[GH-ISSUE #607] [SelfHosted] 454 4.7.1 Relay access denied #999

New issue

Closed

opened 2026-03-14 11:25:54 +03:00 by kerem · 8 comments

kerem commented 2026-03-14 11:25:54 +03:00

Owner

Copy link

Originally created by @andre-paulo98 on GitHub (Mar 3, 2024).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/607

Hey there!

Tried selfhosting Addy and I'm running into an issue with sending the verification emails.

Here's /var/log/mail.log:

Mar  3 01:33:30 mail postfix/smtpd[2430]: connect from mail.mydomain.com[x.y.z.w]
Mar  3 01:33:30 mail postfix/smtpd[2430]: Anonymous TLS connection established from mail.mydomain.com[x.y.z.w]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
Mar  3 01:33:30 mail postfix/smtpd[2430]: NOQUEUE: reject: RCPT from mail.mydomain.com[x.y.z.w]: 454 4.7.1 <test-abcdefghj@srv1.mail-tester.com>: Relay access denied; from=<b_gq2dkmdepbvxiolwmfyq_mvtdinzshaywm@mydomain.com> to=<test-abcdefghj@srv1.mail-tester.com> proto=ESMTP helo=<mail.mydomain.com>
Mar  3 01:33:31 mail postfix/smtpd[2431]: connect from mail.mydomain.com[x.y.z.w]
Mar  3 01:33:31 mail postfix/smtpd[2431]: Anonymous TLS connection established from mail.mydomain.com[x.y.z.w]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
Mar  3 01:33:31 mail postfix/smtpd[2431]: NOQUEUE: reject: RCPT from mail.mydomain.com[x.y.z.w]: 454 4.7.1 <test-abcdefghj@srv1.mail-tester.com>: Relay access denied; from=<b_gj4xcmtonq2xsmbxpf2q_gfswkzrzgjqtq@mydomain.com> to=<test-abcdefghj@srv1.mail-tester.com> proto=ESMTP helo=<mail.mydomain.com>
Mar  3 01:33:31 mail postfix/smtpd[2433]: connect from mail.mydomain.com[x.y.z.w]
Mar  3 01:33:31 mail postfix/smtpd[2433]: Anonymous TLS connection established from mail.mydomain.com[x.y.z.w]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
Mar  3 01:33:31 mail postfix/smtpd[2433]: NOQUEUE: reject: RCPT from mail.mydomain.com[x.y.z.w]: 454 4.7.1 <test-abcdefghj@srv1.mail-tester.com>: Relay access denied; from=<b_gy3wcolmgrzxq23gmn4q_hbsdknbzgyyti@mydomain.com> to=<test-abcdefghj@srv1.mail-tester.com> proto=ESMTP helo=<mail.mydomain.com>

I'm trying to send the verification email to https://www.mail-tester.com/ without much success.
I tried to send a email with the command echo "body of the email" | mail -s "subject" "test-abcdefghj@srv1.mail-tester.com" and it works just fine:

Mar  3 01:38:08 mail postfix/pickup[1892]: 65BB340C39: uid=0 from=<root>
Mar  3 01:38:08 mail postfix/cleanup[2473]: 65BB340C39: message-id=<20240303013808.65BB340C39@mail.mydomain.com>
Mar  3 01:38:08 mail postfix/qmgr[1893]: 65BB340C39: from=<root@mydomain.com>, size=462, nrcpt=1 (queue active)
Mar  3 01:38:08 mail postfix/smtp[2474]: Trusted TLS connection established to reception.mail-tester.com[94.23.206.89]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Mar  3 01:38:09 mail postfix/smtp[2474]: 65BB340C39: to=<test-abcdefghj@srv1.mail-tester.com>, relay=reception.mail-tester.com[94.23.206.89]:25, delay=0.94, delays=0.17/0.02/0.31/0.45, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3198FA0A6B)
Mar  3 01:38:09 mail postfix/qmgr[1893]: 65BB340C39: removed

my .env

APP_NAME=addy.mydomain.com
APP_ENV=production
APP_KEY=secret
APP_DEBUG=false
APP_LOG_LEVEL=debug
# The URL of the addy.io instance, can be anything you like e.g. https://aa.example.com, or just https://example.com, if using a non-standard port you must include it e.g. https://example.test:8000. Do not include a trailing slash '/'
APP_URL=https://addy.mydomain.com

LOG_CHANNEL=stack

DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=anonaddy_database
DB_USERNAME=anonaddy
DB_PASSWORD=password

BROADCAST_DRIVER=log
CACHE_DRIVER=redis
QUEUE_CONNECTION=redis
SESSION_DRIVER=redis
SESSION_LIFETIME=10080
SESSION_SECURE_COOKIE=true
SAME_SITE_COOKIES=lax

REDIS_CLIENT=phpredis
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=password
REDIS_PORT=6379

# The from name to be used for outgoing email notifications from addy.io
MAIL_FROM_NAME=Addy
# The from address to be used for outgoing email notifications from addy.io
MAIL_FROM_ADDRESS=mailer@mydomain.com
MAIL_DRIVER=smtp
MAIL_HOST=mail.mydomain.com
MAIL_PORT=25
MAIL_ENCRYPTION=tls
MAIL_EHLO_DOMAIN=mail.mydomain.com
MAIL_VERIFY_PEER=true

# The SMTP FROM address to be used if the alias address cannot be, e.g. for a custom domain that is not verified for sending
ANONADDY_RETURN_PATH=mailer@mydomain.com
# This allows you to receive emails as a catch-all at the apex domain e.g. *@example.com
ANONADDY_ADMIN_USERNAME=user-addy
ANONADDY_ENABLE_REGISTRATION=false
ANONADDY_DOMAIN=mydomain.com
ANONADDY_HOSTNAME=mail.mydomain.com
ANONADDY_DNS_RESOLVER=127.0.0.1
ANONADDY_ALL_DOMAINS=mydomain.com
# Used for verifying custom domains and variable envelope return paths, can be anything e.g. 64U64QcpgWHAZPyr4nN58kDGvwj9TkKMGyuXcjMFA7CdhTDy2f
ANONADDY_SECRET=password
# Number of emails that can be forwarded through the service per hour by any one user
ANONADDY_LIMIT=200
# Monthly bandwidth limit, default 100MB
ANONADDY_BANDWIDTH_LIMIT=104857600
# Limit on how many new aliases can be created per hour, default 100
ANONADDY_NEW_ALIAS_LIMIT=100
# Limit on the number of additional usernames that can be added, default 10
ANONADDY_ADDITIONAL_USERNAME_LIMIT=10
# Fingerprint of the private key that you generated on the server to be used to sign encrypted forwarded emails
ANONADDY_SIGNING_KEY_FINGERPRINT=
# This is only needed if you will be adding any custom domains. If you do not need it then leave it blank. ANONADDY_DKIM_SIGNING_KEY=/etc/opendkim/keys/example.com/default.private
ANONADDY_DKIM_SIGNING_KEY=/var/lib/rspamd/dkim/mydomain.com.default.key
ANONADDY_DKIM_SELECTOR=default

Thanks in advance!

Originally created by @andre-paulo98 on GitHub (Mar 3, 2024). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/607 Hey there! Tried selfhosting Addy and I'm running into an issue with sending the verification emails. Here's `/var/log/mail.log`: ``` Mar 3 01:33:30 mail postfix/smtpd[2430]: connect from mail.mydomain.com[x.y.z.w] Mar 3 01:33:30 mail postfix/smtpd[2430]: Anonymous TLS connection established from mail.mydomain.com[x.y.z.w]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256 Mar 3 01:33:30 mail postfix/smtpd[2430]: NOQUEUE: reject: RCPT from mail.mydomain.com[x.y.z.w]: 454 4.7.1 <test-abcdefghj@srv1.mail-tester.com>: Relay access denied; from=<b_gq2dkmdepbvxiolwmfyq_mvtdinzshaywm@mydomain.com> to=<test-abcdefghj@srv1.mail-tester.com> proto=ESMTP helo=<mail.mydomain.com> Mar 3 01:33:31 mail postfix/smtpd[2431]: connect from mail.mydomain.com[x.y.z.w] Mar 3 01:33:31 mail postfix/smtpd[2431]: Anonymous TLS connection established from mail.mydomain.com[x.y.z.w]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256 Mar 3 01:33:31 mail postfix/smtpd[2431]: NOQUEUE: reject: RCPT from mail.mydomain.com[x.y.z.w]: 454 4.7.1 <test-abcdefghj@srv1.mail-tester.com>: Relay access denied; from=<b_gj4xcmtonq2xsmbxpf2q_gfswkzrzgjqtq@mydomain.com> to=<test-abcdefghj@srv1.mail-tester.com> proto=ESMTP helo=<mail.mydomain.com> Mar 3 01:33:31 mail postfix/smtpd[2433]: connect from mail.mydomain.com[x.y.z.w] Mar 3 01:33:31 mail postfix/smtpd[2433]: Anonymous TLS connection established from mail.mydomain.com[x.y.z.w]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256 Mar 3 01:33:31 mail postfix/smtpd[2433]: NOQUEUE: reject: RCPT from mail.mydomain.com[x.y.z.w]: 454 4.7.1 <test-abcdefghj@srv1.mail-tester.com>: Relay access denied; from=<b_gy3wcolmgrzxq23gmn4q_hbsdknbzgyyti@mydomain.com> to=<test-abcdefghj@srv1.mail-tester.com> proto=ESMTP helo=<mail.mydomain.com> ``` I'm trying to send the verification email to https://www.mail-tester.com/ without much success. I tried to send a email with the command `echo "body of the email" | mail -s "subject" "test-abcdefghj@srv1.mail-tester.com"` and it works just fine: ``` Mar 3 01:38:08 mail postfix/pickup[1892]: 65BB340C39: uid=0 from=<root> Mar 3 01:38:08 mail postfix/cleanup[2473]: 65BB340C39: message-id=<20240303013808.65BB340C39@mail.mydomain.com> Mar 3 01:38:08 mail postfix/qmgr[1893]: 65BB340C39: from=<root@mydomain.com>, size=462, nrcpt=1 (queue active) Mar 3 01:38:08 mail postfix/smtp[2474]: Trusted TLS connection established to reception.mail-tester.com[94.23.206.89]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Mar 3 01:38:09 mail postfix/smtp[2474]: 65BB340C39: to=<test-abcdefghj@srv1.mail-tester.com>, relay=reception.mail-tester.com[94.23.206.89]:25, delay=0.94, delays=0.17/0.02/0.31/0.45, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 3198FA0A6B) Mar 3 01:38:09 mail postfix/qmgr[1893]: 65BB340C39: removed ``` <details> <summary>my .env</summary> ``` APP_NAME=addy.mydomain.com APP_ENV=production APP_KEY=secret APP_DEBUG=false APP_LOG_LEVEL=debug # The URL of the addy.io instance, can be anything you like e.g. https://aa.example.com, or just https://example.com, if using a non-standard port you must include it e.g. https://example.test:8000. Do not include a trailing slash '/' APP_URL=https://addy.mydomain.com LOG_CHANNEL=stack DB_CONNECTION=mysql DB_HOST=localhost DB_PORT=3306 DB_DATABASE=anonaddy_database DB_USERNAME=anonaddy DB_PASSWORD=password BROADCAST_DRIVER=log CACHE_DRIVER=redis QUEUE_CONNECTION=redis SESSION_DRIVER=redis SESSION_LIFETIME=10080 SESSION_SECURE_COOKIE=true SAME_SITE_COOKIES=lax REDIS_CLIENT=phpredis REDIS_HOST=127.0.0.1 REDIS_PASSWORD=password REDIS_PORT=6379 # The from name to be used for outgoing email notifications from addy.io MAIL_FROM_NAME=Addy # The from address to be used for outgoing email notifications from addy.io MAIL_FROM_ADDRESS=mailer@mydomain.com MAIL_DRIVER=smtp MAIL_HOST=mail.mydomain.com MAIL_PORT=25 MAIL_ENCRYPTION=tls MAIL_EHLO_DOMAIN=mail.mydomain.com MAIL_VERIFY_PEER=true # The SMTP FROM address to be used if the alias address cannot be, e.g. for a custom domain that is not verified for sending ANONADDY_RETURN_PATH=mailer@mydomain.com # This allows you to receive emails as a catch-all at the apex domain e.g. *@example.com ANONADDY_ADMIN_USERNAME=user-addy ANONADDY_ENABLE_REGISTRATION=false ANONADDY_DOMAIN=mydomain.com ANONADDY_HOSTNAME=mail.mydomain.com ANONADDY_DNS_RESOLVER=127.0.0.1 ANONADDY_ALL_DOMAINS=mydomain.com # Used for verifying custom domains and variable envelope return paths, can be anything e.g. 64U64QcpgWHAZPyr4nN58kDGvwj9TkKMGyuXcjMFA7CdhTDy2f ANONADDY_SECRET=password # Number of emails that can be forwarded through the service per hour by any one user ANONADDY_LIMIT=200 # Monthly bandwidth limit, default 100MB ANONADDY_BANDWIDTH_LIMIT=104857600 # Limit on how many new aliases can be created per hour, default 100 ANONADDY_NEW_ALIAS_LIMIT=100 # Limit on the number of additional usernames that can be added, default 10 ANONADDY_ADDITIONAL_USERNAME_LIMIT=10 # Fingerprint of the private key that you generated on the server to be used to sign encrypted forwarded emails ANONADDY_SIGNING_KEY_FINGERPRINT= # This is only needed if you will be adding any custom domains. If you do not need it then leave it blank. ANONADDY_DKIM_SIGNING_KEY=/etc/opendkim/keys/example.com/default.private ANONADDY_DKIM_SIGNING_KEY=/var/lib/rspamd/dkim/mydomain.com.default.key ANONADDY_DKIM_SELECTOR=default ``` </details> Thanks in advance!

kerem closed this issue 2026-03-14 11:25:59 +03:00

kerem commented 2026-03-14 11:26:11 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Mar 13, 2024):

Is this issue the same when sending to all email addresses or just the ones on mail-tester?

<!-- gh-comment-id:1994550410 --> @willbrowningme commented on GitHub (Mar 13, 2024): Is this issue the same when sending to all email addresses or just the ones on mail-tester?

kerem commented 2026-03-14 11:26:16 +03:00

Author

Owner

Copy link

@andre-paulo98 commented on GitHub (Mar 13, 2024):

Seems like all email addresses (I tried outlook and gmail)

<!-- gh-comment-id:1995379332 --> @andre-paulo98 commented on GitHub (Mar 13, 2024): Seems like all email addresses (I tried outlook and gmail)

kerem commented 2026-03-14 11:26:22 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Mar 15, 2024):

What do you have set for:

myhostname = 
mydomain = 
virtual_mailbox_domains = 

mynetworks = 

in your /etc/postfix/main.cf file?

<!-- gh-comment-id:1999357319 --> @willbrowningme commented on GitHub (Mar 15, 2024): What do you have set for: ``` myhostname = mydomain = virtual_mailbox_domains = mynetworks = ``` in your `/etc/postfix/main.cf` file?

kerem commented 2026-03-14 11:26:27 +03:00

Author

Owner

Copy link

@andre-paulo98 commented on GitHub (Mar 15, 2024):

What do you have set for:

myhostname = 
mydomain = 
virtual_mailbox_domains = 

mynetworks = 

in your /etc/postfix/main.cf file?

myhostname = mail.mydomain.com
mydomain = mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname

mydestination = localhost.mydomain.com, localhost

virtual_transport = anonaddy:
virtual_mailbox_domains = $mydomain, unsubscribe.$mydomain, mysql:/etc/postfix/mysql-virtual-alias-domains-and-subdomains.cf

relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

<!-- gh-comment-id:2000337298 --> @andre-paulo98 commented on GitHub (Mar 15, 2024): > What do you have set for: > > ``` > myhostname = > mydomain = > virtual_mailbox_domains = > > mynetworks = > ``` > > in your `/etc/postfix/main.cf` file? ``` myhostname = mail.mydomain.com mydomain = mydomain.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = localhost.mydomain.com, localhost virtual_transport = anonaddy: virtual_mailbox_domains = $mydomain, unsubscribe.$mydomain, mysql:/etc/postfix/mysql-virtual-alias-domains-and-subdomains.cf relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 ```

kerem commented 2026-03-14 11:26:32 +03:00

Author

Owner

Copy link

@andre-paulo98 commented on GitHub (Mar 15, 2024):

I also just checked the files mentioned and they are all -rw-r--r-- instead of /etc/postfix/mysql-virtual-alias-domains-and-subdomains.cf which is -rw-r----- 1 root postfix

<!-- gh-comment-id:2000341392 --> @andre-paulo98 commented on GitHub (Mar 15, 2024): I also just checked the files mentioned and they are all `-rw-r--r--` instead of `/etc/postfix/mysql-virtual-alias-domains-and-subdomains.cf` which is `-rw-r----- 1 root postfix`

kerem commented 2026-03-14 11:26:37 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Mar 15, 2024):

Try adding your server's IP address to the end of mynetworks and then restarting Postfix.

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 x.y.z/32

Where x.y.z is your IPv4 address, you may also need to add the IPv6 if you have that enabled.

<!-- gh-comment-id:2000408568 --> @willbrowningme commented on GitHub (Mar 15, 2024): Try adding your server's IP address to the end of `mynetworks` and then restarting Postfix. ``` mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 x.y.z/32 ``` Where x.y.z is your IPv4 address, you may also need to add the IPv6 if you have that enabled.

kerem commented 2026-03-14 11:26:42 +03:00

Author

Owner

Copy link

@andre-paulo98 commented on GitHub (Mar 15, 2024):

That seems to have worked.
Added both IPv4 and IPv6 to that seemed to fix it.

Is this just saying what the IPs are allowed to send emails?

<!-- gh-comment-id:2000469443 --> @andre-paulo98 commented on GitHub (Mar 15, 2024): That seems to have worked. Added both IPv4 and IPv6 to that seemed to fix it. Is this just saying what the IPs are allowed to send emails?

kerem commented 2026-03-14 11:26:47 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Mar 16, 2024):

Check the "What clients to relay mail from" section here for more details - https://www.postfix.org/BASIC_CONFIGURATION_README.html

<!-- gh-comment-id:2001920488 --> @willbrowningme commented on GitHub (Mar 16, 2024): Check the "What clients to relay mail from" section here for more details - [https://www.postfix.org/BASIC_CONFIGURATION_README.html](https://www.postfix.org/BASIC_CONFIGURATION_README.html)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.5.0

v1.4.1

v1.4.0

v1.3.8

v1.3.7

v1.3.6

v1.3.5

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.14.1

v0.14.0

v0.13.13

v0.13.12

v0.13.11

v0.13.10

v0.13.9

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.5

v0.7.4

v0.7.3

v0.7.2

v0.7.1

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/anonaddy#999

No description provided.