# 554 5.7.0 中继访问被拒绝

- **ID:** `communication/smtp-554-5-7-0-relay-denied`
- **领域:** communication
- **类别:** auth_error
- **错误码:** `554`
- **验证级别:** ai_generated
- **修复率:** 80%

## 根因

SMTP 服务器拒绝中继尝试，因为客户端 IP 或认证用户无权向外部域发送邮件。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Postfix 3.7.0 | active | — | — |
| Exim 4.96 | active | — | — |
| Sendmail 8.17.1 | active | — | — |

## 解决方案

1. ```
   Add the client's IP to the relay allow list in the SMTP server config: For Postfix, add to `/etc/postfix/main.cf`: `mynetworks = 192.168.1.0/24` and restart with `systemctl restart postfix`.
   ```
2. ```
   Enable SMTP authentication with valid credentials: In the client, configure `smtp_auth = login` and provide a username/password that has relay rights. For Python's smtplib, use `server.login(user, password)`.
   ```
3. ```
   Route email through a dedicated relay service like SendGrid or AWS SES with proper SPF/DKIM records.
   ```

## 无效尝试

- **Disable SMTP authentication on the server to allow open relay** — Open relays are a security risk and will be blacklisted; also violates RFC requirements. (95% 失败率)
- **Change the sender email address to a local domain on the server** — The relay denial is based on the recipient domain, not the sender; local sender still fails for external recipients. (70% 失败率)
- **Increase the SMTP timeout value** — The error is an authorization failure, not a timeout; timeout changes don't affect relay permissions. (90% 失败率)