Postfix 554 5.7.1 'Client host rejected'

October 17, 2017 5.2k views
Ubuntu 16.04 Email

I’ve spent days trying to figure this out and I am stumped. Got postfix up and working, both sending and receiving, under a test domain name ( Then moved ‘’ to DO’s nameservers and reconfigured Postfix to use '’ instead, and now I can’t send email. Receiving works fine. Below is the output I get from /var/log/mail.log:

Oct 17 13:27:08 sammy postfix/submission/smtpd[4852]: connect from[x.x.x.x]
Oct 17 13:27:09 sammy postfix/submission/smtpd[4852]: NOQUEUE: reject: RCPT from[x.x.x.x]: 554 5.7.1 <[x.x.x.x]>: Client host rejected: Access denied; from=<> to=<> proto=ESMTP helo=<[]>
Oct 17 13:27:09 sammy postfix/submission/smtpd[4852]: disconnect from[x.x.x.x] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

Here is the output from postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
home_mailbox = Maildir/
mailbox_command =
mailbox_size_limit = 0
mydestination = localhost
myhostname =
mynetworks = [::ffff:]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/
smtpd_tls_key_file = /etc/letsencrypt/live/
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/
virtual_mailbox_domains = mysql:/etc/postfix/
virtual_mailbox_maps = mysql:/etc/postfix/
virtual_transport = lmtp:unix:private/dovecot-lmtp

Any clues as to what is causing the issue? I should mention that ’’ is an alias created using PostfixAdmin.

1 Answer

So, I discovered when I got access to another computer that mail would only not send on my laptop, but would send correctly from other computers. Upon further investigation I found that my client settings were not sending the username and password, so it was being rejected. I fixed that on the client and now it works. WIsh I didn’t have to waste days trying to figure that out.

Have another answer? Share your knowledge.