Topic: redirected/blocked DNS leads to postscreen rejection
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: Debian Jessie 64bit
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): NginX
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====
I encountered the same problem in two different iredmail installation. These installations are on different servers, using a different ISP and use a different DNS servers. Both can not receive mail from some of the major email providers such as Yahoo and many other organizations email servers.
Example log when an error occurs:
Dec 21 15:44:55 mail postfix/postscreen[14814]: NOQUEUE: reject: RCPT from [aaa.bbb.ccc.ddd]:54059: 550 5.7.1 Service unavailable; client [aaa.bbb.ccc.ddd] blocked using b.barracudacentral.org; from=<noreply@xxxxxx.id>, to=<admin@yyyyyy.id>, proto=ESMTP, helo=<web.xxxxxx.id>
Dec 22 09:33:43 mail postfix/postscreen[25529]: NOQUEUE: reject: RCPT from [aaa.bbb.ccc.ddd]:55271: 550 5.7.1 Service unavailable; client [aaa.bbb.ccc.ddd] blocked using zen.spamhaus.org; from=<noreply@xxxxxx.id>, to=<rrrrrr@yyyyyy.id>, proto=ESMTP, helo=<web.xxxxxx.id>
Dec 22 10:25:02 mail postfix/postscreen[26117]: NOQUEUE: reject: RCPT from [aaa.bbb.ccc.ddd]:55478: 550 5.7.1 Service unavailable; client [aaa.bbb.ccc.ddd] blocked using zen.spamhaus.org; from=<noreply@xxxxxx.id>, to=<admin@yyyyyy.id>, proto=ESMTP, helo=<web.xxxxxx.id>
Dec 22 10:25:02 mail postfix/postscreen[26117]: NOQUEUE: reject: RCPT from [aaa.bbb.ccc.ddd]:55481: 550 5.7.1 Service unavailable; client [aaa.bbb.ccc.ddd] blocked using zen.spamhaus.org; from=<noreply@xxxxxx.id>, to=<admin@yyyyyy.id>, proto=ESMTP, helo=<web.xxxxxx.id>Search on google gave hints that the problems is linked to strange behaviour in DNS response.
http://www.iredmail.org/forum/topic1036 … email.html
http://www.iredmail.org/forum/topic1076 … oblem.html
http://www.iredmail.org/forum/topic1059 … ceive.html
In my country, access to the Internet is restricted via DNS. Each ISP will response with different IP addresses if the request are blacklisted sites. Each ISP will redirect request to an open DNS server such as Google 8.8.8.8 or OpenDNS to local DNS Server.
For now, I overcome this problem by installing DNSCrypt and change the DNS settings on email servers to DNSCrypt. The problem is the use of DNSCrypt itself are either in grey area or even violates the laws.
Is there another way to solve this problem?
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.