Re: [exim] rejected RCPT, relay not permitted

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] rejected RCPT, relay not permitted
Renee wrote:
> Thanks Ian & Bill, for your advice.
>
> Bill- I think I'm okay under the scenarios you listed in "A". "B" could be
> a different story...? My un-obfuscated logs, below, with "log_selector
> +all" should be able to shed more light on this subject.
>
> I did a few different tests this morning. Two from alpine on both the
> localhost (cielo) and another host within my control that has alpine
> configured to look to cielo. I won't post the log from the latter, as it is
> essentially the same, just a different sending host. I also did some tests
> from webmail (squirrelmail) and thunderbird to show the difference. I'll
> just post the log from thunderbird.
>
> It appears that there are two extra lines in the alpine output logging that
> aren't displayed when using thunderbird, etc.. First the "relay not
> permitted" line, then an "incomplete transaction" statement.
>
> Also, since I first posted, I've added mailscanner back into the loop, but
> I've already confirmed that the same problem occurs with and without
> mailscanner's involvement.
>
> alpine:
> 2009-05-01 10:49:47 [3958] SMTP connection from [129.24.125.136]:33508
> I=[129.24.125.136]:587 (TCP/IP connection count = 1)
> 2009-05-01 10:49:47 [4062] H=cielo.unm.edu [129.24.125.136]:33508
> I=[129.24.125.136]:587 F=<obscure@???> rejected RCPT <
> soundwreck@???>: relay not permitted
> 2009-05-01 10:49:47 [4062] H=cielo.unm.edu [129.24.125.136]:33508
> I=[129.24.125.136]:587 incomplete transaction (RSET) from <
> obscure@???>


Here's your first clue ...

> 2009-05-01 10:49:47 [4062] 1Lzvvn-00013W-Of "obscure@???" from
> env-from rewritten as "obscure@???" by submission mode
> 2009-05-01 10:49:47 [4062] 1Lzvvn-00013W-Of <= obscure@??? H=
> cielo.unm.edu [129.24.125.136]:33508 I=[129.24.125.136]:587 P=esmtpsa
> X=TLSv1:AES256-SHA:256 CV=no A=dovecot_plain:obscure S=571 id=
> alpine.GSO.2.00.0905011049180.4005@??? T="test from alpine" from <
> obscure@???> for soundwreck@???
> 2009-05-01 10:49:47 [4062] SMTP connection from
> cielo.unm.edu[129.24.125.136]:33508 I=[129.24.125.136]:587 closed by
> QUIT


..and the second.

Per Ian's post - your alpine is connecting twice.

On the first go, it is not paying attention to the advertised HELO/EHLO
and negotiating a TLS-protected session as it should do. tcpdump will
probably show a GNU sitting in thin air ....with its finger up its nose...

;-)


alpine then tries again - this time willing to use TLS - and suceeds.

Per the UW docs for alpine, that is bass-ackwards of the described
default behaviour when port 587 (and AUTH) is specified.

http://www.washington.edu/alpine/tech-notes/config-notes.html

If you cannot get that to configure and work correctly, and as you seem
to be into antique collecting, 'mutt' may be easier to use than pine/alpine.

If you have a machine of your own with a GUI, SeaMonkey, Thundermug,
Opera's mail, Sylpheed Claws-mail... ..many 'cross-platform' choices there.

If you have no machine but the server, and must use whatever is at hand
for a 'desktop', I'd suggest putting U Cambridge's 'Prayer' caching IMAP
daemon on the server in front of Dovecot IMAP.

Whatever https-capable browser you can find should work...

I've tested that combo over high-latency US-HKG links almost exactly
half-way 'round the globe. Configured to suit your taste, it can be good
enough to not really miss a full-scale local MUA.

> 2009-05-01 10:49:50 [4069] cwd=/var/spool/MailScanner/incoming/3969 5 args:
> /usr/local/exim/bin/exim -C /usr/local/exim/etc/configure.out -Mc
> 1Lzvvn-00013W-Of
> 2009-05-01 10:49:51 [4069] 1Lzvvn-00013W-Of => soundwreck@??? F=<
> obscure@???> P=<prvs=03722334aa=obscure@???>
> R=dnslookup_batv T=external_smtp_batv S=857
> H=gmail-smtp-in.l.google.com[209.85.147.27]:25 C="250 2.0.0 OK
> 1241196591 v9si4857027wah.1" QT=4s DT=1s
> 2009-05-01 10:49:51 [4069] 1Lzvvn-00013W-Of Completed QT=4s
>


That part is irrelevant to the issue at hand...


> thunderbird:
> 2009-05-01 10:51:03 [3958] SMTP connection from [129.24.124.254]:50149
> I=[129.24.125.136]:587 (TCP/IP connection count = 1)
> 2009-05-01 10:51:12 [4073] 1LzvxA-00013h-2e "obscure@???" from
> env-from rewritten as "obscure@???" by submission mode
> 2009-05-01 10:51:12 [4073] 1LzvxA-00013h-2e <= obscure@??? H=
> d00-129-24-124-254.dhcp.unm.edu [129.24.124.254]:50149
> I=[129.24.125.136]:587 P=esmtpsa X=TLSv1:AES256-SHA:256 CV=no
> A=dovecot_plain:obscure S=603 id=49FB2877.7060900@??? T="test from
> thunderbird" from <obscure@???> for soundwreck@???




Thundermug is set to use TLS and obeys that on the FIRST go.

> 2009-05-01 10:51:12 [4073] SMTP connection from
> d00-129-24-124-254.dhcp.unm.edu [129.24.124.254]:50149
> I=[129.24.125.136]:587 closed by QUIT
> 2009-05-01 10:51:15 [4079] cwd=/var/spool/MailScanner/incoming/4013 5 args:
> /usr/local/exim/bin/exim -C /usr/local/exim/etc/configure.out -Mc
> 1LzvxA-00013h-2e
> 2009-05-01 10:51:16 [4079] 1LzvxA-00013h-2e => soundwreck@??? F=<
> obscure@???> P=<prvs=03722334aa=obscure@???>
> R=dnslookup_batv T=external_smtp_batv S=891
> H=gmail-smtp-in.l.google.com[209.85.147.27]:25 C="250 2.0.0 OK
> 1241196676 j15si4817136waf.64" QT=4s
> DT=1s
> 2009-05-01 10:51:16 [4079] 1LzvxA-00013h-2e Completed QT=4s


Likewise irrelevant...

Bill