Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

tracing why SMTP email did not arrive at postfix server

Posted on 2011-02-16
4
Medium Priority
?
2,325 Views
Last Modified: 2012-05-11

Just set up postfix & it's running on my RHES 4.2 box.

Immediately after postfix is up, I test sending emails from a permitted domain
(ahhh, on this postfix server's domain firewall, we even have a firewall rule
 which permits Tcp25 from those few sending domains' SMTP servers) using
an email client  to sender_id@[IP_address_of_the_postfix_server]  & the
/var/log/maillog on the postfix server indicated the email arrives at the postfix
server (with some errors though) :

# grep recipient_id /var/log/maillog*
maillog:Feb 15 11:41:52 hostname postfix/smtpd[6891]: NOQUEUE: reject: RCPT from gate1.mds.com.sg[203.126.130.157]: 554 5.7.1 <recipient_id@[202.6.163.31]>: Relay access denied; from=<prvs=020cae8c4=recipient_id@mds.com.sg> to=<recipient_id@[202.6.163.31]> proto=ESMTP helo=<gate1.mds.com.sg>
maillog:Feb 15 13:43:20 hostname sendmail[7688]: NOQUEUE: SYSERR(recipient_id): can not chdir(/var/spool/mqueue/): Permission denied

Then I installed dovecot rpm on my RHES box : uninstall it as it's an old version &
reinstall with a newer version & start up dovecot as well.

I did not test sending to sender_id@domain_name at that time because the domain I
purchased from a domain provider/registrar has yet to be registered in our ISP's
DNS.  Subsequently I registered the following A, MX & NS  records with our ISP :
A:      myportaltech.com.            IN      A      202.6.163.31
A:      smtp.myportaltech.com.      IN      A      202.6.163.31

PTR:      31.163.6.202.in-addr.arpa.      IN      PTR      smtp.myportaltech.com.

MX:      myportaltech.com.            IN      MX      10      smtp.myportaltech.com.

NS:      myportaltech.com.             IN          NS          ns1.businessexprezz.com.
NS:      myportaltech.com.             IN          NS          ns2.businessexprezz.com.

The above myportaltech is just a fictitious name of my domain but I
can provide the actual domain name if needed.

After the above records have been propagated to all other DNSes, I
test sending email from the same permitted domain, this time using
domain name & the email never arrives & I did not receive a 'bounced
mail' notification too.  Then I test sending from the same domain to
recipient_id@[202.6.163.31] & this time round, the test email never
show up in /var/log/maillog* anymore.

The network/security guys confirmed that the firewall logs did not
show any denied SMTP records.

So how do I go about troubleshooting this?  

Is this a DNS record entries issue, firewall/network issue or something
within my postfix server?

0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:sunhux
ID: 34913167

Sorry for the lack of info in earlier post.

Think the main issue is I can't even start up postfix (though
"ps -ef | grep postfix" showed there's a master postfix process
running & 'telnet localhost 25" showed it's listening :

[root@etc]# postfix set-permissions
[root@etc]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@ etc]# postfix reload
postfix/postfix-script: fatal: the Postfix mail system is not running

I googed for "master.lock unable exclusive lock" but it's mostly on
MacOS & editing php.ini doesn't help:

Relevant error from /var/log/maillog
Feb 17 11:15:20 hostname postfix/postfix-script[29383]: starting the Postfix mail system
Feb 17 11:15:20 hostname postfix/master[29384]: fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable
Feb 17 11:15:21 hostname postfix/smtpd[28721]: warning: connect #7 to subsystem private/proxymap: Connection refused
Feb 17 11:15:24 hostname postfix/postfix-script[29387]: fatal: the Postfix mail system is not running
Feb 17 11:15:31 hostname postfix/smtpd[28721]: warning: connect #8 to subsystem private/proxymap: Connection refused
Feb 17 11:15:41 hostname postfix/smtpd[28721]: warning: connect #9 to subsystem private/proxymap:
++++++++++++++++++++++++++++++++++=

# ./postfinger.sh --nowarn
postfinger - postfix configuration on Thu Feb 17 10:12:16 SGT 2011
version: 1.30

--System Parameters--
mail_version = 2.5.6
hostname = xxxxxxxx
uname = Linux xxxxxxxx 2.6.12.6-xen0 #1 Tue Jan 31 16:03:21 GMT 2006 i686 i686 i386 GNU/Linux

--Packaging information--
looks like this postfix comes from RPM package: postfix-2.5.6-1.rhel4

--main.cf non-default parameters--
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
html_directory = /usr/share/doc/postfix-2.5.6-documentation/html
mailq_path = /usr/bin/mailq.postfix
mail_spool_directory = /pop3/spool/mail
manpage_directory = /usr/share/man
mydomain = portalcity-tech.com
myhostname = smtp.portalcity-tech.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /pop3/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.6-documentation/readme
sendmail_path = /usr/sbin/sendmail.postfix
smtpd_sasl_auth_enable = yes

--master.cf--
smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

-- end of postfinger output --



# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = /usr/share/doc/postfix-2.5.6-documentation/html
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /pop3/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydomain = myportaltech.com
myhostname = smtp.myportaltech.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /pop3/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.6-documentation/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
0
 

Author Comment

by:sunhux
ID: 34915686

The firewall admin told me they saw incoming SMTP traffic accepted &
pass through the Cyberguard firewall (from Cybergd logs).

Delivery has failed to these recipients or groups:

root@myportaltech.com
A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.

I got the following bounced mail notification & further down (after the
****** line) is the latest maillog

The following organization rejected your message: [202.6.163.31].

Diagnostic information for administrators:
Generating server: gate2.mds.com.sg

root@myportaltech.com
[202.6.163.31] #<[202.6.163.31] #5.0.0 smtp; 5.1.0 - Unknown address error 554-'5.7.1 <root@myportaltech.com>: Relay access denied' (delivery attempts: 0)> #SMTP#

Original message headers:

X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhEBAMtCXE3AqINE/2dsb2JhbACXTI88vSyFXgSPXw
Received: from unknown (HELO sght02.mds.corp.int-ads) ([192.168.131.68])  by
 gate2.mds.com.sg with ESMTP/TLS/AES128-SHA; 17 Feb 2011 15:44:26 +0800
Received: from SGMBX02.mds.corp.int-ads ([fe80::11cd:49e0:af0f:1ba]) by
 sght02.mds.corp.int-ads ([::1]) with mapi id 14.01.0270.001; Thu, 17 Feb 2011
 15:44:26 +0800
From: "G PO mds" <sender_id@mds.com.sg>
To: "recipient_id@myportaltech.com" <recipient_id@myportaltech.com>
CC: "root@myportaltech.com" <root@myportaltech.com>
Subject: RE: testg tcpdump 1
Thread-Topic: testg tcpdump 1
Thread-Index: AQHLznZ/QZa8lLNf9kWxtxpo3qMWag==
Date: Thu, 17 Feb 2011 07:44:25 +0000
Message-ID: <B4D798BD8BA6A140B26EF75C1012558D114E85@SGMBX02.mds.corp.int-ads>
References: <B4D798BD8BA6A140B26EF75C1012558D0F14F3@SGMBX03.mds.corp.int-ads>

***************************************************************************************

********************************** latest maillog **************************************

Feb 17 14:12:41 hostname postfix/smtpd[30975]: > gate2.mds.com.sg[203.126.130.164]: 554 5.7.1 <senderid@myportaltech.com>: Relay access denied
Feb 17 14:12:41 hostname postfix/smtpd[30975]: watchdog_pat: 0x80baf68
Feb 17 14:12:41 hostname postfix/smtpd[30975]: < gate2.mds.com.sg[203.126.130.164]: RCPT TO:<root@myportaltech.com>
Feb 17 14:12:41 hostname postfix/smtpd[30975]: extract_addr: input: <root@myportaltech.com>
Feb 17 14:12:41 hostname postfix/smtpd[30975]: smtpd_check_addr: addr=root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: send attr request = rewrite
Feb 17 14:12:41 hostname postfix/smtpd[30975]: send attr rule = local
Feb 17 14:12:41 hostname postfix/smtpd[30975]: send attr address = root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: private/rewrite socket: wanted attribute: flags
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute name: flags
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute value: 0
Feb 17 14:12:41 hostname postfix/smtpd[30975]: private/rewrite socket: wanted attribute: address
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute name: address
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute value: root@myportaltech.com

Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute value: root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: private/rewrite socket: wanted attribute: (list terminator)
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute name: (end)
Feb 17 14:12:41 hostname postfix/smtpd[30975]: rewrite_clnt: local: root@myportaltech.com -> root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: send attr request = resolve
Feb 17 14:12:41 hostname postfix/smtpd[30975]: send attr sender =
Feb 17 14:12:41 hostname postfix/smtpd[30975]: send attr address = root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: private/rewrite socket: wanted attribute: flags
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute name: flags
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute value: 0
Feb 17 14:12:41 hostname postfix/smtpd[30975]: private/rewrite socket: wanted attribute: transport
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute name: transport
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute value: smtp
Feb 17 14:12:41 hostname postfix/smtpd[30975]: private/rewrite socket: wanted attribute: nexthop
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute name: nexthop
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute value: myportaltech.com

Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute value: myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: private/rewrite socket: wanted attribute: recipient
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute name: recipient
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute value: root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: private/rewrite socket: wanted attribute: flags
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute name: flags
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute value: 4096
Feb 17 14:12:41 hostname postfix/smtpd[30975]: private/rewrite socket: wanted attribute: (list terminator)
Feb 17 14:12:41 hostname postfix/smtpd[30975]: input attribute name: (end)
Feb 17 14:12:41 hostname postfix/smtpd[30975]: resolve_clnt: `' -> `root@myportaltech.com' -> transp=`smtp' host=`por
talcity-tech.com' rcpt=`root@myportaltech.com' flags= class=default
Feb 17 14:12:41 hostname postfix/smtpd[30975]: ctable_locate: install entry key root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: extract_addr: in: <root@myportaltech.com>, result: root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: >>> START Recipient address RESTRICTIONS <<<
Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=reject_invalid_hostname

Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=reject_invalid_hostname
Feb 17 14:12:41 hostname postfix/smtpd[30975]: reject_invalid_hostname: gate2.mds.com.sg
Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=reject_invalid_hostname status=0
Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=reject_unauth_pipelining
Feb 17 14:12:41 hostname postfix/smtpd[30975]: reject_unauth_pipelining: RCPT
Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=reject_unauth_pipelining status=0
Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=permit_mynetworks
Feb 17 14:12:41 hostname postfix/smtpd[30975]: permit_mynetworks: gate2.mds.com.sg 203.126.130.164
Feb 17 14:12:41 hostname postfix/smtpd[30975]: match_hostname: gate2.mds.com.sg ~? 172.18.20.0/24
Feb 17 14:12:41 hostname postfix/smtpd[30975]: match_hostaddr: 203.126.130.164 ~? 172.18.20.0/24
Feb 17 14:12:41 hostname postfix/smtpd[30975]: match_hostname: gate2.mds.com.sg ~? 127.0.0.0/8
Feb 17 14:12:41 hostname postfix/smtpd[30975]: match_hostaddr: 203.126.130.164 ~? 127.0.0.0/8
Feb 17 14:12:41 hostname postfix/smtpd[30975]: match_list_match: gate2.mds.com.sg: no match
Feb 17 14:12:41 hostname postfix/smtpd[30975]: match_list_match: 203.126.130.164: no match
Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=permit_mynetworks status=0
Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=permit_sasl_authenticated

Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=permit_sasl_authenticated
Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=permit_sasl_authenticated status=0
Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=reject_unauth_destination
Feb 17 14:12:41 hostname postfix/smtpd[30975]: reject_unauth_destination: root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: permit_auth_destination: root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: ctable_locate: leave existing entry key root@myportaltech.com
Feb 17 14:12:41 hostname postfix/smtpd[30975]: NOQUEUE: reject: RCPT from gate2.mds.com.sg[203.126.130.164]: 554 5.7.1 <
root@myportaltech.com>: Relay access denied; from=<prvs=02230e707=senderid@mds.com.sg> to=<root@myportaltech.com> pr
oto=ESMTP helo=<gate2.mds.com.sg>
Feb 17 14:12:41 hostname postfix/smtpd[30975]: generic_checks: name=reject_unauth_destination status=2
Feb 17 14:12:41 hostname postfix/smtpd[30975]: > gate2.mds.com.sg[203.126.130.164]: 554 5.7.1 <root@myportaltech.com>
: Relay access denied
Feb 17 14:12:41 hostname postfix/smtpd[30975]: watchdog_pat: 0x80baf68
Feb 17 14:12:42 hostname postfix/smtpd[30975]: < gate2.mds.com.sg[203.126.130.164]: RSET
Feb 17 14:12:42 hostname postfix/smtpd[30975]: > gate2.mds.com.sg[203.126.130.164]: 250 2.0.0 Ok
Feb 17 14:12:42 hostname postfix/smtpd[30975]: watchdog_pat: 0x80baf68

Feb 17 14:12:47 hostname postfix/smtpd[30975]: < gate2.mds.com.sg[203.126.130.164]: QUIT
Feb 17 14:12:47 hostname postfix/smtpd[30975]: > gate2.mds.com.sg[203.126.130.164]: 221 2.0.0 Bye
Feb 17 14:12:47 hostname postfix/smtpd[30975]: match_hostname: gate2.mds.com.sg ~? 172.18.20.0/24
Feb 17 14:12:47 hostname postfix/smtpd[30975]: match_hostaddr: 203.126.130.164 ~? 172.18.20.0/24
Feb 17 14:12:47 hostname postfix/smtpd[30975]: match_hostname: gate2.mds.com.sg ~? 127.0.0.0/8
Feb 17 14:12:47 hostname postfix/smtpd[30975]: match_hostaddr: 203.126.130.164 ~? 127.0.0.0/8
Feb 17 14:12:47 hostname postfix/smtpd[30975]: match_list_match: gate2.mds.com.sg: no match
Feb 17 14:12:47 hostname postfix/smtpd[30975]: match_list_match: 203.126.130.164: no match
Feb 17 14:12:47 hostname postfix/smtpd[30975]: send attr request = disconnect
Feb 17 14:12:47 hostname postfix/smtpd[30975]: send attr ident = smtp:203.126.130.164
Feb 17 14:12:47 hostname postfix/smtpd[30975]: private/anvil: wanted attribute: status
Feb 17 14:12:47 hostname postfix/smtpd[30975]: input attribute name: status
Feb 17 14:12:47 hostname postfix/smtpd[30975]: input attribute value: 0
Feb 17 14:12:47 hostname postfix/smtpd[30975]: private/anvil: wanted attribute: (list terminator)
Feb 17 14:12:47 hostname postfix/smtpd[30975]: input attribute name: (end)

Feb 17 14:12:47 hostname postfix/smtpd[30975]: match_hostaddr: 203.126.130.164 ~? 127.0.0.0/8
Feb 17 14:12:47 hostname postfix/smtpd[30975]: match_list_match: gate2.mds.com.sg: no match
Feb 17 14:12:47 hostname postfix/smtpd[30975]: match_list_match: 203.126.130.164: no match
Feb 17 14:12:47 hostname postfix/smtpd[30975]: send attr request = disconnect
Feb 17 14:12:47 hostname postfix/smtpd[30975]: send attr ident = smtp:203.126.130.164
Feb 17 14:12:47 hostname postfix/smtpd[30975]: private/anvil: wanted attribute: status
Feb 17 14:12:47 hostname postfix/smtpd[30975]: input attribute name: status
Feb 17 14:12:47 hostname postfix/smtpd[30975]: input attribute value: 0
Feb 17 14:12:47 hostname postfix/smtpd[30975]: private/anvil: wanted attribute: (list terminator)
Feb 17 14:12:47 hostname postfix/smtpd[30975]: input attribute name: (end)
Feb 17 14:12:47 hostname postfix/smtpd[30975]: disconnect from gate2.mds.com.sg[203.126.130.164]
Feb 17 14:16:07 hostname postfix/anvil[30977]: statistics: max connection rate 1/60s for (smtp:203.126.130.164) at Feb 1
7 14:12:41
Feb 17 14:16:07 hostname postfix/anvil[30977]: statistics: max connection count 1 for (smtp:203.126.130.164) at Feb 17 1
4:12:41
Feb 17 14:16:07 hostname postfix/anvil[30977]: statistics: max cache size 1 at Feb 17 14:12:41
0
 
LVL 20

Accepted Solution

by:
thehagman earned 1500 total points
ID: 35352264
From this line
resolve_clnt: `' -> `root@myportaltech.com' -> transp=`smtp' host=`portalcity-tech.com' rcpt=`root@myportaltech.com' flags= class=default

Open in new window

I conlcude that your box decides that root@myportaltech.com is not a local address. Instead it should be relayed using the appropriate mail server, namely portalcity-tech.com
However, relaying is diabled (whic is a good thing).

In summary, it seems that myportaltech.com is not considered a local domain.
0
 

Author Closing Comment

by:sunhux
ID: 35355698
not fully resolved
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question