Postfix: bouncing mail (reverse DNS issue)

Question

I have a problem with Postfix. I get this with some email address:

to=<mail@domain.tld>, relay=mail.domain.tld[IP_ADDRESS]:25, delay=3, delays=0/0/2.5/0.52, dsn=5.7.1, status=bounced (host mail.domain.tld[IP_ADDRESS] said: 550 5.7.1 <mail@domain.tld>... Fix reverse DNS for MY_SERVER_IP_ADDRESS,or use your ISP server (in reply to RCPT TO command))

I read something and it should be related to my HELO/EHLO hostname. Postfix runs on the same server of the script sending mails, same IP address. When I type hostname -f ubuntu returns "localhost". But in /etc/hostname I have "domain.tld" (one of my domains).

Here's my main.cf file:

### Postfix SMTP Server
myhostname = $mydomain
mydomain = domain.tld
myorigin = $mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP $mail_name (multiformeingegno)
biff = no
append_dot_mydomain = no
readme_directory = no
relayhost = 
inet_interfaces = all
local_transport = error:local delivery is disabled

mydestination = domain.tld, localhost.domain.tld, localhost
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = all

Answer 1

Assume your mail server name is multiformeingegno.it (myhostname value in postfix) and your server has two IPs 1.2.3.4 and 1.2.3.5 and you are sending a mail from user@otherdomain.tld, setting up all the following is always recommended.

• A record of multiformeingegno.it pointing to 1.2.3.4 and 1.2.3.5
• PTR record for 1.2.3.4 and 1.2.3.5 pointing to multiformeingegno.it
• SPF record for otherdomain.tld should include both 1.2.3.4 and 1.2.3.5
• otherdomain.tld should have proper MX record or a A record

Hope that was clear. To clarify you one more thing, your system's name has nothing to do here.

Answer 2

To fix this, you need to make sure that your PTR record for your server's IP address corresponds to your server's advertised hostname.

Your hosting provider (or whoever provided you with the IP address) should be able to help you with this, as reverse DNS administration (usually) lies with the controlling ISP, normally defined in WHOIS.

Essentially, whatever IP your server resolves to must have a reverse DNS pointing to the same hostname, or at a minimum Postfix's myhostname configuration variable, which is the name it uses when sending a HELO request to another SMTP server.

This is more than simply good practice when you run a public mailserver, as checking PTR addresses is part of the anti-spam setup of many mailserver administrators (including me) due to the fact that many spammers use dynamic IP addresses or non-matching A/PTR combinations.

A slightly more in-depth explanation is this:

• The bounce message you're seeing is being generated by the receiving MTA at mail.domain.tld.
• This server sees that your Postfix server is using the IP 1.2.3.4 (I've used a placeholder as you haven't given yours).
• The receiving MTA checks the RDNS entry for 1.2.3.4 against the hostname that it appears to be from according to the HELO it receives.
• If the RDNS matches, it shows you are a responsible mailserver admin and the mail passes that particular check
• Be aware that this is just one check, and your message may fail others.

A real-world example:

~ $ nslookup vps.vikingserv.net
Server:     192.168.50.11
Address:    192.168.50.11#53

Non-authoritative answer:
Name:   vps.vikingserv.net
Address: 31.3.251.12

~ $ nslookup 31.3.251.12
Server:     192.168.50.11
Address:    192.168.50.11#53

Non-authoritative answer:
12.251.3.31.in-addr.arpa    name = vps.vikingserv.net.