2

I am having trouble sending email to my relay host. All mail is being directly delivered.

postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = loopback-only
inet_protocols = all
mailbox_size_limit = 0
mydestination =
myhostname = webserver.example.com
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = smtp.example.com
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

Mailq and log shows the mail trying to connect directly to mail.h-email.net instead of my relay server.

Output of mailq:

root@webserver:/etc/postfix# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
9F79E60224      382 Thu Jun 25 09:19:49  root@webserver.example.com
         (connect to mail.h-email.net[107.21.213.75]:25: Connection timed out)
                                         tguadagnin@gmail.com

-- 0 Kbytes in 1 Request.

Output of mail.log

Jun 25 09:20:20 webserver postfix/smtp[6998]: 9F79E60224: to=<tguadagnin@gmail.com>, relay=none, delay=31, delays=0.02/0/31/0, dsn=4.4.1, status=deferred (connect to mail.h-email.net[107.21.213.75]:25: Connection timed out)

The log shows relay=none while all my other servers with the exact same configuration send email correctly and report as relay=smtp.example.com in their logs.

The only difference with this server is that I have it in a different network segment which is one of my DMZ's.

I have placed rules so that the server itself cannot communicate outbound on port 25. The server can commuicate to the relay host via port 25 successfully.

dpkg-reconfigure postfix and setting the system as a satellite system does not alleviate the issue. mailutils package provides the mail command.

Can anyone help me out? I've been struggling to figure out how to troubleshoot this correctly.

sebix
  • 4,313
  • 2
  • 29
  • 47
moodah
  • 43
  • 1
  • 1
  • 5
  • 1
    Some thoughts: Are myhostname = webserver.mydomain and relayhost = smtp.mydomain supposed to be myhostname = webserver.$mydomain and relayhost = smtp.$mydomain ? Either way, are these defined in DNS or just in /etc/hosts? If the latter, smtp_host_lookup = native *may* help. – jetboy Jun 25 '15 at 17:06
  • Thanks for the response jet it pointed me in the right direction. When I set smtp_host_lookup = native it stopped resolving out to the internet and started reporting relay=smtp.mydomain is not resolvable. – moodah Jun 26 '15 at 04:22

4 Answers4

2

It appears postfix completely ignores /etc/hosts.

If the setting relayhost = FQDN instead of an IP address, it will try to resolv the FQDN for its IP address and will not use /etc/hosts to find it. It will use the system configured resolv.conf file if smtp_host_lookup is set to native.

Since it could not resolve my relay host it instead just attempted to deliver the mail straight out into the ether. I cannot find details as to if this is the correct behaviour.

Setting the relayhost to an IP address OR ensuring the relayhost FQDN is resolvable WITHOUT using /etc/hosts fixes this problem.

sebix
  • 4,313
  • 2
  • 29
  • 47
moodah
  • 43
  • 1
  • 1
  • 5
  • 2
    You probably should use square brackets in the relayhost to turn off MX lookup - http://www.postfix.org/postconf.5.html#relayhost – ALex_hha Jan 04 '18 at 22:56
  • I have the same issue, `/var/log/mail.info` shows `relay=none`. I tried using directly the IP but that didn't work, I always get `relay=none`. How can I see why it's not using the relay config? – Pablo Mar 22 '21 at 11:44
1

1st Option

If you want to relay ALL email to a given /etc/hosts host and not receive any email, add this to /etc/postfix/main.cf :

mydestination= # Don't deliver anything locally

smtp_dns_support_level = disabled # native lookup only (/etc/hosts)

relayhost = hostname.mydomain.tld # your relay here. add IP/hostname to /etc/hosts

This will override DNS/MX lookups and use /etc/hosts only.
It will never use DNS lookups.

Please note: The lookup is not performed on incoming either. This is for an outbound (only) server to a relay that is found in /etc/hosts.

This is appropriate when you want a server to send LOCAL emails (root/cronjobs/etc) to an actual email server for delivery and never receive outside email itself.

Reference: smtp_dns_support_level

2nd Option

smtp_host_lookup = native can be used in place of smtp_dns_support_level above.

This will use "native naming service only" aka 'system' lookups.

It will normally first query /etc/hosts (via /etc/nsswitch.conf*). If not found, it will query a DNS server (default on most system*). In this regard, /etc/hosts can still override a lookup.

This appropriate if your server is also receiving outside email, or needs to use a DNS lookup for anything else not found in /etc/hosts. Please note that there is also a lmtp_host_lookup option.

* nsswitch.conf typical example:
hosts: files dns (Queries 'files' (/etc/hosts, normally) then the system DNS.)

Reference smtp_host_lookup , lmtp_host_lookup

B. Shea
  • 1,009
  • 11
  • 22
0

I complete resolve same issue with directly connecting to mail.h-email.net instead of my relay server. At that my sendmail try connect to mail.h-email.net independent of my mail destination domain.

My Server hostname = server.domain.org.ua

Incorrect specified relay as IP = 192.168.2.4

I'm sending a test letter to @ukr.net, which has nothing to do with mail.h-email.net.

I incorrectly configured relayhost in sendmail by specifying IP-adress instead of hostname_of_relayhost. Sendmail tries to resolve MX for "IP 192.168.2.4" and unexpectedly receives an existing name "4.org.ua" and MX "mail.h-email.net." for it.

== debug ==

= top output =
 sendmail: ./v3LJRuji049269 mail.h-email.net.: user open (sendmail)
 sendmail: ./v3LJhCr0049454 mail.h-email.net.: user open (sendmail)

= # tcpdump -vvv -i wan_if udp =
    server.domain.org.ua.9764 > google-public-dns-b.google.com.domain:  
    MX? 192.168.2.4.org.ua.

    google-public-dns-b.google.com.domain > server.domain.org.ua.9764: 
    q: MX? 192.168.2.4.org.ua. 1/0/1 192.168.2.4.org.ua. [59m59s] MX mail.h-email.net.

    server.domain.org.ua.36133 > google-public-dns-a.google.com.domain: 
     A? mail.h-email.net.

        23:28:28.687538 IP (tos 0x0, ttl 45, id 27064, offset 0, flags [none], proto UDP (17), length 329)
            google-public-dns-a.google.com.domain > server.domain.org.ua.36133: [udp sum ok] 29530 q: A? mail.h-email.net. 16/0/1 mail.h-email.net. [3m28s] A 198.133.159.124, mail.h-email.net. [3m28s] A 198.133.159.123, mail.h-email.net. [3m28s] A 198.133.159.125, mail.h-email.net. [3m28s] A 198.133.159.133, mail.h-email.net. [3m28s] A 198.133.159.137, mail.h-email.net. [3m28s] A 198.133.159.119, mail.h-email.net. [3m28s] A 198.133.159.121, mail.h-email.net. [3m28s] A 198.133.159.122, mail.h-email.net. [3m28s] A 198.133.159.132, mail.h-email.net. [3m28s] A 198.133.159.126, mail.h-email.net. [3m28s] A 198.133.159.139, mail.h-email.net. [3m28s] A 198.133.159.135, mail.h-email.net. [3m28s] A 198.133.159.136, mail.h-email.net. [3m28s] A 198.133.159.120, mail.h-email.net. [3m28s] A 198.133.159.138, mail.h-email.net. [3m28s] A 198.133.159.134 ar: . OPT UDPsize=512 OK (301)

    =check=
    $ nslookup -ty=mx 4.org.ua

    Non-authoritative answer:
    4.org.ua    mail exchanger = 5 mail.h-email.net.

So I specify "relay host" as "hostname" and resolve issue.

sendmail user
  • 1
0

just found that postfix have/could have its own hosts file /var/spool/postfix/etc/hosts. I has same issue as reported and with help of "postfix check" command i was able to find this issue. Updated/ added host entry to /var/spool/postfix/etc/hosts and now postfix reads FQDN for hostfile instead of DNS

Chetan
  • 1