"Rejected Relay Attempt" in cPanel: What It Means and How to Fix It

The "rejected relay attempt" error occurs when a mail server rejects a request to send an email because the sender is not authenticated or authorized to relay emails through that server. This is a common issue in cPanel-hosted email systems when sending mail.

What Causes the Error?

1. Authentication Issues:
   • Mail client is not configured to use SMTP authentication.
   • Incorrect username or password for the email account.
2. Incorrect Server Configuration:
   • Server does not allow relaying from unauthenticated sources.
3. Relaying Restrictions:
   • Server may block relaying for emails sent from certain IP addresses, domains, or external sources.
4. DNS Configuration Problems:
   • Missing or misconfigured SPF, DKIM, or DMARC records.
   • Incorrectly configured MX or A records for the sender's domain.
5. IP Blacklists:
   • The server or sender's IP address is on a blacklist due to spam or abuse.
6. Outgoing Spam Protection:
   • Hosting provider may impose restrictions to prevent spam.

Steps to Fix the "Rejected Relay Attempt" Error

Enable SMTP Authentication

Ensure your mail client is configured to authenticate with the SMTP server when sending emails.

How to enable SMTP authentication:

1. Open your mail client (e.g., Outlook, Thunderbird, or Gmail for third-party accounts).
2. Locate SMTP settings:
   • Server: mail.yourdomain.com or server hostname.
   • Port: 465 (SSL) or 587 (TLS).
   • Username: Full email address (e.g., you@yourdomain.com).
   • Password: Email account password.
3. Ensure the Use same settings as incoming mail option is selected for SMTP authentication.

Verify MX Records

Ensure your domain's MX records point to the correct mail server.

How to check and update MX records:

1. Log into your domain registrar's control panel or DNS provider.
2. Check that MX records point to your cPanel server:
   Priority: 0
   Mail Server: mail.yourdomain.com
3. Use tools like MXToolbox to verify the records.

Update SPF, DKIM, and DMARC Records

Configure DNS records to ensure the server is authorized to send emails for your domain.

SPF Record:

DKIM Record:

Ensure DKIM signing is enabled in cPanel:

1. Go to Email > Email Deliverability.
2. Enable DKIM for your domain.

DMARC Record:

Check Mail Server Configuration in cPanel

1. Log into WHM (if you have root access) or contact your hosting provider.
2. Check mail server settings in:
   • Home > Service Configuration > Exim Configuration Manager.
3. Ensure relaying is only allowed for authenticated users.

Whitelist Trusted IP Addresses

If you're sending emails from a specific external server or application, add its IP address to the Exim whitelist.

Steps:

1. Edit the /etc/relayhosts file.
2. Add the trusted IP address.

Monitor IP Blacklists

1. Check if your server's IP address is on a blacklist using tools like MXToolbox.
2. If IP is blacklisted:
   • Request removal from the blacklist service.
   • Investigate and stop any spam activity from your server.

Test Email Sending

1. Use a test mail client or online tool to send an email.
2. Monitor mail server logs for additional errors:

   tail -f /var/log/exim_mainlog

Contact Hosting Provider

If the issue persists, your hosting provider may need to:

• Configure relay settings.
• Check server-wide mail restrictions or spam filters.

Preventing Future Issues

1. Use Strong Authentication:
   • Require secure passwords for all email accounts.
2. Monitor Email Usage:
   • Detect and block compromised accounts sending spam.
3. Regularly Check DNS Records:
   • Keep SPF, DKIM, and DMARC records up to date.
4. Use Dedicated SMTP Services:
   • For bulk email sending, use services like SendGrid, Mailgun, or Amazon SES.