Mail alias failure

DavidG · June 18, 2018, 9:29pm

I have incoming email addressed to user@server.mydomain.tld which I want delivered to the user’s email user@mydomain.tld.

I set up a mail alias but incoming mail is rejected:

 user@server.mydomain.tld
   host server.mydomain.tld [12.34.56.78]
   SMTP error from remote mail server after RCPT TO:<user@server.mydomain.tld>:
   554 5.7.1 <user@server.mydomain.tld>: Recipient address rejected:
   Access denied
Reporting-MTA: dns; another.server.tld

Action: failed
Final-Recipient: rfc822;user@server.mydomain.tld
Status: 5.0.0
Remote-MTA: dns; server.mydomain.tld
Diagnostic-Code: smtp; 554 5.7.1 <<user@server.mydomain.tld>>: Recipient address rejected: Access denied

How can I fix things to receive email!?

DavidG · June 24, 2018, 9:00am

I still have this problem, who can help. I even have a new installation of NethServer.

Here’s an entry from my maillog

Jun 24 01:44:30 server postfix/smtpd[11725]: NOQUEUE: reject: RCPT from another.server.tld[12.34.56.78]: 554 5.7.1 david@server.mydomain.tld: Recipient address rejected: Access denied; from=SRS0=YuI8nz=JK=yetanotherdomain.tld=mail@mydomain.tld to=david@server.mydomain.tld proto=ESMTP helo=<anotherserver.tld>
Jun 24 01:44:30 server postfix/smtpd[11725]: disconnect from anotherserver.tld[12.34.56.78]

DavidG · June 24, 2018, 10:00am

I seem to be able to send an email to david@server.mydomain.tld from root when using RoundCube. The email is delivered as expected to david@mydomain.tld. So the alias I set up works ‘internally’. But it still does not work when I send from outside my NethServer. Then it is still rejected as in the post above.

I need this to work otherwise I’ll have to give up on NethServer!

bobtskutter · June 24, 2018, 1:10pm

Hello,
I don’t know if this will work, but have you tried creating a SERVER alias (not an email alias) for your nethserver?

On the interface, go to DNS then Server alias
Enter your “server.mydomain.tld” in the Hostname box
Click apply

Regards
bob

DavidG · June 24, 2018, 3:40pm

No, sorry but thanks, that didn’t do it. I didn’t have any DNS entries so I added them including an alias. I also tried changing the DNS servers in Network to 127.0.0.1 and the IP address of the NethServer. Neither worked.

davidep · June 24, 2018, 7:08pm

If that corresponds to the server FQDN I’m afraid it can’t work… Maybe the server manager should forbid to create such mail domain

The server FQDN is an internal mail domain that serves the root account and /etc/aliases DB. It’s the predefined Postfix domain from upstream config. This special treatment makes it hard to override its behavior without breaking something else.

DavidG · June 24, 2018, 8:46am

I’m seeing this warning in my mail log

Jun 24 01:44:30 server postfix/trivial-rewrite[11730]: warning: do not list domain server.mydomain.tld in BOTH mydestination and virtual_alias_domains

Maybe it will help with another problem where mail is rejected. But I don’t know if this warning is because of a setting I have changed or… a bug? What does it mean or refer to?

I am still having trouble with email being rejected when sending to an alias - i have another thread Mail alias failure

davidep · June 24, 2018, 8:11pm

This Postfix warning confirms that Server Manager must forbid the creation of a mail domain named like the server FQDN

To be reviewed by @dev_team NethServer 7 · GitHub

DavidG · June 27, 2018, 9:58am

Okay, thank you, I now have things running as I want. I think I understand!

stephdl · August 14, 2018, 2:54pm

I can reproduce

gist.github.com

https://gist.github.com/stephdl/611430636cf9c47e28e73d74ff9be23b

gistfile1.txt

Aug 14 16:42:41 prometheus postfix/smtpd[3914]: connect from mail-wr1-f44.google.com[209.85.221.44]
Aug 14 16:42:41 prometheus rspamd[29920]: <a3aaa9>; proxy; proxy_accept_socket: accepted milter connection from /var/run/rspamd/worker-proxy port 0
Aug 14 16:42:41 prometheus postfix/trivial-rewrite[3896]: warning: do not list domain prometheus.de-labrusse.fr in BOTH mydestination and virtual_alias_domains
Aug 14 16:42:41 prometheus postfix/smtpd[3914]: NOQUEUE: reject: RCPT from mail-wr1-f44.google.com[209.85.221.44]: 554 5.7.1 <stephane@prometheus.de-labrusse.fr>: Recipient address rejected: Access denied; from=<stephane.delabrusse@gmail.com> to=<stephane@prometheus.de-labrusse.fr> proto=ESMTP helo=<mail-wr1-f44.google.com>
Aug 14 16:42:41 prometheus postfix/smtpd[3914]: disconnect from mail-wr1-f44.google.com[209.85.221.44]
Aug 14 16:42:41 prometheus rspamd[29920]: <a3aaa9>; milter; rspamd_milter_process_command: got connection from 209.85.221.44:37746
Aug 14 16:42:41 prometheus rspamd[29920]: <a3aaa9>; proxy; proxy_milter_finish_handler: finished milter connection
Aug 14 16:43:10 prometheus rspamd[29921]: <srf18c>; lua; neural.lua:810: check ANN tRFANN6BD658FE7617C3E8260
Aug 14 16:43:10 prometheus rspamd[29921]: <srf18c>; lua; neural.lua:822: no need to learn ANN tRFANN6BD658FE7617C3E8260 65 learn vectors (1000 required)
Aug 14 16:44:04 prometheus postfix/trivial-rewrite[3896]: table hash:/etc/postfix/transport(0,lock|no_regsub|fold_fix) has changed -- restarting

This file has been truncated. show original

Even if I create a mail alias and a domain in mail tabs, I cannot have a mail domain named like the FQDN server

davidep · September 6, 2018, 10:55am

Hi @DavidG, while trying to implement a solution for this issue I noticed a strange behavior that probably originates from our Postfix configuration. I wrote it down here.

Could you check another workaround?

Allow the domain server.mydomain.tld (which corresponds to the Server name - aka FQDN) to receive messages from other MTAs:
config setprop postfix SystemUserRecipientStatus enabled
signal-event nethserver-mail-server-save
Create a dummy domain example.relay.tld and set delivery type to “Relay to another server”

Does it solve the original problem?

DavidG · September 11, 2018, 9:11am

Thanks @davidep, unfortunately I have had to take my server off line while I work out some hardware issues - or work out how to keep the clock correct!