Hello everyone,

This is my last resort. After many days without resolving this error, researching and testing , I have some experience with Postfix, and this never happened to me. I manage at least six postfix email servers with different configurations, and two of them are Mailcow.

Here is a sample of the logs:
postfix-mailcow-1 | Dec 14 00:09:02 6bf13b8fc1d5 postfix/smtp[368]: warning: host mx1.example.com[IP_ADDRESS]:25 greeted me with my own hostname mail.example.com
postfix-mailcow-1 | Dec 14 00:09:02 6bf13b8fc1d5 postfix/smtp[368]: warning: host mx1.example.com[IP_ADDRESS]:25 replied to HELO/EHLO with my own hostname mail.example.com
postfix-mailcow-1 | Dec 14 00:09:02 6bf13b8fc1d5 postfix/smtp[368]: 8AC78E196C: to=user@example.com, relay=mx1.example.com[IP_ADDRESS]:25, delay=3.8, delays=0.47/0.09/3.2/0, dsn=5.4.6, status=bounced (mail for example.com loops back to myself)
My servers are not MX backups. I set the MAILCOW_HOSTNAME to point to my MX record. If I set a different name, it doesn’t resolve the issue.
I have tested different configurations and always encounter the same error. I have not checked the checkbox for backup MX server because it is not a backup server.
Why do I get this error when sending to some domains and not others? it is a migrated email and old zimbra., the mx record and ptr are ok

  • esackbauer replied to this.

  • I get the feeling that this is an internal firewall issue due to NAT rules or something like that, and has nothing to do with mailcow.
    The redacted log isn’t helpful as we can’t reconstruct the flow.

    To help you we need much more information…
    Details about what exactly you set up and from where to where you are trying to send, details from your mailcow.conf etc.
    I understand you don’t want to disclose your IP address(es) and fqdn(s), but this would make things much easier for us to debug things.
    If you don’t want to provide this information I suggest you get official support from the mailcow team, otherwise it’s all a wild guess for us

      Have something to say?

      Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

      enriluis I set the MAILCOW_HOSTNAME to point to my MX record

      To the DNS name of the MX record itself, or to the A record the MX record points to? You cannot “point” a hostname to a MX record… MAILCOW_HOSTNAME needs to be the DNS name of the A record.

      Seems like you have your DNS resolution not properly done, causing that loop.
      But again, without the real IP addresses and DNS names we cannot help you.

          esackbauer DocFraggle
          MAILCOW_HOSTNAME=correo.cmlk.co.cu
          my mx record point to correo.cmlk.co.cu, my DNS are manage by our providers, at the moment i don’t have SPF record yet, the PTR are ok, the mail server is behind a pfsense firewall running DNS-resolve, it has no static dns record pointing to internal mail server. have a portfordward for the 25 port traffic and the outgoing nat is made by the ip ptr on pfense to match it ptr.
          for example i send mail under .cu and get the error loop back and send to .com and not.

                enriluis for example i send mail under .cu and get the error loop back and send to .com and not.

                Can you explain, i don’t understand. Do you host more than one mail domain on that mailcow?
                Where are you sending to? to external recipients? internal on one of your other mailservers?

                    esackbauer No, it is a single domain cmlk.co.cu, and i sending outside to another external server domain.

                        enriluis

                        but from your log it seams that your MC is using *.com domain also postfix-mailcow-1 | Dec 14 00:09:02 6bf13b8fc1d5 postfix/smtp[368]: warning: host mx1.example.com[IP_ADDRESS]:25 greeted me with my own hostname mail.example.com << *.com right?

                        try to use postconf inside postfix-mailcow-1 to export current config maybe you will find it in there?

                            Please post these postfix logs without redacting FQDNs or IPs

                            ETNyx No, it is a single domain, i use a wildcar cert validated external, but is a single domain cmlk dot co dot cu

                            ETNyx

                            postfix.txt
                            6kB

                            ETNyx

                            postfix.txt
                            6kB

                            ETNyx this is my config

                            postfix.txt
                            6kB

                                    To fully understand all configuration of Postifx is very hard, so this is quiet blind shot based of error you get,,

                                    myorigin = $mydomain

                                    I do not like this, i would suggest to try $myhostname instead.

                                    PS: on second thought, try it, but I do not know, now I think it will not help,… sorry

                                    I meant the postfix logs, not the postfix config. The logs from your first post for example

                                    esackbauer i ordered to my provider the creation of the SPF record to my domain cmlk dot co dot cu, so they created pointing to fqdn instead domain @ record, this can cause of the error? i remember when started deploying the new mail server the delivery works fine this error appear some weeks ago maybe when my provider make the wrong spf record

                                      enriluis cmlk.co.cu

                                      This is you mail domain, and on that domain you need the SPF, DKIM and DMARC records according to the docs:
                                      docs.mailcow.email Icon DNS setup - mailcow: dockerized documentation

                                      docs.mailcow.email Icon docs.mailcow.email
                                      DNS setup - mailcow: dockerized documentation
                                      None
                                      docs.mailcow.email

                                      [unknown] pointing to fqdn instead domain @ record, this can cause of the error?

                                      I don’t think so, as those records are only for spam check, not for mail routing.

                                      Its a loop you have, so its a mail routing problem. Can be forwarding hosts, MX records different internally in your LAN (with local DNS resolvers) than in public internet (which is what unbound uses)

                                      And still, without proper logs its hard to tell what your problem is.

                                          Stupid question, but you did stop and disable any local mailserver (postfix, sendmail etc) running on the host OS? The default setting for a local postfix would be to use your hostname

                                          What does

                                          netstat -tulpen

                                          show on your host system?

                                          esackbauer the logs not show any relevant information, it is really strange because i can send mail outside .cu domain, ex .com etc etc… the message error it is on the fly, i mean instantaneously without “talk” to the remote system mail without any connect, helo and other phases, for example when i send a mail message to another system managed by me under .cu domain and i don’t see any try to mail delivery, i agree it is a loop query, but why the error is sending .cu domain at least
                                          12/17/2024, 09:03:51 PM info B7BB8E1938: removed
                                          12/17/2024, 09:03:51 PM info B7BB8E1938: to=<local-sender@local.comain>, relay=dovecot[172.16.172.250]:24, delay=0.53, delays=0.15/0.03/0.01/0.34, dsn=2.0.0, status=sent (250 2.0.0 <local-sender@local.comain> 6INrN4YtYmeOSQAAcDBgAQ Saved)
                                          12/17/2024, 09:03:50 PM info 75F94E0FBE: removed
                                          12/17/2024, 09:03:50 PM info B7BB8E1938: from=<>, size=5766, nrcpt=1 (queue active)
                                          12/17/2024, 09:03:50 PM info 75F94E0FBE: sender non-delivery notification: B7BB8E1938
                                          12/17/2024, 09:03:50 PM info B7BB8E1938: message-id=<20241218020350.B7BB8E1938@mail.fqdn.local>
                                          12/17/2024, 09:03:50 PM info disconnect from unknown[10.10.10.6] ehlo=1 quit=1 commands=2
                                          12/17/2024, 09:03:50 PM info 75F94E0FBE: to=<destination@remote.domain>, relay=remote.mx.domain[remote-mail-ip]:25, delay=2.8, delays=2/0.09/0.63/0, dsn=5.4.6, status=bounced (mail for remote.domain loops back to myself)
                                          12/17/2024, 09:03:50 PM warning warning: host remote.mx.domain[remote-mail-ip]:25 replied to HELO/EHLO with my own hostname mail.fqdn.local
                                          12/17/2024, 09:03:50 PM warning warning: host remote.mx.domain[remote-mail-ip]:25 greeted me with my own hostname mail.fqdn.local
                                          12/17/2024, 09:03:50 PM info connect from unknown[10.10.10.6]
                                          12/17/2024, 09:03:50 PM info PASS OLD [10.10.10.6]:22326
                                          12/17/2024, 09:03:50 PM info Look up 10.10.10.6 on whitelist, result 200 DUNNO
                                          12/17/2024, 09:03:50 PM info CONNECT from [10.10.10.6]:22326 to [172.16.172.253]:25
                                          12/17/2024, 09:03:50 PM warning warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated
                                          12/17/2024, 09:03:50 PM warning warning: DNSSEC validation may be unavailable
                                          12/17/2024, 09:03:49 PM info disconnect from mail-sogo-mailcow-1.mail_mailcow-network[172.16.172.248] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
                                          12/17/2024, 09:03:49 PM info 75F94E0FBE: from=<local-sender@local.comain>, size=2837, nrcpt=1 (queue active)
                                          12/17/2024, 09:03:48 PM info 75F94E0FBE: message-id=<13b-67622d80-3-4e8aa100@183119115>
                                          12/17/2024, 09:03:48 PM info 75F94E0FBE: client=mail-sogo-mailcow-1.mail_mailcow-network[172.16.172.248], sasl_method=PLAIN, sasl_username=local-sender@local.comain
                                          12/17/2024, 09:03:47 PM info connect from mail-sogo-mailcow-1.mail_mailcow-network[172.16.172.248]

                                          the 10.10.10.6 is the Firewall external making port fordwarding to internal mail server mailcow. after the connection i get error i reading on another mailcow to make a comparison of config, i see the logs are different, for example when i send mail from sogo webmail it do no appear as the ip firewall external… i’m skipping something but i cant see.
                                          why postfix/postscreen connection come from the external firewall lan ip 10.10.10.6? here are running dns resolve, i override the dns ip on docker-compose.override.yml
                                          ` dovecot-mailcow:
                                          dns:
                                          - 10.10.10.6

                                          postfix-mailcow:
  dns:
    - 10.10.10.6

                                          `

                                          ’postfix-mailcow-1 | Dec 17 22:35:21 f91971e3e5fb postfix/smtps/smtpd[520]: 33A45E100F: client=unknown[my-local-ip-pc], sasl_method=PLAIN, sasl_username=fromme@mydomain
                                          postfix-mailcow-1 | Dec 17 22:35:21 f91971e3e5fb postfix/cleanup[521]: 33A45E100F: message-id=47e9c7e8-73b7-40ea-8917-cc7f579b3002@email.android.com
                                          postfix-mailcow-1 | Dec 17 22:35:21 f91971e3e5fb postfix/qmgr[353]: 33A45E100F: from=<fromme@mydomain>, size=1305, nrcpt=1 (queue active)
                                          postfix-mailcow-1 | Dec 17 22:35:21 f91971e3e5fb postfix/postscreen[509]: CONNECT from [10.10.10.6]:7055 to [172.16.172.253]:25
                                          postfix-mailcow-1 | Dec 17 22:35:22 f91971e3e5fb whitelist_forwardinghosts: Look up 10.10.10.6 on whitelist, result 200 DUNNO
                                          postfix-mailcow-1 | Dec 17 22:35:22 f91971e3e5fb postfix/postscreen[509]: PASS OLD [10.10.10.6]:7055
                                          postfix-mailcow-1 | Dec 17 22:35:22 f91971e3e5fb postfix/smtpd[515]: connect from unknown[10.10.10.6]
                                          postfix-mailcow-1 | Dec 17 22:35:22 f91971e3e5fb postfix/smtp[522]: warning: host remote-fqdn.remotedomain[remote-ip]:25 greeted me with my own hostname correo.cmlk.co.cu
                                          postfix-mailcow-1 | Dec 17 22:35:22 f91971e3e5fb postfix/smtp[522]: warning: host remote-fqdn.remotedomain[remote-ip]:25 replied to HELO/EHLO with my own hostname correo.cmlk.co.cu’

                                            I get the feeling that this is an internal firewall issue due to NAT rules or something like that, and has nothing to do with mailcow.
                                            The redacted log isn’t helpful as we can’t reconstruct the flow.

                                              DocFraggle @esackbauer solved, yes you was rigth, my problem was an incorrect nat rule on external pfsense, for this reason i never see traffic outgoing to national .cu domain because the nat rule was related with this traffic. mailcow config was fine all the time. my apologies and thanks for you time!

                                                No one is typing