Articles in this section

See more

Unable to send email from Plesk server using Outlook as mail client: 554 5.7.1: Client host rejected: Access denied

Avatar
Renan Moreira
Updated
Follow
Plesk for Linux kb: technical ABT: Group B

Applicable to:

  • Plesk for Linux

Symptoms

  • In an attempt to send an email from Plesk server using Outlook to some external domains (hotmail.com, gmail.com, etc), the following bounce message is returned:

    CONFIG_TEXT: Server error: '454 4.7.1 jdoe@example.com: Relay access denied'

    CONFIG_TEXT: Client host rejected: Access denied: 554 5.7.1 <example.com[203.0.113.2]>: Client host rejected: Access denied

  • Other mail clients (Opera Mail, Mozilla Thunderbird) are able to send messages;

Cause

Too restrictive Outlook configuration

Resolution

Note: This article may require additional administrative knowledge to apply. If any help is required, contact the server’s administrator or hosting support.

  1. Connect to the server via SSH.

  2. Create a backup of the main Postfix configuration file:

    # cp /etc/postfix/main.cf /etc/postfix/main.cf.back

  3. Open file /etc/postfix/main.cf using a text editor.

  4. Make sure that the row below is present in the /etc/postfix/main.cf or add it if it is missing:

    CONFIG_TEXT: smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination

  5. Delete or comment (add "#" symbol in the beginning) the below line in the same file:

    CONFIG_TEXT: #smtpd_sasl_security_options = noplaintext

  6. Allow non-secure access by adding the below line:

    CONFIG_TEXT: smtpd_tls_auth_only = no

  7. Reload Postfix with the command:

    # service postfix reload

  8. Make sure that Outlook has got the following configuration in Outlook > File > Account Settings > Account Settings > jdoe@example.com > Change.. > More Settings:

    Screenshot.pngScreenshot_2.png

Comments

5 comments

Sort by Date Votes
  • Avatar
    Unknown User

    Of all the steps, I only had to do point 4 (comment the line "smtpd_sasl_security_options = noplaintext") to be able to send emails again from Windows Live Mail and Outlook.

    My questions are: is correct to apply only step 4? Are we descending security with this methode?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    @Rafa

    > My questions are: is correct to apply only step 4?

    Step 1 is required anyway to connect to the server. Step 2 is used to backup the original configuration file in case it will be wrongly changed.

    In general Step 3,5 is required, probably on your server these settings were already set correctly. 

    > Are we descending security with this method?

    These steps slightly decrease mail server security in terms of authentication. However, this is required to work with some mail clients.  

    0
    Comment actions Permalink
  • Avatar
    Unknown User

    Thanks for the reply! Some time ago I had problems with another server that was compromised, and had that option active, it was Plesk (it was version 11), and the same configuration (I could send emails without problems with Microsoft software). In what sense is security compromised when changing this method? I'm afraid that activating this option will lower the security level and have problems and compromise the security of the server. Can you tell me it's not that bad?

    Searching in the net I read that when activating this, it was best to force the encryption, so I activated this in main.cf:

    smtpd_tls_security_level = may
    to
    smtpd_tls_security_level = encrypt

    Unfortunately, it gave some problems when receiving from certain recipients, so I had to deactivate it.

    Thanks Ivan!

    0
    Comment actions Permalink
  • Avatar
    Unknown User

    I don't know if the coincidences exist, but today I upgraded to Plesk 17.8.11, and included a superior version of Roundcube... that has stopped working precisely because a similar SMTP issue, specifically "ERROR SMTP (535)" in Roundcube.

    I have applied the changes of "point 4" (comment the line "smtpd_sasl_security_options = noplaintext") and Roundcube has worked again. It was destiny... The truth is that I continue worrierd about lowering security in this way, but if experts recommend it and indicate that there is no problem, I will trust.

     

    0
    Comment actions Permalink
  • Avatar
    Denis Bykov

    @Rafa
    When setting `smtpd_tls_security_level` to `may` you are allowing unencrypted connection to SMTP service. If mail client using an unencrypted connection, your mailbox credentials and outgoing message theoretically can be intercepted. You have to rely either on that the route between mail client and the server is not compromised (for example if client and server are located in the same isolated network) or that the mail client will be using secure connection (which is not the case here, since the article describes case when Outlook cannot establish secure connection when it enforced).
    Basically, as a result, it is up to the mail user to ensure wheither their sensitive data will be compromised.
    For Roundcube it is safe enough, since the mail client (Roundcube) and the mail servece are located on the same computer, and their intercommunications cannot be intercepted unless the server itself is compromised.
    I hope these explanations were helpful.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles