Postfix Problem

crkpipe · n00b Joined: 03 Aug 2005 Posts: 17

I am trying to reieve logs from my webservers to my email. When I look at my mail logs for my server that is supposed to relay the messages I see the following error.

Mar 6 12:35:57 mx2 postfix/smtpd[5990]: NOQUEUE: reject: MAIL from unknown[x.x.x.x]: 450 <root@web1a.<domain1>.com>: Sender address rejected: Domain not found; from=<root@web1a.<domain1>.com> proto=ESMTP helo=<web12a>

the server web1a is listed in my helo_access, its IP is listed as a member of my_networks, I am not sure exactly where the failure is occuring. If I require any more information to be posted please just let me know. Thanks in advance for any help.

cb

kashani · Posted: Tue Mar 06, 2007 7:05 pm Post subject:

Do a postconf -n and post it here. I suspect that you're using some more restrictive statements in your smtpd_recipient_restrictions that are denying your host. Remember these are processed in order and it might be a good idea to move permit_mynetworks up in that order toward the top. Or fix your DNS.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

crkpipe · n00b Joined: 03 Aug 2005 Posts: 17

Here is the postconf from the mta server throwing the error listed earlier.

The ip's have been remove and the domain has been aliased. I am sure what you are saying is correct, but I cannot figure out where!

Thanks for the help in advance.

cb

postconf -n
===================================================
address_verify_sender = postmaster@<domain>.com
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks = pcre:/etc/postfix/body_checks
bounce_notice_recipient = postmaster@<domain>.com
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
default_recipient_limit = 100
delay_notice_recipient = postmaster@<domain>.com
delay_warning_time = 10m
disable_vrfy_command = yes
error_notice_recipient = postmaster@<domain>.com
header_checks = pcre:/etc/postfix/header_checks
lmtp_sasl_auth_enable = no
lmtp_sasl_security_options = noanonymous
mail_name = mx2.<domain>.com
mailbox_size_limit = 0
maps_rbl_domains = relays.ordb.org, sbl-xbl.spamhaus.org
message_size_limit = 51200000
mydestination = $myhostname, localhost.$mydomain, localhost.localdomain, localhost, mail.<domain>.com
mydomain = <domain>.com
myhostname = mx2.<domain>.com
mynetworks = all the IP's not shown for security
myorigin = /etc/mailname
recipient_delimiter = +
setgid_group = postdrop
smtp_pix_workaround_delay_time = 15
smtpd_banner = mail.<domain>.com NO UCE ESMTP
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 100
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access, reject_invalid_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_invalid_hostname, permit_auth_destination, check_recipient_access hash:/etc/postfix/access, check_recipient_maps hash:/etc/postfix/access, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_rbl_client relays.ordb.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_maps_rbl, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/blockeddomains hash:/etc/postfix/blockedemails
smtpd_tls_CAfile = /etc/postfix/ssl/<domain>.com.chain
smtpd_tls_cert_file = /etc/postfix/ssl/<domain>.com.cert
smtpd_tls_key_file = /etc/postfix/ssl/<domain>.com.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_use_tls = no
strict_rfc821_envelopes = yes
smtpd_use_tls = no
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport

kashani · Posted: Wed Mar 07, 2007 1:44 am Post subject:

You've got a lot of anti-spam stuff configured. Much of it is very bleeding edge and will bounce real mail. If you're aware of that and have made the choice that you are okay with bouncing legitimate mail every month then that's fine, otherwise you should start researching the side effects of some of the filtering you've enabled.

I'd start with removing almost all the rbl stuff, non_fqdn, helo_restrictions, access hashes etc. Restart and then see if mail can be delivered. Start adding things back slowly with tests between each change. Additionally you'll want to turn up the logging on mail server. Edit /etc/postfix/master.cf and add an -v to the end of the smptd line and restart. Remember to turn this off or your logs will be huge.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

crkpipe · n00b Joined: 03 Aug 2005 Posts: 17

Hey Thanks for the suggestions . . . I am making progress . . . now I can see on the client sending to the mail sever that the message is actually being sent and no longer bounced or rejected, but on the mx server this is all I see in the logs on a connection from the server?

This is from the client . . .. as you can see it appears to have sent the message and then removed it from queue.

Mar 7 10:11:32 web12a postfix/smtp[30760]: 7B5856B2A3: to=<sys-admin@<domain>.com>, relay=mail.<domain>.com[x.x.x.x], delay=0, status=sent (250 Ok: queued as 53C01B5DD21)
Mar 7 10:11:32 web12a postfix/qmgr[29711]: 7B5856B2A3: removed

On the actual mailserver this is all I see . . . and I have not actually recieved any messages . . . any ideas? < thanks again in advance>

Mar 7 10:11:32 mx2 postfix/cleanup[5158]: 53C01B5DD21: message-id=<20070307151132.7B5856B2A3@web12a.<domain>.com>
Mar 7 10:11:33 mx2 postfix/cleanup[3968]: 98571B5DD23: message-id=<20070307151132.7B5856B2A3@web12a.<domain>.com>
Mar 7 10:11:33 mx2 amavis[5629]: (05629-01) Passed, <root@<domain>.com> -> <sys-admin@<domain>.com>, Message-ID: <20070307151132.7B5856B2A3@web12a.<domain>.com>, Hits: -26.358
Mar 7 10:16:32 mx2 postfix/cleanup[5158]: 0CC20B5DD37: message-id=<20070307151632.4DF056B2A3@web12a.<domain>.com>

overkll · Posted: Wed Mar 07, 2007 4:10 pm Post subject:

I believe you should move "reject_unauth_destination" from the end of your restrictions to right after "permit_sasl_authenticated", otherwise your filtering may be more permissive than you think. See why here.