Undelivered mail returned to sender.

[Manuel_Caramia]

Hi, I can't send emails and when I try I receive this mails with this error. This is my configuration of postfix:

readme_directory = /usr/share/doc/postfix-2.8.17/README_FILES
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
transport_maps = , hash:/var/spool/postfix/plesk/transport
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
mynetworks =
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:30
virtual_gid_maps = static:31
smtpd_milters = , inet:127.0.0.1:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
mailbox_size_limit = 0
virtual_mailbox_limit = 0
myhostname = orderhosting.it
smtpd_tls_protocols = SSLv3, TLSv1
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL
#smtpd_sasl_security_options = noplaintext
#smtpd_tls_auth_only = yes
tls_ssl_options = NO_COMPRESSION
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
message_size_limit = 10240000
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks,
    reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname,
    permit
smtpd_delay_reject = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:postgrey/socket

Can you help me? I try to restor permissions but it does not work.
Thank you so much.

 

[Manuel_Caramia]

IgorG

can you help me?

 

[Manuel_Caramia]

Hi, I can't send emails and when I try I receive this mails with this error. This is my configuration of postfix:

readme_directory = /usr/share/doc/postfix-2.8.17/README_FILES
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
transport_maps = , hash:/var/spool/postfix/plesk/transport
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
mynetworks =
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:30
virtual_gid_maps = static:31
smtpd_milters = , inet:127.0.0.1:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
mailbox_size_limit = 0
virtual_mailbox_limit = 0
myhostname = orderhosting.it
smtpd_tls_protocols = SSLv3, TLSv1
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL
#smtpd_sasl_security_options = noplaintext
#smtpd_tls_auth_only = yes
tls_ssl_options = NO_COMPRESSION
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
message_size_limit = 10240000
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks,
    reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname,
    permit
smtpd_recipient_restrictions =
            reject_rbl_client zen.spamhaus.org,
            reject_rbl_client bl.spamcop.net,
            reject_rbl_client dnsbl.sorbs.net,
            reject_rbl_client cbl.abuseat.org,
            reject_rbl_client b.barracudacentral.org,
            reject_rbl_client dnsbl-1.uceprotect.net,
            permit

PLease Help me.

 

[Manuel_Caramia]

I cant send emails. In the log of roundcube I have these errors:
Mar 7 16:13:36 orderhosting postfix/smtpd[6824]: fatal: open database /etc/postfix/access.db: No such file or directory
Mar 7 16:13:37 orderhosting postfix/master[6764]: warning: process /usr/libexec/postfix/smtpd pid 6824 exit status 1
Mar 7 16:13:37 orderhosting postfix/master[6764]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

Help me pleaseeee

 

[Manuel_Caramia]

IS THERE ANY ONE CAN HELP ME?

 

[UFHH01]

Hi Manuel_Caramia,

there are some general issues, which have to be solved on your server:


First of all, the reverse check to your IP doesn't resolve to your domain, but only to your servername - domain ( provider is OVH... please check your DNS-settings on your providers nameserver)
( http://www.dnswatch.info/dns/dnslookup?la=en&host=XXX.XXX.XXX.XXX&submit=Resolve <= replace XXX.XXX.XXX.XXX with your IP please!!! )

Because of this issue, the SMTP-Banner only resolves to your "nsXXXXX.ip-XXX-XX-XX.net" domain and eMails will be rejected, if you don't include "+a:nsXXXXX.ip-XXX-XX-XX.net" or/and "+ip4:XXX.XXX.XXX.XXX" to your SPF record ( which is actually: v=spf1 +a +mx -all ).
I would suggest to take the SPF - record:

v=spf1 +a +mx +a:nsXXXXX.ip-XXX-XX-XX.net +ip4:XXX.XXX.XXX.XXX ?all​

... because the string "-all", which you currently use, tells other mail - servers, that only +a and +mx should be accepted and other results should be denied with a hard fail . Please read again the official documentation at: http://www.openspf.org/SPF_Record_Syntax



Afterwards, there are several possible ways to restore the general postfix configuration files. One way is to switch to qmail and back to postfix again ( NO!!! eMail account is touched while you do this! ), the other way is to use the "mchk" - utility:

/usr/local/psa/admin/sbin/mchk --with-spam​

/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component qmail --reinstall-patch
/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component postfix --reinstall-patch​

If this doesn't solve any issues ( and your DNS - settings are correct! ), you can always use the bootstrapper repair, which repairs quite a lot of issues:

/usr/local/psa/bootstrapper/pp12.0.18-bootstrapper/bootstrapper.sh repair​

Please always keep in mind, that there are several log - files on each server and depending configuration files. Please bookmark:

Parallels Plesk Panel for Linux services logs and configuration files ( KB - article: 111 283 )​

... so that you are able to find log - files and depending configuration files more quickly.

 

[Manuel_Caramia]

Hi Manuel_Caramia,

there are some general issues, which have to be solved on your server:


First of all, the reverse check to your IP doesn't resolve to your domain, but only to your servername - domain ( provider is OVH... please check your DNS-settings on your providers nameserver)
( http://www.dnswatch.info/dns/dnslookup?la=en&host=XXX.XXX.XXX.XXX&submit=Resolve <= replace XXX.XXX.XXX.XXX with your IP please!!! )

Because of this issue, the SMTP-Banner only resolves to your "nsXXXXX.ip-XXX-XX-XX.net" domain and eMails will be rejected, if you don't include "+a nsXXXXX.ip-XXX-XX-XX.net" or/and "+ip4:XXX.XXX.XXX.XXX" to your SPF record ( which is actually: v=spf1 +a +mx -all ).
I would suggest to take the SPF - record:

v=spf1 +a +mx +a nsXXXXX.ip-XXX-XX-XX.net +ip4:XXX.XXX.XXX.XXX ?all​

... because the string "-all", which you currently use, tells other mail - servers, that only +a and +mx should be accepted and other results should be denied with a hard fail . Please read again the official documentation at: http://www.openspf.org/SPF_Record_Syntax



Afterwards, there are several possible ways to restore the general postfix configuration files. One way is to switch to qmail and back to postfix again ( NO!!! eMail account is touched while you do this! ), the other way is to use the "mchk" - utility:

/usr/local/psa/admin/sbin/mchk --with-spam​

/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component qmail --reinstall-patch
/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component postfix --reinstall-patch​

If this doesn't solve any issues ( and your DNS - settings are correct! ), you can always use the bootstrapper repair, which repairs quite a lot of issues:

/usr/local/psa/bootstrapper/pp12.0.18-bootstrapper/bootstrapper.sh repair​

Please always keep in mind, that there are several log - files on each server and depending configuration files. Please bookmark:

Parallels Plesk Panel for Linux services logs and configuration files ( KB - article: 111 283 )​

... so that you are able to find log - files and depending configuration files more quickly.

Hi, I have tried all your informations. I have.changed the hostname and now the reverse seems correct. I have used mchk utility and bootstrapper. I have installed First qmail and then postfix. But nothing. It doesnt work. Do you have other ideas? Thank you

 

[Manuel_Caramia]

I cant change SPF record. If I try plesk tells me error that fields are incorrect

 

[Manuel_Caramia]

UFHH01

I changed correctly spf record. I changed also my hostname. Is it correct all? Can You help me please? Thank You

 

[UFHH01]

Hi Manuel_Caramia,

your SPF-record has a missing ":" at: +a nsxxxxxx.ip-XXX-XX-XX.net / The correct entry would be: +a:nsxxxxxx.ip-XXX-XX-XX.net

You now have to wait up to 48 hours, untill all DNS-servers are synched worldwide and recognize your new entries. Please test your mail - accounts afterwards with eMails to "yahoo" or/and "GMail", because they both insert quite good informations in the header, when it comes to issues.

As well, you can test with eMails to "[email protected]25.com" and "[email protected]25.com", if all is set up correctly ( reference: http://www.port25.com/support/authentication-center/email-verification/ ).


If you experience issues ( after 48 hours ), please include again log - informations ( mail.log and "/var/log/plesk-roundcube" ) and depending configuration files as you did before, to continue investigations.

 

[Manuel_Caramia]

Hi Manuel_Caramia,

your SPF-record has a missing ":" at: +a nsxxxxxx.ip-XXX-XX-XX.net / The correct entry would be: +a:nsxxxxxx.ip-XXX-XX-XX.net

You now have to wait up to 48 hours, untill all DNS-servers are synched worldwide and recognize your new entries. Please test your mail - accounts afterwards with eMails to "yahoo" or/and "GMail", because they both insert quite good informations in the header, when it comes to issues.

As well, you can test with eMails to "[email protected]25.com" and "[email protected]25.com", if all is set up correctly ( reference: http://www.port25.com/support/authentication-center/email-verification/ ).


If you experience issues ( after 48 hours ), please include again log - informations ( mail.log and "/var/log/plesk-roundcube" ) and depending configuration files as you did before, to continue investigations.

I changed correctly new spf record and Now we will wait. I have sended the two emails how your infornations and they returned correctly. Now if I try to send emails I have this smtp error: 450 4.7.1
I have error if I try to set authorization with port 25 and If I set "tls" with 587 port it is accepted but it doesnt work and logs doesnt tell me anythink

 

[UFHH01]

Hi Manuel_Caramia,

please be aware, that a REVERSE CHECK is always done on BOTH ways... from your DOMAINNAME.COM and as well from your IP. Due to the case that your domain now resolves correctly to you IP and the DNS - entries for the domain are correct ( see "http://mxtoolbox.com/domain/YOUR_DOMAIN.COM/?source=findmonitors" ), the REVERSE CHECK has no other entries, than your PTR record ( pls. see "http://www.dnswatch.info/dns/dnslookup?la=en&host=XXX.XX.XX.XX&type=MX&submit=Resolve" - and replace XXX.XX.XX.XX with your own IP ) - there is not even any A record, nor any MX record or SPF value for the IP as you can see.
When you use your OWN servername.domain.com specifications, please keep in mind, to add some entries to your DNS - settings, which will fit your specifications. At the moment, there is only a NS - entriy for "sv01.YOUR_DOMAIN.COM" and no A record. Another mailserver resolves YOUR_DOMAIN.COM to your IP and gets a backward answer to a non-existent NS server, with no A record, which certainly will result in a "450 4.7.1" ( no hostname "sv01.YOUR_DOMAIN.COM" at the IP "XXX.XX.XX.XX" / or in other words: "Nameserver sdns1.ovh.ca. reports: No such host sv01.YOUR_DOMAIN.COM" ).

 

[Manuel_Caramia]

I understood that the configurations of dns is incorrect. I am attaching photos. can you help me please? I can not find a solution. But before postfix working correctly. thank you very much

 

[Manuel_Caramia]

Hi Manuel_Caramia,

please be aware, that a REVERSE CHECK is always done on BOTH ways... from your DOMAINNAME.COM and as well from your IP. Due to the case that your domain now resolves correctly to you IP and the DNS - entries for the domain are correct ( see "http://mxtoolbox.com/domain/YOUR_DOMAIN.COM/?source=findmonitors" ), the REVERSE CHECK has no other entries, than your PTR record ( pls. see "http://www.dnswatch.info/dns/dnslookup?la=en&host=XXX.XX.XX.XX&type=MX&submit=Resolve" - and replace XXX.XX.XX.XX with your own IP ) - there is not even any A record, nor any MX record or SPF value for the IP as you can see.
When you use your OWN servername.domain.com specifications, please keep in mind, to add some entries to your DNS - settings, which will fit your specifications. At the moment, there is only a NS - entriy for "sv01.YOUR_DOMAIN.COM" and no A record. Another mailserver resolves YOUR_DOMAIN.COM to your IP and gets a backward answer to a non-existent NS server, with no A record, which certainly will result in a "450 4.7.1" ( no hostname "sv01.YOUR_DOMAIN.COM" at the IP "XXX.XX.XX.XX" / or in other words: "Nameserver sdns1.ovh.ca. reports: No such host sv01.YOUR_DOMAIN.COM" ).

There was also this A record to my ip: ns.domain. And I have cancelled it.

 

[Jesse_Fitzgerald]

Hi Manuel,

Your mail server's IP needs to have a PTR record that points to a fully qualified domain name. What is the IP address that
postfix is using? Is it 192.99.36.73 from the screen shot? If it is, then that IP has a compliant PTR record. The reverse is

73.36.99.192.in-addr.arpa. 86400 IN PTR ns238261.ip-192-99-36.net.

ns238261.ip-192-99-36.net looks like a FQDN as well...

;; QUESTION SECTION:
;ns238261.ip-192-99-36.net. IN A

;; ANSWER SECTION:
ns238261.ip-192-99-36.net. 86400 IN A 192.99.36.73

 

[Manuel_Caramia]

Hi Manuel,

Your mail server's IP needs to have a PTR record that points to a fully qualified domain name. What is the IP address that
postfix is using? Is it 192.99.36.73 from the screen shot? If it is, then that IP has a compliant PTR record. The reverse is

73.36.99.192.in-addr.arpa. 86400 IN PTR ns238261.ip-192-99-36.net.

ns238261.ip-192-99-36.net looks like a FQDN as well...

;; QUESTION SECTION:
;ns238261.ip-192-99-36.net. IN A

;; ANSWER SECTION:
ns238261.ip-192-99-36.net. 86400 IN A 192.99.36.73

How can I see if postfix used my ip? I have installed plesk but before it works now it doesnt work. This is very very strange. Can you help me via skype? Thankyou

 

[Manuel_Caramia]

Anyone can help.me?

 

[Manuel_Caramia]

Hi Manuel_Caramia,

please be aware, that a REVERSE CHECK is always done on BOTH ways... from your DOMAINNAME.COM and as well from your IP. Due to the case that your domain now resolves correctly to you IP and the DNS - entries for the domain are correct ( see "http://mxtoolbox.com/domain/YOUR_DOMAIN.COM/?source=findmonitors" ), the REVERSE CHECK has no other entries, than your PTR record ( pls. see "http://www.dnswatch.info/dns/dnslookup?la=en&host=XXX.XX.XX.XX&type=MX&submit=Resolve" - and replace XXX.XX.XX.XX with your own IP ) - there is not even any A record, nor any MX record or SPF value for the IP as you can see.
When you use your OWN servername.domain.com specifications, please keep in mind, to add some entries to your DNS - settings, which will fit your specifications. At the moment, there is only a NS - entriy for "sv01.YOUR_DOMAIN.COM" and no A record. Another mailserver resolves YOUR_DOMAIN.COM to your IP and gets a backward answer to a non-existent NS server, with no A record, which certainly will result in a "450 4.7.1" ( no hostname "sv01.YOUR_DOMAIN.COM" at the IP "XXX.XX.XX.XX" / or in other words: "Nameserver sdns1.ovh.ca. reports: No such host sv01.YOUR_DOMAIN.COM" ).

I need help please. Can you answere me? thank you

 

[UFHH01]

Hi Manuel_Caramia,

as stated before, you have to adjust your DNS - records, not only in Plesk and not only at your Domain - registrar, but as well at your hosting - providers nameserver. Please read again the above suggestions and follow it step-by-step to solve your issue.

Sorry... i don't do any "skype" or any other personel related support. I only try to help the Plesk community here in the forums.
If you would like a personel support, you might consider opening a support - ticket ( Parallels - Support ).

 

[Manuel_Caramia]

Hi Manuel_Caramia,

as stated before, you have to adjust your DNS - records, not only in Plesk and not only at your Domain - registrar, but as well at your hosting - providers nameserver. Please read again the above suggestions and follow it step-by-step to solve your issue.

Sorry... i don't do any "skype" or any other personel related support. I only try to help the Plesk community here in the forums.
If you would like a personel support, you might consider opening a support - ticket ( Parallels - Support ).

Hi UFHH01, now the reverse is correct. In mxtoolbox.com there are no errors but why I have this:
554 5.7.1 <[email protected]>: Relay access denied [671 ms]
And also why I cannot authenticate via port 25 for smtp server? thankyou