1

I have two separate servers, both running Ubuntu 8.04.

Server 1 has the real domain name of our site, let's refer to it as example.com. Server 2 is a mail server I have setup with postfix/courier. The hostname for this server is mail.example.com.

I've setup iptables on Server 1 to forward all traffic on port 25 to Server 2. I used this script (except I changed the target ip address and the port from 80 to 25).

When I send an email to user@mail.example.com it works. However, when I try to send an email to user@example.com from gmail, I get this error: 550 550 #5.1.0 Address rejected user@example.com (state 14)

/var/log/mail.log shows no new lines when this happens.

What is strange is that it works with telnet from my local machine. For example:

$ telnet example.com 25
220 VO13421.localdomain SMTP Postfix
EHLO example.com
250-VO13421.localdomain
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: me@gmail.com
250 2.1.0 Ok
RCPT TO: user@example.com
250 2.1.5 Ok
data
354 Please start mail input.
hello user... how have you been?
.
250 Mail queued for delivery.
quit
221 Closing connection. Good bye.

/var/log/mail.log shows success (and the email goes to the maildr):

Feb 24 09:47:36 VO13421 postfix/smtpd[2212]: connect from 81.208.68.208.static.dnsptr.net[208.68.xxx.xxx]
Feb 24 09:48:01 VO13421 postfix/smtpd[2212]: warning: restriction `smtpd_data_restrictions' after `permit' is ignored
Feb 24 09:48:01 VO13421 postfix/smtpd[2212]: 65C68120321: client=81.208.68.208.static.dnsptr.net[208.68.xxx.xxx]
Feb 24 09:48:29 VO13421 postfix/smtpd[2212]: warning: restriction `smtpd_data_restrictions' after `permit' is ignored
Feb 24 09:48:29 VO13421 postfix/smtpd[2212]: 6BDFA120321: client=81.208.68.208.static.dnsptr.net[208.68.xxx.xxx]
Feb 24 09:48:29 VO13421 postfix/cleanup[2216]: 6BDFA120321: message-id=
Feb 24 09:48:29 VO13421 postfix/qmgr[2042]: 6BDFA120321: from=, size=395, nrcpt=1 (queue active)
Feb 24 09:48:29 VO13421 postfix/virtual[2217]: 6BDFA120321: to=, relay=virtual, delay=0.28, delays=0.25/0.02/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Feb 24 09:48:29 VO13421 postfix/qmgr[2042]: 6BDFA120321: removed
Feb 24 09:48:30 VO13421 postfix/smtpd[2212]: disconnect from 81.208.68.208.static.dnsptr.net[208.68.xxx.xxx]

iptables -L -n -v --line on example.com yields the following. Anyone know an iptables command to see the port forwarding? Also, it seems to accept all traffic, that's probably bad right? ;]

num   pkts bytes target     prot opt in     out     source               destination
1    14041 1023K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1      338 20722 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 419K packets, 425M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1    13711 2824K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

postconf -n results in:

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps = 
mailbox_size_limit = 0
masquerade_domains = mail.example.com mail1.example.com
masquerade_exceptions = root
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = example.com
readme_directory = no
recipient_delimiter = +
relayhost = 
smtp_helo_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname SMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit smtpd_data_restrictions = reject_unauth_pipelining
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
Community
  • 1
Lightbeard
  • 229
  • 1
  • 5
  • 11

4 Answers4

2

550 550 #5.1.0 Address rejected user@example.com (state 14) is not a postfix message, which would explain the "/var/log/mail.log shows no new lines when this happens."; perhaps you're not connecting where you think you are.

Also, depending on the setting of parent_domain_matches_subdomains, *.example.com will match "example.com" wherever it is configured in postfix.

While user@example.com | user@example.com is a bit weird, we need to see the contents of the virtual_alias_domains and virtual_mailbox_* tables as well.

adaptr
  • 16,479
  • 21
  • 33
1

What is the variable mydestination set to in Server2:/etc/postfix/main.cf? Apart from other issues that you might have, I believe if mydestination includes example.com then mail will be accepted. Please comment or update the question if you need more help.

ΤΖΩΤΖΙΟΥ
  • 1,038
  • 1
  • 10
  • 18
  • didn't help ;\ I've appended the results of `postconf -n` if that is helpful – Lightbeard Feb 25 '10 at 00:59
  • I took a look at the documentation I used to setup postfix (http://flurdy.com/docs/postfix/#config-simple-mta) and it says to leave mydestination blank because "we will be using virtual domains" – Lightbeard Feb 25 '10 at 01:24
  • something else I noticed is that if I send an email to `user@mail.example.com` it works but if I try to send an email to `usr@mail1.example.com` it does not work. Both subdomains point to the same machine, so that leads me to believe there is some reference to `mail.example.com` in the config that needs to be changed to `example.com` – Lightbeard Feb 25 '10 at 01:35
  • Since local_recipient_maps is empty, there are no local mailboxes; mydestination isn't used for delivering mail. – adaptr Mar 12 '12 at 09:00
0

Perhaps there is something wrong with my aliases mysql table?

+------+------------------------+----------------------+---------+
| pkid | mail                   | destination          | enabled |
+------+------------------------+----------------------+---------+
|    1 | postmaster@localhost   | root@localhost       |       1 |
|    2 | sysadmin@localhost     | root@localhost       |       1 |
|    3 | webmaster@localhost    | root@localhost       |       1 |
|    4 | abuse@localhost        | root@localhost       |       1 |
|    5 | root@localhost         | root@localhost       |       1 |
|    6 | @localhost             | root@localhost       |       1 |
|    7 | @localhost.localdomain | @localhost           |       1 |
|    8 | @mail.example.com      | @example.com         |       1 |
|    9 | postmaster@example.com | postmaster@localhost |       1 |
|   10 | abuse@example.com      | abuse@localhost      |       1 |
|   11 | user@example.com       | user@example.com     |       1 |
+------+------------------------+----------------------+---------+
Lightbeard
  • 229
  • 1
  • 5
  • 11
  • I'm able to send to a third domain - `mail1.example.com` - when I add it to the tables. That doesn't go through the iptables of course.. – Lightbeard Feb 25 '10 at 02:22
0

Can you see if the MX record for example.com is correctly set. Because as adaptr says there is no messages for the error coming in /var/log/mail.log.

proy
  • 1,179
  • 8
  • 10