Postfix NOQUEUE: reject: RCPT from unknown

Question

I built a web based application but when it is trying to send an e-mail it fails. Postfix logs the following in it's mail.log:

    postfix/smtpd[22261]: warning: hostname srv.eastinc.nl does not resolve to address 192.168.3.101
    postfix/smtpd[22261]: connect from unknown[192.168.3.101]
    postfix/smtpd[22261]: NOQUEUE: reject: RCPT from unknown[192.168.3.101]: 554 5.7.1 <someaddress@gmail.com>: Relay access denied; from=<Domain@eastinc.nl> to=<someaddress@gmail.com> proto=ESMTP helo=<domain.eastinc.nl>
    postfix/smtpd[22261]: disconnect from unknown[192.168.3.101]

I'm quite sure srv.eastinc.nl resolves to 192.168.3.101, because nslookup says so. Postfix configuration:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
delay_warning_time = 2h
home_mailbox = Maildir/
inet_interfaces = all
mailbox_size_limit = 0
mydestination = eastinc.nl, mail.eastinc.nl, srv.eastinc.nl, localhost.eastinc.nl, localhost
myhostname = mail.eastinc.nl
mynetworks = localhost 192.168.3.101 127.0.0.1 srv.eastinc.nl
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = smtp.ziggo.nl:25
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = no
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/ssl/certs/mailcert.pem
smtpd_tls_key_file = /etc/ssl/private/mail.key
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

If I understand this correctly, both 192.168.3.101 and srv.eastinc.nl should be able to relay mail through Postfix. Any ideas on how to get this to work?

Answer 1

You have following restrictions in your config:

smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain

permit_sasl_authenticated

Permit the request when the client is successfully authenticated via the RFC 4954 (AUTH) protocol.

reject_unauth_destination

Reject the request unless one of the following is true:

• Postfix is mail forwarder: the resolved RCPT TO domain matches $relay_domains or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),

• Postfix is the final destination: the resolved RCPT TO domain matches $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).

reject_unknown_sender_domain

Reject the request when Postfix is not final destination for the sender address, and the MAIL FROM domain has 1) no DNS MX and no DNS A record, or 2) a malformed MX record such as a record with a zero-length MX hostname (Postfix version 2.3 and later).

The reply is specified with the unknown_address_reject_code parameter (default: 450), unknown_address_tempfail_action (default: defer_if_permit), or 550 (nullmx, Postfix 3.0 and later). See the respective parameter descriptions for details.

So, my guess is: whoever connects from 192.168.3.101 host (is it server itself?) sending mails without authentication (there is nothing about auth in log). So you need the following restriction to do so:

permit_mynetworks

Permit the request when the client IP address matches any network or network address listed in $mynetworks.

Prepend smtpd_recipient_restrictions with permit_mynetworks.

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Official Docs: ACCESS README

UDP

Sometimes its really bad to permit_mynetworks because any host from $mynetworks can submit mails without authentication.

So its better to submit mails via smtp with auth from your app and dont use sendmail()/mail() functions

Answer 2

Recently i faced same kind of issue while sending email from the windows outlook client.

Note: This error particularly occurred while sending email via outlook desktop application.

Below is the Error message found in /var/log/mail.log while sending emails from outlook agent.

NOQUEUE: reject: RCPT from unknown[XXX.XXX.XXX.XXX]: 450 4.7.1 <DESKTOPOABC123>: Helo command rejected: Host not found; from=<abc123@example.org> to=<user1@exampleoutside.com> proto=ESMTP helo=<DESKTOPOABC123>

To fix the issue i did below actions post that able to send email via outlook agent.

Step 1: in the /etc/postfix/main.cf file commented out the following entry in the "smtpd_recipient_restrictions" parameter.

Step 2: restarted the postfix service agent.

$ sudo systemctl restart postfix