1 Topic by null (edited by null 2015-02-27 17:06:06)

  • null
  • Member
  • Offline
  • Registered: 2015-02-16
  • Posts: 9

Topic: Specific domains are rejecting recipient.

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version: v0.4.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Debian 7 Wheezy
- Related log if you're reporting an issue: Many. See below.
====

I have 4 domains.
a.com
b.com
c.com
d.com

My inbox is admin@a.com.

I have many, many aliases going to that.
some.guy@a.com
admin@b.com
admin@c.com
admin@d.com

admin@a.com, admin@b.com, some.guy@a.com all work perfectly.

admin@c.com and admin@d.com do not. They reject incoming mail with the following message.

The following log goes from admin@a.com to identity admin@d.com to me@gmail.com. It succeeds.
I then reply from me@gmail.com to admin@d.com and the email is rejected.

Feb 27 08:56:31 mx postfix/smtpd[20773]: connect from localhost[127.0.0.1]
Feb 27 08:56:31 mx postfix/smtpd[20773]: 49DADE2C0: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=admin@a.com
Feb 27 08:56:32 mx postfix/cleanup[20626]: 49DADE2C0: message-id=<3428cc71237c837a05d70d2684754f12@a.com>
Feb 27 08:56:32 mx postfix/qmgr[4755]: 49DADE2C0: from=<admin@d.com>, size=600, nrcpt=1 (queue active)
Feb 27 08:56:32 mx roundcube: User admin@a.com [108.162.250.143]; Message for me@gmail.com; 250: 2.0.0 Ok: queued as 49DADE2C0
Feb 27 08:56:32 mx postfix/smtpd[20773]: disconnect from localhost[127.0.0.1]
Feb 27 08:56:32 mx postfix/smtpd[20636]: connect from localhost[127.0.0.1]
Feb 27 08:56:32 mx postfix/smtpd[20636]: E0C68E2C9: client=localhost[127.0.0.1]
Feb 27 08:56:32 mx postfix/cleanup[20626]: E0C68E2C9: message-id=<3428cc71237c837a05d70d2684754f12@a.com>
Feb 27 08:56:32 mx postfix/qmgr[4755]: E0C68E2C9: from=<admin@d.com>, size=1026, nrcpt=1 (queue active)
Feb 27 08:56:32 mx postfix/smtpd[20636]: disconnect from localhost[127.0.0.1]
Feb 27 08:56:32 mx amavis[20711]: (20711-02) Passed CLEAN {RelayedInternal}, MYNETS/MYUSERS LOCAL [127.0.0.1]:34742 [127.0.0.1] <admin@d.com> -> <me@gmail.com>, Queue-ID: 49DADE2C0, Message-ID: <3428cc71237c837a05d70d2684754f12@a.com>, mail_id: rXmnd2RmM-C7, Hits: 0.213, size: 600, queued_as: E0C68E2C9, 574 ms
Feb 27 08:56:32 mx postfix/smtp[20703]: 49DADE2C0: to=<me@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.7, delays=1.1/0/0.01/0.58, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E0C68E2C9)
Feb 27 08:56:32 mx postfix/qmgr[4755]: 49DADE2C0: removed
Feb 27 08:56:33 mx postfix/smtp[20637]: E0C68E2C9: to=<me@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.185.26]:25, delay=0.76, delays=0/0/0.06/0.69, dsn=2.0.0, status=sent (250 2.0.0 OK 1425027393 k200si1575917ykk.74 - gsmtp)
Feb 27 08:56:33 mx postfix/qmgr[4755]: E0C68E2C9: removed
Feb 27 08:57:10 mx postfix/smtpd[20618]: connect from mail-la0-x231.google.com[2a00:1450:4010:c03::231]
Feb 27 08:57:11 mx postfix/smtpd[20618]: NOQUEUE: reject: RCPT from mail-la0-x231.google.com[2a00:1450:4010:c03::231]: 450 4.7.1 <admin@d.com>: Recipient address rejected: Access denied; from=<me@gmail.com> to=<admin@d.com> proto=ESMTP helo=<mail-la0-x231.google.com>
Feb 27 08:57:11 mx postfix/smtpd[20618]: disconnect from mail-la0-x231.google.com[2a00:1450:4010:c03::231]

I have:
a) Enabled d.com as a domain.
b) Added admin@a.com to the alias table as so.
INSERT INTO alias (domain,goto,address) VALUES('d.com','admin@a.com','admin@d.com');
c) Successfully resolved the address using the postfix test.

root@mx:/var/log# postmap -q 'admin@d.com' mysql:/etc/postfix/mysql/virtual_alias_maps.cf
admin@a.com

I have no idea why this is happening. It can't be a DNS issue.

root@mx:/var/log# postfix -n
postfix: invalid option -- 'n'
postfix: fatal: usage: postfix [-c config_dir] [-Dv] command
root@mx:/var/log# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 4h
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 4h
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = a.com
myhostname = mx.a.com
mynetworks = 127.0.0.0/8
mynetworks_style = host
myorigin = mx.a.com
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_run_delay = 300s
readme_directory = no
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 0
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031,
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/mail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Specific domains are rejecting recipient.

null wrote:

Feb 27 08:57:11 mx postfix/smtpd[20618]: NOQUEUE: reject: RCPT from mail-la0-x231.google.com[2a00:1450:4010:c03::231]: 450 4.7.1 <admin@d.com>: Recipient address rejected: Access denied; from=<me@gmail.com> to=<admin@d.com> proto=ESMTP helo=<mail-la0-x231.google.com>

Everything looks just fine. Please try to debug it by following below steps:

1) Send one testing email from Gmail to admin@d. You can find IP address of this Gmail server in Postfix log file. let's saw it's a.b.c.d.
2) Append this IP in Postfix parameter 'debug_peer_list ='. for example: debug_peer_list = a.b.c.d
3) Reload or restart Postfix service.
4) Send one more testing email from Gmail to admin@d. We need detailed debug message in Postfix log file to see why Postfix rejects this message.

3 Reply by littlewing_ (edited by littlewing_ 2015-03-21 00:29:40)

  • littlewing_
  • Member
  • Offline
  • Registered: 2015-03-20
  • Posts: 1

Re: Specific domains are rejecting recipient.

Hello,

I got a similar issue: all emails coming from gmail are now being rejected. I suspect that it is since I have added an AAAA MX record to the server (now gmail is using it). Can confirm if I'm reverting [confirmed => no such problem with IPv4].

I got the following log: [file attached]

Cheers

ZhangHuangbin wrote:
null wrote:

Feb 27 08:57:11 mx postfix/smtpd[20618]: NOQUEUE: reject: RCPT from mail-la0-x231.google.com[2a00:1450:4010:c03::231]: 450 4.7.1 <admin@d.com>: Recipient address rejected: Access denied; from=<me@gmail.com> to=<admin@d.com> proto=ESMTP helo=<mail-la0-x231.google.com>

Everything looks just fine. Please try to debug it by following below steps:

1) Send one testing email from Gmail to admin@d. You can find IP address of this Gmail server in Postfix log file. let's saw it's a.b.c.d.
2) Append this IP in Postfix parameter 'debug_peer_list ='. for example: debug_peer_list = a.b.c.d
3) Reload or restart Postfix service.
4) Send one more testing email from Gmail to admin@d. We need detailed debug message in Postfix log file to see why Postfix rejects this message.

Post's attachments

log 41.58 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

4 Reply by 7t3chguy

  • 7t3chguy
  • 7t3chguy
  • Forum Moderator
  • Offline
  • From: United Kingdom
  • Registered: 2015-01-08
  • Posts: 713

Re: Specific domains are rejecting recipient.

This has recently been mentioned in another thread, its because Cluebringer doesn't support IPv6.

..., please set 'inet_protocols = ipv4' in Postfix config file /etc/postfix/main.cf.

7t3chguy's Website