Postfix/Mailman - Sender address rejected: Domain not found (in reply to RCPT TO command)

Discussion in 'Server Operation' started by Tastiger, Mar 12, 2017.

  1. Tastiger

    Tastiger Member HowtoForge Supporter

    I seem to have a problem with one email address in my mailing list.
    If I send a normal email to the address it seems to go through properly, also no issues from other email addresses from the mailman list.
    Here is the status from the postfix mail queue:-
    Any Clues?
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Check your dns settings for that domain, its mail and soa? You can use dig command to check.

    If that is good, can you share the output of your postfix, hostname and hostname -f?
  3. Tastiger

    Tastiger Member HowtoForge Supporter

    This was not an issue prior to reinstalling the server and it seems to be only one email address. I've checked what you recommended and I can't see anything different from the previous installation.
    Perhaps I need a new set of eyes on things so I'll post the lot here and see if anyone picks up something I'm just not seeing.
    I haven't blacked out IP adresses etc in the screen shots, as all this information is available anyway via the web


    main cf:-
    # See /usr/share/postfix/ for a commented, more complete version
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    readme_directory = /usr/share/doc/postfix
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname =
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination =, localhost, localhost.localdomain
    relayhost =
    mynetworks = [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/, proxy:mysql:/etc/postfix/
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = mysql:/etc/postfix/
    virtual_gid_maps = mysql:/etc/postfix/
    sender_bcc_maps = proxy:mysql:/etc/postfix/
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/, reject_rbl_client, check_recipient_access mysql:/etc/postfix/
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/
    relay_domains = mysql:/etc/postfix/
    relay_recipient_maps = mysql:/etc/postfix/
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/ , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/, check_sender_access regexp:/etc/postfix/
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = amavis:[]:10024
    receive_override_options = no_address_mappings
    Hostname details:-
    edit to add:-
    thhe TTL's are the default created by the DNS wizard - any advice on changing them would be appreciatted.
  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I was asking this because I cannot dig into the said domain using dig or dig or dig soa I think what appear in your ISPC may not be properly propagated.
  5. Tastiger

    Tastiger Member HowtoForge Supporter

    I'm in agreement but I see nothing different in DNS from the other 2 sites on the server, anyway here are the results:-

    ; <<>> DiG 9.10.3-P4-Ubuntu <<>>
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10811
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    ; EDNS: version: 0, flags:; udp: 512
    ;                 IN      A
    .                       10800   IN      SOA 2017031301 1800 900 604800 86400
    ;; Query time: 12 msec
    ;; SERVER:
    ;; WHEN: Tue Mar 14 11:47:11 AEDT 2017
    ;; MSG SIZE  rcvd: 117
    That IN A is a worry but not certain where it is coming from

    ; <<>> DiG 9.10.3-P4-Ubuntu <<>>
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37827
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    ; EDNS: version: 0, flags:; udp: 512
    ;            IN      A
    ;; ANSWER SECTION:     2155    IN      A
    ;; Query time: 31 msec
    ;; SERVER:
    ;; WHEN: Tue Mar 14 11:53:12 AEDT 2017
    ;; MSG SIZE  rcvd: 63
    Also I have to ask whether or not the use of "server1." may be causing an issue as there actually isn't a that can be resolved from the web my previous server name was an address that would resolve to /var/www/html

    I think it's obvious that I am out of depth here

  6. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Is a website created for that If I typed that in my browser, it will go to

    By the way, according the how to your hostname and hostname -f should be the same. I am not in front of my PC but I think you should check your /etc/hosts for that.
  7. Tastiger

    Tastiger Member HowtoForge Supporter

    Yes there is a simple html redirect on that redirects to it is an old domain we used to use but have found it handy to "keep alive" via rediection
    From the How to install a Ubuntu 16.10 (Yakkety Yak) Minimal Server -

Share This Page