Loading ...
Sorry, an error occurred while loading the content.

Can't send mails outside my domain

Expand Messages
  • Alumno Etsii
    Hi list! I ve successfully setup my Postfix server with virtual users (using MySQL), let s call this machine mail . I ve another server (machine) that relays
    Message 1 of 10 , Oct 1, 2012
    • 0 Attachment
      Hi list!

      I've successfully setup my Postfix server with virtual users (using MySQL), let's call this machine 'mail'. I've another server (machine) that relays through 'mail' to send mails, let's call it 'client'. Whenever I try to send an e-mail from 'client' relaying through 'mail', I can do this only if the destination is the same domain that 'mail' is configured to handle. Otherwise, I get an error like this:

      Oct  1 17:08:43 mail postfix/smtpd[4940]: connect from unknown[192.168.0.100]
      Oct  1 17:08:43 mail postfix/smtpd[4940]: D7D59100418: client=unknown[192.168.0.100]
      Oct  1 17:08:43 mail postfix/cleanup[4946]: D7D59100418: message-id=<20121001160510.3AEEDE041A@...>
      Oct  1 17:08:43 mail opendkim[1220]: D7D59100418: [192.168.0.100] [192.168.0.100] not internal
      Oct  1 17:08:43 mail opendkim[1220]: D7D59100418: not authenticated
      Oct  1 17:08:43 mail opendkim[1220]: D7D59100418: no signing domain match for 'client.devels.es'
      Oct  1 17:08:43 mail opendkim[1220]: D7D59100418: external host [192.168.0.100] attempted to send as devels.es
      Oct  1 17:08:43 mail opendkim[1220]: D7D59100418: no signature data
      Oct  1 17:08:43 mail postfix/qmgr[2661]: D7D59100418: from=<root@...>, size=622, nrcpt=1 (queue active)
      Oct  1 17:08:43 mail postfix/smtpd[4940]: disconnect from unknown[192.168.0.100]
      Oct  1 17:08:44 mail postfix/pickup[2660]: 579AA10042B: uid=5002 from=<root@...>
      Oct  1 17:08:44 mail postfix/pipe[4948]: D7D59100418: to=<nkneumann@...>, relay=spamassassin, delay=0.54, delays=0.11/0.02/0/0.41, dsn=2.0.0, status=sent (delivered via spamassassin service)
      Oct  1 17:08:44 mail postfix/qmgr[2661]: D7D59100418: removed
      Oct  1 17:08:44 mail postfix/cleanup[4946]: 579AA10042B: message-id=<20121001160510.3AEEDE041A@...>
      Oct  1 17:08:44 mail opendkim[1220]: 579AA10042B: no signing domain match for 'client.devels.es'
      Oct  1 17:08:44 mail postfix/qmgr[2661]: 579AA10042B: from=<root@...>, size=931, nrcpt=1 (queue active)
      Oct  1 17:08:45 mail postfix/smtp[4952]: 579AA10042B: to=<todos.somos.yo@...>, relay=devels.es[91.215.158.237]:25, delay=1.3, delays=0.14/0.11/0.83/0.19, dsn=5.0.0, status=bounced (host devels.es[91.215.158.237] said: 550-Verification failed for <root@...> 550-The mail server could not deliver mail to root@....  The account or domain may not exist, they may be blacklisted, or missing the proper dns entries. 550 Sender verify failed (in reply to RCPT TO command))
      Oct  1 17:08:45 mail postfix/cleanup[4946]: A7BB8100429: message-id=<20121001160845.A7BB8100429@...>
      Oct  1 17:08:45 mail postfix/bounce[4953]: 579AA10042B: sender non-delivery notification: A7BB8100429
      Oct  1 17:08:45 mail postfix/qmgr[2661]: 579AA10042B: removed
      Oct  1 17:08:45 mail postfix/qmgr[2661]: A7BB8100429: from=<>, size=3596, nrcpt=1 (queue active)
      Oct  1 17:08:46 mail postfix/smtp[4952]: A7BB8100429: to=<root@...>, relay=devels.es[91.215.158.237]:25, delay=0.92, delays=0.03/0/0.63/0.25, dsn=2.0.0, status=sent (250 OK id=1TIiYL-0003NI-EX)
      Oct  1 17:08:46 mail postfix/qmgr[2661]: A7BB8100429: removed

      If I send a mail to a *@devels.es it works perfectly. 

      My postconf -n for mail is:

      alias_database = hash:/etc/aliases
      alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
      append_dot_mydomain = no
      biff = no
      bounce_queue_lifetime = 2d
      broken_sasl_auth_clients = yes
      config_directory = /etc/postfix
      disable_vrfy_command = yes
      header_checks = regexp:/etc/postfix/header_checks
      html_directory = /usr/share/doc/postfix/html
      inet_interfaces = all
      invalid_hostname_reject_code = 554
      local_recipient_maps = $alias_maps
      mailbox_size_limit = 0
      mailman_destination_recipient_limit = 1
      maximal_queue_lifetime = 4d
      message_size_limit = 30720000
      milter_default_action = accept
      milter_protocol = 2
      mydestination = mail.devels.es, localhost, localhost.localdomain, listas.devels.es
      mydomain = devels.es
      myhostname = mail.devels.es
      myorigin = $mydomain
      non_smtpd_milters = inet:127.0.0.1:12347
      owner_request_special = no
      policy-spf_time_limit = 3600s
      proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps $smtpd_sender_login_maps
      qmgr_message_active_limit = 1000
      recipient_delimiter = +
      relay_destination_concurrency_limit = 100
      relay_destination_recipient_limit = 100
      relayhost = [devels.es]
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      smtp_use_tls = yes
      smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
      smtpd_client_connection_count_limit = 25
      smtpd_client_connection_rate_limit = 100
      smtpd_client_message_rate_limit = 250
      smtpd_client_recipient_rate_limit = 500
      smtpd_client_restrictions = permit_mynetworks reject_rbl_client dul.dnsbl.sorbs.net reject_rbl_client combined.njabl.org reject_rbl_client zen.spamhaus.org reject_unauth_pipelining
      smtpd_helo_required = yes
      smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_hostname permit
      smtpd_milters = inet:127.0.0.1:12347
      smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/valid_recipients, reject_sender_login_mismatch, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, check_policy_service unix:private/policy-spf, reject_unauth_destination
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_authenticated_header = yes
      smtpd_sasl_security_options = noanonymous
      smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_identities.cf
      smtpd_sender_restrictions = permit_mynetworks check_sender_access hash:/etc/postfix/valid_senders reject_sender_login_mismatch permit
      smtpd_tls_auth_only = yes
      smtpd_tls_cert_file = /etc/postfix/smtpd.cert
      smtpd_tls_key_file = /etc/postfix/smtpd.key
      smtpd_tls_loglevel = 0
      smtpd_tls_received_header = yes
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtpd_tls_session_cache_timeout = 3600s
      smtpd_use_tls = yes
      transport_maps = mysql:/etc/postfix/mysql-virtual_transport.cf
      unknown_address_reject_code = 554
      unknown_client_reject_code = 554
      unknown_hostname_reject_code = 554
      unknown_local_recipient_reject_code = 550
      virtual_alias_domains =
      virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
      virtual_gid_maps = static:5000
      virtual_mailbox_base = /home/vmail
      virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
      virtual_mailbox_limit_inbox = yes
      virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
      virtual_mailbox_limit_override = yes
      virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
      virtual_maildir_extended = yes
      virtual_maildir_limit_message = "El usuario tiene su buzon lleno, debe liberar espacio antes de poder recibir mas"
      virtual_maildir_suffix = Maildir/
      virtual_overquota_bounce = yes
      virtual_transport = virtual
      virtual_trash_count = yes
      virtual_trash_name = .Trash
      virtual_uid_maps = static:5000

      My postconf -n for client is:

      config_directory = /etc/postfix
      relayhost = 192.168.0.14
      smtp_sasl_auth_enable = yes
      smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
      smtp_sasl_security_options = noanonymous
      smtp_use_tls = yes

      Note: 192.168.0.14 = mail, 192.168.0.100 = client

      Any ideas of why is this happening will be appreciated. Thanks!
    • Reindl Harald
      ... Oct 1 17:08:44 mail postfix/qmgr[2661]: 579AA10042B: from= , size=931, nrcpt=1 (queue active) Oct 1 17:08:45 mail
      Message 2 of 10 , Oct 1, 2012
      • 0 Attachment
        Am 01.10.2012 18:17, schrieb Alumno Etsii:
        > Hi list!
        >
        > I've successfully setup my Postfix server with virtual users (using MySQL), let's call this machine 'mail'. I've
        > another server (machine) that relays through 'mail' to send mails, let's call it 'client'. Whenever I try to send
        > an e-mail from 'client' relaying through 'mail', I can do this only if the destination is the same domain that
        > 'mail' is configured to handle. Otherwise, I get an error like this:

        Oct 1 17:08:44 mail postfix/qmgr[2661]: 579AA10042B: from=<root@...>, size=931, nrcpt=1 (queue active)
        Oct 1 17:08:45 mail postfix/smtp[4952]: 579AA10042B: to=<todos.somos.yo@...>,
        relay=devels.es[91.215.158.237]:25, delay=1.3, delays=0.14/0.11/0.83/0.19, dsn=5.0.0, status=bounced (host
        devels.es[91.215.158.237] said: 550-Verification failed for <root@...> 550-The mail server could not
        deliver mail to root@.... The account or domain may not exist, they may be blacklisted, or missing
        the proper dns entries. 550 Sender verify failed (in reply to RCPT TO command))

        so is "root@..." a VALID RCPT on your MX?
      • Alumno Etsii
        2012/10/1 Reindl Harald ... First off, thanks for your fast response! I m not sure what do you mean, are you refering to DNS entries?
        Message 3 of 10 , Oct 1, 2012
        • 0 Attachment
          2012/10/1 Reindl Harald <h.reindl@...>


          Am 01.10.2012 18:17, schrieb Alumno Etsii:
          > Hi list!
          >
          > I've successfully setup my Postfix server with virtual users (using MySQL), let's call this machine 'mail'. I've
          > another server (machine) that relays through 'mail' to send mails, let's call it 'client'. Whenever I try to send
          > an e-mail from 'client' relaying through 'mail', I can do this only if the destination is the same domain that
          > 'mail' is configured to handle. Otherwise, I get an error like this:

          Oct  1 17:08:44 mail postfix/qmgr[2661]: 579AA10042B: from=<root@...>, size=931, nrcpt=1 (queue active)
          Oct  1 17:08:45 mail postfix/smtp[4952]: 579AA10042B: to=<todos.somos.yo@...>,
          relay=devels.es[91.215.158.237]:25, delay=1.3, delays=0.14/0.11/0.83/0.19, dsn=5.0.0, status=bounced (host
          devels.es[91.215.158.237] said: 550-Verification failed for <root@...> 550-The mail server could not
          deliver mail to root@....  The account or domain may not exist, they may be blacklisted, or missing
          the proper dns entries. 550 Sender verify failed (in reply to RCPT TO command))

          so is "root@..." a VALID RCPT on your MX?


          First off, thanks for your fast response!

          I'm not sure what do you mean, are you refering to DNS entries? If so, how can I do to make any *.devels.es host valid? I supposed that 'permit_mynetworks' for senders ('client' would match mynetworks) would make any sender address valid to relay even if it doesn't exist, if I'm wrong, I'd appreciate any clue!

          Thanks in advance!
        • Wietse Venema
          ... The servre complains about the sender address: root@client.devels.es. Does client.devels.es exist? Does root@client.devels.es exist? Wietse
          Message 4 of 10 , Oct 1, 2012
          • 0 Attachment
            Alumno Etsii:
            > Oct 1 17:08:44 mail postfix/qmgr[2661]: 579AA10042B: from=<
            > root@...>, size=931, nrcpt=1 (queue active)

            > Oct 1 17:08:45 mail postfix/smtp[4952]: 579AA10042B: to=<
            > todos.somos.yo@...>, relay=devels.es[91.215.158.237]:25,
            > delay=1.3, delays=0.14/0.11/0.83/0.19, dsn=5.0.0, status=bounced
            > (host devels.es[91.215.158.237] said: 550-Verification failed for
            > <root@...> 550-The mail server could not deliver mail
            > to root@.... The account or domain may not exist,
            > they may be blacklisted, or missing the proper dns entries. 550
            > Sender verify failed (in reply to RCPT TO command))

            The servre complains about the sender address: root@....
            Does client.devels.es exist?
            Does root@... exist?

            Wietse
          • Alumno Etsii
            2012/10/1 Wietse Venema ... client.devels.es exists (and resolves), but root@client.devels.es doesn t exist, and that s how I want it to
            Message 5 of 10 , Oct 1, 2012
            • 0 Attachment
              2012/10/1 Wietse Venema <wietse@...>
              Alumno Etsii:
              > Oct  1 17:08:44 mail postfix/qmgr[2661]: 579AA10042B: from=<
              > root@...>, size=931, nrcpt=1 (queue active)

              > Oct  1 17:08:45 mail postfix/smtp[4952]: 579AA10042B: to=<
              > todos.somos.yo@...>, relay=devels.es[91.215.158.237]:25,
              > delay=1.3, delays=0.14/0.11/0.83/0.19, dsn=5.0.0, status=bounced
              > (host devels.es[91.215.158.237] said: 550-Verification failed for
              > <root@...> 550-The mail server could not deliver mail
              > to root@....  The account or domain may not exist,
              > they may be blacklisted, or missing the proper dns entries. 550
              > Sender verify failed (in reply to RCPT TO command))

              The servre complains about the sender address: root@....
              Does client.devels.es exist?
              Does root@... exist?

                      Wietse

              client.devels.es exists (and resolves), but root@... doesn't exist, and that's how I want it to be, so if I send an e-mail from anything@... it should relay correctly even if that account doesn't exist. That's what I wanted to achieve permitting mynetworks in smtpd_sender_restrictions. Is that even possible?
            • Ralf Hildebrandt
              ... $ host client.devels.es Host client.devels.es not found: 3(NXDOMAIN) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité -
              Message 6 of 10 , Oct 1, 2012
              • 0 Attachment
                * Alumno Etsii <todos.somos.yo@...>:

                > client.devels.es exists (and resolves), but root@... doesn't

                $ host client.devels.es
                Host client.devels.es not found: 3(NXDOMAIN)

                --
                Ralf Hildebrandt
                Geschäftsbereich IT | Abteilung Netzwerk
                Charité - Universitätsmedizin Berlin
                Campus Benjamin Franklin
                Hindenburgdamm 30 | D-12203 Berlin
                Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
                ralf.hildebrandt@... | http://www.charite.de
              • Alumno Etsii
                2012/10/1 Ralf Hildebrandt ... Well, I meant in the local mail server, it actually resolves. Or does it HAVE to exist the DNS
                Message 7 of 10 , Oct 1, 2012
                • 0 Attachment
                  2012/10/1 Ralf Hildebrandt <Ralf.Hildebrandt@...>
                  * Alumno Etsii <todos.somos.yo@...>:

                  > client.devels.es exists (and resolves), but root@... doesn't

                  $ host client.devels.es
                  Host client.devels.es not found: 3(NXDOMAIN)

                  --
                  Ralf Hildebrandt
                    Geschäftsbereich IT | Abteilung Netzwerk
                    Charité - Universitätsmedizin Berlin
                    Campus Benjamin Franklin
                    Hindenburgdamm 30 | D-12203 Berlin
                    Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
                    ralf.hildebrandt@... | http://www.charite.de


                  Well, I meant in the local 'mail' server, it actually resolves. Or does it HAVE to exist the DNS registry by imperative?
                • Ralf Hildebrandt
                  ... If you want to send outside your own domain, yes. Since (almost) everybody checks if the sender domain is valid. After all, one cannot reply otherwise...
                  Message 8 of 10 , Oct 1, 2012
                  • 0 Attachment
                    * Alumno Etsii <todos.somos.yo@...>:
                    > 2012/10/1 Ralf Hildebrandt <Ralf.Hildebrandt@...>
                    >
                    > > * Alumno Etsii <todos.somos.yo@...>:
                    > >
                    > > > client.devels.es exists (and resolves), but root@...'t
                    > >
                    > > $ host client.devels.es
                    > > Host client.devels.es not found: 3(NXDOMAIN)
                    >
                    > Well, I meant in the local 'mail' server, it actually resolves. Or does it
                    > HAVE to exist the DNS registry by imperative?

                    If you want to send outside your own domain, yes. Since (almost) everybody
                    checks if the sender domain is valid. After all, one cannot reply
                    otherwise...

                    --
                    Ralf Hildebrandt
                    Geschäftsbereich IT | Abteilung Netzwerk
                    Charité - Universitätsmedizin Berlin
                    Campus Benjamin Franklin
                    Hindenburgdamm 30 | D-12203 Berlin
                    Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
                    ralf.hildebrandt@... | http://www.charite.de
                  • Reindl Harald
                    ... the RCPT server does sender verification so it connects to the MX of the sender and starts a mail-converastion only if your server says RCPT OK, send
                    Message 9 of 10 , Oct 1, 2012
                    • 0 Attachment
                      Am 01.10.2012 19:00, schrieb Alumno Etsii:
                      > Well, I meant in the local 'mail' server, it actually resolves. Or does it HAVE to exist the DNS registry by
                      > imperative?

                      the RCPT server does "sender verification"
                      so it connects to the MX of the sender and starts a mail-converastion
                      only if your server says "RCPT OK, send message" the RCPT server
                      will accept your message

                      this is common

                      NEVER EVER send ANY message with a sender for which
                      you do not receive e-mail - never!
                    • Alumno Etsii
                      2012/10/1 Reindl Harald ... Unbelievable I didn t realize such a logic thing... Thank you ALL guys, it s working now!
                      Message 10 of 10 , Oct 1, 2012
                      • 0 Attachment
                        2012/10/1 Reindl Harald <h.reindl@...>


                        Am 01.10.2012 19:00, schrieb Alumno Etsii:
                        > Well, I meant in the local 'mail' server, it actually resolves. Or does it HAVE to exist the DNS registry by
                        > imperative?

                        the RCPT server does "sender verification"
                        so it connects to the MX of the sender and starts a mail-converastion
                        only if your server says "RCPT OK, send message" the RCPT server
                        will accept your message

                        this is common

                        NEVER EVER send ANY message with a sender for which
                        you do not receive e-mail - never!



                        Unbelievable I didn't realize such a logic thing... Thank you ALL guys, it's working now!
                      Your message has been successfully submitted and would be delivered to recipients shortly.