# 554 5.7.0 Relay access denied

- **ID:** `communication/smtp-554-5-7-0-relay-denied`
- **Domain:** communication
- **Category:** auth_error
- **Error Code:** `554`
- **Verification:** ai_generated
- **Fix Rate:** 80%

## Root Cause

SMTP server rejects the relay attempt because the client's IP or authenticated user is not authorized to send emails to external domains.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| Postfix 3.7.0 | active | — | — |
| Exim 4.96 | active | — | — |
| Sendmail 8.17.1 | active | — | — |

## Workarounds

1. **Add the client's IP to the relay allow list in the SMTP server config: For Postfix, add to `/etc/postfix/main.cf`: `mynetworks = 192.168.1.0/24` and restart with `systemctl restart postfix`.** (85% success)
   ```
   Add the client's IP to the relay allow list in the SMTP server config: For Postfix, add to `/etc/postfix/main.cf`: `mynetworks = 192.168.1.0/24` and restart with `systemctl restart postfix`.
   ```
2. **Enable SMTP authentication with valid credentials: In the client, configure `smtp_auth = login` and provide a username/password that has relay rights. For Python's smtplib, use `server.login(user, password)`.** (90% success)
   ```
   Enable SMTP authentication with valid credentials: In the client, configure `smtp_auth = login` and provide a username/password that has relay rights. For Python's smtplib, use `server.login(user, password)`.
   ```
3. **Route email through a dedicated relay service like SendGrid or AWS SES with proper SPF/DKIM records.** (80% success)
   ```
   Route email through a dedicated relay service like SendGrid or AWS SES with proper SPF/DKIM records.
   ```

## Dead Ends

- **Disable SMTP authentication on the server to allow open relay** — Open relays are a security risk and will be blacklisted; also violates RFC requirements. (95% fail)
- **Change the sender email address to a local domain on the server** — The relay denial is based on the recipient domain, not the sender; local sender still fails for external recipients. (70% fail)
- **Increase the SMTP timeout value** — The error is an authorization failure, not a timeout; timeout changes don't affect relay permissions. (90% fail)