I am setting up a mail server with Postfix and bump my head about an issue since a few days.
Issue:
Testing with Telnet: ------------------------------------ % telnet mail.thetradinghall.com 587 Trying MyPublicIp... Connected to mail.thetradinghall.com. Escape character is '^]'. 220 poppy.thetradinghall.com ESMTP Postfix (3.0.3) mail from:arnaud.gaboury@thetradinghall.com 503 5.5.1 Error: send HELO/EHLO first HELO thetradinghall.com 250 poppy.thetradinghall.com mail from:arnaud.gaboury@thetradinghall.com 250 2.1.0 Ok rcpt to:arnaud.gaboury@thetradinghall.com 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> . 250 2.0.0 Ok: queued as 17E4224F2B quit 221 2.0.0 Bye Connection closed by foreign host. ----------------------------
This is a virtual user, he is recognized. fine. I can see the emails in the virtual mailbox.
$ journactl --unit postfix -r -------------------------------------------- Feb 09 12:00:19 poppy postfix/smtpd[347]: disconnect from unknown [MyPublicIp] helo=1 mail=1 Feb 09 12:00:16 poppy postfix/qmgr[204]: 17E4224F2B: MyPublicIpfrom=arnaud.gaboury@thetradinghall.com, Feb 09 12:00:16 poppy postfix/cleanup[363]: 17E4224F2B: message-id=<> Feb 09 12:00:09 poppy postfix/smtpd[347]: 17E4224F2B: client=unknown[MyPublicIp] Feb 09 11:59:19 poppy postfix/smtpd[347]: connect from unknown[MyPublicIp] Feb 09 11:59:19 poppy postfix/smtpd[347]: warning: hostname dsldevice.lan does not resolve to a Feb 09 11:57:36 poppy systemd[1]: Started Postfix Mail Transport Agent. ---------------------------------------------
*************** Now trying to an external user:
% telnet mail.thetradinghall.com 587 ---------------------------------------- .............. email from:arnaud.gaboury@thetradinghall.com 502 5.5.2 Error: command not recognized mail from:arnaud.gaboury@thetradinghall.com 250 2.1.0 Ok rcpt to:arnaud.gaboury@gmail.com 454 4.7.1 arnaud.gaboury@gmail.com: Relay access denied ---------------------------------------------------------------------------
$ journactl --unit postfix -r ---------------------------------------- Feb 09 13:47:05 poppy postfix/smtpd[1518]: NOQUEUE: reject: RCPT from unknown[MyPublicIp]: 454 4.7.1 arnaud.gaboury@gmail.com: Relay access denied; from=<arnaud.gaboury@thetradinghall.com Feb 09 13:46:02 poppy postfix/smtpd[1518]: connect from unknown[MyPublicIp] Feb 09 13:46:02 poppy postfix/smtpd[1518]: warning: hostname dsldevice.lan does not resolve to address MyPublicIp
***********************
After some reading, I came to the conclusion I did not setup any PTR record. hostname dsldevice.lan is in fact my gateway (168.192.1.254).
Some debugging commands:
----------------------------------- % host MyPublicIp MyPublicIp.in-addr.arpa domain name pointer dsldevice.lan. <<<< here I should see thetradinghall.com ??
% host thetradinghall.com thetradinghall.com has address MyPublicIp
% dig thetradinghall.com ............................ ;; ANSWER SECTION: mail.thetradinghall.com. 6632 IN A MyPublicIp
;; AUTHORITY SECTION: thetradinghall.com. 85556 IN NS ns4.he.net. thetradinghall.com. 85556 IN NS ns3.he.net. thetradinghall.com. 85556 IN NS ns5.he.net.
% dig -x thetradinghall.com ..................... ;; AUTHORITY SECTION: in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2015072880 1800 900 604800 3600
% dig -x MyPublicIp ;; Warning: Message parser reports malformed message packet. <<<< Problem here ? --------------------------------------
***********************
About the setup: a router, one Linux distro as host (no server at all, inet 192.168.1.87/24 brd 192.168.1.255 scope global br0) with a virtual bridge to a container, another linux distro with all internet services (http, ftp, mail etc) as 192.168.1.94/24
some netwrok parameters:
---------------------------------------------- gateway 192.168.1.254 $ ip a ----------------- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo ................................. 2: host0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.1.94/24 brd 192.168.1.255 scope global host0
***********************************************
When looking at my DNS provider (Hurricane Electric), I effectively have no PTR record. I must set one but honestly, I am far from understanding everything about PTR.
Thank you for help and hints.
On 2/9/2016 8:14 AM, arnaud gaboury wrote:
When looking at my DNS provider (Hurricane Electric), I effectively have no PTR record. I must set one but honestly, I am far from understanding everything about PTR.
The only people who can set up a PTR record are those who work for your ISP. You have to contact them and tell then to point your IP address to the domain that accepts incoming email.
Tom
On Tue, Feb 9, 2016 at 2:34 PM, Tom Rivers tom@impact-crater.com wrote:
On 2/9/2016 8:14 AM, arnaud gaboury wrote:
When looking at my DNS provider (Hurricane Electric), I effectively have no PTR record. I must set one but honestly, I am far from understanding everything about PTR.
The only people who can set up a PTR record are those who work for your ISP. You have to contact them and tell then to point your IP address to the domain that accepts incoming email.
Well, looking at my DNS provider home page, I have an entry to add PTR. Furthermore, from HE FAQ[0]:
<You should note that you can further sub-delegate your IPs by whatever means you wish, assuming you wish to do so at all. This page is meant only to explain how our delegation works with you, our direct customer.>
Am I wrong to think I can do it with my DNS provider ?
[0]http://faq.he.net/index.php/Reverse_DNS
Tom
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 2/9/2016 8:57 AM, arnaud gaboury wrote:
Well, looking at my DNS provider home page, I have an entry to add PTR. Furthermore, from HE FAQ[0]:
<You should note that you can further sub-delegate your IPs by whatever means you wish, assuming you wish to do so at all. This page is meant only to explain how our delegation works with you, our direct customer.>
Am I wrong to think I can do it with my DNS provider ?
I went through this same issue with my ISP and they said they had to be the ones to change it. I also originally read about PTR records here:
http://aplawrence.com/Blog/B961.html
According to the link you provided, it appears your ISP actually lets you make the change yourself. If that's the case, then you're all set. :)
Tom
On Tue, Feb 9, 2016 at 5:40 PM, Tom Rivers tom@impact-crater.com wrote:
On 2/9/2016 8:57 AM, arnaud gaboury wrote:
Well, looking at my DNS provider home page, I have an entry to add PTR. Furthermore, from HE FAQ[0]:
<You should note that you can further sub-delegate your IPs by whatever means you wish, assuming you wish to do so at all. This page is meant only to explain how our delegation works with you, our direct customer.>
Am I wrong to think I can do it with my DNS provider ?
I went through this same issue with my ISP and they said they had to be the ones to change it. I also originally read about PTR records here:
Thank you for the link. After more readings, it seems my ISP only has to do the reverse setup. I contacted them and waiting now for some news. You know, ISP...
TY for your answers.
According to the link you provided, it appears your ISP actually lets you make the change yourself. If that's the case, then you're all set. :)
Tom
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 02/09/16 21:14, arnaud gaboury wrote:
Now trying to an external user:
% telnet mail.thetradinghall.com 587
.............. email from:arnaud.gaboury@thetradinghall.com 502 5.5.2 Error: command not recognized mail from:arnaud.gaboury@thetradinghall.com 250 2.1.0 Ok rcpt to:arnaud.gaboury@gmail.com 454 4.7.1 arnaud.gaboury@gmail.com: Relay access denied
$ journactl --unit postfix -r
Feb 09 13:47:05 poppy postfix/smtpd[1518]: NOQUEUE: reject: RCPT from unknown[MyPublicIp]: 454 4.7.1 arnaud.gaboury@gmail.com: Relay access denied; from=<arnaud.gaboury@thetradinghall.com Feb 09 13:46:02 poppy postfix/smtpd[1518]: connect from unknown[MyPublicIp] Feb 09 13:46:02 poppy postfix/smtpd[1518]: warning: hostname dsldevice.lan does not resolve to address MyPublicIp
After some reading, I came to the conclusion I did not setup any PTR record. hostname dsldevice.lan is in fact my gateway (168.192.1.254).
I doubt the problem is the lack of a PTR record.
If you tried the reverse, "mail from xxx@gmail.com" to someone@thetradinghall.com chances are it would work.
The error message you are getting is "Relay access denied". This is normally a good thing since if the mail server is facing the Internet you'd have what is known as an "open relay" which spammers use and would get you blacklisted.
I've not worked with postfix or sendmail for quite some time. Most recently I worked with another MTA which had a concept of "Trusted Domains". One could define a domain or a range of IP addresses where relaying would be allowed. I don't know if postfix has that sort of configuration option.
The other option, and the best one if you plan to use the server as your SMTP host when traveling or outside the local network, is to configure your system for SMTP AUTH. With SMTP AUTH a user authenticates to the server and then is allow to send mail anywhere.
On 02/10/16 07:29, Ed Greshko wrote:
I don't know if postfix has that sort of configuration option.
Actually, I would start here to check my configuration. Links found on this page http://www.postfix.org/SMTPD_ACCESS_README.html point to postfix having configuration options such as smtpd_relay_restrictions.
On 10Feb2016 07:47, Ed Greshko ed.greshko@greshko.com wrote:
On 02/10/16 07:29, Ed Greshko wrote:
I don't know if postfix has that sort of configuration option.
Actually, I would start here to check my configuration. Links found on this page http://www.postfix.org/SMTPD_ACCESS_README.html point to postfix having configuration options such as smtpd_relay_restrictions.
Start with mynetworks in main.cf. See postconf(5).
Cheers, Cameron Simpson cs@zip.com.au
On Wed, Feb 10, 2016 at 12:29 AM, Ed Greshko ed.greshko@greshko.com wrote:
On 02/09/16 21:14, arnaud gaboury wrote:
Now trying to an external user:
% telnet mail.thetradinghall.com 587
.............. email from:arnaud.gaboury@thetradinghall.com 502 5.5.2 Error: command not recognized mail from:arnaud.gaboury@thetradinghall.com 250 2.1.0 Ok rcpt to:arnaud.gaboury@gmail.com 454 4.7.1 arnaud.gaboury@gmail.com: Relay access denied
$ journactl --unit postfix -r
Feb 09 13:47:05 poppy postfix/smtpd[1518]: NOQUEUE: reject: RCPT from unknown[MyPublicIp]: 454 4.7.1 arnaud.gaboury@gmail.com: Relay access denied; from=<arnaud.gaboury@thetradinghall.com Feb 09 13:46:02 poppy postfix/smtpd[1518]: connect from unknown[MyPublicIp] Feb 09 13:46:02 poppy postfix/smtpd[1518]: warning: hostname dsldevice.lan does not resolve to address MyPublicIp
After some reading, I came to the conclusion I did not setup any PTR record. hostname dsldevice.lan is in fact my gateway (168.192.1.254).
I doubt the problem is the lack of a PTR record.
If you tried the reverse, "mail from xxx@gmail.com" to someone@thetradinghall.com chances are it would work.
You are right. Sending emails from outside works.
The error message you are getting is "Relay access denied". This is normally a good thing since if the mail server is facing the Internet you'd have what is known as an "open relay" which spammers use and would get you blacklisted.
I've not worked with postfix or sendmail for quite some time. Most recently I worked with another MTA which had a concept of "Trusted Domains". One could define a domain or a range of IP addresses where relaying would be allowed. I don't know if postfix has that sort of configuration option.
I will have a closer look at the relay settings. TY
The other option, and the best one if you plan to use the server as your SMTP host when traveling or outside the local network, is to configure your system for SMTP AUTH. With SMTP AUTH a user authenticates to the server and then is allow to send mail anywhere.
-- In reality, some people should stick to running Windows and others should stay away from computers altogether.
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Allegedly, on or about 09 February 2016, arnaud gaboury sent:
When looking at my DNS provider (Hurricane Electric), I effectively have no PTR record. I must set one but honestly, I am far from understanding everything about PTR.
Unless you have a unique IP, one that's always assigned solely to you, your ISP is unlikely to set a PTR record for you. Usually, they share addresses, one way or another (e.g. dynamic IPs) between their users, and PTRs point to their own hostnames.
On Wed, Feb 10, 2016 at 6:32 AM, Tim ignored_mailbox@yahoo.com.au wrote:
Allegedly, on or about 09 February 2016, arnaud gaboury sent:
When looking at my DNS provider (Hurricane Electric), I effectively have no PTR record. I must set one but honestly, I am far from understanding everything about PTR.
Unless you have a unique IP, one that's always assigned solely to you,
That is the case. My IP is fixed and dedicated to me.
your ISP is unlikely to set a PTR record for you. Usually, they share addresses, one way or another (e.g. dynamic IPs) between their users, and PTRs point to their own hostnames.
-- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64
Boilerplate: All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I only get to see the messages posted to the mailing list.
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-
arnaud gaboury -
Cameron Simpson -
Ed Greshko -
Joe Zeff -
Tim -
Tom Rivers