loops back to myself

enriluis

Hello everyone,

This is my last resort. After many days without resolving this error, researching and testing , I have some experience with Postfix, and this never happened to me. I manage at least six postfix email servers with different configurations, and two of them are Mailcow.

Here is a sample of the logs:
postfix-mailcow-1 | Dec 14 00:09:02 6bf13b8fc1d5 postfix/smtp[368]: warning: host mx1.example.com[IP_ADDRESS]:25 greeted me with my own hostname mail.example.com
postfix-mailcow-1 | Dec 14 00:09:02 6bf13b8fc1d5 postfix/smtp[368]: warning: host mx1.example.com[IP_ADDRESS]:25 replied to HELO/EHLO with my own hostname mail.example.com
postfix-mailcow-1 | Dec 14 00:09:02 6bf13b8fc1d5 postfix/smtp[368]: 8AC78E196C: to=user@example.com, relay=mx1.example.com[IP_ADDRESS]:25, delay=3.8, delays=0.47/0.09/3.2/0, dsn=5.4.6, status=bounced (mail for example.com loops back to myself)
My servers are not MX backups. I set the MAILCOW_HOSTNAME to point to my MX record. If I set a different name, it doesn’t resolve the issue.
I have tested different configurations and always encounter the same error. I have not checked the checkbox for backup MX server because it is not a backup server.
Why do I get this error when sending to some domains and not others? it is a migrated email and old zimbra., the mx record and ptr are ok

esackbauer

enriluis I set the MAILCOW_HOSTNAME to point to my MX record

To the DNS name of the MX record itself, or to the A record the MX record points to? You cannot “point” a hostname to a MX record… MAILCOW_HOSTNAME needs to be the DNS name of the A record.

Seems like you have your DNS resolution not properly done, causing that loop.
But again, without the real IP addresses and DNS names we cannot help you.

DocFraggle

To help you we need much more information…
Details about what exactly you set up and from where to where you are trying to send, details from your mailcow.conf etc.
I understand you don’t want to disclose your IP address(es) and fqdn(s), but this would make things much easier for us to debug things.
If you don’t want to provide this information I suggest you get official support from the mailcow team, otherwise it’s all a wild guess for us

enriluis

esackbauer DocFraggle
MAILCOW_HOSTNAME=correo.cmlk.co.cu
my mx record point to correo.cmlk.co.cu, my DNS are manage by our providers, at the moment i don’t have SPF record yet, the PTR are ok, the mail server is behind a pfsense firewall running DNS-resolve, it has no static dns record pointing to internal mail server. have a portfordward for the 25 port traffic and the outgoing nat is made by the ip ptr on pfense to match it ptr.
for example i send mail under .cu and get the error loop back and send to .com and not.

esackbauer

enriluis for example i send mail under .cu and get the error loop back and send to .com and not.

Can you explain, i don’t understand. Do you host more than one mail domain on that mailcow?
Where are you sending to? to external recipients? internal on one of your other mailservers?

enriluis

esackbauer No, it is a single domain cmlk.co.cu, and i sending outside to another external server domain.

enriluis

esackbauer for example i reach some email tester without error: https://smtpserver.com/mail-tester/report/smtp+uqx72npo9wrf603e?reloaded=1, but the loop back error get when i send to under .cu domain or some of them i tested.

enriluis

esackbauer i ordered to my provider the creation of the SPF record to my domain cmlk dot co dot cu, so they created pointing to fqdn instead domain @ record, this can cause of the error? i remember when started deploying the new mail server the delivery works fine this error appear some weeks ago maybe when my provider make the wrong spf record

ETNyx

enriluis

but from your log it seams that your MC is using *.com domain also postfix-mailcow-1 | Dec 14 00:09:02 6bf13b8fc1d5 postfix/smtp[368]: warning: host mx1.example.com[IP_ADDRESS]:25 greeted me with my own hostname mail.example.com << *.com right?

try to use postconf inside postfix-mailcow-1 to export current config maybe you will find it in there?

esackbauer

enriluis cmlk.co.cu

This is you mail domain, and on that domain you need the SPF, DKIM and DMARC records according to the docs:
https://docs.mailcow.email/getstarted/prerequisite-dns/#dkim-spf-and-dmarc

[unknown] pointing to fqdn instead domain @ record, this can cause of the error?

I don’t think so, as those records are only for spam check, not for mail routing.

Its a loop you have, so its a mail routing problem. Can be forwarding hosts, MX records different internally in your LAN (with local DNS resolvers) than in public internet (which is what unbound uses)

And still, without proper logs its hard to tell what your problem is.

enriluis

ETNyx No, it is a single domain, i use a wildcar cert validated external, but is a single domain cmlk dot co dot cu

ETNyx

postfix.txt

6kB

ETNyx

postfix.txt

6kB

ETNyx this is my config

postfix.txt

6kB

DocFraggle

Please post these postfix logs without redacting FQDNs or IPs

ETNyx

To fully understand all configuration of Postifx is very hard, so this is quiet blind shot based of error you get,,

myorigin = $mydomain

I do not like this, i would suggest to try $myhostname instead.

PS: on second thought, try it, but I do not know, now I think it will not help,… sorry

DocFraggle

I meant the postfix logs, not the postfix config. The logs from your first post for example

enriluis

esackbauer the logs not show any relevant information, it is really strange because i can send mail outside .cu domain, ex .com etc etc… the message error it is on the fly, i mean instantaneously without “talk” to the remote system mail without any connect, helo and other phases, for example when i send a mail message to another system managed by me under .cu domain and i don’t see any try to mail delivery, i agree it is a loop query, but why the error is sending .cu domain at least
12/17/2024, 09:03:51 PM info B7BB8E1938: removed 12/17/2024, 09:03:51 PM info B7BB8E1938: to=<local-sender@local.comain>, relay=dovecot[172.16.172.250]:24, delay=0.53, delays=0.15/0.03/0.01/0.34, dsn=2.0.0, status=sent (250 2.0.0 <local-sender@local.comain> 6INrN4YtYmeOSQAAcDBgAQ Saved) 12/17/2024, 09:03:50 PM info 75F94E0FBE: removed 12/17/2024, 09:03:50 PM info B7BB8E1938: from=<>, size=5766, nrcpt=1 (queue active) 12/17/2024, 09:03:50 PM info 75F94E0FBE: sender non-delivery notification: B7BB8E1938 12/17/2024, 09:03:50 PM info B7BB8E1938: message-id=<20241218020350.B7BB8E1938@mail.fqdn.local> 12/17/2024, 09:03:50 PM info disconnect from unknown[10.10.10.6] ehlo=1 quit=1 commands=2 12/17/2024, 09:03:50 PM info 75F94E0FBE: to=<destination@remote.domain>, relay=remote.mx.domain[remote-mail-ip]:25, delay=2.8, delays=2/0.09/0.63/0, dsn=5.4.6, status=bounced (mail for remote.domain loops back to myself) 12/17/2024, 09:03:50 PM warning warning: host remote.mx.domain[remote-mail-ip]:25 replied to HELO/EHLO with my own hostname mail.fqdn.local 12/17/2024, 09:03:50 PM warning warning: host remote.mx.domain[remote-mail-ip]:25 greeted me with my own hostname mail.fqdn.local 12/17/2024, 09:03:50 PM info connect from unknown[10.10.10.6] 12/17/2024, 09:03:50 PM info PASS OLD [10.10.10.6]:22326 12/17/2024, 09:03:50 PM info Look up 10.10.10.6 on whitelist, result 200 DUNNO 12/17/2024, 09:03:50 PM info CONNECT from [10.10.10.6]:22326 to [172.16.172.253]:25 12/17/2024, 09:03:50 PM warning warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated 12/17/2024, 09:03:50 PM warning warning: DNSSEC validation may be unavailable 12/17/2024, 09:03:49 PM info disconnect from mail-sogo-mailcow-1.mail_mailcow-network[172.16.172.248] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6 12/17/2024, 09:03:49 PM info 75F94E0FBE: from=<local-sender@local.comain>, size=2837, nrcpt=1 (queue active) 12/17/2024, 09:03:48 PM info 75F94E0FBE: message-id=<13b-67622d80-3-4e8aa100@183119115> 12/17/2024, 09:03:48 PM info 75F94E0FBE: client=mail-sogo-mailcow-1.mail_mailcow-network[172.16.172.248], sasl_method=PLAIN, sasl_username=local-sender@local.comain 12/17/2024, 09:03:47 PM info connect from mail-sogo-mailcow-1.mail_mailcow-network[172.16.172.248]

the 10.10.10.6 is the Firewall external making port fordwarding to internal mail server mailcow. after the connection i get error i reading on another mailcow to make a comparison of config, i see the logs are different, for example when i send mail from sogo webmail it do no appear as the ip firewall external… i’m skipping something but i cant see.
why postfix/postscreen connection come from the external firewall lan ip 10.10.10.6? here are running dns resolve, i override the dns ip on docker-compose.override.yml
` dovecot-mailcow:
dns:
- 10.10.10.6

postfix-mailcow:
  dns:
    - 10.10.10.6

’postfix-mailcow-1 | Dec 17 22:35:21 f91971e3e5fb postfix/smtps/smtpd[520]: 33A45E100F: client=unknown[my-local-ip-pc], sasl_method=PLAIN, sasl_username=fromme@mydomain
postfix-mailcow-1 | Dec 17 22:35:21 f91971e3e5fb postfix/cleanup[521]: 33A45E100F: message-id=47e9c7e8-73b7-40ea-8917-cc7f579b3002@email.android.com
postfix-mailcow-1 | Dec 17 22:35:21 f91971e3e5fb postfix/qmgr[353]: 33A45E100F: from=<fromme@mydomain>, size=1305, nrcpt=1 (queue active)
postfix-mailcow-1 | Dec 17 22:35:21 f91971e3e5fb postfix/postscreen[509]: CONNECT from [10.10.10.6]:7055 to [172.16.172.253]:25
postfix-mailcow-1 | Dec 17 22:35:22 f91971e3e5fb whitelist_forwardinghosts: Look up 10.10.10.6 on whitelist, result 200 DUNNO
postfix-mailcow-1 | Dec 17 22:35:22 f91971e3e5fb postfix/postscreen[509]: PASS OLD [10.10.10.6]:7055
postfix-mailcow-1 | Dec 17 22:35:22 f91971e3e5fb postfix/smtpd[515]: connect from unknown[10.10.10.6]
postfix-mailcow-1 | Dec 17 22:35:22 f91971e3e5fb postfix/smtp[522]: warning: host remote-fqdn.remotedomain[remote-ip]:25 greeted me with my own hostname correo.cmlk.co.cu
postfix-mailcow-1 | Dec 17 22:35:22 f91971e3e5fb postfix/smtp[522]: warning: host remote-fqdn.remotedomain[remote-ip]:25 replied to HELO/EHLO with my own hostname correo.cmlk.co.cu’

DocFraggle

Stupid question, but you did stop and disable any local mailserver (postfix, sendmail etc) running on the host OS? The default setting for a local postfix would be to use your hostname

What does

netstat -tulpen

show on your host system?

DocFraggle

I get the feeling that this is an internal firewall issue due to NAT rules or something like that, and has nothing to do with mailcow.
The redacted log isn’t helpful as we can’t reconstruct the flow.

enriluis

DocFraggle @esackbauer solved, yes you was rigth, my problem was an incorrect nat rule on external pfsense, for this reason i never see traffic outgoing to national .cu domain because the nat rule was related with this traffic. mailcow config was fine all the time. my apologies and thanks for you time!