Home › Forums › OS X Server and Client Discussion › Mail › 10.4.11 SMTP error
- This topic has 5 replies, 3 voices, and was last updated 16 years, 8 months ago by
premiermac.
-
AuthorPosts
-
August 10, 2008 at 9:41 pm #373699vampyreapocalypsParticipant
Hi all,
We have a 10.4.11 server here running mail services. I’ve scoured the forums here and couldn’t find anything _quite_ like the isue I’m having, though I did find some info that I will e sure to use for testing tomorrow (no VPN access or anything else for that matter to my office).
Users can send/receive email internally just fine (i.e.: [email protected] can send to [email protected] just fine) and can _send_ mail externally just fine, but cannot _receive_ mail from any external domain. External domains receive no bounce back messages of any kind. There are no SMTP errors in any of the logs (I have set logs to debug level as well). We do have a second entry in our MX records for mail delivery. It seems that mail is being redirected to zoneedit.com (our secondary entry) before mail.mnn.org (our primary mail server). zoneedit then contacts our mail server but for some reason cannot get through.
I’ve copy/pasted the results of an nslookup from my box at home:
” andrew$ nslookup
> set type=mx
> mnn.org
Server: 10.0.1.1
Address: 10.0.1.1#53Non-authoritative answer:
mnn.org mail exchanger = 100 mx3.zoneedit.com.
mnn.org mail exchanger = 0 mail.mnn.org.Authoritative answers can be found from:”
Up until yesterday we were receiving no errors although mail was obviously not being delivered. zoneedit.com is now flooding our postmaster inbox with the following similar messages (about 7000 times):
“Subject: Postfix SMTP server: errors from mx3.zoneedit.com[71.6.145.17]
Transcript of session follows.
Out: 220 On behalf of MNN let me personally let me welcome you to our mail
server!
In: EHLO mx3.zoneedit.com
Out: 250-mail.mnn.org
Out: 250-PIPELINING
Out: 250-SIZE
Out: 250-ETRN
Out: 250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI
Out: 250 8BITMIME
In: MAIL FROM:
Out: 250 Ok
In: RCPT TO:
Out: 451 Server configuration error
In: DATA
Out: 554 Error: no valid recipients
In: RSET
Out: 250 Ok
In: QUIT
Out: 221 Bye”The recipient is a valid address and I cannot find any config errors in the GUI in server admin nor in the main.cf file…
We have both an internal and an external firewall. We’ve turned off all rules on the external firewall right now. For obvious reasons we cannot turn off filtering on the internal firewall. We’ve traced packets from an external box at my house to our mail server at the office. It passes through just fine, and is registered on the firewall logs, however mail is just not being delivered. I’m out of ideas since I am no postfix admin. Any ideas here? I can post log entries tomorrow since I will be in the office.
Our backup plan is to move the mail server to the DMZ since most people are suggesting this as it is “easier” to manage this way. However I have a few questions:
1. How exactly can we manage changes to the directory(i.e.: adding/removing users) through the DMZ? is this accomplished through a NAT and I can just add the server as a member server?
My postfix admin skills are pretty fledgling – I’m much more comfortable with a Kerio or Exchange setup.
TIA!
August 13, 2008 at 2:43 pm #373736gw1500seParticipantI tried accessing your server and when I entered the MAIL FROM command it rejected with “501 Bad address syntax”. My syntax was correct. That seems to correlate with the error you saw that says “451 Server configuration error.” Clearly there is something POSTFIX doesn’t like about your configuration and in particular, how it is processing the MAIL FROM command. The obvious question at this point is, what did you change? I suggest you go back to your previous working config file and start from there.
August 15, 2008 at 3:03 am #373759vampyreapocalypsParticipantWell, it ended up being a misconfigured main.cf. I had suspected this, but it was not apparent at all. It was a missing white space, causing postfix to interpret two separate parameters as one instead.
Obviously the GUI showed that everything was configured correctly, so it was a few days before we checked this file. We ended up running a diff command on the main.cf and bu files to find it. Luckily my coworker has run into these types of problems before.
TGFBUs! (Thank Goodness for BackUps!).
——-
On a side note, we had a similar problem with DNS (probably related to our network crash of last week) where we ended up replacing named.conf with named.bu. We tried to diff the log files, but bc of the inane way SA parses log files we ended up trying to eyeball it, and ultimately replaced .conf with .bu. We did run a diff on the .conf and .bu files, but it came back negative, though the file sizes were clearly different. The replacement fixed it, but as soon as I have some downtime I am going to search through that file to find the offender.
BTW, anybody have a way to get SA to not spit out poop rather than a real log file?
August 15, 2008 at 12:00 pm #373762premiermacParticipantOften with the open source stuff, it’s far better to use CLI or something like Webmin to configure it. Server Admin just doesn’t work.
August 15, 2008 at 1:04 pm #373764vampyreapocalypsParticipantYeah we are using webmin to manage postfix for the most part. But as a previous non-postfix admin I am still more comfortable with SA and the GUI as of yet. I’m learning though. We aren’t managing DNS outside of SA
August 15, 2008 at 1:08 pm #373765premiermacParticipantWell you sure don’t want to use both Server Admin and Webmin/CLI to manage the same service. SA tends to stomp stupidly on changes made by the other methods. It’s exceptionally poor with apache2. I found that it wrote directives that prevented apache2 from starting.
-
AuthorPosts
- You must be logged in to reply to this topic.
Comments are closed