Well, after 2 days of trying to get this to work, I give up and I hope you guys can help me.

I seem to have everything working, TLS, SALS, etc. I have courier-imap that works well too (running ubuntu gusty).

I can receive emails fine and I can send email fine to gmail, yahoo, etc. but NOT all servers. From some servers I get:

host SOME_DOMAIN.com[SOME_IP] said:
550-Verification failed for <noreply@arrivalalert.com> 550-No Such User
Here 550 Sender verify failed (in reply to RCPT TO command)


From mail.log

ar 30 01:42:39 dimitry postfix/smtp[5732]: 950D21D86A5: to=<USER@SOME_DOMAIN.com>, relay= SOME_DOMAIN.com[SOME_IP]:25, delay=3.5, delays=0.09/0/2.2/1.1, dsn=5.0.0, status=bounced (host SOME_DOMAIN.com[SOME_IP] said: 550-Verification failed for <noreply@arrivalalert.com> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))


Domain name is 'arrivalalert.com' and DNS config SEEMS to be proper, though I'm fairly new to this.

/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.arrivalalert.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.arrivalalert.com, localhost.arrivalalet.com, localhost.localdomain, localhost, arrivalalert.com
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
mailbox_command =


/etc/hosts

127.0.0.1 localhost localhost.localdomain
209.20.64.86 mail.arrivalalert.com mail


telnet localhost 25

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.arrivalalert.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-mail.arrivalalert.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


dig arrivalalert.com mx

; <<>> DiG 9.4.1-P1 <<>> arrivalalert.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11855
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;arrivalalert.com. IN MX

;; ANSWER SECTION:
arrivalalert.com. 3596 IN MX 0 mail.arrivalalert.com.

;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Mar 29 17:08:53 2008
;; MSG SIZE rcvd: 55


dig -x 209.20.64.86

; <<>> DiG 9.4.1-P1 <<>> -x 209.20.64.86
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14766
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;86.64.20.209.in-addr.arpa. IN PTR

;; ANSWER SECTION:
86.64.20.209.in-addr.arpa. 86400 IN PTR mail.arrivalalert.com.

;; Query time: 600 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Mar 29 17:09:41 2008
;; MSG SIZE rcvd: 78


Any ideas?

Thank you so much

I am guessing the account noreply does not exist on your server, as the remote server is trying to verify that the sender address exists but since it does not thats why you get the 550

It does exist though as I can login and check that account.

I created a unix user called 'noreply', 'abuse' and some other ones, so I definitely know they exist.

In fact, bounced emails are found in noreply's Inbox.

This is really confusing...

have you changed your hosts recently, could be dns cached that is still pointing to the old host

The domain and site are brand new. So is the VPS box I got for it (SliceHost).

I'm wondering if I didn't setup DNS properly since its my first time messing around with that. Here's a copy from everydns.net:


arrivalalert.com
A
209.20.64.86
3600
[delete]

arrivalalert.com
NS
ns1.slicehost.net
3600
[delete]

arrivalalert.com
NS
ns2.slicehost.net
3600
[delete]

arrivalalert.com
NS
ns3.slicehost.net
3600
[delete]

arrivalalert.com
MX
mail.arrivalalert.com
0
3600
[delete]

mail.arrivalalert.com
A
209.20.64.86
3600
[delete]

www.arrivalalert.com
CNAME
arrivalalert.com
3600
[delete]

Important observation. As soon as I send an email to that server that always fails, this is what I see in the log a second later (in between outgoing email and bounced email coming back)

Mar 30 07:44:55 dimitry postfix/smtp[6575]: certificate verification failed for SOME_DOMAIN.com: num=18:self signed certificate

So it tries to ping my server to see if 'noreply' account exists, but it doesn't pass certificate checks and gets cut off. What configuration in Postfix makes cert verification necessary?

Thanks for your help!

change this smtpd_use_tls = yes to this smtpd_use_tls = no

Unfortunately, that didn't work.

Here's the full log from start of sending message to the bounce


Mar 30 21:52:57 dimitry postfix/smtpd[7025]: connect from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]
Mar 30 21:52:57 dimitry postfix/smtpd[7025]: setting up TLS connection from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]
Mar 30 21:52:57 dimitry postfix/smtpd[7025]: TLS connection established from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 30 21:52:57 dimitry postfix/smtpd[7025]: 84E251D86B2: client=c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS], sasl_method=PLAIN, sasl_username=noreply
Mar 30 21:52:57 dimitry postfix/cleanup[7029]: 84E251D86B2: message-id=<47F00BB8.9060605@arrivalalert.com>
Mar 30 21:52:57 dimitry postfix/qmgr[7005]: 84E251D86B2: from=<noreply@arrivalalert.com>, size=682, nrcpt=1 (queue active)
Mar 30 21:52:57 dimitry postfix/smtpd[7031]: connect from localhost[127.0.0.1]
Mar 30 21:52:57 dimitry postfix/smtpd[7025]: disconnect from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]
Mar 30 21:52:57 dimitry postfix/smtp[7030]: discarding EHLO keywords: 8BITMIME STARTTLS
Mar 30 21:52:57 dimitry postfix/smtpd[7031]: BF3901D86B3: client=c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]
Mar 30 21:52:57 dimitry dkimproxy.out[2368]: DKIM signing - signed; message-id=<47F00BB8.9060605@arrivalalert.com>, signer=<noreply@arrivalalert.com>, from=<noreply@arrivalalert.com>
Mar 30 21:52:57 dimitry postfix/cleanup[7029]: BF3901D86B3: message-id=<47F00BB8.9060605@arrivalalert.com>
Mar 30 21:52:57 dimitry postfix/qmgr[7005]: BF3901D86B3: from=<noreply@arrivalalert.com>, size=1643, nrcpt=1 (queue active)
Mar 30 21:52:57 dimitry postfix/smtp[7030]: 84E251D86B2: to=<email@domain.com>, relay=127.0.0.1[127.0.0.1]:10027, delay=0.39, delays=0.22/0.02/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as BF3901D86B3)
Mar 30 21:52:57 dimitry postfix/smtpd[7031]: disconnect from localhost[127.0.0.1]
Mar 30 21:52:57 dimitry postfix/qmgr[7005]: 84E251D86B2: removed
Mar 30 21:53:00 dimitry postfix/smtp[7032]: certificate verification failed for domain.com: num=18:self signed certificate
Mar 30 21:53:02 dimitry postfix/smtp[7032]: BF3901D86B3: to=<email@domain.com>, relay=domain.com[THEIR-IP-ADDRESS]:25, delay=5, delays=0.09/0.01/2.2/2.6, dsn=5.0.0, status=bounced (host domain.com[THEIR-IP-ADDRESS] said: 550-Verification failed for <noreply@arrivalalert.com> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))
Mar 30 21:53:02 dimitry postfix/cleanup[7029]: C16361D86B5: message-id=<20080330215302.C16361D86B5@mail.arrivalalert.com>
Mar 30 21:53:02 dimitry postfix/qmgr[7005]: C16361D86B5: from=<>, size=3740, nrcpt=1 (queue active)
Mar 30 21:53:02 dimitry postfix/bounce[7033]: BF3901D86B3: sender non-delivery notification: C16361D86B5
Mar 30 21:53:02 dimitry postfix/qmgr[7005]: BF3901D86B3: removed
Mar 30 21:53:02 dimitry postfix/local[7034]: C16361D86B5: to=<noreply@arrivalalert.com>, relay=local, delay=0.09, delays=0.03/0.01/0/0.05, dsn=2.0.0, status=sent (delivered to maildir)
Mar 30 21:53:02 dimitry postfix/qmgr[7005]: C16361D86B5: removed


Some interesting lines:
dimitry postfix/smtp[7032]: certificate verification failed for domain.com: num=18:self signed certificate

dimitry postfix/smtp[7032]: BF3901D86B3: to=<email@domain.com>, relay=domain.com[64.22.83.117]:25, delay=5, delays=0.09/0.01/2.2/2.6, dsn=5.0.0, status=bounced (host domain.com[64.22.83.117] said: 550-Verification failed for <noreply@arrivalalert.com> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))

Thank you
Dimitry

It's worth noting that I use DKIM outgoing mail signing. Not sure if that could be an issue or not.

Are you sure that the email@domain.com mail box exists?

Wow, ok, finally figured it out.

Our domain used to be hosted on the server I was trying to send an email to. We moved it to the new box, updated the DNS, but never actually deleted the account on that old hosting account (on which my buddy's other site and email (email@domain.com) are hosted).

I guess the receiving server was getting confused and was trying to verify if 'noreply' account exists on the old server. GRRRR

So sorry guys. At least I got a chance to learn what every single configuration does in Postfix! Thanks for helping me out.