554
communication
auth_error
ai_generated
true
554 5.7.0 Relay access denied
ID: communication/smtp-554-5-7-0-relay-denied
80%Fix Rate
87%Confidence
1Evidence
2023-09-05First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Postfix 3.7.0 | active | — | — | — |
| Exim 4.96 | active | — | — | — |
| Sendmail 8.17.1 | active | — | — | — |
Root Cause
SMTP server rejects the relay attempt because the client's IP or authenticated user is not authorized to send emails to external domains.
generic中文
SMTP 服务器拒绝中继尝试,因为客户端 IP 或认证用户无权向外部域发送邮件。
Official Documentation
https://www.ietf.org/rfc/rfc2821.txtWorkarounds
-
85% success Add the client's IP to the relay allow list in the SMTP server config: For Postfix, add to `/etc/postfix/main.cf`: `mynetworks = 192.168.1.0/24` and restart with `systemctl restart postfix`.
Add the client's IP to the relay allow list in the SMTP server config: For Postfix, add to `/etc/postfix/main.cf`: `mynetworks = 192.168.1.0/24` and restart with `systemctl restart postfix`.
-
90% success Enable SMTP authentication with valid credentials: In the client, configure `smtp_auth = login` and provide a username/password that has relay rights. For Python's smtplib, use `server.login(user, password)`.
Enable SMTP authentication with valid credentials: In the client, configure `smtp_auth = login` and provide a username/password that has relay rights. For Python's smtplib, use `server.login(user, password)`.
-
80% success Route email through a dedicated relay service like SendGrid or AWS SES with proper SPF/DKIM records.
Route email through a dedicated relay service like SendGrid or AWS SES with proper SPF/DKIM records.
中文步骤
Add the client's IP to the relay allow list in the SMTP server config: For Postfix, add to `/etc/postfix/main.cf`: `mynetworks = 192.168.1.0/24` and restart with `systemctl restart postfix`.
Enable SMTP authentication with valid credentials: In the client, configure `smtp_auth = login` and provide a username/password that has relay rights. For Python's smtplib, use `server.login(user, password)`.
Route email through a dedicated relay service like SendGrid or AWS SES with proper SPF/DKIM records.
Dead Ends
Common approaches that don't work:
-
Disable SMTP authentication on the server to allow open relay
95% fail
Open relays are a security risk and will be blacklisted; also violates RFC requirements.
-
Change the sender email address to a local domain on the server
70% fail
The relay denial is based on the recipient domain, not the sender; local sender still fails for external recipients.
-
Increase the SMTP timeout value
90% fail
The error is an authorization failure, not a timeout; timeout changes don't affect relay permissions.