Linode Forum
https://forum.linode.com/

postfix 'Sender address rejected: Domain not found' error
https://forum.linode.com/viewtopic.php?f=11&t=7249		 Page 1 of 1
Author:  crazyfruitbat [ Tue Jun 14, 2011 10:28 am ]
Post subject:  postfix 'Sender address rejected: Domain not found' error
Hi guys, I have had postfix installed a while and this week I put on webmin and it was then I realised the logs on my email are nuts. I had a few reports of mail not going out from my forums and now I see why.


Jun 14 22:52:05 servername postfix/smtp[4729]: EAB4E18309: to=<user@usersemailaddress.co.uk>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=351540, delays=351537/1.6/0.99/0.21, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@servername.myurl.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))

Jun 14 22:55:25 servername postfix/scache[4727]: statistics: start interval Jun 14 22:52:04
Jun 14 22:55:25 servername postfix/scache[4727]: statistics: domain lookup hits=0 miss=8 success=0%
Jun 14 22:55:25 servername postfix/scache[4727]: statistics: address lookup hits=8 miss=8 success=50%
Jun 14 22:55:25 servername postfix/scache[4727]: statistics: max simultaneous domains=1 addresses=1 connection=8
Jun 14 23:02:47 servername dovecot: IMAP(me@myurl.com): Disconnected for inactivity bytes=54/679
Jun 14 23:02:49 servername dovecot: IMAP(me@myurl.com): Disconnected for inactivity bytes=291/998

obviously I've taken out the sensitive data - but I have 2000ish messages like that over the period of a day.

I have no idea what its about or how to fix it but it seems like it's mainly from one user and my forum keeps trying to pump out the emails to him.

I also get security warnings on my own email too - it always tells me that my own email is an untrusted source, was there something in the setup that wasn't right?

Any advice would be helpful, I am still learning this stuff from scratch
Author:  obs [ Tue Jun 14, 2011 11:01 am ]
Post subject: 
Well hiding "sensitive" information makes it pretty much impossible to diagnose.

Sender address rejected: Domain not found probably means that the address you're sending from doesn't have DNS records (or postfix can't resolve it)
Author:  crazyfruitbat [ Tue Jun 14, 2011 11:24 am ]
Post subject: 
thanks for the quick reply -

The only thing I censored was the user's email address and my server name really.

Thanks for the hint on the DNS records, I have set them up on the linode DNS manager and I have MX records for the mail.

Do you happen to know where the best place would be to check this?
Author:  Stever [ Tue Jun 14, 2011 1:08 pm ]
Post subject: 
The receiving system is telling you that it can't find the domain of the sending email address. Most likely it is a postfix system and you are failing the following:
Quote:
reject_unknown_sender_domain
Reject the request when Postfix is not final destination for the sender address, and the MAIL FROM address has no DNS A or MX record, or when it has a malformed MX record such as a record with a zero-length MX hostname

So look up the domain you are trying to send from and see if it has an A or MX record. Make sure all the nameservers are responding correctly. Sometimes this kind of problem is on the receiving end and there is nothing you can do about it.
Or you could have NOT hidden all the relevant details and lots of helpful people would have checked it all out already - if you don't give details with these kind of questions all you are going to get are guesses.
Author:  obs [ Tue Jun 14, 2011 1:09 pm ]
Post subject: 
Ping servername.myurl.com if it fails then your DNS is broken.

Also check the contents of /etc/hosts and /etc/hostname
Author:  crazyfruitbat [ Tue Jun 14, 2011 7:06 pm ]
Post subject: 
Thanks guys, I'll be honest, I've been doing this since Feb from scratch and half of that time I've been dealing with earthquakes and nuclear disasters (I live in Japan) and so I'm not very clued up if something is a security risk or not. I really do appreciate the help.

Here are the first 20 lines from my mail log un-edited

Code:
Jun 15 07:01:52 skynet postfix/smtp[13016]: D5A2018085: to=<graeme@gardenevolution.co.uk>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=214512, delays=214509/1.8/0.91/0.16, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13020]: 4A9EE18089: to=<graeme@gardenevolution.co.uk>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=182154, delays=182151/1.8/0.94/0.16, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13015]: 8363F18086: to=<graeme@gardenevolution.co.uk>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=182378, delays=182375/1.8/0.95/0.17, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13023]: DA032181D3: to=<graeme@gardenevolution.co.uk>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=367181, delays=367178/1.8/0.91/0.16, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13022]: D2B251830B: to=<graeme@gardenevolution.co.uk>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=285106, delays=285103/1.8/0.94/0.17, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13014]: D098118084: to=<graeme@gardenevolution.co.uk>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=206142, delays=206139/1.8/0.93/0.16, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13016]: EAB4E18309: host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Jun 15 07:01:52 skynet postfix/smtp[13024]: 6C73B181D0: host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Jun 15 07:01:53 skynet postfix/smtp[13016]: EAB4E18309: to=<graeme@gardenevolution.co.uk>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=3, delay=380927, delays=380923/3/0.61/0.16, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:53 skynet postfix/smtp[13024]: 6C73B181D0: to=<graeme@gardenevolution.co.uk>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=3, delay=383607, delays=383603/3/0.94/0.17, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:54 skynet postfix/smtp[13017]: 0A1FC181D4: host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Jun 15 07:01:55 skynet postfix/smtp[13018]: 702411830A: host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Jun 15 07:01:55 skynet postfix/smtp[13017]: 0A1FC181D4: to=<graeme@gardenevolution.co.uk>, relay=mx2.ukservers.net[217.10.138.227]:25, delay=381140, delays=381133/0.03/6.3/0.18, dsn=4.1.8, status=deferred (host mx2.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:55 skynet postfix/smtp[13018]: 702411830A: to=<graeme@gardenevolution.co.uk>, relay=mx2.ukservers.net[217.10.138.227]:25, delay=374125, delays=374119/0.04/6.5/0.16, dsn=4.1.8, status=deferred (host mx2.ukservers.net[217.10.138.227] said: 450 4.1.8 <www-data@skynet.pixelatedphotographer.com>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:05:16 skynet postfix/scache[13021]: statistics: start interval Jun 15 07:01:51
Jun 15 07:05:16 skynet postfix/scache[13021]: statistics: domain lookup hits=1 miss=7 success=12%
Jun 15 07:05:16 skynet postfix/scache[13021]: statistics: address lookup hits=8 miss=7 success=53%
Jun 15 07:05:16 skynet postfix/scache[13021]: statistics: max simultaneous domains=1 addresses=1 connection=7
Jun 15 07:36:25 skynet dovecot: imap-login: Login: user=<chris@pixelatedphotographer.com>, method=PLAIN, rip=126.223.115.46, lip=173.230.147.71, TLS
Jun 15 07:36:25 skynet dovecot: imap-login: Login: user=<amazon@pixelatedphotographer.com>, method=PLAIN, rip=126.223.115.46, lip=173.230.147.71, TLS


The Hosts file shows this:
127.0.0.1 localhost.localdomain localhost
173.230.147.71 skynet.pixelatedphotographer.com skynet


# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

and the hostname just has: skynet

Pinging the server gave results and no errors


Edit, I forgot to add these:
As for the DNS settings I have mail.pixelatedphotographer.com set up as the MX records. Though for the A/AAAA Records I just have 'mail' and 'www' - am I gathering these need to be set at as mail.pixelatedphotographer.com too? and www to the pixelatedphotographer.com ?
Author:  db3l [ Tue Jun 14, 2011 7:19 pm ]
Post subject: 
There does not appear to be any DNS entries for skynet.pixelatedphotographer.com, which is probably what the receiving host is complaining about, since your outbound mail is trying to use an address on that host, which the receiving end then can't resolve/verify.

While you have your host configured locally to be skynet.pixelatedphotographer.com, if you are going to use that hostname in external communications, you should have an A record for it. You do have an A record for pixelatedphotographer.com which is ok to be the same, but that's not the actual host name at the moment.

Another item, though not something necessarily complained about in your logs is that the reverse DNS lookup for your address (173.230.147.71) is currently the default setting, which maps back to a host in the members.linode.com domain. You should use the Linode Manager (on the Remote Access tab) to set up a reverse lookup (PTR record) to match your skynet.pixelatedphotographer.com hostname, since other systems may do a reverse lookup to check the name you are claiming to be.

In the end, you have forward and reverse lookups for skynet.pixelatedphotographer.com using address 173.230.147.71, and an additional A record for the unadorned pixelatedphotographer to the same address.

Oh, and the fact that you have another A record for mail.pixelatedphotographer.com at the same address may or may not cause issues depending on how you use it. The problem is that it's the target of your MX record, but your mail server announces itself as skynet.pixelatedphotographer.com (since that's its configured hostname) which it's possible some systems might not like.

Generally, you want to pick a single canonical hostname, keep forward and reverse DNS in sync, and then use that hostname when identifying the host in most exchanges. So if you wish to stick with skynet, you should probably make that the target of your MX record too. Alternatively, you could configure just your mail system (ala postfix) to use the mail name in all cases - inbound and outbound - but configuring different hostnames for different apps on the same box can get confusing really quickly, and sometimes work imperfectly. One use case that's clearly an exception is mapping lots of names to a single address for use in virtual domain web hosting.

Things used to be a lot looser and there were few problems with different names sharing an address, but paranoia is more often the rule nowadays, especially with mail.

-- David
Author:  crazyfruitbat [ Wed Jun 15, 2011 1:25 am ]
Post subject: 
Thanks David, there is a lot of useful info in there.

When I set up the system, I had no idea what the hostname etc actually meant, I just followed the instructions here on Linode. So I just called it skynet.pixelatedphotographer.com. Does that mean that it would be better for me to take off the skynet in the hosts file? and keep it to the simplest form? Would that have implications for the website running currently?

I have added the following to the list in the DNS manager, does this look ok to you?
Image

I have also changed the reverse name as to skynet.pixelatedphotographer.com as you suggested. It warns of taking a while to change, so I'll come back later on tonight and see if the errors are still happening.

Thanks
Chris
Author:  Stever [ Wed Jun 15, 2011 11:43 am ]
Post subject: 
It looks like you now have things set up correctly from here.

You don't need multiple MX records pointing to the same host though - I'd remove the "mail.blahblah.com" MX record.

And you should look into SPF records.
Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/