Relay error after update mail node to 1.7.0

Hi

After the update of the mail node i get an error with the relay

This is the mail system at host mail.xxxxx.nl.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The mail system

<[xxx.xxx@xxxx.com](mailto:xxxxx.xxxxxx@xxxxxx.com)>: host smtp.ziggo.nl[84.116.6.3] said: 550 5.1.0

SMTP408 Relay denied for your IP xxx.xxx.xxx.xxx. Authentication with email

address and password required to continue

;id=ZVGOuJXICtCX1ZVGOu26Fy;sid=ZVGOuJXICtCX1;mta=csmtp2-prd-nl1-vfz;d=20250709;t=155508[CET];ipsrc=213.93.33.97;

(in reply to MAIL FROM command)

what can i do to solve this.
No mail is possible to send now

IIUC your mail provider rejects relaying the message for an authentication error.

Please share the output of this command:

api-cli run module/mail1/list-relay-rules  | jq

As alternative take a screenshot of the table in Mail Relay page.

Replace “mail1” with your Mail instance ID.

Mail 1.7.0 is supposed to fix an authentication bug within Relay Rules, so try to change the password or re-create the relay rules from scratch to see if it can solve the issue.

Hi

api-cli run module/mail1/list-relay-rules  | jq
Warning: using user "cluster" credentials from the environment
{
  "has_wildcard": false,
  "rules": [
    {
      "rule_type": "sender",
      "rule_subject": "pdebrabander.nl",
      "host": "smtp.ziggo.nl",
      "port": 587,
      "tls": true,
      "username": "p.brabander3@xxxxxx.nl",
      "has_password": true,
      "enabled": true
    }
  ]
}

Relay recreated and no luck

Please make a test with a rule_subject matching the exact sender address. I see your rule wants to match the domain. I’m looking at the domain query and there can be an issue, let’s try to exclude it.

i need a bit help with this. How can i do this exactly?

Create another relay rule with the complete sender address instead of the domain part.

ok. This is working.
Do i need to this now for every user ?

1 Like

I think I’ve reproduced the issue and understood what’s going wrong.

I filed this bug: Auth error with sender domain relay rule · Issue #7551 · NethServer/dev · GitHub, thank you for reporting the problem, a fix is coming.

1 Like

thanks.
This gave a big headache

Yes, if you can’t wait. I think you’ll get the fix from testing in a hour, I already worked out the solution and I’m just waiting the automated tests to complete: Test module · NethServer/ns8-mail@c348b0a · GitHub

Manual fix details

As alternative, apply the fix by hand with this command:

runagent -m mail1 podman exec -i postfix ash -c 'cat > relaycredentials.cf' <<'EOF'
#
# relaycredentials -- retrieve the relay host credentials
# Sqlite backend configuration
#

dbpath = /srv/pcdb.sqlite
query = SELECT FORMAT('%%s:%%s', username, password) AS credentials
  FROM relayrules
  WHERE enabled = 1 AND (
    (rule_type = 'sender' AND
      CASE INSTR('%s', '@')
        WHEN 1 THEN ('@' || rule_subject) = '%s'
        ELSE rule_subject = '%s'
      END
    )
    OR ('%s' IN (FORMAT('[%%s]:%%s', host, port), FORMAT('[%%s]', host)) AND rule_type != 'sender')
  ) AND username != ''
  LIMIT 1
expansion_limit = 1
EOF

Replace “mail1” with your Mail instance ID.

The fix is available in testing release 1.7.1-dev.2. Reload repositories from the Software Center page then you’d see the “Update to testing version” action in your Mail instance.


Additional information:

As alternative workaround, if further issues occur, the specific Mail update to 1.7 it can be temporarily be reverted the Postfix container version 1.6.4, by editing the MAIL_POSTFIX_IMAGE= line in theenvironment file, for example with

runagent -m mail1
sed -i 's|^MAIL_POSTFIX_IMAGE=.*$|MAIL_POSTFIX_IMAGE=ghcr.io/nethserver/mail-postfix:1.6.4|' environment
systemctl --user restart postfix # image download may require some time

Version 1.7 differs from 1.6 only in Postfix configuration templates.

3 Likes

Fix released in Mail 1.7.1

3 Likes

Thanks for the swift fix. Update is not yet visible in repos for me.
I’ll wait untill it is available and will try it

Sorry, the update is postponed because it contains another bug related to user forwards.

You could still update from CLI (adapt mail1 to your mail instance name) but I recommend to wait until it’s fixed and released.

api-cli run update-module --data '{"module_url":"ghcr.io/nethserver/mail:1.7.1-dev.2","instances":["mail1"],"force":true}'
1 Like

19 posts were split to a new topic: Can’t receive external mails: “Recipient address rejected: access denied”

New Testing version 1.7.2-dev.1 fixes the open bugs for the long-awaited Mail version 1.7

Please inform us if further problems occur, and use the above procedure to revert to the current stable Postfix configuration (1.6.4):

2 Likes

There’s another bug regarding alias addresses, a fix will be provided soon.

1 Like

Since this morning version 1.7.2-dev.3 is available for testing. Existing installations can be updated using the Update to testing version action in the Software Center, as explained above.

This release addresses the relay bug and other reported issues. We already consider it a release candidate, as it is running in some production environments.

You’re invited to try it out and share your feedback. Your input will help us build confidence in this release.

More information:

3 Likes

When do you think this update will be released as stable version

1 Like

I hope soon but we’d need tests to confirm that the bugs are really fixed.

Did it work on your server?

It’s easiliy possible to upgrade to testing via Software Center: