E-Mail pb with postfix
Since few days I've got some strange (to me) messages when I send e-mails.
I've got a Linux box with Postfix configured. When I send mail to recipients sometimes I've got this return messages : This is the Postfix program at host mydomain.com. > > I'm sorry to have to inform you that the message returned below could > not be delivered to one or more destinations. > > For further assistance, please send mail to <postmaster> > > If you do so, please include this problem report. You can delete your > own text from the message returned below. > > The Postfix program > > <xxxxx@noos.fr>: host mx.noos.fr[xxxxx] said: 550 > <APuteaux-xxx-1-1-16.w217-xxx.abo.wanadoo.fr[xxxxxx]>: > Client host > rejected: Utilisez le serveur smtp de votre FAI (in reply to RCPT TO > command) > The message in French says : Use the SMTP server of your ISP (in reply to RCPT TO command) Some @ which was OK last month are not OK this month. I wonder if it is not antispams or something like this. If someone got an idea of what happen... and how to bypass this problem ? |
No idea
|
That error message is pretty clear, isn't it? It tells you to use your ISP's smtp server rather than your own. This is common practice on most all well configured mail servers: They do not accept mail from dial-up IPs. They do a reverse lookup of your IP address and find it in the range of some dhcp pool. That's reason enough to not accept mail from it.
Configure you postfix to use your ISP mail server as a relay and you'll be fine. |
Quote:
Is it the right command (relayhost=smtp.wanadoo.fr) in main.cf configuration file or is there another configuration to add ? Other thing, my Linux box is a server with fixed IP address, postfix as mail server, a DNS with an MX record in it. So I don't understand why it goes wrong on certain smtp server only (club-internet for example). thank's in advance |
The reverse lookup apparently gives APuteaux-xxx-1-1-16.w217-xxx.abo.wanadoo.fr which to me looks like dial-up. Static IP or not. Just because you run a DNS server on your box doesn't mean the whole internet can see it. Your ISP most certainly doesn't forward DNS queries to its customer's computers. You will have to contact your ISP if you think that your contract with them includes DNS MX entries and the such.
As for the relaying not working: They probably use smtp auth. I don't know the config option to authenticate to the relayhost in postfix but I'm sure it's possible. exim does it. |
Quote:
Thank's in advance |
Quote:
Ok, now for something that's actually helpful: THE major resource for postfix is, of course, www.postfix.org. They've got good docs there and a mailng list. smtp auth is a way of authenticating a client at smtp time. It was slapped on the smtp protocol description when the internet turned from a geek playground into a seriously hostile environment and spam became a problem. Just as with pop or imap you provide a username and password before the server accepts your connection. Every MUA (mail user agent like kmail, evolution, etc) is capable of this protocol extension. Now in your setup postfix acts as a mail client requesting to send mail to a server. Now how does postfix do that? Mind you that I don't use postfix. So what follows is just what I gathered by skimming through the docs. The relayhost config option is ok what you need is to tell postfix to supply a username and password when talking to that relayhost. To do this enable smtp auth (in main.cf): smtpd_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_passwd The file /etc/postfix/smtp_passwd could look like this: smtp.isp.org username:password Run postmap /etc/postfix/smtp_passwd after you crated the password file. (And you might want to set the permission to 600 and make the postfix user the owner of that file since it contains clear text passwords.) To have your own subnet be able to send mail through this server without authenticating be sure to add it to the mynetworks variable. Now you have to probably reload postfix and maybe it works. |
I try this immediatly.
Thank's a lot |
Quote:
<jm.collin@laposte.net>: host smtp.wanadoo.fr[193.252.22.81] said: 550 <jm.collin@laposte.net>: Recipient address rejected: Relaying not allowed (in reply to RCPT TO command) There is no mistake in main.cf configuration file, and no errors in /var/log/messages. The login/passwd in smtp_passwd file is the login and password of a valid account in the smtp server of wanadoo. What about pop_before_smtp ? I've read that it could be a solution, but I don't know how to tell postfix to do a pop before each smtp request. If you can help me..... |
For information :
My main.cf : # 17/07/2004 - JMC test de relaying relayhost = smtp.wanadoo.fr smtpd_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_passwd My smtp_passwd : smtp.wanadoo.fr mylogin:mypassword |
I just checked: smtp.wanadoo.fr doesn't support smtp auth:
Code:
demian@dirac:~$ telnet smtp.wanadoo.fr 25 Can you send it directly from your MUA when you enter smtp.wanadoo.fr as smtp server? |
Quote:
The problem is that this is a (small) enterprise server not for my personnal use. And I'm supposed to be the administrator.... I will check if there is a solution with my (fucking) ISP. Thank's a lot for all your time ... |
Well if you're not sending mail as @wanadoo.fr (for instance, if you're using @mydomain) then smtp.wanadoo.fr will not relay it of course (it's not their domain name so that would be an open relay!).
Now, the reverse DNS check is extremely stupid since there are several reasons why even well-configured and standards-complying servers would be sending from a domain that doesn't match their reverse DNS. Chief among those reasons is that the DNS structure will only allow one PTR record for each IP, but a single SMTP server can handle thousands of e-mail domains. What you can do in this case (assuming you have only one domain) is to call your ISP and ask them to change the PTR for your IP to be *.yourdomain or at least somehost.yourdomain. Another thing to do would be to do a whois lookup on each of the domains that is rejecting your e-mail and get the phone number and/or e-mail address of their technical contact. Get in contact with the administrator on the other side and let them know that using simple reverse DNS checks to block e-mail results in a massive amount of false positives. Tell them there are plenty of commercial and free solutions that will both do a much better job of stopping spam, and block far, far less good e-mail. |
Thank's for all informations.
I will try to contact the admin of smtp mail server doing reverse DNS check. |
All times are GMT -5. The time now is 07:38 PM. |