After RCPT TO I get: Recipient address rejected: unverified address: (Access denied)

I have a predominantly sender only ispconfig 3.2.11p1 on RH8 and some local recipient.
Send Email work fine, but none of the local recipient they can receive mail.
I probably have something misconfigured.
If I try send a email this is the result:

Code:

450 4.1.1 <[email protected]>: Recipient address rejected: unverified address: host 127.0.0.1[127.0.0.1] said: 554 5.7.1 <[email protected]>: Recipient address rejected: Access denied (in reply to RCPT TO command)

Note: [email protected] is a local existing recipient used to authenticate sender and on a similar server it can also received local email.

If I try to send emails from the server itself to localhost the email is accepted, it's work

Code:

[root@ispc ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 smtps.local.loc ESMTP Postfix
HELO mydomain.it
250 smtps.local.loc
MAIL FROM: <[email protected]>
250 2.1.0 Ok
RCPT TO: <[email protected]>
250 2.1.5 Ok
quit
221 2.0.0 Bye
Connection closed by foreign host.

But If I try to send emails from the server itself to his public IP I get Access Denied

Code:

[root@ispc ~]# telnet 10.3.21.123 25
Trying 10.3.21.123...
Connected to 10.3.21.123.
Escape character is '^]'.
220 smtps.local.loc ESMTP Postfix
HELO mydomain.it
250 smtps.local.loc
MAIL FROM: <[email protected]>
250 2.1.0 Ok
RCPT TO: <[email protected]>
450 4.1.1 <[email protected]>: Recipient address rejected: unverified address: host 127.0.0.1[127.0.0.1] said: 554 5.7.1 <[email protected]>: Recipient address rejected: Access denied (in reply to RCPT TO command)
quit
221 2.0.0 Bye
Connection closed by foreign host.

What is wrong? what is the best way to debug what is wrong?
Many thanks
Dario

 

I have try to remove this two lines:

Code:

#! address_verify_virtual_transport = smtp:[127.0.0.1]:10025
#! address_verify_transport_maps = static:smtp:[127.0.0.1]:10025

And now seen to work fine, the local recipient they receive emails correctly.
Is this approach correct?

 

By local I assume you mean really local like in the concept of having a mail-file per user or an account on the same server configured in ispconfig?
It is possible to have those coexist, so please forgive me ifthis sounds like a silly question to you, I do not know your setup =)

You effectively disabled the milter service for your mail server, this is not good. Yes it has 127.0.0.1 in there but this has nothing todo with your desire to send from/to localhost.

does the following command produce a result similar to the stated below?
cat /etc/postfix/main.cf | grep mynetworks

this is not from ispconfig but an illustration.

If mynetworks is empty then there is no early permit for 127.0.0.1 in my example.
If I'd put 127.0.0.1 or the local hostname in there, it would permit_mynetworks and not evauluate to the reject.

Sooo yes, it would greatly help us to identify your issue if you could attache your postfix main.cf?

Also please undo your change as it is not the correct approach if I am not heavily mistaken.

 

With local recipient I means some email accounts on a local domain created via ISPconfig panel on this (broken) server.
Some of these accounts are used for authenticate email sender, other accounts to receive bounced email.

I have merge the configuration of this broken server with my another similar working server and I noticed this diff:
On broken server into master.cf there are these extra line:

Code:

127.0.0.1:10025 inet n - n - - smtpd
         .......
        -o address_verify_virtual_transport=$virtual_transport
        -o address_verify_transport_maps=$transport_maps

127.0.0.1:10027 inet n - n - - smtpd
         .......
        -o address_verify_virtual_transport=$virtual_transport
        -o address_verify_transport_maps=$transport_maps
        -o milter_default_action=accept
        -o milter_macro_daemon_name=ORIGINATING

These " -o address_verify_..." lines on working server are missing, while they are present into main.cf this lines:

Code:

address_verify_virtual_transport = smtp:[127.0.0.1]:10025
address_verify_transport_maps = static:smtp:[127.0.0.1]:10025

Then on broken server into main.cf I have, as suggested, restore the two lines "address_verify_..." I had commented and, into master.cf remove the 4 lines " -o address_verify_..." then restart postfix.
Now seem all work fine.
The last main.cf and master.cf are attached
Let me known if this can be a valid solution.
Many thanks
Dario

 

I'll try to check on this later, unfortunally limited time.
Just a quick note ( first of all thank you for the files and good job spotting the diffs );
There are several categories in master config and those -o lines are overwrites for the settings in main config.
Wouldn't it be easie to just do a clone or a new setup of your old system and install a fresh ispconfig and compare?

With RH8 you are probably still on amavisd for scanning your mails or did you bring rspamd?
And yeah no need to mention the server is broken ; over time any rpm lts based system will be in one or another way.
That is natural if you have a 10 year supported system where only the main package section is maintained

 

Just a quick appology, I know I promised to check on that - however life never tells you what you get and I got quite some package :/
Wondering if the issue persists or could be resolved?

 

After my latest changes indicated in the my previous post everything work fine.

I also tried to make the same changes on another server where the same problem always occurs, but the situation did not resolve there.
On that sender-only server the reception to local mailbox fails with the same error (Recipient address rejected: Access denied)... also if the ma*.cf configuration files are very similar.
The only difference are the missing lines maildrop_* lines into main.cf and the maildrop line into master.cf of thisn second server... but /usr/bin/maildrop is not installed on both servers.
In the next few days I will try to investigate what could be the cause of the error on that second server, which is currently not blocking for us.
Thanks.
Dario

 

Hello everybody
Unfortunately this error for me continues to exist.
I didn't write anymore because I couldn't have a test server on which to carry out tests and I cannot touch the production's server.
Now I have cloned the real server and recreated an identical environment on which I can test (smtps2.mydom.it).
I also updated to the latest ispconfig version and regenerated the configuration files: the problem still exist.
I have enable in master.cf smtpd -v and produced the postfix debug attached file, then I execute this simple transaction:

Code:

lesca@dodo:~$ nc -t 10.93.21.211 25
220 ***************************
HELO solinos.it
250 smtps2.mydomain.it
MAIL FROM: <[email protected]>
250 2.1.0 Ok
RCPT TO: <[email protected]>
450 4.1.1 <[email protected]>: Recipient address rejected: unverified address: host 127.0.0.1[127.0.0.1] said: 554 5.7.1 <[email protected]>: Recipient address rejected: Access denied (in reply to RCPT TO command)
quit
221 2.0.0 Bye

The gbs.local is a local virtual domain, n4n an existing and enable user of this domain.
If I send a message from localhost to this recipient the message is delivered.
Can anyone help me understand why the message is rejected if is send from external server?
If you need some other info let me know.
Many thanks
Dario