postfix 'Sender address rejected: Domain not found' error

Hi guys, I have had postfix installed a while and this week I put on webmin and it was then I realised the logs on my email are nuts. I had a few reports of mail not going out from my forums and now I see why.

Jun 14 22:52:05 servername postfix/smtp[4729]: EAB4E18309: to=<[email protected]>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=351540, delays=351537/1.6/0.99/0.21, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))

Jun 14 22:55:25 servername postfix/scache[4727]: statistics: start interval Jun 14 22:52:04

Jun 14 22:55:25 servername postfix/scache[4727]: statistics: domain lookup hits=0 miss=8 success=0%

Jun 14 22:55:25 servername postfix/scache[4727]: statistics: address lookup hits=8 miss=8 success=50%

Jun 14 22:55:25 servername postfix/scache[4727]: statistics: max simultaneous domains=1 addresses=1 connection=8

Jun 14 23:02:47 servername dovecot: IMAP([email protected]): Disconnected for inactivity bytes=54/679

Jun 14 23:02:49 servername dovecot: IMAP([email protected]): Disconnected for inactivity bytes=291/998

obviously I've taken out the sensitive data - but I have 2000ish messages like that over the period of a day.

I have no idea what its about or how to fix it but it seems like it's mainly from one user and my forum keeps trying to pump out the emails to him.

I also get security warnings on my own email too - it always tells me that my own email is an untrusted source, was there something in the setup that wasn't right?

Any advice would be helpful, I am still learning this stuff from scratch

10 Replies

Well hiding "sensitive" information makes it pretty much impossible to diagnose.

Sender address rejected: Domain not found probably means that the address you're sending from doesn't have DNS records (or postfix can't resolve it)

thanks for the quick reply -

The only thing I censored was the user's email address and my server name really.

Thanks for the hint on the DNS records, I have set them up on the linode DNS manager and I have MX records for the mail.

Do you happen to know where the best place would be to check this?

The receiving system is telling you that it can't find the domain of the sending email address. Most likely it is a postfix system and you are failing the following: > rejectunknownsender_domain

Reject the request when Postfix is not final destination for the sender address, and the MAIL FROM address has no DNS A or MX record, or when it has a malformed MX record such as a record with a zero-length MX hostname
So look up the domain you are trying to send from and see if it has an A or MX record. Make sure all the nameservers are responding correctly. Sometimes this kind of problem is on the receiving end and there is nothing you can do about it.

Or you could have NOT hidden all the relevant details and lots of helpful people would have checked it all out already - if you don't give details with these kind of questions all you are going to get are guesses.

Ping servername.myurl.com if it fails then your DNS is broken.

Also check the contents of /etc/hosts and /etc/hostname

Thanks guys, I'll be honest, I've been doing this since Feb from scratch and half of that time I've been dealing with earthquakes and nuclear disasters (I live in Japan) and so I'm not very clued up if something is a security risk or not. I really do appreciate the help.

Here are the first 20 lines from my mail log un-edited

Jun 15 07:01:52 skynet postfix/smtp[13016]: D5A2018085: to=<[email protected]>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=214512, delays=214509/1.8/0.91/0.16, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13020]: 4A9EE18089: to=<[email protected]>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=182154, delays=182151/1.8/0.94/0.16, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13015]: 8363F18086: to=<[email protected]>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=182378, delays=182375/1.8/0.95/0.17, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13023]: DA032181D3: to=<[email protected]>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=367181, delays=367178/1.8/0.91/0.16, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13022]: D2B251830B: to=<[email protected]>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=285106, delays=285103/1.8/0.94/0.17, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13014]: D098118084: to=<[email protected]>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=2, delay=206142, delays=206139/1.8/0.93/0.16, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:52 skynet postfix/smtp[13016]: EAB4E18309: host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Jun 15 07:01:52 skynet postfix/smtp[13024]: 6C73B181D0: host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Jun 15 07:01:53 skynet postfix/smtp[13016]: EAB4E18309: to=<[email protected]>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=3, delay=380927, delays=380923/3/0.61/0.16, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:53 skynet postfix/smtp[13024]: 6C73B181D0: to=<[email protected]>, relay=mx1.ukservers.net[217.10.138.227]:25, conn_use=3, delay=383607, delays=383603/3/0.94/0.17, dsn=4.1.8, status=deferred (host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:54 skynet postfix/smtp[13017]: 0A1FC181D4: host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Jun 15 07:01:55 skynet postfix/smtp[13018]: 702411830A: host mx1.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command)
Jun 15 07:01:55 skynet postfix/smtp[13017]: 0A1FC181D4: to=<[email protected]>, relay=mx2.ukservers.net[217.10.138.227]:25, delay=381140, delays=381133/0.03/6.3/0.18, dsn=4.1.8, status=deferred (host mx2.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:01:55 skynet postfix/smtp[13018]: 702411830A: to=<[email protected]>, relay=mx2.ukservers.net[217.10.138.227]:25, delay=374125, delays=374119/0.04/6.5/0.16, dsn=4.1.8, status=deferred (host mx2.ukservers.net[217.10.138.227] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Jun 15 07:05:16 skynet postfix/scache[13021]: statistics: start interval Jun 15 07:01:51
Jun 15 07:05:16 skynet postfix/scache[13021]: statistics: domain lookup hits=1 miss=7 success=12%
Jun 15 07:05:16 skynet postfix/scache[13021]: statistics: address lookup hits=8 miss=7 success=53%
Jun 15 07:05:16 skynet postfix/scache[13021]: statistics: max simultaneous domains=1 addresses=1 connection=7
Jun 15 07:36:25 skynet dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=126.223.115.46, lip=173.230.147.71, TLS
Jun 15 07:36:25 skynet dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=126.223.115.46, lip=173.230.147.71, TLS</[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]></[email protected]>

The Hosts file shows this:

127.0.0.1 localhost.localdomain localhost

173.230.147.71 skynet.pixelatedphotographer.com skynet

The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts

and the hostname just has: skynet

Pinging the server gave results and no errors

Edit, I forgot to add these:

As for the DNS settings I have mail.pixelatedphotographer.com set up as the MX records. Though for the A/AAAA Records I just have 'mail' and 'www' - am I gathering these need to be set at as mail.pixelatedphotographer.com too? and www to the pixelatedphotographer.com ?

There does not appear to be any DNS entries for skynet.pixelatedphotographer.com, which is probably what the receiving host is complaining about, since your outbound mail is trying to use an address on that host, which the receiving end then can't resolve/verify.

While you have your host configured locally to be skynet.pixelatedphotographer.com, if you are going to use that hostname in external communications, you should have an A record for it. You do have an A record for pixelatedphotographer.com which is ok to be the same, but that's not the actual host name at the moment.

Another item, though not something necessarily complained about in your logs is that the reverse DNS lookup for your address (173.230.147.71) is currently the default setting, which maps back to a host in the members.linode.com domain. You should use the Linode Manager (on the Remote Access tab) to set up a reverse lookup (PTR record) to match your skynet.pixelatedphotographer.com hostname, since other systems may do a reverse lookup to check the name you are claiming to be.

In the end, you have forward and reverse lookups for skynet.pixelatedphotographer.com using address 173.230.147.71, and an additional A record for the unadorned pixelatedphotographer to the same address.

Oh, and the fact that you have another A record for mail.pixelatedphotographer.com at the same address may or may not cause issues depending on how you use it. The problem is that it's the target of your MX record, but your mail server announces itself as skynet.pixelatedphotographer.com (since that's its configured hostname) which it's possible some systems might not like.

Generally, you want to pick a single canonical hostname, keep forward and reverse DNS in sync, and then use that hostname when identifying the host in most exchanges. So if you wish to stick with skynet, you should probably make that the target of your MX record too. Alternatively, you could configure just your mail system (ala postfix) to use the mail name in all cases - inbound and outbound - but configuring different hostnames for different apps on the same box can get confusing really quickly, and sometimes work imperfectly. One use case that's clearly an exception is mapping lots of names to a single address for use in virtual domain web hosting.

Things used to be a lot looser and there were few problems with different names sharing an address, but paranoia is more often the rule nowadays, especially with mail.

– David

Thanks David, there is a lot of useful info in there.

When I set up the system, I had no idea what the hostname etc actually meant, I just followed the instructions here on Linode. So I just called it skynet.pixelatedphotographer.com. Does that mean that it would be better for me to take off the skynet in the hosts file? and keep it to the simplest form? Would that have implications for the website running currently?

I have added the following to the list in the DNS manager, does this look ok to you?

~~![](<URL url=)http://www.pixelatedphotographer.com/ch … enshot.jpg">http://www.pixelatedphotographer.com/chris/screenshot.jpg" />

I have also changed the reverse name as to skynet.pixelatedphotographer.com as you suggested. It warns of taking a while to change, so I'll come back later on tonight and see if the errors are still happening.

Thanks

Chris~~

It looks like you now have things set up correctly from here.

You don't need multiple MX records pointing to the same host though - I'd remove the "mail.blahblah.com" MX record.

And you should look into SPF records.

I use ufw as IPTABLES frontend and my defaults are strict. I also have DNSSEC, DMARK, DKIM, SPF deployed perfectly. I ran to the same issue in my logs and so this is how I fixed:

(THIS IS AN UBUNTU BIONIC SERVER! BIND, POSTFIX AND APACHE RUNS ON THE SAME MACHINE)

ufw status verbose

Status: active
Logging: on (high)
Default: deny (incoming), deny (outgoing), disabled (routed)

I needed to allow outgoing traffic on both tcp and udp on port 53 so and make sure postfix also allowed on the correct ports to communicate;

Outgoing port 53:

ufw allow out from any to any port 53 proto tcp

ufw allow out from any to any port 53 proto udp

Incoming port 53:

ufw allow in from any to xxx.xxx.xxx.xxx port 53 proto tcp

ufw allow in from any to xxx.xxx.xxx.xxx port 53 proto udp

Postfix incoming:

ufw allow in from any to any port 25 proto tcp

Postfic outgoing: (NEED to allow out to any 25!)

ufw allow out from any to any port 25 proto tcp

Postfix tls: (submission)

ufw allow out from any port 587 proto tcp to any

This is solved the issue!
Check your iptables with:

iptables -L

…and make sure this ports are open with the same rules as you see above.
I highly recommend ufw!

Simple ufw setup result in:

Status: active
Logging: on (high)
Default: deny (incoming), deny (outgoing), disabled (routed)

apt install ufw

MAKE SURE IS DISABLED!

ufw disable

ufw default deny outgoing

ufw default deny incoming

ufw logging high

ufw allow in from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx port 22 proto tcp comment 'SSH incoming'

ufw allow out from xxx.xxx.xxx.xxx port 22 proto tcp to xxx.xxx.xxx.xxx comment 'SSH outgoing'

ufw allow in from any to any port 80 proto tcp

ufw allow out from any port 443 proto tcp to any

ufw allow out from any to any port 53 proto tcp

ufw allow out from any to any port 53 proto udp

ufw allow in from any to xxx.xxx.xxx.xxx port 53 proto tcp

ufw allow in from any to xxx.xxx.xxx.xxx port 53 proto udp

ufw allow in from any to any port 25 proto tcp

ufw allow out from any to any port 25 proto tcp

ufw allow out from any port 587 proto tcp to any

ufw enable

LETS SEE:

ufw status verbose

REBOOT SERVER:

shutdown -r

BACK TO SERVER:

ssh youruser@xxx.xxx.xxx.xxx -p 22

Now you have a nice setup and this kind of errors will not show on your mail.log or ufw.log under /var/log.

Have a nice day! ;)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct