1 (edited by tranquility 2011-04-16 03:57:16)

Topic: [SOLVED] External Recipient Adresses getting rejected

Hi,

i installed iRedMail on an Ubuntu 10.04 LTS.
It works like a charm with local delivery (two local testdomains with testaccounts).
But when it comes to sending Email to external domains they get rejected.
I cant receive or send emails to external domains. On the Client Side (Thunderbird)
i get a 5.1.1 Error : Recipient address rejected.

In Detail thats what postfix says (smtp verbose mode) :

Apr 15 13:58:34 reekin postfix/smtpd[5857]: maps_find: virtual_alias_maps: @makant.de: not found
Apr 15 13:58:34 reekin postfix/smtpd[5857]: mail_addr_find: m.wolf@makant.de -> (not found)
Apr 15 13:58:34 reekin postfix/smtpd[5857]: NOQUEUE: reject: RCPT from pd95c045d.dip0.t-ipconnect.de[217.92.4.93]: 550 5.1.1 <m.wolf@makant.de>: Recipient address rejected: makant.de; from=<markus@reekin.net> to=<m.wolf@makant.de> proto=ESMTP helo=<[192.168.0.176]>
Apr 15 13:58:34 reekin postfix/smtpd[5857]: generic_checks: name=reject_unlisted_recipient status=2
Apr 15 13:58:34 reekin postfix/smtpd[5857]: > pd95c045d.dip0.t-ipconnect.de[217.92.4.93]: 550 5.1.1 <m.wolf@makant.de>: Recipient address rejected: makant.de
Apr 15 13:58:49 reekin postfix/smtpd[5857]: smtp_get: EOF

Here is my postfix config:

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 2d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
default_transport = error
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 3d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = reekin.net
myhostname = mail.reekin.net
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = mail.reekin.net
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_run_delay = 300s
readme_directory = no
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relay_transport = error
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions =     permit_mynetworks,
                permit_sasl_authenticated,
                check_helo_access pcre:/etc/postfix/helo_access.pcre

smtpd_recipient_restrictions =     reject_unknown_sender_domain,                          
                reject_unknown_recipient_domain,                               
                reject_non_fqdn_sender,                               
                reject_non_fqdn_recipient,                               
                reject_unlisted_recipient,                              
                permit_mynetworks, permit_sasl_authenticated,                           
                reject_unauth_destination,                             
                reject_non_fqdn_helo_hostname,                          
                reject_invalid_helo_hostname,                           
                check_policy_service inet:127.0.0.1:10031

smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions =     permit_mynetworks,                          
                reject_sender_login_mismatch,                           
                permit_sasl_authenticated

smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:1003
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 1003
virtual_transport = dovecot
virtual_uid_maps = static:1003

external domain : makant.de
internal domain : reekin.net

I tried to remove totally the recipient checks in postfix, but it didnt worked out.
I also did MX and SPF entries for the domain. Nothing worked out.
After three days of google and readin this forum i hope i can find by writing this post.

Thx in advance

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: [SOLVED] External Recipient Adresses getting rejected

I'm a little confused.

You sent mail to "m.wolf@ makant.de", but postfix can't find either catch-all account or the certain account:

maps_find: virtual_alias_maps: @makant.de: not found
mail_addr_find: m.wolf@makant.de -> (not found)

Seems domain "makant.de" is hosted on your iRedMail server, isn't it? If so, what does your "external domain" mean?

3 (edited by tranquility 2011-04-15 21:03:01)

Re: [SOLVED] External Recipient Adresses getting rejected

Sorry i try to explain better.
I got two root server.

Server A is a live system with a qmail toolchain and currently in use with the domain : makant.de (this server works)
Server B is a testsystem where i test the iredmail with the domains : reekin.net and rekin.de.

On server B i can send mail between both domains (which means local delivery cause they are on the same machine).
But when i try to send from the testsystem to Server A (or any other external domain) email then it gets rejected.
Also when i try to send email from external systems to the to domains on the testsystem they get rejected.

4

Re: [SOLVED] External Recipient Adresses getting rejected

tranquility wrote:

But when i try to send from the testsystem to Server A (or any other external domain) email then it gets rejected.
Also when i try to send email from external systems to the to domains on the testsystem they get rejected.

Can you post related postfix log in iRedMail side? And error log in returned notify mail which sent from external domain?

5

Re: [SOLVED] External Recipient Adresses getting rejected

Can you try to turn off postfix debug mode, then send a test mail with 'mail' command from command line directly, and paste terminal output message here?

# echo 'mail body' | mail - s 'subject' user@external_domain.com && tail -0f /var/log/mail.log

It simply send a test mail to external user, and track log in postfix log file.

6

Re: [SOLVED] External Recipient Adresses getting rejected

ZhangHuangbin wrote:
tranquility wrote:

But when i try to send from the testsystem to Server A (or any other external domain) email then it gets rejected.
Also when i try to send email from external systems to the to domains on the testsystem they get rejected.

Can you post related postfix log in iRedMail side? And error log in returned notify mail which sent from external domain?

Testmail from Livesystem (makant.de) to Testsystem (reekin.net)

failure notice to m.wolf@makant.de

Hi. This is the qmail-send program at makant.de.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<markus@reekin.net>:
212.117.74.246 does not like recipient.
Remote host said: 550 5.1.0 <m.wolf@makant.de>: Sender address rejected: makant.de
Giving up on 212.117.74.246.

--- Below this line is a copy of the message.

Return-Path: <m.wolf@makant.de>
Received: (qmail 17032 invoked by uid 1008); 15 Apr 2011 16:43:12 +0200
Received: by simscan 1.3.1 ppid: 17021, pid: 17023, t: 4.2666s
         scanners: spam: 3.1.7-deb
X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on makant
X-Spam-Level: 
X-Spam-Status: No, score=-0.6 required=6.0 tests=AWL,BAYES_00,HTML_MESSAGE,
    RATWARE_GECKO_BUILD autolearn=no version=3.1.7-deb
Received: from pd95c045d.dip0.t-ipconnect.de (HELO ?192.168.0.176?) (m.wolf@makant.de@217.92.4.93)
  by makant.de with SMTP; 15 Apr 2011 16:43:08 +0200
Message-ID: <4DA8597C.4020105@makant.de>
Date: Fri, 15 Apr 2011 16:43:08 +0200
From: Markus Wolf <m.wolf@makant.de>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: markus@reekin.net
Subject: test
Content-Type: multipart/alternative;
.
.
.

On the Testserver the relevant Postfix log :

Apr 15 16:43:19 reekin postfix/smtpd[2036]: connect from mail2.makant.de[212.117.74.233]
Apr 15 16:43:20 reekin postfix/smtpd[2036]: NOQUEUE: reject: RCPT from mail2.makant.de[212.117.74.233]: 550 5.1.0 <m.wolf@makant.de>: Sender address rejected: makant.de; from=<m.wolf@makant.de> to=<markus@reekin.net> proto=ESMTP helo=<makant.de>
Apr 15 16:43:20 reekin postfix/smtpd[2036]: disconnect from mail2.makant.de[212.117.74.233]

7

Re: [SOLVED] External Recipient Adresses getting rejected

ZhangHuangbin wrote:

Can you try to turn off postfix debug mode, then send a test mail with 'mail' command from command line directly, and paste terminal output message here?

# echo 'mail body' | mail - s 'subject' user@external_domain.com && tail -0f /var/log/mail.log

It simply send a test mail to external user, and track log in postfix log file.

Sure..here's the Output :

Apr 15 16:49:00 reekin postfix/pickup[1621]: 51BBAC0086E33: uid=0 from=<root>
Apr 15 16:49:00 reekin postfix/cleanup[2248]: 51BBAC0086E33: message-id=<20110415144900.51BBAC0086E33@mail.reekin.net>
Apr 15 16:49:00 reekin postfix/qmgr[1620]: 51BBAC0086E33: from=<root@mail.reekin.net>, size=366, nrcpt=4 (queue active)
Apr 15 16:49:00 reekin postfix/error[2257]: 51BBAC0086E33: to=<-@reekin>, relay=none, delay=0.06, delays=0.03/0.02/0/0.02, dsn=5.1.3, status=bounced (bad address syntax)
Apr 15 16:49:00 reekin postfix/error[2258]: 51BBAC0086E33: to=<m.wolf@makant.de>, relay=none, delay=0.06, delays=0.03/0.02/0/0.01, dsn=5.0.0, status=bounced (makant.de)
Apr 15 16:49:00 reekin postfix/error[2260]: 51BBAC0086E33: to=<s@reekin>, relay=none, delay=0.06, delays=0.03/0.03/0/0.01, dsn=5.0.0, status=bounced (reekin)
Apr 15 16:49:00 reekin postfix/error[2260]: 51BBAC0086E33: to=<test@reekin>, relay=none, delay=0.06, delays=0.03/0.03/0/0.01, dsn=5.0.0, status=bounced (reekin)
Apr 15 16:49:00 reekin postfix/cleanup[2248]: 5F13DC0086E34: message-id=<20110415144900.5F13DC0086E34@mail.reekin.net>
Apr 15 16:49:00 reekin postfix/bounce[2259]: 51BBAC0086E33: sender non-delivery notification: 5F13DC0086E34
Apr 15 16:49:00 reekin postfix/qmgr[1620]: 5F13DC0086E34: from=<>, size=2486, nrcpt=1 (queue active)
Apr 15 16:49:00 reekin postfix/qmgr[1620]: 51BBAC0086E33: removed
Apr 15 16:49:00 reekin postfix/cleanup[2248]: 61742C0086E33: message-id=<20110415144900.5F13DC0086E34@mail.reekin.net>
Apr 15 16:49:00 reekin postfix/local[2262]: 5F13DC0086E34: to=<root@mail.reekin.net>, relay=local, delay=0.01, delays=0/0.01/0/0, dsn=2.0.0, status=sent (forwarded as 61742C0086E33)
Apr 15 16:49:00 reekin postfix/qmgr[1620]: 61742C0086E33: from=<>, size=2621, nrcpt=1 (queue active)
Apr 15 16:49:00 reekin postfix/qmgr[1620]: 5F13DC0086E34: removed
Apr 15 16:49:00 reekin postfix/pipe[2263]: 61742C0086E33: to=<www@reekin.net>, relay=dovecot, delay=0.01, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
Apr 15 16:49:00 reekin postfix/qmgr[1620]: 61742C0086E33: removed

8

Re: [SOLVED] External Recipient Adresses getting rejected

to=<test@reekin>, relay=none,

It's strange that it shows relay=none.

Did you change postfix setting? such as transport.

9

Re: [SOLVED] External Recipient Adresses getting rejected

default_transport = error
relay_transport = error

I see you have these two in postfix main.cf, why did you change defaule value to 'error'? And what does 'error' means?

Can you try to change then back to postfix default values? You can find them in output of command 'postconf -d'.

10 (edited by tranquility 2011-04-16 03:59:19)

Re: [SOLVED] External Recipient Adresses getting rejected

ZhangHuangbin wrote:

default_transport = error
relay_transport = error

I see you have these two in postfix main.cf, why did you change defaule value to 'error'? And what does 'error' means?

Can you try to change then back to postfix default values? You can find them in output of command 'postconf -d'.

Thanx a lot Zhang,

correcting default_transport = smtp and relay_transport = relay (postfix defaults) did it.
I was so focused on recipient restrictions that i didnt see this. (And to be honest last time i worked
with postfix was 2003 smile)

I cant explain how this values changed to error. One point is that first install of iredmail was uncompleted as i lost
my ssh session to the server. Did then several reinstalls (one time mysql one time ldap) but i cant tell how this
values changed.

Thanx a lot. You made my day.

Greetings from Frankfurt / Germany  and have a nice weekend