Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 30th March 2008, 04:15
dimitry dimitry is offline
Junior Member
 
Join Date: Mar 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default Postfix + Unknown user errors (config seems OK)

Well, after 2 days of trying to get this to work, I give up and I hope you guys can help me.

I seem to have everything working, TLS, SALS, etc. I have courier-imap that works well too (running ubuntu gusty).

I can receive emails fine and I can send email fine to gmail, yahoo, etc. but NOT all servers. From some servers I get:
Code:
host SOME_DOMAIN.com[SOME_IP] said:
    550-Verification failed for <noreply@arrivalalert.com> 550-No Such User
    Here 550 Sender verify failed (in reply to RCPT TO command)
From mail.log
Code:
ar 30 01:42:39 dimitry postfix/smtp[5732]: 950D21D86A5: to=<USER@SOME_DOMAIN.com>, relay= SOME_DOMAIN.com[SOME_IP]:25, delay=3.5, delays=0.09/0/2.2/1.1, dsn=5.0.0, status=bounced (host SOME_DOMAIN.com[SOME_IP] said: 550-Verification failed for <noreply@arrivalalert.com> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))
Domain name is 'arrivalalert.com' and DNS config SEEMS to be proper, though I'm fairly new to this.

/etc/postfix/main.cf
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.arrivalalert.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.arrivalalert.com, localhost.arrivalalet.com, localhost.localdomain, localhost, arrivalalert.com
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
mailbox_command =
/etc/hosts
Code:
127.0.0.1       localhost localhost.localdomain
209.20.64.86    mail.arrivalalert.com mail
telnet localhost 25
Code:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.arrivalalert.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-mail.arrivalalert.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
dig arrivalalert.com mx
Code:
; <<>> DiG 9.4.1-P1 <<>> arrivalalert.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11855
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;arrivalalert.com.		IN	MX

;; ANSWER SECTION:
arrivalalert.com.	3596	IN	MX	0 mail.arrivalalert.com.

;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Mar 29 17:08:53 2008
;; MSG SIZE  rcvd: 55
dig -x 209.20.64.86
Code:
; <<>> DiG 9.4.1-P1 <<>> -x 209.20.64.86
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14766
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;86.64.20.209.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
86.64.20.209.in-addr.arpa. 86400 IN	PTR	mail.arrivalalert.com.

;; Query time: 600 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Mar 29 17:09:41 2008
;; MSG SIZE  rcvd: 78
Any ideas?

Thank you so much
Reply With Quote
Sponsored Links
  #2  
Old 30th March 2008, 09:10
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

I am guessing the account noreply does not exist on your server, as the remote server is trying to verify that the sender address exists but since it does not thats why you get the 550
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 30th March 2008, 09:20
dimitry dimitry is offline
Junior Member
 
Join Date: Mar 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

It does exist though as I can login and check that account.

I created a unix user called 'noreply', 'abuse' and some other ones, so I definitely know they exist.

In fact, bounced emails are found in noreply's Inbox.

This is really confusing...
Reply With Quote
  #4  
Old 30th March 2008, 09:27
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

have you changed your hosts recently, could be dns cached that is still pointing to the old host
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #5  
Old 30th March 2008, 09:31
dimitry dimitry is offline
Junior Member
 
Join Date: Mar 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The domain and site are brand new. So is the VPS box I got for it (SliceHost).

I'm wondering if I didn't setup DNS properly since its my first time messing around with that. Here's a copy from everydns.net:

Code:
arrivalalert.com
A
209.20.64.86
3600
[delete]

arrivalalert.com
NS
ns1.slicehost.net
3600
[delete]

arrivalalert.com
NS
ns2.slicehost.net
3600
[delete]

arrivalalert.com
NS
ns3.slicehost.net
3600
[delete]

arrivalalert.com
MX
mail.arrivalalert.com
0
3600
[delete]

mail.arrivalalert.com
A
209.20.64.86
3600
[delete]

www.arrivalalert.com
CNAME
arrivalalert.com
3600
[delete]
Reply With Quote
  #6  
Old 30th March 2008, 09:47
dimitry dimitry is offline
Junior Member
 
Join Date: Mar 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Important observation. As soon as I send an email to that server that always fails, this is what I see in the log a second later (in between outgoing email and bounced email coming back)

Mar 30 07:44:55 dimitry postfix/smtp[6575]: certificate verification failed for SOME_DOMAIN.com: num=18:self signed certificate

So it tries to ping my server to see if 'noreply' account exists, but it doesn't pass certificate checks and gets cut off. What configuration in Postfix makes cert verification necessary?

Thanks for your help!
Reply With Quote
  #7  
Old 30th March 2008, 20:10
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

change this
Code:
smtpd_use_tls = yes
to this
Code:
smtpd_use_tls = no
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #8  
Old 30th March 2008, 23:56
dimitry dimitry is offline
Junior Member
 
Join Date: Mar 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Unfortunately, that didn't work.

Here's the full log from start of sending message to the bounce

Code:
Mar 30 21:52:57 dimitry postfix/smtpd[7025]: connect from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]
Mar 30 21:52:57 dimitry postfix/smtpd[7025]: setting up TLS connection from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]
Mar 30 21:52:57 dimitry postfix/smtpd[7025]: TLS connection established from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Mar 30 21:52:57 dimitry postfix/smtpd[7025]: 84E251D86B2: client=c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS], sasl_method=PLAIN, sasl_username=noreply
Mar 30 21:52:57 dimitry postfix/cleanup[7029]: 84E251D86B2: message-id=<47F00BB8.9060605@arrivalalert.com>
Mar 30 21:52:57 dimitry postfix/qmgr[7005]: 84E251D86B2: from=<noreply@arrivalalert.com>, size=682, nrcpt=1 (queue active)
Mar 30 21:52:57 dimitry postfix/smtpd[7031]: connect from localhost[127.0.0.1]
Mar 30 21:52:57 dimitry postfix/smtpd[7025]: disconnect from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]
Mar 30 21:52:57 dimitry postfix/smtp[7030]: discarding EHLO keywords: 8BITMIME STARTTLS
Mar 30 21:52:57 dimitry postfix/smtpd[7031]: BF3901D86B3: client=c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]
Mar 30 21:52:57 dimitry dkimproxy.out[2368]: DKIM signing - signed; message-id=<47F00BB8.9060605@arrivalalert.com>, signer=<noreply@arrivalalert.com>, from=<noreply@arrivalalert.com> 
Mar 30 21:52:57 dimitry postfix/cleanup[7029]: BF3901D86B3: message-id=<47F00BB8.9060605@arrivalalert.com>
Mar 30 21:52:57 dimitry postfix/qmgr[7005]: BF3901D86B3: from=<noreply@arrivalalert.com>, size=1643, nrcpt=1 (queue active)
Mar 30 21:52:57 dimitry postfix/smtp[7030]: 84E251D86B2: to=<email@domain.com>, relay=127.0.0.1[127.0.0.1]:10027, delay=0.39, delays=0.22/0.02/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as BF3901D86B3)
Mar 30 21:52:57 dimitry postfix/smtpd[7031]: disconnect from localhost[127.0.0.1]
Mar 30 21:52:57 dimitry postfix/qmgr[7005]: 84E251D86B2: removed
Mar 30 21:53:00 dimitry postfix/smtp[7032]: certificate verification failed for domain.com: num=18:self signed certificate
Mar 30 21:53:02 dimitry postfix/smtp[7032]: BF3901D86B3: to=<email@domain.com>, relay=domain.com[THEIR-IP-ADDRESS]:25, delay=5, delays=0.09/0.01/2.2/2.6, dsn=5.0.0, status=bounced (host domain.com[THEIR-IP-ADDRESS] said: 550-Verification failed for <noreply@arrivalalert.com> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))
Mar 30 21:53:02 dimitry postfix/cleanup[7029]: C16361D86B5: message-id=<20080330215302.C16361D86B5@mail.arrivalalert.com>
Mar 30 21:53:02 dimitry postfix/qmgr[7005]: C16361D86B5: from=<>, size=3740, nrcpt=1 (queue active)
Mar 30 21:53:02 dimitry postfix/bounce[7033]: BF3901D86B3: sender non-delivery notification: C16361D86B5
Mar 30 21:53:02 dimitry postfix/qmgr[7005]: BF3901D86B3: removed
Mar 30 21:53:02 dimitry postfix/local[7034]: C16361D86B5: to=<noreply@arrivalalert.com>, relay=local, delay=0.09, delays=0.03/0.01/0/0.05, dsn=2.0.0, status=sent (delivered to maildir)
Mar 30 21:53:02 dimitry postfix/qmgr[7005]: C16361D86B5: removed
Some interesting lines:
dimitry postfix/smtp[7032]: certificate verification failed for domain.com: num=18:self signed certificate

dimitry postfix/smtp[7032]: BF3901D86B3: to=<email@domain.com>, relay=domain.com[64.22.83.117]:25, delay=5, delays=0.09/0.01/2.2/2.6, dsn=5.0.0, status=bounced (host domain.com[64.22.83.117] said: 550-Verification failed for <noreply@arrivalalert.com> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))

Thank you
Dimitry

Last edited by dimitry; 31st March 2008 at 00:00.
Reply With Quote
  #9  
Old 31st March 2008, 00:06
dimitry dimitry is offline
Junior Member
 
Join Date: Mar 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

It's worth noting that I use DKIM outgoing mail signing. Not sure if that could be an issue or not.
Reply With Quote
  #10  
Old 31st March 2008, 12:34
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
 
Default

Are you sure that the email@domain.com mail box exists?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hacking attack (ubuntu 7.04 server + local root exploit on kernel) smoko General 4 15th September 2013 05:05
Mail server using Postfix, Dovecot, Mysql... Postfix virtual maps doesn't work?? tarasbuljba HOWTO-Related Questions 33 28th May 2010 14:33
Errors Installing Postfix, PostfixAdmin, Courier asyadiqin Installation/Configuration 15 13th November 2008 17:28
ubuntu ispconfig joomla .htaccess steve1084 General 8 6th January 2007 15:55
Postfix errors after uninstalling ISPConfig Zedix Installation/Configuration 1 15th December 2005 10:16


All times are GMT +2. The time now is 04:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.