a short time. This is a little more difficult to install on its own, but I'm sure you could google for this too.

My recommendation is to chuck it all and install a qmail server that has more options... like those found here...

http://sylvestre.ledru.info/howto/howto_qmail_vpopmail.php
www.qmailrocks.org

These are a lot more work, but well worth the effort.

>> I got a successful session when I was on the machine and I telnetted in to 127.0.0.1 25.

Right... exactly.... this worked because you already told qmail its allowed to relay for the 127.x.x.x address. So when you telnetted into the box itself, relaying was possible. I have to assume you were telnetting into the box (in post #5 above) from anotehr host that isn't covered by your tcp.smtp file.

1) You need to figure out the CORRECT IP of the PC where you were trying to use Outlook to send outgoing email. If you can't figure out your IP, that is irrelevant to qmail.

2) When you post your data here, don't edit it, just copy and paste from the original. Apparently the 553 sorry, sorry, that domain isn't allowed to relay <#5.7.1> was a bad sign where there are duplicated sorry,, which doesn't look like it was from a 3rd party patch at all. Not to mention the modified version allowed to relay instead of in my list of allowed rcpthosts, close to, but not the same as the spamcontrol patch at all.

3) The last line of your tcp.smtp looks odd. You are not allowing anyone without the following line:

:allow

I did not edit the error. I just did a pickup. That is why it is such a strange error. There are 2 sorry sorry and it is not an error about rcpthost entries. If it was, the problem is well documented.

Where did you download your qmail and how did you install it? Any patches?

Without hacking/patching qmail-smtpd.c, there is absolutely NO WAY it would generate such error as 553 sorry, sorry, that domain isn't allowed to relay <#5.7.1>. Once again, NO WAY.

I went to qmails site and downloaded it. I didn't do qmailrocks.org. That is the error I get.

I stand by my earlier statement...

You should either install the smtp auth patch or build yourself a better mail server.