Bounced email getting rejected by mail server.

Ajecu

Member
Feb 16, 2020
15
0
21
37
When a user example@local.com sends an email to an address that defers the email(greylist) gfitest@gfitest.com the PMG sends the bounce back to the email server but the email server blocks the bounce:
NOQUEUE: reject: RCPT from pmg.local[<local ip>]: 554 5.7.1 <gfitest@gfitest.com>: Relay access denied; from=<example@local.com> to=<gfitest@gfitest.com> proto=ESMTP helo=<pmg.local>

The pmg.local addres is in mynetworks on the mail server and i have tested and pmg.local can relay via the mail server(tested with telnet using the same from and to),but bounced emails get rejected.

If i do not use PMG as a relayhost the problem dose not appear.

Is there special consideration given to deferred/bounced emails so the mail server can receive the bounce and retry.
Should the retry be attempted by PMG?
 
Last edited:
Is the mail server same network segment with PMG?
Try add your mail server network/cidr to trusted network.
 
"Is the mail server same network segment with PMG?"
Yes it is and the network segment is in the trusted networks.

And in the mail server pmg is in mynetworks and via telnet i can send relay messages,but the bounced messages that pmg forwards to the mail server get reject: RCPT from pmg.local.

This is what i do not understand,since i can do mail relay from pmg to mailserver and it is accepted what is different in the way bounced messages are sent.
 
If i add the "gfitest.com" domain to the relay_domains parameter in main.cf then the bounced messages are no longer getting relay access denied.
How can i accept for relay bounced messages matching the addreses/domains of sent messages?
 
When a user example@local.com sends an email to an address that defers the email(greylist) gfitest@gfitest.com the PMG sends the bounce back to the email server
No - when PMG greylists a mail it simply replies with a temporary error code (4xx) to the sending server - the sending server then needs to retry delivery (usually it does so within 5 minutes)

please post the complete logs of the mail (and try to not remove information necessary for following the mail-flow)
 
PMG is not doing the greylisting,the other server is.And when PMG forwards the greylisted message back to the mail server it refuses the greylisted message with "Relay access denied;",but if i do not use PMG as a relay host then the issue dose not appear.
 
And when PMG forwards the greylisted message back to the mail server it refuses the greylisted message with "Relay access denied;",but if i do not use PMG as a relay host then the issue dose not appear.
Seems to me this is an issue with the receiving servers configuration then?
Check it's config and logs - or contact it's administrator - to find out why mails get accepted from the downstream server but not from PMG
 
But should the greylisted messages return to the server or should PMG retry to send after a while?
 
But should the greylisted messages return to the server or should PMG retry to send after a while?
Greylisted messages usually means that the receiving server sent a 4xx temporary response code - in that case pmg will queue the mail and try to redeliver it at a later timepoint.
 
Example of log:
Sep 12 12:09:13 mail7 postfix/smtpd[998464]: connect from unknown[localMailServer] Sep 12 12:09:13 mail7 postfix/smtpd[998464]: A1AD7120EF9: client=unknown[localMailServer] Sep 12 12:09:13 mail7 postfix/cleanup[999848]: A1AD7120EF9: message-id=<9f39ee5b-ca2f-61eb-a121-7d29fe26681e@localdomain> Sep 12 12:09:13 mail7 postfix/qmgr[408]: A1AD7120EF9: from=<sender@localdomain>, size=4157890, nrcpt=2 (queue active) Sep 12 12:09:13 mail7 postfix/smtpd[998464]: disconnect from unknown[localMailServer] ehlo=2 starttls=1 mail=1 rcpt=2 data=1 quit=1 commands=8 Sep 12 12:09:13 mail7 pmg-smtp-filter[999854]: 121A07631EF739AE06D: new mail message-id=<9f39ee5b-ca2f-61eb-a121-7d29fe26681e@localdomain>#012 Sep 12 12:09:17 mail7 pmg-smtp-filter[999854]: 121A07631EF739AE06D: SA score=0/5 time=0.692 bayes=0.00 autolearn=no autolearn_force=no hits=ALL_TRUSTED(-1),AWL(-0.235),BAYES_00(-1.9),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),KAM_NUMSUBJECT(0.5),T_SCC_BODY_TEXT_LINE(-0.01) Sep 12 12:09:17 mail7 postfix/smtpd[999858]: connect from localhost[127.0.0.1] Sep 12 12:09:17 mail7 postfix/smtpd[999858]: BDC39121A15: client=localhost[127.0.0.1], orig_client=unknown[localMailServer] Sep 12 12:09:17 mail7 postfix/cleanup[999847]: BDC39121A15: message-id=<9f39ee5b-ca2f-61eb-a121-7d29fe26681e@localdomain> Sep 12 12:09:17 mail7 postfix/qmgr[408]: BDC39121A15: from=<sender@localdomain>, size=4157543, nrcpt=2 (queue active) Sep 12 12:09:17 mail7 postfix/smtpd[999858]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=2 data=1 commands=6 Sep 12 12:09:17 mail7 pmg-smtp-filter[999854]: 121A07631EF739AE06D: accept mail to <reciever@externaldomain> (BDC39121A15) (rule: default-accept) Sep 12 12:09:17 mail7 pmg-smtp-filter[999854]: 121A07631EF739AE06D: accept mail to <santi@externaldomain> (BDC39121A15) (rule: default-accept) Sep 12 12:09:17 mail7 pmg-smtp-filter[999854]: 121A07631EF739AE06D: processing time: 4.143 seconds (0.692, 3.253, 0) Sep 12 12:09:17 mail7 postfix/lmtp[997851]: A1AD7120EF9: to=<reciever@externaldomain>, relay=127.0.0.1[127.0.0.1]:10023, delay=4.3, delays=0.05/0/0/4.2, dsn=2.5.0, status=sent (250 2.5.0 OK (121A07631EF739AE06D)) Sep 12 12:09:17 mail7 postfix/lmtp[997851]: A1AD7120EF9: to=<santi@externaldomain>, relay=127.0.0.1[127.0.0.1]:10023, delay=4.3, delays=0.05/0/0/4.2, dsn=2.5.0, status=sent (250 2.5.0 OK (121A07631EF739AE06D)) Sep 12 12:09:17 mail7 postfix/qmgr[408]: A1AD7120EF9: removed Sep 12 12:09:19 mail7 postfix/smtp[998528]: BDC39121A15: host mx01.dns-servicios.com[82.194.66.207] said: 451 4.7.1 Greylisting in action, please come back later (in reply to RCPT TO command) Sep 12 12:09:19 mail7 postfix/smtp[998528]: BDC39121A15: host mx01.dns-servicios.com[82.194.66.207] said: 451 4.7.1 Greylisting in action, please come back later (in reply to RCPT TO command) Sep 12 12:09:20 mail7 postfix/smtp[998528]: BDC39121A15: host mx00.dns-servicios.com[82.194.66.208] said: 451 4.7.1 Greylisting in action, please come back later (in reply to RCPT TO command) Sep 12 12:09:20 mail7 postfix/smtp[998528]: BDC39121A15: host mx00.dns-servicios.com[82.194.66.208] said: 451 4.7.1 Greylisting in action, please come back later (in reply to RCPT TO command) Sep 12 12:09:20 mail7 postfix/smtp[998528]: BDC39121A15: to=<reciever@externaldomain>, relay=localMailServer[localMailServer]:25, delay=2.4, delays=0.14/0/2.2/0.01, dsn=5.7.1, status=bounced (host localMailServer[localMailServer] said: 554 5.7.1 <reciever@externaldomain>: Relay access denied (in reply to RCPT TO command)) Sep 12 12:09:20 mail7 postfix/smtp[998528]: BDC39121A15: to=<santi@externaldomain>, relay=localMailServer[localMailServer]:25, delay=2.4, delays=0.14/0/2.2/0.02, dsn=5.7.1, status=bounced (host localMailServer[localMailServer] said: 554 5.7.1 <santi@externaldomain>: Relay access denied (in reply to RCPT TO command)) Sep 12 12:09:20 mail7 postfix/qmgr[408]: BDC39121A15: removed
 
Last edited:
Sep 12 12:09:13 mail7 postfix/smtpd[998464]: connect from unknown[localPMGip]
this looks odd - if mail7 is your PMG - what is localPMGip? - in other words - why does pmg connect with it's "external" ip to smtpd on PMG?
 
still looks odd
to=<reciever@externaldomain>, relay=localMailServer[localMailServer]:2
why does pmg think that externaldomain needs to be relayed to localMailserver?!
 
I should not relay to localmailserver a bounced message.
the issue - from what i can see is not that it's a bounce but that your config tries to send mails to externaldomain to your internal server

please make sure that you setup your relay domains correctly - your transport entries (if needed) are correct, and that you did not by accident specify your internal relay as 'smart host'...
 
If there was any miss-configuration then all emails should be sent to internal server,since there is no per domain rules setup.
There are no smart hosts and no transports are needed.
And this only happens with bounced messaged,greylisted or with other issues.
 
There are just custom certificates setup.The rest is standard with the relay domains setup and the relay host setup on the local mail server.

I will try to debug when there is less traffic on the server and i get a fresh issue.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!