SMTP Relay access denied

next_generation · April 11, 2022, 2:45pm

I am self hosting bitwarden and have setup Postfix for email service. On the admin panel when i send an mail it shows an error Relay access denied.
global.override.env as follows
globalSettings__mail__replyToEmail=no-reply@bitwarden.mydomain.com
globalSettings__mail__smtp__host=bitwarden.mydomain.com
globalSettings__mail__smtp__port=25
globalSettings__mail__smtp__ssl=false
globalSettings__mail__smtp__username=
globalSettings__mail__smtp__password=

Admin log shows

fail: Bit.Core.Utilities.LoggingExceptionHandlerFilterAttribute[0]
=> SpanId:b6f29168e33f0743, TraceId:afaab04821c2384bae68dfc1193d921e, ParentId:0000000000000000 => ConnectionId:0HMGRLP60Q6SC => RequestPath:/admin/login RequestId:0HMGRLP60Q6SC:00000002 => Bit.Admin.Controllers.LoginController.Index (Admin)
5.7.1 [email protected]: Relay access denied
MailKit.Net.Smtp.SmtpCommandException: 5.7.1 [email protected]: Relay access denied
at MailKit.Net.Smtp.SmtpClient.OnRecipientNotAccepted(MimeMessage message, MailboxAddress mailbox, SmtpResponse response)
at MailKit.Net.Smtp.SmtpClient.ProcessRcptToResponse(MimeMessage message, MailboxAddress mailbox, SmtpResponse response)
at MailKit.Net.Smtp.SmtpClient.FlushCommandQueueAsync(MimeMessage message, MailboxAddress sender, IList1 recipients, Boolean doAsync, CancellationToken cancellationToken) at MailKit.Net.Smtp.SmtpClient.SendAsync(FormatOptions options, MimeMessage message, MailboxAddress sender, IList1 recipients, Boolean doAsync, CancellationToken cancellationToken, ITransferProgress progress)
at MailKit.Net.Smtp.SmtpClient.SendAsync(FormatOptions options, MimeMessage message, MailboxAddress sender, IList1 recipients, Boolean doAsync, CancellationToken cancellationToken, ITransferProgress progress) at Bit.Core.Services.MailKitSmtpMailDeliveryService.SendEmailAsync(MailMessage message) in /home/runner/work/server/server/src/Core/Services/Implementations/MailKitSmtpMailDeliveryService.cs:line 98 at Bit.Core.Services.HandlebarsMailService.SendPasswordlessSignInAsync(String returnUrl, String token, String email) in /home/runner/work/server/server/src/Core/Services/Implementations/HandlebarsMailService.cs:line 282 at Bit.Core.Identity.PasswordlessSignInManager1.PasswordlessSignInAsync(String email, String returnUrl) in /home/runner/work/server/server/src/Core/Identity/PasswordlessSignInManager.cs:line 42
at Bit.Admin.Controllers.LoginController.Index(LoginModel model) in /home/runner/work/server/server/src/Admin/Controllers/LoginController.cs:line 41
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)

postfix main.cf as below
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
mydestination = localhost.localdomain, localdomain, localhost, localhost.localdomain, localhost
myhostname = bitwarden.mydomain.com
mynetworks = 127.0.0.0/8, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
relayhost = mail.mydomain.com
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_security_level = none
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = none
unknown_local_recipient_reject_code = 550

Following is the Host Infromatiom:
Operating System: Alma Linux 8.5
bitwarden.sh version 1.47.1
Docker version 20.10.14, build a224086
docker-compose version 1.29.2, build 5becea4c
using Letsencrypt for website.

does anyone have an idea whats the problem is ?

dh024 · April 11, 2022, 3:43pm

Hi @next_generation - welcome to the community forums!

At first glance, your Bitwarden settings look fine. I see you are trying to setup Postfix for smtp with no encryption and no authentication, so as basic as it gets.

I think your problem here is with Postfix, not Bitwarden. You may have to reach out to their support instead.

Alternatively, why not just use sendmail instead of Postfix, particularly with your basic smtp setup?