LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-09-2013, 05:34 PM   #1
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Rep: Reputation: Disabled
outgoing mail bounces with error 550 5.7.1


Hi all,

My dovecot+postfix server works very well most of the time. However, users are now starting to receive 'bounces' and undelivered mail when attempting to send to some (but not all) external addresses. The error that they receive is:

Quote:
550 5.7.1 can't determine Purported Responsible Address
And here's a copy of the returned headers:

Quote:
Reporting-MTA: dns; mail.mydomain.com
X-Postfix-Queue-ID: CA851E2877
X-Postfix-Sender: rfc822; j.sender@mydomain.com
Arrival-Date: Wed, 9 Jan 2013 14:27:16 +1100 (EST)
Final-Recipient: rfc822; j.recipient@theirdomain.com
Original-Recipient: rfc822;j.recipient@theirdomain.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; finance-in-somegroup.123.net
Diagnostic-Code: smtp; 550 5.7.1 can't determine Purported Responsible Address
Despite researching, I'm really not sure where to start with looking for a resolution to this. I have read that it could be a DNS issue, and/or because my server isn't forming outgoing message "from" headers properly. Because the rejection is happening at the recipient's end, the only info in my /var/log/maillog file is:

Quote:
Jan 9 14:27:23 mail MailScanner[29005]: Requeue: 2DCC9E25FC.A9E70 to CA851E2877
Jan 9 14:27:23 mail postfix/qmgr[29056]: from=<j.user@mydomain.com>, size=28558, nrcpt=1 (queue active)
Jan 9 14:27:23 mail MailScanner[29005]: Uninfected: Delivered 1 messages
Jan 9 14:27:23 mail MailScanner[29005]: Deleted 1 messages from processing-database
Jan 9 14:27:23 mail postfix/smtp [31467]: CA851E2877: to=<j.recipient@theirdomain.com>, relay=finance-in-somegroup.123.net[xxx.xxx.x.123]:25, delay=11, delays=7/0/1.8/2.1, dsn=5.7.1, status=bounced (host finance-in-somegroup.123.net[xxx.xxx.x.123]) said: 550 5.7.1 can't determine Purported Responsible Address (in reply to end of DATA command))
Jan 9 14:27:23 mail postfix/bounce [31535]: CA851E2877: sender non-delivery notification: 1EBB6E2878
-

Also, I'm not sure if it's related, but when I do a mydomain.com check on dnscolos.com, everything passes except the top 2x checks:

Quote:
Category: PARENT <FAIL> Parent nameservers mydomain.com -- Your NS records at the parent server are:
Category: PARENT <FAIL> Nameservers for domain in DNS -- Your NS records at your nameservers are:
Is this related to the DNS records at my host/ISP? Below is a copy of my internal DNS server's zones (which all look OK to me?). This doesn't happen with all recipients, only one or two. Any thoughts would be most helpful!

Thanks in advance,

Scott

Quote:
REVERSE ZONE: 1.168.192.in-addr-arpa
REVERSE MAPPING: 192.168.1.80 -> myinternalserver.mydomain.com
REVERSE MAPPING: 192.168.1.82 -> myinternalserver1.mydomain.com
REVERSE MAPPING: 192.168.1.88 -> myinternalserver2.mydomain.com
REVERSE MAPPING: 192.168.1.90 -> myinternalserver3.mydomain.com

REVERSE ZONE: zzz.yyy.xxx.in-addr-arpa
REVERSE MAPPING: www.xxx.yyy.zzz -> www.mydomain.com
REVERSE ZONE: ddd.ccc.bbb.in-addr-arpa
REVERSE MAPPING: aaa.bbb.ccc.ddd -> www1.mydomain.com
REVERSE ZONE: hhh.ggg.fff.in-addr-arpa
REVERSE MAPPING: eee.fff.ggg.hhh -> www2.mydomain.com

PRIMARY ZONE: mydomain.com.
MACHINE: 192.168.1.80 -> myinternalserver.mydomain.com
MACHINE: 192.168.1.82 -> myinternalserver1.mydomain.com
MACHINE: 192.168.1.88 -> myinternalserver2.mydomain.com
MACHINE: 192.168.1.90 -> myinternalserver3.mydomain.com
MACHINE: www.xxx.yyy.zzz -> www.mydomain.com
MACHINE: eee.fff.ggg.hhh -> www1.mydomain.com

Last edited by scottmusician; 01-09-2013 at 06:37 PM.
 
Old 01-10-2013, 12:43 PM   #2
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: KirraMail Live Email Server
Posts: 1,279

Rep: Reputation: 61
Sounds like it might be a reverse dns lookup error, is there any reason to hosting your own dns server to using your isp's? A lot of mail servers now use reverse dns lookups to help fight against spam, if your dns server is not setup correctly other mail servers will reject your mail.
 
Old 01-16-2013, 08:03 AM   #3
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Original Poster
Rep: Reputation: Disabled
my understanding is that we need to run internal DNS servers for two reasons:

a) because we have multiple internally-hosted, publicly-available fqdn's (eg. www.mucompany.com, http://webmail.mycompany.com)... Without A records sitting on an internal dns server, how do incoming requests know which computer should be sought for the corresponding fqdn request?

b) same thing applies for requests from machines inside the network. Without DHCP pointing to the internal DNS, all local requests just end up at the router instead of deferring to the proper website of the destination IP address..

thoughts?

Last edited by scottmusician; 01-16-2013 at 08:05 AM.
 
Old 01-20-2013, 07:46 PM   #4
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Original Poster
Rep: Reputation: Disabled
*bump*
any further word on this? My users now can't send to Gmail or to hotmail, which is causing business havoc!!
 
Old 01-20-2013, 08:17 PM   #5
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,985

Rep: Reputation: Disabled
Are you getting the same error about "Purported Responsible Address" from Gmail? The error refers to an experimental RFC, RFC 4407. The "Purported Responsible Address" is used by the Sender ID mechanism to determine whether an MTA is authorized to send/relay mail for a given domain.

This error can be caused by missing/duplicate/badly formatted "From:" headers in the mail itself, or even by other malformed headers inserted by MTAs.

You should take a close look at the headers in mails leaving your server. You may also need to implement Sender ID records in your DNS zone, as described in chapter 3 of RFC 4408.
 
Old 01-20-2013, 11:46 PM   #6
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Original Poster
Rep: Reputation: Disabled
Thanks so much for the reply. Yes, the Gmail response was another 550 5.7.1 error, worded a little differently but still the same thing. I've now got a few things to go on, and am waiting to hear from the user to see how responses are going.

Turns out that a lot of users have had additional "from" headers configured in their clients (resulting in duplicate "from:" headers) from a legacy email system where they once used free @gmail accounts to store their imap archives. So I've turned that off and will see how it goes. I've also disabled a
Code:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access
as this only contained a:
Code:
ROOT@ REJECT
(which I think was only to stop ROOT@ folder filling up needlessly, but that's a null account anyway.

will let you know how it goes!
 
Old 01-21-2013, 08:50 PM   #7
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Original Poster
Rep: Reputation: Disabled
I made a test account on the server, and it looks like the from address is defaulting to:
user@mail.mydomain.com

which is of course bad, as it should be:
user@mydomain.com

Sorry to sound like a beginner - is this changed in a config file? or via a DNS server entry? I can't find anything obvious in the conf files..
If it is DNS.. what kind of record do I need to add?

Thanks yet again!!

(PS: i'm happy to post /etc/hosts if it helps, but it all looks pretty basic).
 
Old 01-21-2013, 08:57 PM   #8
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,985

Rep: Reputation: Disabled
Quote:
Originally Posted by scottmusician View Post
I made a test account on the server, and it looks like the from address is defaulting to:
user@mail.mydomain.com

which is of course bad, as it should be:
user@mydomain.com
I think this is what you're looking for.
 
Old 01-21-2013, 09:46 PM   #9
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Original Poster
Rep: Reputation: Disabled
thanks Ser_Olmy,

that's great! and so simple too.
Just waiting on a confirmation from users, but hopefully I can close off thread soon

Thanks again
 
Old 01-28-2013, 09:02 PM   #10
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Original Poster
Rep: Reputation: Disabled
So now /etc/postfix/main.cf reads:
Code:
myhostname = mail.mydomain.com
mydomain = mydomain.com
myorigin = $mydomain
and postconf -n reads:
Code:
 myogigin = $domain
If I create a new user and send an email from webmail (nutsmail) without any additional configuration, then the headers read:
Code:
From: USER <user@mail.mydomain.com>
X-COMPANY-MailScanner-From: user@mail.mydomain.com
Within NutsMail config, I'm overriding this by having each user's webmail account specifying their "Personal Information -> email address" as their correct "user@mydomain.com" format. This at least seems to make mail go out OK most of the time, however we are still occasionally not passing Purported Responsible Address checks properly.

Could it be a DNS thing?

Last edited by scottmusician; 01-28-2013 at 09:28 PM.
 
Old 01-30-2013, 10:11 PM   #11
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Original Poster
Rep: Reputation: Disabled
*bump*
 
Old 02-04-2013, 06:54 PM   #12
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Original Poster
Rep: Reputation: Disabled
Hi again! Sorry to nag, it's been more than a week and my users still can't send to Gmail due to this drat error. Below is a copy of a delivery notice. Any ideas would be wonderful!

Code:
>This is the mail system at host mail.mydomain.com.
>
>I'm sorry to have to inform you that your message could not be 
>delivered to one or more recipients. It's attached below.
>
>For further assistance, please send mail to <postmaster>
>
>If you do so, please include this problem report. You can delete your 
>own text from the attached returned message.
>
>                   The mail system
>
><recipient@email.com>: host aspmx.l.google.com[74.125.133.26]
>said:
>    550-5.7.1 [xxx.yyy.zzz.ip      11] Our system has detected that this
>    message is 550-5.7.1 not RFC 2822 compliant. To reduce the amount 
>of spam
>    sent to Gmail, 550-5.7.1 this message has been blocked. Please 
>review
>550
>    5.7.1 RFC 2822 specifications for more information.
>h19si7264558igc.59 -
>    gsmtp (in reply to end of DATA command)
>
><joerecipient@email.com>: host aspmx.l.google.com[74.125.133.26] said:
>    550-5.7.1 [xxx.yyy.zzz.ip      11] Our system has detected that this
>    message is 550-5.7.1 not RFC 2822 compliant. To reduce the amount 
>of spam
>    sent to Gmail, 550-5.7.1 this message has been blocked. Please 
>review
>550
>    5.7.1 RFC 2822 specifications for more information.
>h19si7264558igc.59 -
>    gsmtp (in reply to end of DATA command)
>Received: from [192.168.1.109] (unknown [192.168.1.109])
>	by mail.mydomain.com (Postfix) with ESMTP id 0F839E2878;
>	Tue,  5 Feb 2013 10:56:08 +1100 (EST)
>User-Agent: Microsoft-MacOutlook/14.2.2.120421
>Date: Tue, 05 Feb 2013 10:55:17 +1100
>Subject: Re: Meeting 8 Feb
>From: Joe User<j.user@mydomain.com>
>To: Recipient <recipient@email.com>
>CC: Paul User <p.user@mydomain.com>,
>	Stephen S <supervisor@email.com>
>Message-ID: <CD36871F.14520%j.user@mydomain.com>
>Thread-Topic: Meeting 8 Feb
>In-Reply-To: <002501ce0004$67687050$363950f0$@com.au>
>from: j.user@mydomain.com
>reply-to: j.user@mydomain.com
>Mime-version: 1.0
>Content-type: multipart/mixed;
>	boundary="B_3442906569_248544"
>X-Server-MailScanner-Information: Please contact the ISP for more 
>information
>X-Server-MailScanner-ID: 0F839E2878.A5786
>X-Server-MailScanner: Found to be clean
>X-Server-MailScanner-From: j.user@mydomain.com
>X-Spam-Status: No


--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 
Old 02-04-2013, 07:57 PM   #13
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,985

Rep: Reputation: Disabled
RFC 2822 describes what constitutes a valid e-mail address.

There has to be something wrong with either the sender or recipient address format in your mails. Since the error is reported at the end of the DATA session rather than after the "MAIL FROM" or "RCPT TO" commands, I suspect the problem is a malformed address in a header.

The only error I can see in the posted log is a lack of a space after the user name in the "From:" header (From: Joe User<j.user@mydomain.com>). You should capture the entire SMTP session between your server and Google's mail server (or the smart host if your're using one) and take a very close look at all headers containing mail addresses.
 
Old 02-04-2013, 08:38 PM   #14
scottmusician
Member
 
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 43

Original Poster
Rep: Reputation: Disabled
thanks for the reply!
I expect this has something to do with it:

Ok, If I make a new user, his emails go out with the incorrect "@mail.mydomain.com" from address.
The headers read:

Code:
Subject: test
From: New user <n.user@mail.mydomain.com>
Reply-To: <n.user@mail.mydomain.com>
X-Server-MailScanner-From: n.user@mail.mydomain.com
Return-Path: n.user@mail.mydomain.com
Here's what postconf -n reads:

Code:
mydomain = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 127.0.0.0/8
myorigin = $mydomain
Which appears correct to me. So where else does the domain suffix get added??

Users are overwriting their from fields via a webmail setting, which at least gets most mail delivered OK with a proper @domain.com address.
 
Old 02-05-2013, 12:17 AM   #15
descendant_command
Member
 
Registered: Mar 2012
Posts: 796

Rep: Reputation: 180Reputation: 180
Quote:
Originally Posted by scottmusician View Post
Code:
>From: Joe User<j.user@mydomain.com>
>from: j.user@mydomain.com
You've got two From: headers, that might be a problem.
 
  


Reply

Tags
dns, dovecot, mailserver, postfix, smtp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix bounces everything, error 550 RileyTheWiley Linux - Networking 1 09-12-2009 03:23 PM
Which qmail log file details outgoing mail? (have huge outgoing mail volume) hilljockey Linux - Server 2 12-08-2008 04:26 PM
Exim4 gives error 550 to all mail - debian sarge matt! Linux - Software 0 04-04-2006 09:17 PM
error 550 in mail.log (postfix + cyrus imapd) gyaban05 Linux - Networking 0 01-24-2006 01:23 AM
qmailrocks help - No mail? 550 relay not permitted error nixinbarrie Linux - Software 1 07-20-2005 01:41 PM


All times are GMT -5. The time now is 10:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration