(solved) Postfix Temporary lookup failure

Arape · Sep 6, 2024

Hi all!

My postfix sometimes drops error message when we sending message.

Aug 26 07:27:36 rb01-he postfix/smtps/smtpd[763597]: NOQUEUE: reject: RCPT from unknown[84.206.73.101]: 451 4.3.0 <[email protected]>: Temporary lookup failure; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<KATO>

Rebooting the server solve this problem for 2-3 days then it starts again occasionally.

Mysql tuner did some recomandations, my.cnf looks like this now:

query_cache_size=512M
tmp_table_size=256M
table_open_cache=4096
key_buffer_size=512M
max_allowed_packet = 256M
thread_stack = 192K
thread_cache_size = 150
table_cache = 2048
query_cache_limit = 1M

/etc/resolv.conf and /var/spool/postfix/etc/resolv.conf
nameserver 185.12.64.2
nameserver 185.12.64.1

Where should I look for the problem any ideas? Did someone experienced this problem?

till · Aug 29, 2024

Here are some suggestions from ChatGPT:

This error message comes from the Postfix mail server and indicates that there was a problem when it tried to process an email. Let’s break down the key components of the message:

- **`Aug 26 07:27:36 rb01-he postfix/smtps/smtpd[763597]:`** - This is a timestamp and identifies the server and process that generated the log entry.
- **`NOQUEUE:`** - This means that the email was not queued for delivery because an error occurred before it could be accepted.
- **`reject: RCPT from unknown[84.206.73.101]:`** - The server rejected the RCPT command from the client at IP address `84.206.73.101`, which is unidentified (labeled as "unknown").
- **`451 4.3.0 <[email protected]>: Temporary lookup failure;`** - This is the specific error code and message. A `451` code indicates a temporary failure. The phrase "Temporary lookup failure" suggests that the mail server had an issue performing a DNS lookup, possibly when trying to verify the domain `szekkutas.hu`.
- **`from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<KATO>`** - This indicates the sender's and recipient's email addresses, the protocol used (ESMTP), and the HELO/EHLO string sent by the client (which is `KATO` in this case).

### Understanding the Error
The error indicates that Postfix tried to verify the recipient's domain (`szekkutas.hu`) but encountered a temporary issue, likely related to DNS. This could be due to:

- **DNS Issues:** The DNS server that Postfix is using might not have been able to resolve the domain at the time.
- **Temporary Network Issues:** There might have been a network problem preventing the DNS lookup from succeeding.
- **Configuration Errors:** The Postfix server might be misconfigured, such as having an incorrect DNS server specified.

### How to Solve It

1. **Check DNS Resolution:**
- Ensure that the DNS server configured on the Postfix server is functioning correctly.
- Use commands like `nslookup`, `dig`, or `host` to manually verify that the domain `szekkutas.hu` can be resolved from the server where Postfix is running.

Example:
```bash
dig szekkutas.hu
```

If there is a DNS issue, correct it by ensuring the DNS server is up and running or by fixing any misconfigurations.

2. **Check Network Connectivity:**
- Verify that there is no network issue that might be preventing the server from accessing the DNS service or external networks.
- You can use `ping`, `traceroute`, or similar tools to ensure that the network path to the DNS server is clear.

3. **Review Postfix Configuration:**
- Check the Postfix `main.cf` file to ensure that DNS-related settings (like `relayhost`, `smtp_host_lookup`, etc.) are correctly configured.
- You may also want to look at logs from around the same time to see if there were any other related errors.

4. **Temporary Fix:**
- Since this is a temporary failure, you may wait and try again later. Often, these issues resolve themselves when the network or DNS service stabilizes.

5. **Restart Services:**
- Sometimes, simply restarting the Postfix service or the server itself can clear temporary issues.

```bash
sudo systemctl restart postfix
```

If the issue persists despite these checks, further investigation into the network and DNS configuration would be required.
Click to expand...

Arape · Sep 6, 2024

I have investigated this issue and I found these lines beofre the lookup failures:

Can this Illegal mix of collations cause the problem?

Can I fix this server side without altering database tables? Only one client with one email address cause this problem, so I dont want to modify everything just beause of this user.
The email address is penzü[email protected] I think.

Sep 5 08:57:45 rb01-he postfix/proxymap[370960]: warning: mysql:/etc/postfix/mysql-virtual_transports.cf: query failed: Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8mb4_general_ci,COERCIBLE) for operation '='
Sep 5 08:57:45 rb01-he postfix/trivial-rewrite[370959]: warning: proxy:mysql:/etc/postfix/mysql-virtual_transports.cf lookup error for "[email protected]"
Sep 5 08:57:45 rb01-he postfix/trivial-rewrite[370959]: warning: transport_maps lookup failure
Sep 5 08:57:45 rb01-he postfix/trivial-rewrite[370959]: warning: proxy:mysql:/etc/postfix/mysql-virtual_transports.cf lookup error for "[email protected]"
Sep 5 08:57:45 rb01-he postfix/trivial-rewrite[370959]: warning: transport_maps lookup failure
Sep 5 08:57:45 rb01-he postfix/smtps/smtpd[371389]: NOQUEUE: reject: RCPT from unknown[84.206.73.101]: 451 4.3.0 <[email protected]>: Temporary lookup failure; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<KATO>

show create table mail_user;
ENGINE=MyISAM AUTO_INCREMENT=867 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC

show create table mail_transport;
ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci

Mysql config file:
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci

postfix main.cf:
transport_maps = hash:/var/lib/mailman/data/transport-mailman, hash:/etc/postfix/transport, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf

Can someone advice sollution for this collations error?

Arape · Sep 5, 2024

A little plus info: the mail_transport table is completely empty.

Arape · Sep 5, 2024

This is gonna be strange question, but if the mail_transport table is empty, can I skip the lookup in this empty table by removing the proxy:mysql:/etc/postfix/mysql-virtual_transports.cf from main.cf?

The transport_maps would look like this:
transport_maps = hash:/var/lib/mailman/data/transport-mailman

Can it solve the 451 4.3.0 Temporary lookup failure while the server would function just like before?

Arape · Sep 5, 2024

It did not solve it.
I have no idea what cause this problem.

- The DNS Resolution works
- There is no networking problem
- I can only think about the mysql, but it looks okay too

Taleman · Sep 5, 2024

Have you changed Postfix configuration?

Strontium · Sep 5, 2024

Arape said: ↑

The email address is penzü[email protected] I think.
Click to expand...

What is if you change the "ü" to "u"?

Arape · Sep 6, 2024

I disabled the SMTP function for the user who sent emails to invalid email addresses.

As it is a temporary problem I tried to change the postfix/amavis max_servers number. Maybe if I give more resources the transport_maps lookup failure will disapear.
Now the server number is 6:
Amavis: $max_servers = 6;

master.cf:
amavis unix - - - - 6 smtp -v
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o smtp_bind_address=

my main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

readme_directory = /usr/share/doc/postfix

##ezt modositottam 20 rol
default_process_limit = 50
smtpd_client_connection_count_limit = 25

compatibility_level = 2
smtputf8_enable = no

smtpd_tls_cert_file = /work/ssl/sas.hu.crt
smtpd_tls_key_file = /work/ssl/sas.hu.key

smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
myhostname = node1.sas.hu
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = node1.sas.hu, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unixrivate/quota-status
smtpd_tls_security_level = may
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit
smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining , permit
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = lmtp:unixrivate/dovecot-lmtp
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
smtp_tls_security_level = dane
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

message_size_limit = 22971520

local_destination_concurrency_limit = 15
local_destination_recipient_limit = 5

transport_retry_time = 30s

command_time_limit = 60s

smtp_tls_loglevel = 1
smtp_destination_concurrency_limit = 15
smtp_destination_rate_delay = 1s
smtp_extra_recipient_limit = 35

maximal_queue_lifetime = 3h
maximal_backoff_time = 15m
minimal_backoff_time = 5m
queue_run_delay = 5m

smtpd_reject_unlisted_sender = no
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384HE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHAES-CBC3-SHA
tls_preempt_cipherlist = yes
address_verify_negative_refresh_time = 60s
enable_original_recipient = no
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf
smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd
smtp_sender_dependent_authentication = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
authorized_flush_users =
authorized_mailq_users = nagios, icinga
smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS
address_verify_sender_ttl = 15686s
smtp_dns_support_level = dnssec

till · Sep 6, 2024

Arape said: ↑

As it is a temporary problem I tried to change the postfix/amavis max_servers number.
Click to expand...

Your issue is unrelated to Amavis, so this will not make any difference. But changing them will not cause any issues, unless your system has not enough RAM.

What you might increase to the is max connections and max user connections values in MariaDB, maybe your system hits a limit there.

Arape · Sep 6, 2024

Thank you for the advice, lets see.

I have a medium server with 16 cores AMD EPYC and 32 GB ram.
I have modified the mysql config everything looks good, now I will monitor the logs.

My mysql looks like this now:

[mysqld]

user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /dev/shm
lc-messages-dir = /usr/share/mysql
skip-external-locking

sql-mode="NO_ENGINE_SUBSTITUTION"
log_bin_trust_function_creators = 1

query_cache_size=512M
tmp_table_size=256M
table_open_cache=32768
key_buffer_size=512M

innodb_buffer_pool_size=2G
tmp_table_size = 256M

max_allowed_packet = 256M
thread_stack = 192K
thread_cache_size = 150
myisam_recover_options = BACKUP
max_connections = 400
max_user_connections = 200

table_cache = 32768
query_cache_limit = 1M

log_error = /var/log/mysql/error.log

slow_query_log_file = /var/log/mysql/mariadb-slow.log
long_query_time = 10
log_slow_rate_limit = 1000
log_slow_verbosity = query_plan

server-id = 12134
log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M

character-set-server = utf8mb4
collation-server = utf8mb4_general_ci

[embedded]
[mariadb]
[mariadb-10.1]

Strontium · Sep 6, 2024

Arape · Sep 6, 2024

Thank You very much Till looks like the problem is solved, I don't see anymore temporary lookup failures in the pflogsumm.
I will monitor it on the weekend, but it looks very promising.

So before Till advice my config was

151 max_connection
0 max_user_connection (that should mean infinite)

I raised it to:
max_connections = 400
max_user_connections = 200

Thanks again to everyone, have a nice weekend

Arape · Sep 24, 2024

3 weeks passed and zero errors since the modification, so if anyone run into this problem, as Till wrote the solution is:

So before Till advice my mysql config was:

151 max_connection
0 max_user_connection (that should mean infinite)

I raised it to:
max_connections = 1000
max_user_connections = 300

my server has 32GB memory and 16 cores, be careful when you raise those numbers

Log in or Sign up

(solved) Postfix Temporary lookup failure

Arape New Member

till Super Moderator Staff Member ISPConfig Developer

Arape New Member

Arape New Member

Arape New Member

Arape New Member

Taleman Well-Known Member HowtoForge Supporter

Strontium New Member

Arape New Member

till Super Moderator Staff Member ISPConfig Developer

Arape New Member

Strontium New Member

Arape New Member

Arape New Member

Share This Page

Log in or Sign up

(solved) Postfix Temporary lookup failure

Arape New Member

till Super Moderator Staff Member ISPConfig Developer

Arape New Member

Arape New Member

Arape New Member

Arape New Member

Taleman Well-Known Member HowtoForge Supporter

Strontium New Member

Arape New Member

till Super Moderator Staff Member ISPConfig Developer

Arape New Member

Strontium New Member

Arape New Member

Arape New Member

Share This Page

Useful Searches