Resolving mf-505: Sender Policy - Relay Denied.

sportspunter · Nov 17, 2023

Hi,

I work from home, and for years have been able to send emails from my home PC through my local ISP, using my business email address.

They recently banned sending email not coming "From" their own domain names... so now I have to configure sendmail on my server to allow me to send an email from my home PC.

At the moment I am getting this error:
Sending of the message failed.
An error occurred while sending mail. The mail server responded: mf-505: Sender Policy - Relay Denied. Please verify that your email address is correct in your account settings and try again.

So far the only thing I have tried is adding my ip address to /etc/mail/relay-domains (and restarted sendmail just in case it was required). Same problem.

Any suggestions please?

Also, it's going to be so annoying if I have to reconfigure sendmail whenever my ip changes, any suggestions to help alleviate that problem?

thanks

covacat · Nov 17, 2023

setup sasl auth on the server and configure your client to authenticate
then you can relay from any ip

sportspunter · Nov 20, 2023

covacat said:
setup sasl auth on the server and configure your client to authenticate
then you can relay from any ip

thanks, appreciate it!

If I do this, will every client be required to authenticate? At the moment I have a lot of different java processes on different internal servers (linked by a switch) that are relaying fine... will they fail to connect once sasl is setup because they'll need to authenticate too?

covacat · Nov 20, 2023

only clients that are not permitted to relay by ip require to authenticate
its not clear to me from your previous messages if your server sits in your local lan or is a vps or colo elsewhere

if your server is in your local lan you can relay by ip just add
10.x.y RELAY
in /etc/mail/auth and then in /etc/mail type make maps

if your server is remote then either have every client to authenticate or
add another smtp server in the lan which will forward to the external one (in this case just the outgoing lan server will need to auth)

sportspunter · Nov 20, 2023

I have all the servers in the LAN relaying fine.

I'm trying to relay now from my home pc which is external.

Ideally i'd love to leave the internal relaying alone and not rely on them authenticating.

"
or
add another smtp server in the lan which will forward to the external one"

I'm not following that... can you elaborate a little please?

covacat · Nov 20, 2023

Code:

dynamic IP                  static public IP
|------|                   |--------------|
| home |----- // inet // --| company smtp |-------------------------------
|------|                   |--------------|    |        |            |
                                               |        |            |
                                              SVR1     SVR2          SVRn

in this case only your home devices need to send with smtp auth
the SVRn machines can relay by ip (just add your lan ips in /etc/mail/auth and make maps)

sportspunter · Nov 20, 2023

covacat said:

Code:

dynamic IP                  static public IP
|------|                   |--------------|
| home |----- // inet // --| company smtp |-------------------------------
|------|                   |--------------|    |        |            |
                                               |        |            |
                                              SVR1     SVR2          SVRn

in this case only your home devices need to send with smtp auth
the SVRn machines can relay by ip (just add your lan ips in /etc/mail/auth and make maps)

thanks again... i think rather than playing around with my configurations i'll just use a free outgoing server for now. I've seen lots of posts on forums with people trying to install and use this with sendmail and seems to be a lot that can go wrong - whereas in 5 mins I signed up with brevo, got my dns sorted with emails signed to avoid spam etc and away I go.... I really appreciate your help though, thank you.

covacat · Nov 20, 2023

the hard part is usually setting a smtp server from scratch, because you need to setup reverse dns, reverse ipv6 dns (if you use it). then fight with various large email providers like microsoft to accept your sending ip.then if the outgoing server is on your isp network (not a vps) then you have to hope they wont screw up the reverse dns or block your 25 port etc
if you already have the above part nailed and only need to setup client auth then its not that hard.

sportspunter · Nov 21, 2023

covacat said:
the hard part is usually setting a smtp server from scratch, because you need to setup reverse dns, reverse ipv6 dns (if you use it). then fight with various large email providers like microsoft to accept your sending ip.then if the outgoing server is on your isp network (not a vps) then you have to hope they wont screw up the reverse dns or block your 25 port etc
if you already have the above part nailed and only need to setup client auth then its not that hard.

i think i was too much out of my depth and didn't know enough about it.... for example, I read sendmail needed to be compiled with the cyrus-sasl libraries, which I didn't know if mine was or not. There just seemed to be so many things that could go wrong, and I'm a programmer not a linux expert so I'm sure I'd come undone at some stage - plus I didn't want to do something which would mess up my processes on the LAN already relaying mail perfectly fine. The alternative was just too easy to turn down.

thanks again!