SOLVED: incoming SMTP: 550 Requested action not taken: mailbox unavailable

Discussion in 'Installation/Configuration' started by fishtail, Apr 23, 2018.

  1. fishtail

    fishtail New Member

    Hi...a noob here...
    I just followed "perfect server" installation and everything seemed to be working...
    I "telnet localhost" and sent a test email to myself and it delivered successfully without a hitch.
    But, when I telnet to FQDN from outside, I don't get any feedback with "helo"...this is question 1.
    Further, I changed my MX record and sent a test email from outside. I immediately got the 550 error message.
    this is recorded in /var/log/mail.log.....doesn't say much.
    Apr 23 08:54:07 mailbox postfix/smtpd[2520]: connect from XXXXXXXX.net[69.XXX.XXX.XXX]
    Apr 23 08:54:08 mailbox postfix/smtpd[2520]: disconnect from XXXXXXXXXXX.net[69.XXX.XXX.XXX] ehlo=1 mail=1 rset=1 quit=1 commands=4
    anybody has any ideas/pointers that can guide me? this is question 2.
    thanks in advance...
     
    fishtail, Apr 23, 2018
    #1
  2. fishtail

    fishtail New Member

    bump..hoping to get some feedback/support.
     
    fishtail, May 3, 2018
    #2
  3. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    do you see the server's smtp greeting? if not I'd suspect either dns for the fqdn isn't pointing to the right address, or you have a firewall or nat (if using private addrs on the server) issue.

    This would indicate the firewall/nat may be fine, as you'r obviously getting an smtp connection. That indicates the commands sent were ehlo, mail, rset, quit - ie. the smtp client (aka the sending server) reset and quit the connection without even sending a single "rcpt to:" address - it's the sender that gets a "550 Requested action not taken: mailbox unavailable" error? (strange that's not logged, too) Is your test message here sent from an address which is hosted on the ispconfig server? It's also unusual not to see that in the log.

    Maybe check to see if smtpd_delay_reject is set to 'no' (default is 'yes'), and if so change to 'yes', reload postfix and you should get a little more info in the logs.
     
    Jesse Norell, May 3, 2018
    #3
  4. fishtail

    fishtail New Member

    Hi Jesse, thanks for the reply.
    "smtpd_delay_reject" was never in the instruction...HOWEVER, for some reason, when I telnet to my mail server from outside to port 25, I am getting responses now.
    SO, from outside network, I issued "rcpt to:<[email protected]> and I immediately received "mailbox unavailable"
    FROM inside network, I issued the same command, and I got: "Helo command rejected: need fully-qualified hostname"
    Sorry, but I don't have much knowledge in postfix, other than the instruction provided from "The Perfect Server"

    Any suggestions are greatly appreciated...
     
    fishtail, May 7, 2018
    #4
  5. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    If you sent the exact same commands each time (helo, etc) it sounds like you aren't talking to the same smtp server from inside and outside - probably a Nat port forward/firewall type issue.
     
    Jesse Norell, May 7, 2018
    #5
  6. fishtail

    fishtail New Member

    I got this to work by commenting the following two lines in /etc/postfix/main.cf
    smtpd_helo_required =
    smtpd_helo_restrictions =

    Is this a security concern?
     
    fishtail, May 9, 2018
    #6
  7. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    It's not a security concern in that it allows unauthorized access to your server or such, but you will see more spam making it past the 'helo' stage with reduced restrictions. Is that exactly what those lines showed in your main.cf? Ie. both were set to empty? If so, something has not gone right in your ispconfig configuration, as it should look more like:
    Code:
    # postconf smtpd_helo_required                                                                                                         
smtpd_helo_required = yes

# postconf smtpd_helo_restrictions
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
     
    Jesse Norell, May 9, 2018
    #7
  8. fishtail

    fishtail New Member

    no, mine is:
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo

    but after I updated the line with yours and restarted postfix service, i still get "504 5.5.2 <a>: Helo command rejected: need fully-qualified hostname" BOTH inside and outside network.
    I am going to dissect each item and see which one gives me the error.
    Will report back.
     
    fishtail, May 9, 2018
    #8
  9. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Is the error, which is from the reject_non_fqdn_hostname restriction, but the correct solution is just too use a fully qualified hostname, eg. try 'helo test.domain.com' instead of 'helo test'.

    Earlier you said there was a different response from inside and outside, and now they are responding the same - I suspect you did not send the exact same symptoms commands from inside Vs outside earlier, and now just need to work on your smtp a bit, and I'd guess you'll have mail delivering.

    Have you tried sending from a real smtp server lately, and verify the email address is an active mailbox in ISPConfig? If still failing, what does the mail log show, anything more?
     
    Jesse Norell, May 9, 2018
    #9
  10. fishtail

    fishtail New Member

    So I created another VM and followed the instruction and created another instance...copied over main.cf, restarted postfix and now it works....which is very weird...
    will keep testing away....
     
    fishtail, May 10, 2018
    #10
  11. fishtail

    fishtail New Member

    ....sorry, but I have two problems/observations:
    - I had to remove "reject_non_fqdn_hostname" because when a mail client (MS Outlook) says "hello", it just says "hello <computername>"
    - when I tried to connect, via Outlook, from home, it rejects the connection because my external IP was found in spamhaus.org (this is a very likely scenario because it's a broadband connection)
    thoughts/suggestions is greatly appreciated.

    May 11 10:38:06 mailbox dovecot: imap-login: Disconnected (no auth attempts in 120 secs): user=<>, rip=24.56.243.128, lip=172.16.2.209, TLS handshaking: Disconnected, session=<AVZCmfFrBM8YOPOA>
    May 11 10:38:06 mailbox postfix/smtpd[19313]: connect from c-24-56-243-128.customer.broadstripe.net[24.56.243.128]
    May 11 10:38:06 mailbox postfix/smtpd[19313]: NOQUEUE: filter: RCPT from c-24-56-243-128.customer.broadstripe.net[24.56.243.128]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ownerPC>
    May 11 10:38:06 mailbox postfix/smtpd[19313]: NOQUEUE: filter: RCPT from c-24-56-243-128.customer.broadstripe.net[24.56.243.128]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ownerPC>
    May 11 10:38:06 mailbox postfix/smtpd[19313]: NOQUEUE: reject: RCPT from c-24-56-243-128.customer.broadstripe.net[24.56.243.128]: 554 5.7.1 Service unavailable; Client host [24.56.243.128] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/24.56.243.128; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ownerPC>
    May 11 10:38:06 mailbox postfix/smtpd[19313]: lost connection after RCPT from c-24-56-243-128.customer.broadstripe.net[24.56.243.128]
     
    fishtail, May 11, 2018
    #11
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you missed to enable smtp auth in outlook for sending emails. and use port 587 SMTP port.
     
    till, May 11, 2018
    #12
  13. fishtail

    fishtail New Member

    fishtail, May 14, 2018
    #13
  14. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    No, he means "in outlook", ie. your mail account settings in MS Outlook. Sending authenticated on port 587 will bypass both the fqdn check and blacklists, and resolve your latest issues.
     
    Jesse Norell, May 14, 2018
    #14
  15. fishtail

    fishtail New Member

    This is what I got from /var/log/mail.log when attempting to test connections.
    Thoughts?
    I REALLY appreciate your hand-holdings...

    May 15 11:20:07 mailbox postfix/smtps/smtpd[18025]: connect from c-XXX-XXX-XXX-XXX.customer.broadstripe.net[XXX.XXX.XXX.XXX]
    May 15 11:20:07 mailbox postfix/smtps/smtpd[18025]: disconnect from c-XXX-XXX-XXX-XXX.customer.broadstripe.net[XXX.XXX.XXX.XXX] ehlo=1 quit=1 commands=2
    May 15 11:20:07 mailbox dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, lip=YYY.YYY.YYY.YYY, TLS, session=<tKrspkJstswYOPOA>
     
    fishtail, May 15, 2018
    #15
  16. fishtail

    fishtail New Member

    ...wait, it worked in Thunderbird, but hangs/doesn't work in Outlook....
     
    fishtail, May 15, 2018
    #16
  17. fishtail

    fishtail New Member

    fishtail, May 17, 2018
    #17
  18. Diadal

    Diadal New Member

    am facing the same issue after sending 5 to 10 email successfully 550 Action not taken (in reply to end of DATA command) come update that lasted for some house before being able to send like 5 to 10 email again
    Please how can I fix this

    Mail.log

    Mar 13 14:04:23 server1 postfix/smtpd[9865]: connect from localhost[127.0.0.1]
    Mar 13 14:04:23 server1 postfix/smtpd[9865]: NOQUEUE: filter: RCPT from localhost[127.0.0.1]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<localhost>
    Mar 13 14:04:23 server1 postfix/smtpd[9865]: 3B49C1400D8: client=localhost[127.0.0.1], sasl_method=PLAIN, [email protected]
    Mar 13 14:04:23 server1 postfix/cleanup[9868]: 3B49C1400D8: message-id=<[email protected]>
    Mar 13 14:04:23 server1 postfix/smtpd[9865]: disconnect from localhost[127.0.0.1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
    Mar 13 14:04:23 server1 postfix/qmgr[6855]: 3B49C1400D8: from=<[email protected]>, size=4906, nrcpt=1 (queue active)
    Mar 13 14:04:25 server1 postfix/smtpd[9873]: connect from localhost[127.0.0.1]
    Mar 13 14:04:25 server1 postfix/smtpd[9873]: 1629F1400DD: client=localhost[127.0.0.1]
    Mar 13 14:04:25 server1 postfix/cleanup[9868]: 1629F1400DD: message-id=<[email protected]>
    Mar 13 14:04:25 server1 postfix/smtpd[9873]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Mar 13 14:04:25 server1 postfix/qmgr[6855]: 1629F1400DD: from=<[email protected]>, size=6071, nrcpt=1 (queue active)
    Mar 13 14:04:25 server1 amavis[1518]: (01518-12) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [127.0.0.1]:44878 <[email protected]> -> <[email protected]>, Queue-ID: 3B49C1400D8, Message-ID: <[email protected]>, mail_id: 1x2H9xwZeYPM, Hits: -0.988, size: 4906, queued_as: 1629F1400DD, dkim_new=default:mydomain.com, 1804 ms
    Mar 13 14:04:25 server1 postfix/smtp[9869]: 3B49C1400D8: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.9, delays=0.07/0.02/0.02/1.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 1629F1400DD)
    Mar 13 14:04:25 server1 postfix/qmgr[6855]: 3B49C1400D8: removed
    Mar 13 14:04:26 server1 postfix/smtp[9875]: 1629F1400DD: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[172.217.212.26]:25, delay=1.2, delays=0.02/0.01/0.67/0.46, dsn=5.0.0, status=bounced (host gmail-smtp-in.l.google.com[172.217.212.26] said: 550 Action not taken (in reply to end of DATA command))
    Mar 13 14:04:26 server1 postfix/cleanup[9868]: 4114B1400DE: message-id=<[email protected]>
    Mar 13 14:04:26 server1 postfix/bounce[9876]: 1629F1400DD: sender non-delivery notification: 4114B1400DE
    Mar 13 14:04:26 server1 postfix/qmgr[6855]: 4114B1400DE: from=<>, size=8252, nrcpt=1 (queue active)
    Mar 13 14:04:26 server1 postfix/qmgr[6855]: 1629F1400DD: removed
    Mar 13 14:04:26 server1 dovecot: lda([email protected]): sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
    Mar 13 14:04:26 server1 postfix/pipe[9877]: 4114B1400DE: to=<[email protected]>, relay=dovecot, delay=0.06, delays=0.01/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
    Mar 13 14:04:26 server1 postfix/qmgr[6855]: 4114B1400DE: removed
    Mar 13 14:04:30 server1 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=9882, secured, session=<ocq88rygYt0AAAAAAAAAAAAAAAAAAAAB>
    Mar 13 14:04:30 server1 dovecot: imap([email protected]): Logged out in=317 out=1641
     
    Diadal, Mar 13, 2020
    #18
  19. Steini86

    Steini86 Active Member

    You have a different error message. No need to dig out a 2 year old thread ...
    It is probably not your mail configuration but the content of the mail. If it is after DATA command, then it can be a spam detection on Google site (or an intermediate firewall) blocking for example some of the attachments. Are you trying to send malware? ;)
     
    Steini86, Mar 13, 2020
    #19

Share This Page