Relay error after update mail node to 1.7.0

Hi

After the update of the mail node i get an error with the relay

This is the mail system at host mail.xxxxx.nl.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The mail system

<[xxx.xxx@xxxx.com](mailto:xxxxx.xxxxxx@xxxxxx.com)>: host smtp.ziggo.nl[84.116.6.3] said: 550 5.1.0

SMTP408 Relay denied for your IP xxx.xxx.xxx.xxx. Authentication with email

address and password required to continue

;id=ZVGOuJXICtCX1ZVGOu26Fy;sid=ZVGOuJXICtCX1;mta=csmtp2-prd-nl1-vfz;d=20250709;t=155508[CET];ipsrc=213.93.33.97;

(in reply to MAIL FROM command)

what can i do to solve this.
No mail is possible to send now

IIUC your mail provider rejects relaying the message for an authentication error.

Please share the output of this command:

api-cli run module/mail1/list-relay-rules  | jq

As alternative take a screenshot of the table in Mail Relay page.

Replace “mail1” with your Mail instance ID.

Mail 1.7.0 is supposed to fix an authentication bug within Relay Rules, so try to change the password or re-create the relay rules from scratch to see if it can solve the issue.

Hi

api-cli run module/mail1/list-relay-rules  | jq
Warning: using user "cluster" credentials from the environment
{
  "has_wildcard": false,
  "rules": [
    {
      "rule_type": "sender",
      "rule_subject": "pdebrabander.nl",
      "host": "smtp.ziggo.nl",
      "port": 587,
      "tls": true,
      "username": "p.brabander3@xxxxxx.nl",
      "has_password": true,
      "enabled": true
    }
  ]
}

Relay recreated and no luck

Please make a test with a rule_subject matching the exact sender address. I see your rule wants to match the domain. I’m looking at the domain query and there can be an issue, let’s try to exclude it.

i need a bit help with this. How can i do this exactly?

Create another relay rule with the complete sender address instead of the domain part.

immagine1590×904 37.1 KB

ok. This is working.
Do i need to this now for every user ?

I think I’ve reproduced the issue and understood what’s going wrong.

I filed this bug: Auth error with sender domain relay rule · Issue #7551 · NethServer/dev · GitHub, thank you for reporting the problem, a fix is coming.

thanks.
This gave a big headache

Yes, if you can’t wait. I think you’ll get the fix from testing in a hour, I already worked out the solution and I’m just waiting the automated tests to complete: Test module · NethServer/ns8-mail@c348b0a · GitHub

runagent -m mail1 podman exec -i postfix ash -c 'cat > relaycredentials.cf' <<'EOF'
#
# relaycredentials -- retrieve the relay host credentials
# Sqlite backend configuration
#

dbpath = /srv/pcdb.sqlite
query = SELECT FORMAT('%%s:%%s', username, password) AS credentials
  FROM relayrules
  WHERE enabled = 1 AND (
    (rule_type = 'sender' AND
      CASE INSTR('%s', '@')
        WHEN 1 THEN ('@' || rule_subject) = '%s'
        ELSE rule_subject = '%s'
      END
    )
    OR ('%s' IN (FORMAT('[%%s]:%%s', host, port), FORMAT('[%%s]', host)) AND rule_type != 'sender')
  ) AND username != ''
  LIMIT 1
expansion_limit = 1
EOF

The fix is available in testing release 1.7.1-dev.2. Reload repositories from the Software Center page then you’d see the “Update to testing version” action in your Mail instance.

1590×904 24.5 KB

1590×904 33.6 KB

Additional information:

As alternative workaround, if further issues occur, the specific Mail update to 1.7 it can be temporarily be reverted the Postfix container version 1.6.4, by editing the MAIL_POSTFIX_IMAGE= line in theenvironment file, for example with

runagent -m mail1
sed -i 's|^MAIL_POSTFIX_IMAGE=.*$|MAIL_POSTFIX_IMAGE=ghcr.io/nethserver/mail-postfix:1.6.4|' environment
systemctl --user restart postfix # image download may require some time

Version 1.7 differs from 1.6 only in Postfix configuration templates.

Fix released in Mail 1.7.1

Thanks for the swift fix. Update is not yet visible in repos for me.
I’ll wait untill it is available and will try it

Sorry, the update is postponed because it contains another bug related to user forwards.

You could still update from CLI (adapt mail1 to your mail instance name) but I recommend to wait until it’s fixed and released.

api-cli run update-module --data '{"module_url":"ghcr.io/nethserver/mail:1.7.1-dev.2","instances":["mail1"],"force":true}'

19 posts were split to a new topic: Can’t receive external mails: “Recipient address rejected: access denied”

New Testing version 1.7.2-dev.1 fixes the open bugs for the long-awaited Mail version 1.7

immagine689×253 15.7 KB

Please inform us if further problems occur, and use the above procedure to revert to the current stable Postfix configuration (1.6.4):

There’s another bug regarding alias addresses, a fix will be provided soon.

Since this morning version 1.7.2-dev.3 is available for testing. Existing installations can be updated using the Update to testing version action in the Software Center, as explained above.

This release addresses the relay bug and other reported issues. We already consider it a release candidate, as it is running in some production environments.

You’re invited to try it out and share your feedback. Your input will help us build confidence in this release.

More information:

• User forwards are not respected in Mail 1.7 · Issue #7553 · NethServer/dev · GitHub
• Mail “access denied” error after update to 1.7 · Issue #7552 · NethServer/dev · GitHub