Resolved Problem sending email after installing postfix with Domain Keys

[ludm]

Hello,

I have installed postfix from the panel and then I have set up spf and domain keys to send email. I can send emails for the domains I have set up.
The problem is with automatic mail sent from cron task, application updates or problem with a backup.

The mail is not sent and I receive this kind of email :
---------------------------------------------------
This is the mail system at host nsXXXXXX.ovh.net.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

[email protected]: Command rejected


Reporting-MTA: dns; nsXXXXXX.ovh.net
X-Postfix-Queue-ID: xxxxxxxxxxxxxx
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Wed, 28 Sep 2016 03:36:21 +0200 (CEST)

Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Diagnostic-Code: X-Postfix; Command rejected



Return-Path: <[email protected]>
Received: by nsXXXXXX.ovh.net (Postfix, from userid 0)
id xxxxxxxxxxxxxxxxx; Wed, 28 Sep 2016 03:36:21 +0200 (CEST)
To: Admin [email protected]
Subject: <nsXXXXXX.ovh.net> Application Updates.
From: Admin [email protected]
Reply-To: Admin [email protected]
Date: Wed, 28 Sep 2016 03:36:21 +0200
X-Mailer: PHP/5.5.30
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
MIME-Version: 1.0
Message-Id: <[email protected]>
---------------------------------------------------

How can I correct this problem ?

 

[UFHH01]

Hi ludm,

your hostname "nsXXXXXX.ovh.net" is not configured to be a valid domain - name on your server and therefore your MTA refuses the transport with a "reject". Consider to add a valid eMail - adress for the system - user root ( i.e. over your "alias" - table, or/and with the help of a optional "generic" - table : => http://www.postfix.org/generic.5.html ).
Due to the fact that you used "sendmail" in your example, you could as well define a specific sender - eMail - adress for PHP, explained at for example here: => #7

 

[ludm]

Thank you for the answer, I have changed the default sender for PHP by adding sendmail_path = "/usr/sbin/sendmail -t -i -f [email protected]" in the PHP additional setting via Plesk, but I had received this email :

--------------------------------------------------
This is the mail system at host nsXXXXXX.ovh.net.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system

<[email protected]> (expanded from <root>): Command rejected

Reporting-MTA: dns; nsXXXXXX.ovh.net
X-Postfix-Queue-ID: 63183707C831
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Thu, 29 Sep 2016 03:39:32 +0200 (CEST)

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822; root
Action: failed
Status: 5.7.1
Diagnostic-Code: X-Postfix; Command rejected

Return-Path: <[email protected]>
Received: by nsXXXXXX.ovh.net (Postfix, from userid 0)
id xxxxxxxxxxxx; Thu, 29 Sep 2016 03:39:32 +0200 (CEST)
From: Anacron <[email protected]>
To: [email protected]
Content-Type: text/plain; charset="ANSI_X3.4-1968"
Subject: Anacron job 'cron.daily' on nsXXXXXX.ovh.net
Message-Id: <[email protected]>
Date: Thu, 29 Sep 2016 03:39:32 +0200 (CEST)
----------------------------------------------------------------

So it seems that it doesn't solve the problem for the cron tasks.

I would like to use the "generic" table solution as you advised, but I'm not sure how to do it :
I simply add smtp_generic_maps = hash:/etc/postfix/generic with VI
in /etc/postfix/main.cf
and then in /etc/postfix/generic
[email protected] [email protected]
or I need to use postmap command ?

 

[UFHH01]

Hi ludm,

...
or I need to use postmap command ?

Yes, you have to. You are missing the commands:

postmap /etc/postfix/generic
/etc/init.d/postfix reload

 

[ludm]

I have added emails in generic file :

[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]

and reloaded postfix.
I have well received an email from watchdog coming from [email protected]
but I also have problem :

This is the mail system at host nsXXXXXX.ovh.net.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<[email protected]>: Command rejected


Reporting-MTA: dns; nsXXXXXX.ovh.net
X-Postfix-Queue-ID: xxxxxxxx
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Sat,  1 Oct 2016 01:43:43 +0200 (CEST)

Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Diagnostic-Code: X-Postfix; Command rejected


Return-Path: <[email protected]>
Received: by nsXXXXXX.ovh.net (Postfix, from userid 0)
    id xxxxxxxx; Sat,  1 Oct 2016 01:43:43 +0200 (CEST)
To: [email protected]
Subject: [rkhunter] Warnings found for nsXXXXXX.ovh.net
From: [email protected]
Reply-To: [email protected]
Date: Sat, 01 Oct 2016 01:43:43 +0200
X-Mailer: PHP/5.5.30
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
MIME-Version: 1.0

I have also this problem when I send an email :

Oct  1 02:51:05 nsXXXXXX postfix/smtpd[14207]: connect from localhost.localdomain[127.0.0.1]
Oct  1 02:51:35 nsXXXXXX postfix/smtpd[14207]: warning: milter inet:127.0.0.1:8891: can't read SMFIC_OPTNEG reply packet header: Connection timed out
Oct  1 02:51:35 nsXXXXXX postfix/smtpd[14207]: warning: milter inet:127.0.0.1:8891: read error in initial handshake

TCP port 53 is open in the firewall

 

[ludm]

I have inspected the maillog and I have :

Oct  3 03:39:00 nsXXXXXX postfix/cleanup[6723]: warning: milter inet:127.0.0.1:8891: can't read SMFIC_OPTNEG reply packet header: Connection timed out
Oct  3 03:39:00 nsXXXXXX postfix/cleanup[6723]: warning: milter inet:127.0.0.1:8891: read error in initial handshake
Oct  3 03:39:00 nsXXXXXX postfix/cleanup[6723]: A661770B8338: message-id=<[email protected]>
Oct  3 03:39:00 nsXXXXXX /usr/lib64/plesk-9.0/psa-pc-remote[10167]: handlers_stderr: SKIP
Oct  3 03:39:00 nsXXXXXX /usr/lib64/plesk-9.0/psa-pc-remote[10167]: SKIP during call 'check-quota' handler
Oct  3 03:39:00 nsXXXXXX spf filter[6730]: Starting spf filter...
Oct  3 03:39:00 nsXXXXXX spf filter[6730]: Wrong HELO hostname: localhost
Oct  3 03:39:00 nsXXXXXX /usr/lib64/plesk-9.0/psa-pc-remote[10167]: handlers_stderr: REJECT
Oct  3 03:39:00 nsXXXXXX /usr/lib64/plesk-9.0/psa-pc-remote[10167]: REJECT during call 'spf' handler
Oct  3 03:39:00 nsXXXXXX postfix/cleanup[6723]: A661770B8338: milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 5.7.1 Command rejected; from=<[email protected]> to=<[email protected]>
Oct  3 03:39:00 nsXXXXXX postfix/cleanup[6723]: A661770B8338: to=<[email protected]>, orig_to=<root>, relay=none, delay=30, delays=30/0/0/0, dsn=5.7.1, status=bounced (Command rejected)
Oct  3 03:39:00 nsXXXXXX postfix/cleanup[6732]: DF8A070B8843: message-id=<[email protected]>
Oct  3 03:39:00 nsXXXXXX postfix/bounce[6731]: A661770B8338: sender non-delivery notification: DF8A070B8843

Is it possible that the problem is linked to this line in /etc/postfix/main.cf:

non_smtpd_milters = $smtpd_milters

 

[UFHH01]

Hi ludm,

you made some positive progress, when you finally choosed to post depending entries from your mail.log , but instead of going further with your investigations, you still miss to post the complete configuration files ( main.cf and master.cf for postfix ), which are as well essential to investigate issues/problems/errors.

Your issues depend as well on your local "aliases" - settings on your server ( file: => /etc/aliases ) - consider to post the content of this file as well for investigations.

Second, pls. consider to post as well the content of "/etc/hostname" and "/etc/hosts", which seem to be mis- or unconfigured.

Third, pls. keep in mind, that if you would wish to remain anonymous here with your FQDN, it is far more difficult to help you with your investigations.

 

[ludm]

The problem seems to be solved, I have replaced

non_smtpd_milters = $smtpd_milters

by

non_smtpd_milters = inet:127.0.0.1:8891

In case you see something wrong, here is the /etc/hosts content :

127.0.0.1   localhost.localdomain   localhost
XX.XXX.XX.XXX nsXXXXXX.ovh.net   nsXXXXXX

I haven't got /etc/hostname

The content of main.cf is:

readme_directory = /usr/share/doc/postfix-2.8.17/README_FILES
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
non_smtpd_milters =
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
transport_maps = , hash:/var/spool/postfix/plesk/transport
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
mynetworks = , 127.0.0.0/8, [::1]/128
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:110
virtual_gid_maps = static:31
smtpd_milters = , inet:127.0.0.1:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
mailbox_size_limit = 0
virtual_mailbox_limit = 0
message_size_limit = 10240000

# OpenDKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters =  inet:127.0.0.1:8891, inet:127.0.0.1:12768
#non_smtpd_milters = $smtpd_milters
# replace to solve sending problem from acron plesk task and watchdog
non_smtpd_milters = inet:127.0.0.1:8891

#added for generic
smtp_generic_maps = hash:/etc/postfix/generic

Here is the /etc/aliases/

mailer-daemon:   postmaster
postmaster:   root

# General redirections for pseudo accounts.
drweb:       root
psaadm:       root
bin:       root
daemon:       root
adm:       root
lp:       root
sync:       root
shutdown:   root
halt:       root
mail:       root
news:       root
uucp:       root
operator:   root
games:       root
gopher:       root
ftp:       root
nobody:       root
radiusd:   root
nut:       root
dbus:       root
vcsa:       root
canna:       root
wnn:       root
rpm:       root
nscd:       root
pcap:       root
apache:       root
webalizer:   root
dovecot:   root
fax:       root
quagga:       root
radvd:       root
pvm:       root
amanda:       root
privoxy:   root
ident:       root
named:       root
xfs:       root
gdm:       root
mailnull:   root
postgres:   root
sshd:       root
smmsp:       root
postfix:   root
netdump:   root
ldap:       root
squid:       root
ntp:       root
mysql:       root
desktop:   root
rpcuser:   root
rpc:       root
nfsnobody:   root

ingres:       root
system:       root
toor:       root
manager:   root
dumper:       root
abuse:       root

newsadm:   news
newsadmin:   news
usenet:       news
ftpadm:       ftp
ftpadmin:   ftp
ftp-adm:   ftp
ftp-admin:   ftp
www:       webmaster
webmaster:   root
noc:       root
security:   root
hostmaster:   root
info:       postmaster
marketing:   postmaster
sales:       postmaster
support:   postmaster


# trap decode to catch security attacks
decode:       root

# Person who should get root's mail
#root:       marc

 

[UFHH01]

Hi ludm,

smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:12768

This is a non-standard order - pls. consider to use:

smtpd_milters = inet:127.0.0.1:12768, inet:127.0.0.1:8891

... to avoid issues/errors/problems. ( Note: Here is a general rule: FIRST COME = FIRST SERVE )

I haven't got /etc/hostname

This is a non-standard configuration on linux systems. To avoid issues, consider to create the file with for example:

echo nsXXXXXX.ovh.net > /etc/hostname​

... and reboot afterwards. Consider as well to edit your "/etc/hosts" - file:

From:

127.0.0.1 localhost.localdomain localhost
XX.XXX.XX.XXX nsXXXXXX.ovh.net nsXXXXXX

to:

127.0.0.1   localhost.localdomain   localhost
XX.XXX.XX.XXX nsXXXXXX.ovh.net   nsXXXXXX

127.0.0.1   nsXXXXXX.ovh.net   nsXXXXXX

The content of main.cf is:
...

You shortened your "main.cf" and didn't post the content of your "master.cf", for what ever reason. No suggestion here, because of missing informations!



For your "/etc/aliases" - file:
Who configured all these entries? Why is there no "root" - definition, even that you already considered to change:

...
and then in /etc/postfix/generic
[email protected] [email protected]

As you can see in your log - file, the alias "root" is configured as "[email protected]", because you defined all sorts of aliases, but forgot to define to adjust "root" itself.

Oct 3 03:39:00 nsXXXXXX postfix/cleanup[6723]: A661770B8338: to=<[email protected]>, orig_to=<root>, relay=none, delay=30, delays=30/0/0/0, dsn=5.7.1, status=bounced (Command rejected)