Client host rejected: Access denied

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
TitusI
Posts: 30
Joined: Fri Apr 15, 2016 2:54 pm
ZCS/ZD Version: Release 8.7.11_GA_1854.RHEL7_64_201

Client host rejected: Access denied

Post by TitusI »

Hi,

I apologise for my luck of understandig of the question, but I need to solve this problem.

A customer is trying to send mail via submission port 587 using a .net application after a sever migration,
the remote ip of the sender is not in
"mynetworks" I need to add it?

I made some test from my IP:

Code: Select all

telnet mail.domain.com 587
Trying 222.222.222.222...
Connected to mail.domain.com.
Escape character is '^]'.
220 serverX.domain.com ESMTP Postfix
ehlo XX.XX.XX.XX.domain.ext
250-serverX.domain.com
250-PIPELINING
250-SIZE 101376000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:sender@domain.com
250 2.1.0 Ok
RCPT TO:receiver@domain.com
554 5.7.1 <XX.XX.XX.XX domain.com [XX.XX.XX.XX]>: Client host rejected: Access denied
On the server there is a self signed certificate, I don't know if the remote app authenticate using a user account :( but in the zimbra .log I see:

Code: Select all

Nov 28 15:07:39 server13 postfix/submission/smtpd[15665]: connect from <Remote-Host>[<Remote-Host-ip>]
Nov 28 15:07:40 server13 postfix/submission/smtpd[15665]: NOQUEUE: reject: RCPT from <Remote-Host>[<Remote-Host-ip>]: 554 5.7.1 <<Remote-Host>[<Remote-Host-ip>]>: Client host rejected: Access denied; from=<<sender@mydomain.com>> to=<<recipient@domain.com>> proto=ESMTP helo=<VmSender>
Nov 28 15:07:40 server13 postfix/submission/smtpd[15665]: lost connection after RCPT from <Remote-Host>[<Remote-Host-ip>]
How can I permit a sender to use submission port to send email? What are the involved settings?
TitusI
Posts: 30
Joined: Fri Apr 15, 2016 2:54 pm
ZCS/ZD Version: Release 8.7.11_GA_1854.RHEL7_64_201

Re: Client host rejected: Access denied

Post by TitusI »

I've got some more information from the administrator of the sending server:

System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

I use a self signed certificate, they download the server cerrtificate on their machine but nothing changed :(

On the old server the certificate is self signed in the same way.
TitusI
Posts: 30
Joined: Fri Apr 15, 2016 2:54 pm
ZCS/ZD Version: Release 8.7.11_GA_1854.RHEL7_64_201

Re: Client host rejected: Access denied

Post by TitusI »

Ok, problem found! I start from a false assumption, the old server HAD a valid comodo certificate,
now I had to migrate it, I'm googling for a correct procedure.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Client host rejected: Access denied

Post by phoenix »

TitusI wrote:Ok, problem found! I start from a false assumption, the old server HAD a valid comodo certificate,
now I had to migrate it, I'm googling for a correct procedure.
Search the Zimbra wiki for the word "comodo". ;)
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
TitusI
Posts: 30
Joined: Fri Apr 15, 2016 2:54 pm
ZCS/ZD Version: Release 8.7.11_GA_1854.RHEL7_64_201

Re: Client host rejected: Access denied

Post by TitusI »

Ok, migration procedure will need a lot of time, there is a way to skip this problem and let the server send email on 587? I need to remove the certificate?
new server
Release 8.7.11_GA_1854.RHEL7_64_20170531151956 RHEL7_64 FOSS edition.
Post Reply