Mail rejected

Discussion in 'Installation/Configuration' started by muekno, Feb 4, 2021.

  1. muekno

    muekno Member HowtoForge Supporter

    I have a .bash_profile with a root login warning [/quote]echo 'ALERT - SERVERNAME -Root Shell Access on:' `date` `who` | mail -s "Alert: SERVERNAME Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" [email protected][/quote]
    on all servers. All servers in the multiserver enviorement except the mail server have postfix installed with relay host the mailservers address. The servers (VMs) are behind a firewall on a local private net. I have two systems a test system and a production system, quite similar configured Debian 10 latest patches and ISPConfig 3.2.2.
    The Test system works well the warning mails are sent. On the production system did work fine too until bevor a month or so.
    The mailserver log says
    damaina ist the domain the admin server is in where i log in, the mailserver is in domaina too. On the test system the configuration is similar
    Can anyone give me a hint whats happen
    Thanks
    Rainer
     
  2. Steini86

    Steini86 Active Member

  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    The difference in your live and test system is in the relaying setup, check what is in 'Email Routing' and 'Relay Recipients'. Probably just adding the other server's ip to mynetworks would solve it, but if you want other solutions, recent nightly builds have some settings that could help (eg. set smtpd_reject_unlisted_sender='n' add [email protected] to the postfix whitelist, using the current smtpd_sender_restrictions).
     
  4. muekno

    muekno Member HowtoForge Supporter

    [email protected] exists behind test system
    production system
    email routing mydomain.de to postfix on test system
    relay recipients @mydomain.de

    test system
    emailrouting mydomain.de to backend mail system
    relay recipients @mydomain.de

    Thats working fine for all external mail coming to production system, Incoming mails go through postfix (production system) to and trough postfix (testsystem) to backend mail system.
    External mail to other domains are stored in dovecot (production system)
    As written worked for warning mails in production system till about a month ago. Works fine for internal warning mails in test system.
    Servers in production system have production system postfix as relay, servers in test system have have testsystem postfix as relay.
    All external mails (in and out) no problems
    Rainer
     
  5. Steini86

    Steini86 Active Member

    Please show "postconf -n | grep relay" from both involved servers.
    Execute "mail -s -v "Alert Test"
    Then show mail log from both servers.
     
  6. muekno

    muekno Member HowtoForge Supporter

    OK ist clear now why test system works, all servers relays directly to backend mail system, so they do not relay via postfix on test system mail server. Forgot that as I configured this years before.
    But this does not explain why production system stops working relaying the warning massages but works fine with all other mails

    Production system mail server internal IP 10.10.1.51
    Production system one of the other servers, postfix not maintained with ISPConfig, here is the Master server just doing DNS and Master
    Log from Mail command
    mail -s -v "Allert me" [email protected]
    test massage from admin server

    Cc:
    [email protected]
    on master server
    looks suspicious
    Log on mail server
     
  7. Steini86

    Steini86 Active Member

    Sorry, my mistake. For sure it has to be mail -v -s "subject" address
    Anyway, you still get error "Sender address rejected: User unknown in relay recipient table". So, either your mail/domain is not set in the relay table. Or your host is not allowed to relay mails (not in mynetworks). Your restrictions are "smtpd_relay_restrictions = permit_mynetworks [..]", so only servers in mynetworks are allowed to relay. This could have happened with an update in the past, when this option was added. However, I think the error message should be different if thats the case.
    If that server is not maintained by ispconfig, are the right values in the corresponding database defined in /etc/postfix/mysql-virtual_relaydomains.cf /etc/postfix/mysql-virtual_relayrecipientmaps.cf ??

    It may be a problem with your proxy setup. You could try removing the "proxy:" for the relay_recipient_maps and relay_domains. The gain is negligible anyway, as you are only looking that up every now and then.
    Usually there is no need to explicitly set proxy_read_maps as the default value includes almost everything anyway.
     
  8. muekno

    muekno Member HowtoForge Supporter

    I think it's a change from an update in the near past, as ist worked for years. Also if there are updates with config changes I always select keep old config. will search and write if I found something. Thanks for help so long
     
  9. muekno

    muekno Member HowtoForge Supporter

    I think the relevant part is
    in the log of the ISPConfig administrated mail server.
    Where in ISPConfig can I allow the sender address and why is it blocked newly after not beeing blocked for years?
     
  10. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Did you try what @Steini86 said in his first reply?
    Because of changes to sender restrictions setup in ispconfig.
     
  11. muekno

    muekno Member HowtoForge Supporter

    Sorry I do not understand. Every sender from extern is routed.
    Relay recipients has @mydomain.de and Email routing has my privat fixed IP as target. Otherwise no mail would reach me. But the error message says sender not receipient.
    "Because of changes to sender restrictions setup in ispconfig."
    Would be nice if you tell what was changed, or at least where I can change this. Right may be the problem exists sind ISPConfig 3.2.2.
    On the other hand, external mails go through the firewall and are nated to the one and only privat address of postfix. Mails from the other servers are comming from the same privat network to the to the same postfix address, this network is allowed in "mynetworks = 127.0.0.0/8 10.10.1.0/24"
    so for postfix that should make no difference to external mails.
     

Share This Page