Postfix multiple problems, from 550, 554, Relay denied etc.. all in one server

Discussion in 'Server Operation' started by madelves, Mar 26, 2010.

  1. madelves

    madelves New Member

    Hello,

    I'm starting to use ISPConfig and since setting it up i have some problems and have patched things here and there. I got a few problems especially using Postfix as an email MTA. I set up all domain using ISPconfig and redirect it to a single IP for everything. I followed some readings from the HOWTO from howtoforge to try to set up.

    Problem is a bit weird because I have some email sent, some rejected, and some relay denied on the same server and using the same ispconfig...

    Here's some log excerpts
    Code:
    [root@server1 postfix]# grep [email protected] /var/log/maillog*
    /var/log/maillog:Mar 25 23:25:08 server1 postfix/local[29662]: 00AB628C24: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.38, delays=0.29/0.01/0/0.08, dsn=2.0.0, status=sent (forwarded as 0FC7F28C2F)
    /var/log/maillog:Mar 25 23:25:09 server1 postfix/smtp[29663]: 0FC7F28C2F: to=<[email protected]>, orig_to=<[email protected]>, relay=gmail-smtp-in.l.google.com[209.85.221.100]:25, delay=1.8, delays=0.08/0.04/0.51/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1269573909 39si551492qyk.23)
    /var/log/maillog:Mar 25 23:37:15 server1 postfix/local[29982]: 8DF2428C2F: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=0.64, delays=0.59/0.01/0/0.05, dsn=2.0.0, status=sent (forwarded as A3FB728C30)
    /var/log/maillog:Mar 25 23:37:18 server1 postfix/smtp[29983]:A3FB728C30: to=<[email protected]>, orig_to=<[email protected]>, relay=alt1.gmail-smtp-in.l.google.com[209.85.229.27]:25, delay=2.8, delays=0.03/0.04/0.72/2, dsn=2.0.0, status=sent (250 2.0.0 OK 1269574638 y10si1259456bkx.47)
    Now everything sent to domain 1 went in fine, they can receive, send, and forward.

    However, i got a second email who sent this to gmail and I never received anything in the log :
    Code:
    Delivery to the following recipient failed permanently:
    
        [email protected]
    
    Technical details of permanent failure:
    Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550-5.1.1 The email account that you tried to reach does not exist. Please try
    550-5.1.1 double-checking the recipient's email address for typos or
    550-5.1.1 unnecessary spaces. Learn more at
    550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 27si409190yxe.119 (state 14).
    
    Then there's number 3 who i sent email and behaves like so :

    From google :
    Code:
    Delivery to the following recipient failed permanently:
    
        [email protected]
    
    Technical details of permanent failure:
    Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 <[email protected]>: Recipient address rejected: Access denied (state 14).
    The domain3 doesn't even show in my log

    However there's domain4 who when I send email shows this in my log
    Code:
    /var/log/maillog:Mar 25 23:22:31 server1 postfix/smtpd[26343]: NOQUEUE: reject: RCPT from mail-vw0-f47.google.com[209.85.212.47]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-vw0-f47.google.com>
    /var/log/maillog:Mar 25 23:23:43 server1 postfix/smtpd[29120]: NOQUEUE: reject: RCPT from mail-vw0-f47.google.com[209.85.212.47]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-vw0-f47.google.com>
    /var/log/maillog:Mar 25 23:37:15 server1 postfix/smtpd[29966]: NOQUEUE: reject: RCPT from mail-gw0-f47.google.com[74.125.83.47]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-gw0-f47.google.com>
    
    Please heeellpppp

    anyways my postconf -n shows this

    Code:
    [root@server1 postfix]# /usr/sbin/postconf -n
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    broken_sasl_auth_clients = yes
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    debug_peer_level = 2
    home_mailbox = Maildir/
    html_directory = no
    inet_interfaces = all
    mail_owner = postfix
    mailbox_command = 
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    mydestination = /etc/postfix/local-host-names
    mydomain = mydomain.com
    myhostname = server1.mydomain.com
    mynetworks = 127.0.0.0/8
    newaliases_path = /usr/bin/newaliases.postfix
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
    relay_domains = $mydestination
    sample_directory = /usr/share/doc/postfix-2.3.3/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtp_tls_note_starttls_offer = yes
    smtp_use_tls = yes
    smtpd_delay_reject = yes
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_mynetworks,    reject_non_fqdn_helo_hostname,    reject_invalid_helo_hostname,    permit
    smtpd_recipient_restrictions = reject_unauth_pipelining,   reject_non_fqdn_recipient,   reject_unknown_recipient_domain,   permit_mynetworks,   reject_unauth_destination,   reject_rbl_client zen.spamhaus.org,   reject_rbl_client bl.spamcop.net,   permit
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = 
    smtpd_sasl_security_options = noanonymous
    smtpd_sender_restrictions = permit_mynetworks,    reject_non_fqdn_sender,    reject_unknown_sender_domain,    permit
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_auth_only = no
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    smtpd_use_tls = yes
    tls_random_source = dev:/dev/urandom
    unknown_local_recipient_reject_code = 550
    
    My head is about to explode. Please help out :(
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Do you use ISPConfig 2 or 3?

    Please check if your MX records point to your server. You can check that as follows:
    Code:
    dig mx yourdomain.com
     
  3. madelves

    madelves New Member

    I am using ISPconfig 2 using CENTOS 5.3

    Code:
    [root@server1 username]# dig mx mydomain.com
    
    ; <<>> DiG 9.3.4-P1 <<>> mx mydomain.com
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50042
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mydomain.com.			IN	MX
    
    ;; Query time: 64 msec
    ;; SERVER: aa.aa.133.4#53(aa.aa.133.4)
    ;; WHEN: Mon Mar 29 04:29:54 2010
    ;; MSG SIZE  rcvd: 32
    
    where mydomain = my domain name and aa.aa is the ip

    One question : I currently use the same name on my ispconfig setting for the domain and postfix. Can I use different hostname?
     
  4. madelves

    madelves New Member

    I did get my server to put my server ip on the mx records,
    but also a problem

    Code:
    [root@ispconfig postfix]# dig mx mydomain.com
    
    ; <<>> DiG 9.3.4-P1 <<>> mx mydomain.com
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8771
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;mydomain.com.			IN	MX
    
    ;; ANSWER SECTION:
    mydomain.com.		300	IN	MX	10 66.246.138.245.
    
    ;; Query time: 102 msec
    ;; SERVER: 97.107.133.4#53(97.107.133.4)
    ;; WHEN: Tue Mar 30 01:26:15 2010
    ;; MSG SIZE  rcvd: 59
    
    
     
  5. madelves

    madelves New Member

  6. madelves

    madelves New Member

  7. falko

    falko Super Moderator ISPConfig Developer

    You MX record must point to an A record, not to an IP - that is not allowed!
     
  8. madelves

    madelves New Member

    It is now working properly because of the DNS fix
    Thanks falko
     

Share This Page