0

I'm running Postfix 2.6.6 on CentOS 6 and, as the title of this post states, I'm having an issue with receiving bounced email messages from external sources. Here is an example:

test 1: sent an email from gmail to an invalid email account on "my domain" and received a 550 5.1.1 message from our server. Working as expected.

test 2: sent an internal email from "my domain" to an invalid email account on "my domain" and received a 550 5.1.1 message immediately. Working as expected.

test 3: sent an email from "my domain" to an invalid gmail account and I receive nothing back. Problem.

The concern here is that if one of our employees sends an email to an invalid account and they don't receive any kind of bounce message from the external server, they will believe it has been delivered when, in fact, it was not delivered at all.

Any ideas? Not entirely sure which settings to change on this. Thanks!

postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_destination_recipient_limit = 100
home_mailbox = Maildir/
html_directory = no
inet_protocols = ipv4
initial_destination_concurrency = 3
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 25480000
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost, my.domain.com
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = hash:/etc/postfix/bcc
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit
smtpd_milters = inet:localhost:8891
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unlisted_recipient, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

maillog entry shows:

# grep 5D23C6314E maillog

Nov 12 21:32:47 apache3 postfix/smtpd[29004]: 5D23C6314E: client=S0106c8fb267f18ed.cg.shawcable.net[174.0.76.61], sasl_method=LOGIN, sasl_username=theuser@mydomain.com
Nov 12 21:32:47 apache3 postfix/cleanup[28695]: 5D23C6314E: message-id=<00e801cffefa$d97f9550$8c7ebff0$@user@mydomain.com>
Nov 12 21:32:47 apache3 postfix/qmgr[16105]: 5D23C6314E: from=<theuser@mydomain.com>, size=31705, nrcpt=1 (queue active)
Nov 12 21:32:47 apache3 postfix/smtp[28967]: 5D23C6314E: to=<randomkw092kd982890293982928kdlskd028938random839892@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.28.27]:25, delay=0.83, delays=0.58/0/0.19/0.07, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.28.27] said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 cr1si15800531pdb.30 - gsmtp (in reply to RCPT TO command))
Nov 12 21:32:47 apache3 postfix/qmgr[16105]: 5D23C6314E: removed

master.cf

smtp    inet    n       -       n       -       -       smtpd -o smtpd_sasl_auth_enable=yes
smtps     inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       discard
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
submission      inet    n       -       n       -       -       smtpd -o smtpd_sasl_auth_enable=yes
masegaloeh
  • 17,978
  • 9
  • 56
  • 104
  • Thank you for responding. I posted both and as you can see in the log file we are receiving the correct response from gmail but for some reason postfix is not sending that message back to the sender. Any ideas? – Unkn0wn Canadian Nov 13 '14 at 16:13
  • Post the mail log entries related to the _problem_. – Michael Hampton Nov 13 '14 at 16:38
  • That can't be the only line in the maillog referring to that message, you should see some other lines relating to `postfix/smtp[28967]` – NickW Nov 13 '14 at 17:15
  • Could you post the output of `grep 5D23C6314E maillog`? it will print all the info about message – masegaloeh Nov 13 '14 at 20:15
  • Added the grep info. Any thoughts? – Unkn0wn Canadian Nov 14 '14 at 00:01
  • Well, that's strange.I don't see bounce in maillog (in my gear, it looks like this `Nov 14 03:52:47 lists postfix/bounce[64116]: 3jdw4H1y7yzDFGL: sender non-delivery notification: 3jdw4H24jlzDFK7`) – masegaloeh Nov 14 '14 at 01:02
  • anyway, did this happen to other provider like Yahoo or GMX? In yes, please show the content of `master.cf` too – masegaloeh Nov 14 '14 at 01:03
  • Yeah it happens with any external mail server. For some strange reason the sender isn't getting the necessary bounced email message/notification. I added the master.cf file I hope there is something in some of these settings that needs to change in order to get this working properly. I really appreciate the help! – Unkn0wn Canadian Nov 14 '14 at 03:46

1 Answers1

3

As expected, the problematic line comes from master.cf. Here your culprit

bounce    unix  -       -       n       -       0       discard

And this is the default master.cf content

bounce    unix  -       -       n       -       0       bounce

This change has caused the bounce of failed delivery will be silently discarded. The solution: Replace that line to default one.

I don't know who responsible of this change. Maybe someone who tried to suppress the bounce by following this wrong suggestion :(


Anyway your first and second tests above doesn't involved bounce in your postfix at all. The action is called rejection and it handled by smtpd process.

masegaloeh
  • 17,978
  • 9
  • 56
  • 104