LinuxQuestions.org - [SOLVED] [Postfix] Sender address rejected: Domain not found

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - [Postfix] Sender address rejected: Domain not found (https://www.linuxquestions.org/questions/linux-networking-3/%5Bpostfix%5D-sender-address-rejected-domain-not-found-881247/)

[Postfix] Sender address rejected: Domain not found

Code:

telnet [remoteip] 25

Trying [remoteip]...

Connected to mail03.[remotedomain].com ([remoteip]).

Escape character is '^]'.

220 [name].[remotedomain].com ESMTP Postfix (Ubuntu)

HELO [mydomain].net

250 [name].[remotedomain]

MAIL FROM: wojtek@[mydomain].net

250 2.1.0 Ok

RCPT TO: cathy@[remotedomain].com

450 4.1.8 <wojtek@[mydomain].net>: Sender address rejected: Domain not found

We're getting the above when sending an email to a certain domain: their postfix bounces.
Searcing for the cause, I suspect it' caused by them having reject_unknown_sender_domain enabled in their postfix config. Postfix page says it's either because I might have missing A or MX records, or a malformed MX.

I checked, and dns seems to be fine. Emails work ok with every other domain out there that we tried.

Any suggestions greatly appreciated.

Thank You

Quote:

Originally Posted by WojtekO (Post 4359082)

Code:

telnet [remoteip] 25

Trying [remoteip]...

Connected to mail03.[remotedomain].com ([remoteip]).

Escape character is '^]'.

220 [name].[remotedomain].com ESMTP Postfix (Ubuntu)

HELO [mydomain].net

250 [name].[remotedomain]

MAIL FROM: wojtek@[mydomain].net

250 2.1.0 Ok

RCPT TO: cathy@[remotedomain].com

450 4.1.8 <wojtek@[mydomain].net>: Sender address rejected: Domain not found

Check that
a public DNS server resolves [mydomain.net] with a good A and MX record?
the A record matches the static IP you are sending from?
and also your reverse dns maps the IP to the name?

Yep,"reject_unknown_sender_domain" can cause a lot of false positives, but it does cut down on the spam.

As has been suggested make certain your SMTP server has a VALID "A" record, "MX" record and "Reverse" record on the internet.

If you don't have those records, or can't get the reverse DNS changed, simply set up your transport maps to forward the mail through your ISP's SMTP servers.

Over the last few years I have had to do that for about 4 - 5 domains that do not like my servers for various un-explained reason, but they will gladly accept the same mail when forwarded through the ISP. It's just easier to forward it through my ISP than try to get a hold of some administrator want-a-be that has decided to become a mail Nazi. Don't get me wrong, I have really tight spam filtering, but it is done in a way that prevents almost all false positives, and almost never causes problems for the sending systems IT Dept and still discards or filters over 90% of incoming mail.

Thank you for your answers,

Here is an output of dig when I query the public 4.2.2.2 DNS Server. [domain].com is my domain that is getting rejected.

[domain].com and mail.[domain].com both have the same external IP, but are nat'd to different internal servers.
[domain].com has an A and MX, while mail.[domain].com only has an A. Reverse dig on the IP returns mail.[domain].com

Anything out of the ordinary that I might have missed in the below output?

Code:

[root@vps ~]#dig [domain].com any



; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> [domain].com any

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31375

;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0



;; QUESTION SECTION:

;[domain].com.                    IN      ANY



;; ANSWER SECTION:

[domain].com.            43134  IN      TXT    "v=spf1 ip4:[IPAdress] -all"

[domain].com.            43134  IN      TXT    "v=spf1 mx -all"

[domain].com.            43134  IN      A      [IPAdress]

[domain].com.            43134  IN      MX      10 mail.[domain].com.

[domain].com.            43134  IN      SOA    ns.[domain].com. hostmaster.[domain].com. 2010092306 10800 15 604800 10800

[domain].com.            43134  IN      NS      ns.[domain].com.



;; Query time: 1 msec

;; SERVER: 4.2.2.2#53(4.2.2.2)

;; WHEN: Wed May 18 09:26:14 2011

;; MSG SIZE  rcvd: 197



[root@vps ~]#dig mail.[domain].com any



; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> mail.[domain].com any

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43898

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0



;; QUESTION SECTION:

;mail.[domain].com.              IN      ANY



;; ANSWER SECTION:

mail.[domain].com.        43122  IN      A      [IPAdress]



;; Query time: 2 msec

;; SERVER: 4.2.2.2#53(4.2.2.2)

;; WHEN: Wed May 18 09:26:27 2011

;; MSG SIZE  rcvd: 49



[root@vps ~]#dig -x [IPAdress]



; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> -x [IPAdress]

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56762

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0



;; QUESTION SECTION:

;[ReverseIPAdress].in-addr.arpa.    IN      PTR



;; ANSWER SECTION:

[ReverseIPAdress].in-addr.arpa. 1175 IN      PTR    mail.[domain].com.



;; Query time: 2 msec

;; SERVER: 4.2.2.2#53(4.2.2.2)

;; WHEN: Wed May 18 09:26:31 2011

;; MSG SIZE  rcvd: 72



[root@vps ~]#

Fixed:

Problem was the SOA record, that was pointing to a non-existing subdomain.
I had changed that yesterday but didn't try since then. Above output shows the already corrected version.

I am able to send OK now to the domain that was causing issues.

Quote:

Originally Posted by WojtekO (Post 4360210)

Thanks for taking the time to post what was wrong.
We missed the obvious "Has anything changed recently?" question.