Emails sent through a mailing list in Plesk to external mailboxes are not received: Relay access denied

Daniel Yordanov

Updated September 26, 2024 19:58

Plesk for Linux kb: technical

Applicable to:

Plesk for Linux

Symptoms

Plesk Obisidian running on a Linux-based operating system
Emails sent through a mailing list (mailman) to external mailboxes (Gmail, Outlook, Yahoo!, etc.) are not received
The messages do not appear to be leaving the Plesk server and one of the following error messages appears in /var/log/maillog:

NOQUEUE: reject: RCPT from localhost[::1]: 454 4.7.1 list@example.com: Relay access denied;
from=list@example.com to=john_doe@example.net proto=ESMTP helo=<mail.example.com>

NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1

One of the following error messages appears in /var/log/mailman/smtp-failure:

delivery to list@example.com failed with code -1: Server not connected
delivery to john_doe@example.com failed with code -1: [Errno 104] Connection reset by peer

delivery to john_doe@example.com failed with code 553: sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

Cause

The localhost IPv4 and IPv6 address ranges are not whitelisted within the mail server settings.

Resolution

Warning: To use mailing lists, you need to have localhost (IP ranges 127.0.0.0/8 and ::1/128) in the mail server's white list. However, to use outgoing mail control, you should not have localhost in the mail server white list. As a compromise, you can use mail forwarding on the mailbox instead of mailing lists.

The localhost IPv4 range 127.0.0.0/8 and IPv6 range ::1/128 must be added to the mail server white list in order for mailman to function as expected:

Warning: By applying the following solution, any set limits on outgoing mail will stop working and this is expected.

Log into Plesk
Go to Tools & Settings > Mail Server Settings > White List
Press Add Network > add 127.0.0.0/8 to the IP address/mask field
Press Add one more > enter ::1/128 to the IP address/mask field
Press OK
The end result should appear as follows:

In case the records exist already and the issue is still present, you must run the following command in order to reapply the currently defined mail server configuration:

# plesk repair mail -y

Mailman Limitations:

By default, the Mailman web interface in Plesk is secured with a self-signed SSL/TLS certificate. It protects the connection but triggers a self-signed SSL/TLS certificate warning. You can safely ignore the warning when you access the Mailman web interface. At the moment, it is not possible to secure the Mailman web interface with a valid SSL/TLS certificate.
At the moment, Mailman does not support ARC headers, therefore emails sent via Mailman cannot pass ARC checks. Some mail services (for example, Gmail) may treat such emails as unauthenticated.
The operating system dist-upgrade (for example, from Debian 10 to Debian 11) requires manual actions to upgrade to Mailman 3

Additional information

Mailing Lists | Plesk Obsidian documentation

Screenshot_2020-04-15_Plesk_Obsidian_18_0_26.png
(20 KB)
Screenshot_2020-04-15_Plesk_Obsidian_18_0_26.png
(30 KB)