Postfix not sending mail

kayasaman · 09-29-2008, 07:40 PM

Hi,

I think it was last week where billymayday and Mr C. helped me out with my DNS server issues and it has been performing brilliantly since then.

On my, what I call domain server (web and mail), however postfix doesnt seem to be able to send any outbound mail at all.

The exact error I'm getting is:

Code:

Sep 30 02:22:42 OptiplexGX270T postfix/smtp[27048]: 3B6CE5AC19: to=<kayasaman@server.optiplex-networks.com>, relay=none, delay=10, delays=0.07/0.01/10/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=server.optiplex-networks.com type=MX: Host not found, try again)

In resolv.conf it is set to use master DNS server from my main server (all fine!) and both dig and nslookup work ok.

I can't understand this unless I need some extra config in the DNS that I don't know about?

I also would like to know if my MX records for local machines are correct in my zone file:

Code:

optiplex-networks.com.    IN      MX      10      mail.optiplex-networks.com.
mail.optiplex-networks.com.              IN      A       192.168.1.50
optiplex-networks.com.   IN      TXT     "v=spf1 ip4:192.168.1.50 a mx ~all"
mail                    IN      TXT     "v=spf1 a -all"
mail.server.optiplex-networks.com.      IN      A       192.168.1.41
@                       IN      MX      10      server.optiplex-networks.com.

So once we have postfix sending again maybe someone can help me with this aswell since Mr C.'s documentation claims to put:

Code:

@      IN         MX        10       domain.com.

while all other places on the net including Cisco documentation for router DNS config with MX records say to put:

Code:

mail.domain.com.       IN        MX       10      domain.com

I am really confused with the conflicting syntax.

Anyway one step at a time Postfix first>

if anyone knows why this is happening I would be really greatful to work on a fix!

Thanks.

racracracrac · 09-29-2008, 08:01 PM

Your problem isn't postfix, its DNS. One of the problems new people to *nix find is that there are more than one way to do anything.

If you run the following command on your server for your domain (server.optiplex-networks.com.) and for linuxquestions.org, you will see the difference. Specifically under the ANSWER section.

dig mx linuxquestions.org.
dig mx server.optiplex-networks.com.

In my dns cfg, I use the following:

domain.com. IN MX 10 mail
mail.domain.com. IN A 123.123.123.123

kayasaman · 09-29-2008, 08:20 PM

Ok but however bare in mind that I only want this domain server.optiplex-networks.com to be mailed by inside computers only which means that I need to tap into my local DNS relay and correct the syntax I'm guessing.

If you did a dig on my domain name you will be reffered to the DNS servers of the place I got the domain from since my DNS server isn't authoritve outside of my local subnet.

If you do an nslookup you will see that the NS names an IP addresses are not ns1.optiplex-networks.com and 81.178..... my WAN IP instead they will be ns1.domains.com or something like that.

So I will try your syntax!

Look up of dig:

Code:

; <<>> DiG 9.3.4-P1.1 <<>> mx server.optiplex-networks.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36935
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;server.optiplex-networks.com.  IN      MX

;; AUTHORITY SECTION:
optiplex-networks.com.  604800  IN      SOA     ns1.optiplex-networks.com. mail.optiplex-networks.com. 2008093005 7200 120 2419200 604800

;; Query time: 54 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 30 03:13:55 2008
;; MSG SIZE  rcvd: 91

This was done for the local domain:

Code:

; <<>> DiG 9.3.4-P1.1 <<>> mx optiplex-networks.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27702
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 3

;; QUESTION SECTION:
;optiplex-networks.com.         IN      MX

;; ANSWER SECTION:
optiplex-networks.com.  604800  IN      MX      10 mail.optiplex-networks.com.
optiplex-networks.com.  604800  IN      MX      10 server.optiplex-networks.com.
;; AUTHORITY SECTION:
optiplex-networks.com.  604800  IN      NS      ns1.optiplex-networks.com.

;; ADDITIONAL SECTION:
mail.optiplex-networks.com. 604800 IN   A       192.168.1.50
server.optiplex-networks.com. 604800 IN A       192.168.1.41
ns1.optiplex-networks.com. 604800 IN    A       192.168.1.51

;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 30 03:14:49 2008
;; MSG SIZE  rcvd: 149

hmm looks like somethings wrong??

As these two lines give the same domain name??

Code:

optiplex-networks.com.  604800  IN      MX      10 mail.optiplex-networks.com.
optiplex-networks.com.  604800  IN      MX      10 server.optiplex-networks.com.

Shouldn't one be server.optiplex-networks.com followed by mail.server.optiplex-networks.com?

Also since everything is 'in house' how do I then get my DNS server to lookup the MX records of other hosts on the internet?

Would I just tie my ISP's DNS servers into the zone file?

kayasaman · 09-29-2008, 08:34 PM

Ok this again doesn't make sense?

This is the zone file now:

Code:

optiplex-networks.com.       IN      NS      ns1.optiplex-networks.com.
optiplex-networks.com.    IN      MX      9      mail
optiplex-networks.com.    IN      A       192.168.1.50
gx110.optiplex-networks.com.    IN     A      192.168.1.51
ns1.optiplex-networks.com.      IN      A       192.168.1.51
www.optiplex-networks.com.      IN      A       192.168.1.50
mail.optiplex-networks.com.              IN      A       192.168.1.50
ftp.optiplex-networks.com.       IN      A       192.168.1.51
mail.gx110.optiplex-networks.com.       IN      A       192.168.1.51
ferrari3200.optiplex-networks.com.      IN      A       192.168.1.5
server.optiplex-networks.com.           IN      A       192.168.1.41
;optiplex-networks.com.   IN      TXT     "v=spf1 ip4:192.168.1.50 a mx ~all"
;mail                    IN      TXT     "v=spf1 a -all"
mail.server.optiplex-networks.com.      IN      A       192.168.1.41
server.optiplex-networks.com.           IN      MX      11      mail.server
gx110.optiplex-networks.com.            IN      MX      10      mail.gx110

So the IN TXT parts have been commented out! Wich since it uses the ~all and -all parts may have been overriding the system?

Anyway so here is the reply from: dig mx server.optiplex-networks.com

Code:

; <<>> DiG 9.3.4-P1.1 <<>> mx server.optiplex-networks.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59834
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;server.optiplex-networks.com.  IN      MX

;; ANSWER SECTION:
server.optiplex-networks.com. 604800 IN MX      11 mail.server.optiplex-networks.com.

;; AUTHORITY SECTION:
optiplex-networks.com.  604800  IN      NS      ns1.optiplex-networks.com.

;; ADDITIONAL SECTION:
mail.server.optiplex-networks.com. 604800 IN A  192.168.1.41
ns1.optiplex-networks.com. 604800 IN    A       192.168.1.51

;; Query time: 1 msec
;; SERVER: 192.168.1.51#53(192.168.1.51)
;; WHEN: Tue Sep 30 03:31:32 2008
;; MSG SIZE  rcvd: 117

and here is postfix answer:

Code:

Sep 30 03:33:15 OptiplexGX270T postfix/smtp[7669]: 1E19C5AC1D: to=<kayasaman@server.optiplex-networks.com>, 
relay=none, delay=10, delays=0.08/0.01/10/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for 
name=server.optiplex-networks.com type=MX: Host not found, try again)

I don't get it!

This happened ever since I swapped using my router as DNS server to my main server.

kayasaman · 09-29-2008, 09:03 PM

Wow this is wierd I restarted Postfix from the init.d script and now it works??

OKKKKK......

But thank you racracracrac for the MX records!

However I do feel that it will go down again? As it seemed to behave like this last time aswell.

Mr. C. · 09-30-2008, 02:15 AM

Kayasaman,

I find it extremely difficult to follow your process, as there are just too many random changes without understanding or validation.

An MX record instructs mail server where to send mail for a domain.
You can ave a single MX for all of optiplex-networks.com pointing to your mail server.

In the first post, you mentioned:

Quote:

So once we have postfix sending again maybe someone can help me with this aswell since Mr C.'s documentation claims to put:
@ IN MX 10 domain.com.

while all other places on the net including Cisco documentation for router DNS config with MX records say to put:

Code:

mail.domain.com. IN MX 10 domain.com

I think you misunderstand @, which is BIND shorthand for the current ORIGIN. So @ must be taken in context to be meaningful.
The first MX RR above says that all mail for the domain in the current ORIGIN should be sent to the host [sic] domain.com.
Your second RR says all mail for the domain (host?) mail.domain.com should be sent to the [sic] host named domain.com. If @
is mail.domain.com, then the two RRs above are the same. If ORIGIN is something other than mail.domain.com, then the two RR's
above are different.

The BIND User Manual will be very informative: http://www.isc.org/sw/bind/arm95/Bv9ARM.pdf

kayasaman · 10-10-2008, 01:38 PM

Thanks again Mr C. sorry just caught your reply!

b8rt · 01-20-2012, 12:37 PM

When postfix was failing to send mail for me with the error "Host or domain name not found.", I was missing the resolver configuration in postfix's chroot. To resolve (pun intended):

Code:

cp /etc/resolv.conf /var/spool/postfix/etc
/etc/init.d/postfix restart

-
bart

kayasaman · 01-20-2012, 12:47 PM

Quote:

I was missing the resolver configuration in postfix's chroot.

This is quite an old post, nice that you found

Yes indeed when running chroot environments, anything needed by the service within the chroot jail would need to be copied into the chroot path.

An example of running Bind9 (DNS service) in chroot environment would be say:

Code:

chroot jail root dir:/var/named

relative directories could be: $ROOT/etc, $ROOT/var $ROOT/lib

meaning that anything that should be in /etc for the service would now be within /var/named/etc/.... or for /var would be in /var/named/var/... relative to the systems main / dir of course.

One could even take this a step further into using the FreeBSD jail environments which give the added extra of devoting a NIC to the jail with it's own IP address and even kernel (Buildworld). Or of course you could just dump it into a Solaris Zone or Container. - that's beside the point though!

Anyway glad the post helped if it did

Regards