Plesk mailserver rejects mail from own domains (postfix?)

[BobClaas]

Mail is getting rejecteted when sending mails from a domain hosted at my pleskserver.
Outside mail by example from google or hotmail is accepted. But sending from [email protected] though my or another isp its getting rejected with the following message:

Your message was rejected by mail.mydomain.tld for the following reason:
5.7.1 Command rejected

cat maillog

Apr 3 12:36:33 srv1 postfix/smtpd[4516]: connect from fep22.mx.upcmail.net[IP]
Apr 3 12:36:33 srv1 postfix/smtpd[4516]: E85F22573B: client=fep22.mx.upcmail.net[IP]
Apr 3 12:36:34 srv1 postfix/cleanup[4519]: E85F22573B: message-id=<[email protected]>
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: handlers_stderr: SKIP
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: SKIP during call 'check-quota' handler
Apr 3 12:36:34 srv1 spf filter[4521]: Starting spf filter...
Apr 3 12:36:34 srv1 spf filter[4521]: SPF result: fail
Apr 3 12:36:34 srv1 spf filter[4521]: SPF status: REJECT
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: handlers_stderr: REJECT
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: REJECT during call 'spf' handler
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: Message aborted.
Apr 3 12:36:34 srv1 postfix/cleanup[4519]: E85F22573B: milter-reject: END-OF-MESSAGE from fep22.mx.upcmail.net[IP]: 5.7.1 Command rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<fep22.mx.upcmail.net>
Apr 3 12:36:34 srv1 postfix/smtpd[4516]: disconnect from fep22.mx.upcmail.net[IP]
Apr 3 12:36:34 srv1 postfix/smtpd[4516]: connect from fep22.mx.upcmail.net[IP]
Apr 3 12:36:34 srv1 postfix/smtpd[4516]: 83E742573B: client=fep22.mx.upcmail.net[IP]
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: Unable to get sender domain by sender mailname
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: Unable to get sender domain by sender mailname
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: Unable to get sender domain by sender mailname
Apr 3 12:36:34 srv1 postfix/cleanup[4519]: 83E742573B: message-id=<20130403103634.GABH9266.viefep22-int.chello.at@viefep22-int>
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: handlers_stderr: SKIP
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: SKIP during call 'check-quota' handler
Apr 3 12:36:34 srv1 spf filter[4526]: Starting spf filter...
Apr 3 12:36:34 srv1 spf filter[4526]: Error code: (2) Could not find a valid SPF record
Apr 3 12:36:34 srv1 spf filter[4526]: Failed to query MAIL-FROM: No DNS data for 'fep22.mx.upcmail.net'.
Apr 3 12:36:34 srv1 spf filter[4526]: SPF result: none
Apr 3 12:36:34 srv1 spf filter[4526]: SPF status: PASS
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: handlers_stderr: PASS
Apr 3 12:36:34 srv1 /usr/lib64/plesk-9.0/psa-pc-remote[30414]: PASS during call 'spf' handler
Apr 3 12:36:34 srv1 postfix/qmgr[30246]: 83E742573B: from=<>, size=14792, nrcpt=1 (queue active)
Apr 3 12:36:34 srv1 postfix-local[4528]: postfix-local: from=MAILER-DAEMON, [email protected], dirname=/var/qmail/mailnames
Apr 3 12:36:34 srv1 postfix/smtpd[4516]: disconnect from fep22.mx.upcmail.net[IP]
Apr 3 12:36:34 srv1 postfix-local[4528]: Unable to get sender domain by sender mailname
Apr 3 12:36:34 srv1 spamd[30492]: spamd: got connection over /tmp/spamd_full.sock
Apr 3 12:36:34 srv1 spamd[30492]: spamd: using default config for [email protected]: /var/qmail/mailnames/mydomain.tld/user/.spamassassin/user_prefs
Apr 3 12:36:34 srv1 spamd[30492]: spamd: processing message <20130403103634.GABH9266.viefep22-int.chello.at@viefep22-int> for [email protected]:110
Apr 3 12:36:35 srv1 spamd[30492]: spamd: clean message (-1.9/7.0) for [email protected]:110 in 0.9 seconds, 14597 bytes.
Apr 3 12:36:35 srv1 spamd[30492]: spamd: result: . -1 - BAYES_00,HTML_MESSAGE,RCVD_IN_DNSWL_NONE scantime=0.9,size=14597,[email protected],uid=110,required_score=7.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<20130403103634.GABH9266.viefep22-int.chello.at@viefep22-int>,bayes=0.000000,autolearn=ham
Apr 3 12:36:35 srv1 postfix-local[4528]: handlers_stderr: PASS
Apr 3 12:36:35 srv1 postfix-local[4528]: PASS during call 'spam' handler
Apr 3 12:36:35 srv1 dk_check[4531]: DK_STAT_NOSIG: No signature available in message
Apr 3 12:36:35 srv1 postfix-local[4528]: handlers_stderr: PASS
Apr 3 12:36:35 srv1 postfix-local[4528]: PASS during call 'dd52-domainkeys' handler
Apr 3 12:36:35 srv1 postfix/pipe[4527]: 83E742573B: to=<[email protected]>, relay=plesk_virtual, delay=1.3, delays=0.25/0.02/0/1, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Apr 3 12:36:35 srv1 postfix/qmgr[30246]: 83E742573B: removed
Apr 3 12:36:35 srv1 spamd[30486]: prefork: child states: II


cat /etc/postfix/main.cf

virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox
transport_maps = hash:/var/spool/postfix/plesk/transport
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
mynetworks = 127.0.0.0/8 [::1]/128 externalv4IP/32 [externalv6IP]/128
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, check_client_access pcre:/var/spool/postfix/plesk/non_auth.re
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cn.countries.nerd.dk, reject_rbl_client virbl.bit.nl
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:/var/spool/postfix/plesk/no_relay.re, reject_unauth_destination
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:110
virtual_gid_maps = static:31
smtpd_milters = inet:localhost:12768 unix:/var/spool/postfix/ctmilter/ctmilter.sock
non_smtpd_milters = inet:localhost:12768 unix:/var/spool/postfix/ctmilter/ctmilter.sock
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
myhostname = mydomain.tld
message_size_limit = 10240000
milter_connect_macros = j {daemon_name} v
milter_data_macros = i
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_rcpt_macros = i {rcpt_addr}
smtpd_milters = inet:localhost:12768
non_smtpd_milters = inet:localhost:12768

I've searched everything, but can't find any solution. Any help would be appreciated!

 

[BobClaas]

Seems like disabling the following lines in /etc/postfix/mail.cf did the trick:

#smtpd_milters = inet:localhost:12768 unix:/var/spool/postfix/ctmilter/ctmilter.sock
#non_smtpd_milters = inet:localhost:12768 unix:/var/spool/postfix/ctmilter/ctmilter.sock
#smtpd_milters = inet:localhost:12768
#non_smtpd_milters = inet:localhost:12768

But with any update those will get overridden and my clients will be out of mail.

Any permanent fix to this?

 

[BobClaas]

Bump

I noticed im not the only one with this problem, but no permanent solution can be found on the forums.

 

[BobClaas]

Yesterday there was an autoupdate again, and the settings were resetted, so the mail broke again.

Other related posts with the same problem all have only the temporary solution which get overridden by updates.
http://newforum.parallels.com/showthread.php?t=258554
http://newforum.parallels.com/showthread.php?t=261677&highlight=milter-reject
http://newforum.parallels.com/showthread.php?t=227808&highlight=milter-reject
http://forum.parallels.com/showthre...ing-mailserver&p=634350&viewfull=1#post634350

 

[iliasn]

ctasd not purchased shouldn't cause ctmilter errors, A fix.

Disable of ctasd (Antispam filter propably).
They have it enabled but if you havent purchased an antispam enabled license this is a problem, but it shouldn't

PLESK TEAM PLEASE FIX THIS

PLESK pannel 11.0.9
solution
edit /etc/init.d/ctmilter_initd
line ~31

# MODA -A also disable ctasd (AntiSpam filter) remove -O and outb port
DAEMON_OPTS="-u postfix -G -d MISC -s -I -A -p $SOCKETFILE -f"

then restart ctmilter

service ctmilte-initd restart

For me what was the cause for investigation was this log message

Apr 18 15:48:42 xx ct-milter[932]: mlfi_eom: ctasd_outbound is on and connect IP in mynetworks list -> working in outbound mode.
Apr 18 15:48:42 xx ct-milter[932]: ctASd: couldn't establish connection with 127.0.0.1:8088

 

[kapale]

Have you enabled the DNS-Blacklist and probably used zen.spamhouse.org? If so, that could be the reasons. See her for explanation:
http://mattiasgeniar.be/2009/01/14/using-plesks-smtp-server-dns-blacklist-prevents-sending/
It's older thread but still true

 

[iliasn]

Thank you for the information. Very interesting. But this was not the case.

By the way I realize that my instructions do not apply to the original problem.

In his logs it says something that SPF auth failed.
maybe
1) Disable SPF mail rejection
OR
2) Define a star whitelist for the domain.tld (*@domain.tld)

from the plesk iface.