I have a recent “vanilla” install of mailcow-dockerized up and running a Hetzner Cloud vm. I still have ports 25 and 465 blocked, but am currently using my previous server as a dedicated relay.
I am receiving emails from individual senders (gmail, outlook, yahoo users, for example) - I’m also receiving receipts and notification emails from vendors - emails such as “you scheduled an appointment” or “your receipt from [xxxxx]”. But I noticed that I wasn’t receiving any newsletter emails. The newsletters are not in my spam folder, so I checked the postfix logs.
Postfix consistently bounces newsletter emails with a 450 4.1.8 Sender address rejected: Domain not found.
Is this a dns setup issue? A postfix configuration issue?
I have reduced smtpd_sender_restrictions to:
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated
For example, there is a newsletter that keeps bouncing from amtrak (US train service):
NOQUEUE: reject: RCPT from unknown[64.132.89.40]: 450 4.1.8 <bounce-4624648_HTML-892438069-30336238-10979464-2028@bounce.e-mail.amtrak.com>: Sender address rejected: Domain not found; from=<bounce-4624648_HTML-892438069-30336238-10979464-2028@bounce.e-mail.amtrak.com> to=<user@domain.tld> proto=ESMTP helo=<mta.e-mail.amtrak.com>
Later in the log, there is this (this particular message is only for amtrak):
warning: hostname mta.e-mail.amtrak.com does not resolve to address 64.132.89.40: Temporary failure in name resolution
Thinking that there may be a dns issue with the postfix container, I did the following:
docker compose exec postfix-mailcow /bin/bash
root@b105c083d049:/# nslookup 64.132.89.40
40.89.132.64.in-addr.arpa name = mta.e-mail.amtrak.com.
root@b105c083d049:/# host 64.132.89.40
40.89.132.64.in-addr.arpa domain name pointer mta.e-mail.amtrak.com
That’s just amtrak. FOr every other server, the dns lookups fail with a SERVFAIL message. For example, here are the logs for an email from sony.
postfix-mailcow-1 | Aug 2 17:39:10 b105c083d049 postfix/postscreen[5008]: CONNECT from [13.111.27.197]:55640 to [172.22.1.253]:25
postfix-mailcow-1 | Aug 2 17:39:10 b105c083d049 postfix/postscreen[5008]: ALLOWLISTED [13.111.27.197]:55640
postfix-mailcow-1 | Aug 2 17:39:18 b105c083d049 postfix/smtpd[5011]: connect from unknown[13.111.27.197]
postfix-mailcow-1 | Aug 2 17:39:18 b105c083d049 postfix/smtpd[5011]: Anonymous TLS connection established from unknown[13.111.27.197]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
postfix-mailcow-1 | Aug 2 17:39:42 b105c083d049 postfix/smtpd[5011]: NOQUEUE: reject: RCPT from unknown[13.111.27.197]: 450 4.1.8 <bounce-19_HTML-784004479-591736-6425522-4621055@bounce.txn-email.account.sony.com>: Sender address rejected: Domain not found; from=<bounce-19_HTML-784004479-591736-6425522-4621055@bounce.txn-email.account.sony.com> to=<user@domain.tld> proto=ESMTP helo=<ea197.mta.exacttarget.com>
postfix-mailcow-1 | Aug 2 17:39:42 b105c083d049 postfix/smtpd[5011]: disconnect from unknown[13.111.27.197] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
postfix-mailcow-1 | Aug 2 17:41:05 b105c083d049 postfix/postscreen[5062]: CONNECT from [13.111.27.197]:59932 to [172.22.1.253]:25
postfix-mailcow-1 | Aug 2 17:41:05 b105c083d049 postfix/postscreen[5062]: ALLOWLISTED [13.111.27.197]:59932
postfix-mailcow-1 | Aug 2 17:41:05 b105c083d049 postfix/postscreen[5062]: CONNECT from [13.111.27.197]:48079 to [172.22.1.253]:25
postfix-mailcow-1 | Aug 2 17:41:05 b105c083d049 postfix/postscreen[5062]: ALLOWLISTED [13.111.27.197]:48079
postfix-mailcow-1 | Aug 2 17:41:13 b105c083d049 postfix/smtpd[5011]: connect from unknown[13.111.27.197]
postfix-mailcow-1 | Aug 2 17:41:13 b105c083d049 postfix/smtpd[5066]: connect from unknown[13.111.27.197]
postfix-mailcow-1 | Aug 2 17:41:13 b105c083d049 postfix/smtpd[5011]: Anonymous TLS connection established from unknown[13.111.27.197]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
postfix-mailcow-1 | Aug 2 17:41:13 b105c083d049 postfix/smtpd[5066]: Anonymous TLS connection established from unknown[13.111.27.197]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
postfix-mailcow-1 | Aug 2 17:41:23 b105c083d049 postfix/anvil[5002]: statistics: max connection rate 2/60s for (smtpd:13.111.27.197) at Aug 2 17:41:13
postfix-mailcow-1 | Aug 2 17:41:23 b105c083d049 postfix/anvil[5002]: statistics: max connection count 2 for (smtpd:13.111.27.197) at Aug 2 17:41:13
postfix-mailcow-1 | Aug 2 17:41:23 b105c083d049 postfix/anvil[5002]: statistics: max cache size 6 at Aug 2 17:36:17
postfix-mailcow-1 | Aug 2 17:41:37 b105c083d049 postfix/smtpd[5011]: NOQUEUE: reject: RCPT from unknown[13.111.27.197]: 450 4.1.8 <bounce-19_HTML-784004479-591736-6425522-4621171@bounce.txn-email.account.sony.com>: Sender address rejected: Domain not found; from=<bounce-19_HTML-784004479-591736-6425522-4621171@bounce.txn-email.account.sony.com> to=<user@domain.tld> proto=ESMTP helo=<ea197.mta.exacttarget.com>
postfix-mailcow-1 | Aug 2 17:41:37 b105c083d049 postfix/smtpd[5011]: disconnect from unknown[13.111.27.197] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
postfix-mailcow-1 | Aug 2 17:41:38 b105c083d049 postfix/smtpd[5066]: NOQUEUE: reject: RCPT from unknown[13.111.27.197]: 450 4.1.8 <bounce-19_HTML-784004479-591736-6425522-4621148@bounce.txn-email.account.sony.com>: Sender address rejected: Domain not found; from=<bounce-19_HTML-784004479-591736-6425522-4621148@bounce.txn-email.account.sony.com> to=<user@domain.tld> proto=ESMTP helo=<ea197.mta.exacttarget.com>
postfix-mailcow-1 | Aug 2 17:41:38 b105c083d049 postfix/smtpd[5066]: disconnect from unknown[13.111.27.197] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
The dns checks:
docker compose exec postfix-mailcow /bin/bash
root@b105c083d049:/# host 13.111.27.197
Host 197.27.111.13.in-addr.arpa not found: 2(SERVFAIL)
root@b105c083d049:/# nslookup 13.111.27.197
** server can't find 197.27.111.13.in-addr.arpa: SERVFAIL
root@b105c083d049:/# dig ea197.mta.exacttarget.com
; <<>> DiG 9.18.24-1-Debian <<>> ea197.mta.exacttarget.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37557
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ea197.mta.exacttarget.com. IN A
;; ANSWER SECTION:
ea197.mta.exacttarget.com. 86400 IN A 13.111.27.197
;; Query time: 11 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Fri Aug 02 17:46:58 UTC 2024
;; MSG SIZE rcvd: 70