SOLVED: incoming SMTP: 550 Requested action not taken: mailbox unavailable

Discussion in 'Installation/Configuration' started by fishtail, Apr 23, 2018.

  1. fishtail

    fishtail New Member

    Hi...a noob here...
    I just followed "perfect server" installation and everything seemed to be working...
    I "telnet localhost" and sent a test email to myself and it delivered successfully without a hitch.
    But, when I telnet to FQDN from outside, I don't get any feedback with "helo"...this is question 1.
    Further, I changed my MX record and sent a test email from outside. I immediately got the 550 error message.
    this is recorded in /var/log/mail.log.....doesn't say much.
    Apr 23 08:54:07 mailbox postfix/smtpd[2520]: connect from XXXXXXXX.net[69.XXX.XXX.XXX]
    Apr 23 08:54:08 mailbox postfix/smtpd[2520]: disconnect from XXXXXXXXXXX.net[69.XXX.XXX.XXX] ehlo=1 mail=1 rset=1 quit=1 commands=4
    anybody has any ideas/pointers that can guide me? this is question 2.
    thanks in advance...
     
  2. fishtail

    fishtail New Member

    bump..hoping to get some feedback/support.
     
  3. Jesse Norell

    Jesse Norell Well-Known Member

    do you see the server's smtp greeting? if not I'd suspect either dns for the fqdn isn't pointing to the right address, or you have a firewall or nat (if using private addrs on the server) issue.

    This would indicate the firewall/nat may be fine, as you'r obviously getting an smtp connection. That indicates the commands sent were ehlo, mail, rset, quit - ie. the smtp client (aka the sending server) reset and quit the connection without even sending a single "rcpt to:" address - it's the sender that gets a "550 Requested action not taken: mailbox unavailable" error? (strange that's not logged, too) Is your test message here sent from an address which is hosted on the ispconfig server? It's also unusual not to see that in the log.

    Maybe check to see if smtpd_delay_reject is set to 'no' (default is 'yes'), and if so change to 'yes', reload postfix and you should get a little more info in the logs.
     
  4. fishtail

    fishtail New Member

    Hi Jesse, thanks for the reply.
    "smtpd_delay_reject" was never in the instruction...HOWEVER, for some reason, when I telnet to my mail server from outside to port 25, I am getting responses now.
    SO, from outside network, I issued "rcpt to:<[email protected]> and I immediately received "mailbox unavailable"
    FROM inside network, I issued the same command, and I got: "Helo command rejected: need fully-qualified hostname"
    Sorry, but I don't have much knowledge in postfix, other than the instruction provided from "The Perfect Server"

    Any suggestions are greatly appreciated...
     
  5. Jesse Norell

    Jesse Norell Well-Known Member

    If you sent the exact same commands each time (helo, etc) it sounds like you aren't talking to the same smtp server from inside and outside - probably a Nat port forward/firewall type issue.
     
  6. fishtail

    fishtail New Member

    I got this to work by commenting the following two lines in /etc/postfix/main.cf
    smtpd_helo_required =
    smtpd_helo_restrictions =

    Is this a security concern?
     
  7. Jesse Norell

    Jesse Norell Well-Known Member

    It's not a security concern in that it allows unauthorized access to your server or such, but you will see more spam making it past the 'helo' stage with reduced restrictions. Is that exactly what those lines showed in your main.cf? Ie. both were set to empty? If so, something has not gone right in your ispconfig configuration, as it should look more like:
    Code:
    # postconf smtpd_helo_required                                                                                                         
    smtpd_helo_required = yes
    
    # postconf smtpd_helo_restrictions
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
    
     
  8. fishtail

    fishtail New Member

    no, mine is:
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo

    but after I updated the line with yours and restarted postfix service, i still get "504 5.5.2 <a>: Helo command rejected: need fully-qualified hostname" BOTH inside and outside network.
    I am going to dissect each item and see which one gives me the error.
    Will report back.
     
  9. Jesse Norell

    Jesse Norell Well-Known Member

    Is the error, which is from the reject_non_fqdn_hostname restriction, but the correct solution is just too use a fully qualified hostname, eg. try 'helo test.domain.com' instead of 'helo test'.

    Earlier you said there was a different response from inside and outside, and now they are responding the same - I suspect you did not send the exact same symptoms commands from inside Vs outside earlier, and now just need to work on your smtp a bit, and I'd guess you'll have mail delivering.

    Have you tried sending from a real smtp server lately, and verify the email address is an active mailbox in ISPConfig? If still failing, what does the mail log show, anything more?
     
  10. fishtail

    fishtail New Member

    So I created another VM and followed the instruction and created another instance...copied over main.cf, restarted postfix and now it works....which is very weird...
    will keep testing away....
     
  11. fishtail

    fishtail New Member

    ....sorry, but I have two problems/observations:
    - I had to remove "reject_non_fqdn_hostname" because when a mail client (MS Outlook) says "hello", it just says "hello <computername>"
    - when I tried to connect, via Outlook, from home, it rejects the connection because my external IP was found in spamhaus.org (this is a very likely scenario because it's a broadband connection)
    thoughts/suggestions is greatly appreciated.

    May 11 10:38:06 mailbox dovecot: imap-login: Disconnected (no auth attempts in 120 secs): user=<>, rip=24.56.243.128, lip=172.16.2.209, TLS handshaking: Disconnected, session=<AVZCmfFrBM8YOPOA>
    May 11 10:38:06 mailbox postfix/smtpd[19313]: connect from c-24-56-243-128.customer.broadstripe.net[24.56.243.128]
    May 11 10:38:06 mailbox postfix/smtpd[19313]: NOQUEUE: filter: RCPT from c-24-56-243-128.customer.broadstripe.net[24.56.243.128]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ownerPC>
    May 11 10:38:06 mailbox postfix/smtpd[19313]: NOQUEUE: filter: RCPT from c-24-56-243-128.customer.broadstripe.net[24.56.243.128]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ownerPC>
    May 11 10:38:06 mailbox postfix/smtpd[19313]: NOQUEUE: reject: RCPT from c-24-56-243-128.customer.broadstripe.net[24.56.243.128]: 554 5.7.1 Service unavailable; Client host [24.56.243.128] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/24.56.243.128; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ownerPC>
    May 11 10:38:06 mailbox postfix/smtpd[19313]: lost connection after RCPT from c-24-56-243-128.customer.broadstripe.net[24.56.243.128]
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you missed to enable smtp auth in outlook for sending emails. and use port 587 SMTP port.
     
  13. fishtail

    fishtail New Member

  14. Jesse Norell

    Jesse Norell Well-Known Member

    No, he means "in outlook", ie. your mail account settings in MS Outlook. Sending authenticated on port 587 will bypass both the fqdn check and blacklists, and resolve your latest issues.
     
  15. fishtail

    fishtail New Member

    This is what I got from /var/log/mail.log when attempting to test connections.
    Thoughts?
    I REALLY appreciate your hand-holdings...

    May 15 11:20:07 mailbox postfix/smtps/smtpd[18025]: connect from c-XXX-XXX-XXX-XXX.customer.broadstripe.net[XXX.XXX.XXX.XXX]
    May 15 11:20:07 mailbox postfix/smtps/smtpd[18025]: disconnect from c-XXX-XXX-XXX-XXX.customer.broadstripe.net[XXX.XXX.XXX.XXX] ehlo=1 quit=1 commands=2
    May 15 11:20:07 mailbox dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=YYY.YYY.YYY.YYY, TLS, session=<tKrspkJstswYOPOA>
     
  16. fishtail

    fishtail New Member

    ...wait, it worked in Thunderbird, but hangs/doesn't work in Outlook....
     
  17. fishtail

    fishtail New Member

Share This Page