Not permitted to relay through this server without authentication

sandtim

Registered
Sep 15, 2017
2
0
1
USA
cPanel Access Level
Root Administrator
I logged into WHM this morning and it asked me to reboot in order to apply an update. I did. After the reboot, I've had several clients report that they could not send email. I sent a test message from my account to my gmail account. This is the result:
Code:
This message was created automatically by mail delivery software.


A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:


  [email protected]

    host gmail-smtp-in.l.google.com [74.125.136.27]

    SMTP error from remote mail server after RCPT TO:<@gmail.com>:

    550-Please turn on SMTP Authentication in your mail client.  vps2.mydomainname.com

    550-[myipaddress]:58688 is not permitted to relay through this server without

    550 authentication.
Authentication is turned on in my client. (Outlook 2016)


This is my version information:
  • CENTOS 7.4 kvm [vps2]
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Can you verify the domain name you are sending from exists in the /etc/localdomains file on this system? EX:

Code:
grep domain.tld /etc/localdomains
Thank you.
 

sandtim

Registered
Sep 15, 2017
2
0
1
USA
cPanel Access Level
Root Administrator
Found it.

in Exim Configuration Manager, Basic Editor, Mail,

"EXPERIMENTAL: Rewrite From: header to match actual sender" was set to "remote".

I changed it to the default of "disable" and emails are going through.

I had set that option a few months ago to try to find possible problems with our list servers. But I had also changed it back. Don't know why it changed again during the upgrade last night.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
I had set that option a few months ago to try to find possible problems with our list servers. But I had also changed it back. Don't know why it changed again during the upgrade last night.
Hello,

"Disable" is the default option for this feature. Is it possible the option was changed manually through WHM or the command line? You can use a command like this if you want to see when the Exim configuration values were last accessed from Web Host Manager:

Code:
grep displayeximconfforedit /usr/local/cpanel/logs/access_log
Thank you.
 

Tim Caviness

Registered
Sep 20, 2017
1
0
1
NC
cPanel Access Level
Root Administrator
I am also having this problem.

Even though the default setting was set to "Disable," I set it to "Enable" ... saved ... changed to "Disabled" and saved again.

Everything worked.

Until today ... when I had to do the same exact thing to get SMTP to work for the entire server.

The settings are getting overwritten somehow and this needs to be fixed.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
The settings are getting overwritten somehow and this needs to be fixed.
Hello,

Could you open a support ticket using the link in my signature so we can take a closer look at your system to see how the setting is overwritten?

Thank you.
 

jmginer

Well-Known Member
Jul 26, 2006
150
4
168
Alicante
cPanel Access Level
Root Administrator
We're having the same issue but with incoming e-mails, sending from Gmail to e-mail account hosted in our server, enabling/disabling the EXPERIMENTAL exim option, dont fix nothing.

Code:
550 Please turn on SMTP Authentication in your mail client. mail-it0-x230.google.com [2607:f8b0:4001:c0b::230]:41224 is not permitted to relay through this server without authentication.


Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.0.0
Remote-MTA: dns; test.ginernet.net. (2a03:c7c0:1:1::1, the server for the
 domain test.ginernet.net.)
Diagnostic-Code: smtp; 550-Please turn on SMTP Authentication in your mail client.
 550-mail-it0-x230.google.com [2607:f8b0:4001:c0b::230]:41224 is not permitted
 550 to relay through this server without authentication.
Last-Attempt-Date: Thu, 07 Dec 2017 09:08:14 -0800 (PST)
 

DennisMidjord

Well-Known Member
Sep 27, 2016
268
35
28
Denmark
cPanel Access Level
Root Administrator
We had the exact same error. Client tried to send from his @gmail.com account (using the gmail interface) and kept receiving the following error when sending to his domain where the mail was hosted by us:
Code:
Message not delivered
Your message couldn't be delivered to [email protected] because the remote server is misconfigured. See technical details below for more information.
The response was:

550 Please turn on SMTP Authentication in your mail client. mail-qt0-f174.google.com [209.85.216.174]:34191 is not permitted to relay through this server without authentication.
I made sure the MX record was pointing correctly, made sure the SPF record was correct, but nothing worked. I found this post and set "EXPERIMENTAL: Rewrite From: header to match actual sender" from default -> remote, saved and then from remote -> default, which solved the issue.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello @DennisMidjord,

Can you let us know what appeared in /var/log/exim_mainlog when Gmail returned the message with the "is not permitted to relay through this server without authentication" message?

Thank you.
 

DennisMidjord

Well-Known Member
Sep 27, 2016
268
35
28
Denmark
cPanel Access Level
Root Administrator
Hi,

Sure.
2018-05-25 11:17:10 H=mail-qt0-f174.google.com [209.85.216.174]:34191 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Rejected relay attempt: '209.85.216.174' From: '[email protected]' To: '[email protected]'
2018-05-25 11:17:10 H=mail-qt0-f174.google.com [209.85.216.174]:34191 Warning: "Detected session with all messages failed"
2018-05-25 11:17:10 H=mail-qt0-f174.google.com [209.85.216.174]:34191 Warning: "Increment slow_fail_block Ratelimit - mail-qt0-f174.google.com [209.85.216.174]:34191 because of all messages failed"
2018-05-25 11:17:10 SMTP connection from mail-qt0-f174.google.com [209.85.216.174]:34191 closed by QUIT
Please note that the above was from when I tried to send an email to the user's mailbox.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
I made sure the MX record was pointing correctly, made sure the SPF record was correct, but nothing worked. I found this post and set "EXPERIMENTAL: Rewrite From: header to match actual sender" from default -> remote, saved and then from remote -> default, which solved the issue.
It's possible that updating this particular setting didn't actually solve the issue, but rather doing so forced a run of the /scripts/buildeximconf which is what solved the issue. If this happens again, please open a support ticket so we can take a closer look and post the ticket number here so we can update this thread with the outcome.

Additionally, before opening a support ticket or making any changes to the Exim configuration to workaround the issue, make a backup of the existing Exim configuration file using WHM >> Service Configuration >> Exim Configuration >> Backup so the old configuration file is available to review.

Thank you.
 

LanderV

Registered
Oct 4, 2018
3
0
1
Belgium
cPanel Access Level
Root Administrator
I had the same issue after updating cPanel to 74.0.9. It was fixed by changing this setting to remote and back to disabled.
I didn't make a backup of the Exim configuration, but I have full disk backups.

Should I make a support ticket? Where can I find the previous Exim config?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
I didn't make a backup of the Exim configuration, but I have full disk backups.

Should I make a support ticket? Where can I find the previous Exim config?
Hello @LanderV,

A backup of the Exim configuration file may no longer exist if you didn't manually create one, but you're welcome to submit a support ticket so we can take a closer look and see if there's anything obvious in your Exim configuration that may have resulted in the problem.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello Everyone,

I've seen a couple of support tickets where a custom entry for "chunking_advertise_hosts" exists in the local Exim configuration. Can you check to see if the /etc/exim.conf.local file exists on the affected systems? If so, please post the contents of this file using a command like this:

Code:
cat /etc/exim.conf.local
When pasting the output, use CODE tags and replace any identifying information related to your server or a smart host if it's included.

Thank you.
 

LanderV

Registered
Oct 4, 2018
3
0
1
Belgium
cPanel Access Level
Root Administrator
Hi, I had the same problem again after a restart. This is my exim.conf.local after toggling the setting back to disabled:

Code:
%RETRYBLOCK%
+secondarymx                    *                               F,4h,5m; G,16h,1h,1.5; F,4d,8h
*                               *                               F,2h,15m; G,16h,1h,1.5; F,4d,8h
@[email protected]

@[email protected]

@[email protected]
chunking_advertise_hosts = ""
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hi, I had the same problem again after a restart. This is my exim.conf.local after toggling the setting back to disabled
Hi @LanderV,

Can you open a support ticket so we can take a closer look at the affected system and verify if there's anything in your /etc/exim.conf.local file that's resulting in this issue every time cPanel is updated to a new version? Please post the ticket number here once it's opened and I'll add some notes from this forums thread to it.

Thank you.