[Postfix] 450 Sender address rejected: Domain not found

pestka · 05-14-2013, 08:53 AM

I am about to migrate my mail system onto another machine. I copied everything there and this is what I started getting when I wanted to send a test mail from gmail -> my server.

Code:

May 14 15:33:18 mailserver postfix/smtpd[1688]: connect from unknown[209.85.160.44]
May 14 15:33:19 mailserver postfix/smtpd[1688]: NOQUEUE: reject: RCPT from unknown[209.85.160.44]: 450 4.1.8 <myaccount@gmail.com>: Sender address rejected: Domain not found; from=<myaccount@gmail.com> to=<peter@myserver.com> proto=ESMTP helo=<mail-pb0-f44.google.com>
May 14 15:33:19 mailserver postfix/smtpd[1688]: disconnect from unknown[209.85.160.44]

From the official postfix documentation I read that 450 code is mostly a temporary DNS error. Strange, as when I do

Quote:

dig gmail.com all

or

Quote:

host -t mx gmail.com

- everything is being resolved correctly. Below, I posted my main.cf, although the configuration is OK (as I have it on another server which is now online and accepting everything correctly). My intention is not to remove the restrictions which cause the problem for that won't resolve them. I would like to find out what causes such a behaviour? How postfix checks other domains' MX entries? Thanks for any tips in advance.

Please find the main.cf below:

Code:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
body_checks =
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
header_checks =
inet_interfaces = all
mail_spool_directory = /maildirs/$USER/
mailbox_size_limit = 0
message_size_limit = 220240000
mydestination = $myhostname, /etc/postfix/virtual/domains, localhost
mydomain = myserver.com
myhostname = myserver.com
mynetworks = ...
myorigin = /etc/mailname
readme_directory = no
receive_override_options = no_address_mappings
recipient_delimiter = +
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = MAIL SERVER
smtpd_client_restrictions =
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_unauth_pipelining, reject_invalid_helo_hostname, permit
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unknown_sender_domain, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unauth_destination, permit
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_hostname_reject_code = 550

Ygrex · 05-15-2013, 03:56 AM

Code:

check_sender_access hash:/etc/postfix/sender_access reject_unknown_sender_domain

if gmail.com in the list?

pestka · 05-16-2013, 03:19 PM

No, it's not. Maybe it is because I've got just 2 ports opened, 25 and 143?

More weird messages are coming though (I'm trying to send mails to gmail):

Code:

May 16 22:17:30 mail postfix/smtp[3835]: 1AB5EE07FF: to=<mygmail@gmail.com>,
 relay=none, delay=382, delays=382/0.02/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. 
Name service error for name=gmail.com type=MX: Host not found, try again)

however I can do dig easily, and everything else!

pestka · 05-16-2013, 03:51 PM

Ok, I have been digging and digging and here's what I found. By the occation thank you other linuxquestioners for helping in resolving issues!

I've just found this thread:
http://www.linuxquestions.org/questi...-found-673177/

The link when you go there, says that apparently my postfix was chrooted and I needed to copy resolv.conf and services to /var/spool/postfix. Now why I used the expression "was chrooted". It is because I did not indicate a chroot installation of postfix. All I did on the new server was yum -y install postfix.

Now knowing that, and having gained some experience I would like to ask you how can I distinguish between a chrooted installation and a regular installation of postfix. Moreover, is that now a standard in Centos? I do not mind security at all, but would be nice to know what is getting installed on your system by default!

Ygrex · 05-17-2013, 12:35 AM

I still do not understand, why the comma is missed between check_sender_access and reject_unknown_sender_domain.
To check if the running process is chrooted you can look at the /proc/<PID>/root symlink