Well, after 2 days of trying to get this to work, I give up and I hope you guys can help me. I seem to have everything working, TLS, SALS, etc. I have courier-imap that works well too (running ubuntu gusty). I can receive emails fine and I can send email fine to gmail, yahoo, etc. but NOT all servers. From some servers I get: Code: host SOME_DOMAIN.com[SOME_IP] said: 550-Verification failed for <[email protected]> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command) From mail.log Code: ar 30 01:42:39 dimitry postfix/smtp[5732]: 950D21D86A5: to=<USER@SOME_DOMAIN.com>, relay= SOME_DOMAIN.com[SOME_IP]:25, delay=3.5, delays=0.09/0/2.2/1.1, dsn=5.0.0, status=bounced (host SOME_DOMAIN.com[SOME_IP] said: 550-Verification failed for <[email protected]> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command)) Domain name is 'arrivalalert.com' and DNS config SEEMS to be proper, though I'm fairly new to this. /etc/postfix/main.cf Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # TLS parameters smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt smtpd_tls_key_file = /etc/ssl/private/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.arrivalalert.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mail.arrivalalert.com, localhost.arrivalalet.com, localhost.localdomain, localhost, arrivalalert.com relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom home_mailbox = Maildir/ mailbox_command = /etc/hosts Code: 127.0.0.1 localhost localhost.localdomain 209.20.64.86 mail.arrivalalert.com mail telnet localhost 25 Code: Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.arrivalalert.com ESMTP Postfix (Ubuntu) ehlo localhost 250-mail.arrivalalert.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN dig arrivalalert.com mx Code: ; <<>> DiG 9.4.1-P1 <<>> arrivalalert.com mx ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11855 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;arrivalalert.com. IN MX ;; ANSWER SECTION: arrivalalert.com. 3596 IN MX 0 mail.arrivalalert.com. ;; Query time: 2 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sat Mar 29 17:08:53 2008 ;; MSG SIZE rcvd: 55 dig -x 209.20.64.86 Code: ; <<>> DiG 9.4.1-P1 <<>> -x 209.20.64.86 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14766 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;86.64.20.209.in-addr.arpa. IN PTR ;; ANSWER SECTION: 86.64.20.209.in-addr.arpa. 86400 IN PTR mail.arrivalalert.com. ;; Query time: 600 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sat Mar 29 17:09:41 2008 ;; MSG SIZE rcvd: 78 Any ideas? Thank you so much
I am guessing the account noreply does not exist on your server, as the remote server is trying to verify that the sender address exists but since it does not thats why you get the 550
It does exist though as I can login and check that account. I created a unix user called 'noreply', 'abuse' and some other ones, so I definitely know they exist. In fact, bounced emails are found in noreply's Inbox. This is really confusing...
The domain and site are brand new. So is the VPS box I got for it (SliceHost). I'm wondering if I didn't setup DNS properly since its my first time messing around with that. Here's a copy from everydns.net: Code: arrivalalert.com A 209.20.64.86 3600 [delete] arrivalalert.com NS ns1.slicehost.net 3600 [delete] arrivalalert.com NS ns2.slicehost.net 3600 [delete] arrivalalert.com NS ns3.slicehost.net 3600 [delete] arrivalalert.com MX mail.arrivalalert.com 0 3600 [delete] mail.arrivalalert.com A 209.20.64.86 3600 [delete] www.arrivalalert.com CNAME arrivalalert.com 3600 [delete]
Important observation. As soon as I send an email to that server that always fails, this is what I see in the log a second later (in between outgoing email and bounced email coming back) Mar 30 07:44:55 dimitry postfix/smtp[6575]: certificate verification failed for SOME_DOMAIN.com: num=18:self signed certificate So it tries to ping my server to see if 'noreply' account exists, but it doesn't pass certificate checks and gets cut off. What configuration in Postfix makes cert verification necessary? Thanks for your help!
Unfortunately, that didn't work. Here's the full log from start of sending message to the bounce Code: Mar 30 21:52:57 dimitry postfix/smtpd[7025]: connect from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS] Mar 30 21:52:57 dimitry postfix/smtpd[7025]: setting up TLS connection from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS] Mar 30 21:52:57 dimitry postfix/smtpd[7025]: TLS connection established from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Mar 30 21:52:57 dimitry postfix/smtpd[7025]: 84E251D86B2: client=c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS], sasl_method=PLAIN, sasl_username=noreply Mar 30 21:52:57 dimitry postfix/cleanup[7029]: 84E251D86B2: message-id=<[email protected]> Mar 30 21:52:57 dimitry postfix/qmgr[7005]: 84E251D86B2: from=<[email protected]>, size=682, nrcpt=1 (queue active) Mar 30 21:52:57 dimitry postfix/smtpd[7031]: connect from localhost[127.0.0.1] Mar 30 21:52:57 dimitry postfix/smtpd[7025]: disconnect from c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS] Mar 30 21:52:57 dimitry postfix/smtp[7030]: discarding EHLO keywords: 8BITMIME STARTTLS Mar 30 21:52:57 dimitry postfix/smtpd[7031]: BF3901D86B3: client=c-IP-ADDRESS.hsd1.ca.comcast.net[IP-ADDRESS] Mar 30 21:52:57 dimitry dkimproxy.out[2368]: DKIM signing - signed; message-id=<[email protected]>, signer=<[email protected]>, from=<[email protected]> Mar 30 21:52:57 dimitry postfix/cleanup[7029]: BF3901D86B3: message-id=<[email protected]> Mar 30 21:52:57 dimitry postfix/qmgr[7005]: BF3901D86B3: from=<[email protected]>, size=1643, nrcpt=1 (queue active) Mar 30 21:52:57 dimitry postfix/smtp[7030]: 84E251D86B2: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10027, delay=0.39, delays=0.22/0.02/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as BF3901D86B3) Mar 30 21:52:57 dimitry postfix/smtpd[7031]: disconnect from localhost[127.0.0.1] Mar 30 21:52:57 dimitry postfix/qmgr[7005]: 84E251D86B2: removed Mar 30 21:53:00 dimitry postfix/smtp[7032]: certificate verification failed for domain.com: num=18:self signed certificate Mar 30 21:53:02 dimitry postfix/smtp[7032]: BF3901D86B3: to=<[email protected]>, relay=domain.com[THEIR-IP-ADDRESS]:25, delay=5, delays=0.09/0.01/2.2/2.6, dsn=5.0.0, status=bounced (host domain.com[THEIR-IP-ADDRESS] said: 550-Verification failed for <[email protected]> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command)) Mar 30 21:53:02 dimitry postfix/cleanup[7029]: C16361D86B5: message-id=<[email protected]> Mar 30 21:53:02 dimitry postfix/qmgr[7005]: C16361D86B5: from=<>, size=3740, nrcpt=1 (queue active) Mar 30 21:53:02 dimitry postfix/bounce[7033]: BF3901D86B3: sender non-delivery notification: C16361D86B5 Mar 30 21:53:02 dimitry postfix/qmgr[7005]: BF3901D86B3: removed Mar 30 21:53:02 dimitry postfix/local[7034]: C16361D86B5: to=<[email protected]>, relay=local, delay=0.09, delays=0.03/0.01/0/0.05, dsn=2.0.0, status=sent (delivered to maildir) Mar 30 21:53:02 dimitry postfix/qmgr[7005]: C16361D86B5: removed Some interesting lines: dimitry postfix/smtp[7032]: certificate verification failed for domain.com: num=18:self signed certificate dimitry postfix/smtp[7032]: BF3901D86B3: to=<[email protected]>, relay=domain.com[64.22.83.117]:25, delay=5, delays=0.09/0.01/2.2/2.6, dsn=5.0.0, status=bounced (host domain.com[64.22.83.117] said: 550-Verification failed for <[email protected]> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command)) Thank you Dimitry
Wow, ok, finally figured it out. Our domain used to be hosted on the server I was trying to send an email to. We moved it to the new box, updated the DNS, but never actually deleted the account on that old hosting account (on which my buddy's other site and email ([email protected]) are hosted). I guess the receiving server was getting confused and was trying to verify if 'noreply' account exists on the old server. GRRRR So sorry guys. At least I got a chance to learn what every single configuration does in Postfix! Thanks for helping me out.
