"is not a designated mailserver for" error after update

[sheshman]

Hi,

I was using same setup with PMG 7.x without any problem and updated with fresh install to 8.1.2, my system works as below;

My router (192.168.2.254)->PMG(192.168.2.24 - mxp01.mydomain.com)->Zimbra (192.168.2.32 - mail.mydomain.com), i can send emails to outer world without any problem and i can receive mails from gmail, yahoo, yandex etc. but when some one sends an email through any .com, .net, .com.tr domains it returns error and not delivering to recipient.

Error message as below;

2024-03-05T12:18:56.894661+03:00 mxp01 postfix/smtpd[328563]: connect from unknown[192.168.2.254]
2024-03-05T12:18:57.700186+03:00 mxp01 postfix/smtpd[328563]: NOQUEUE: reject: RCPT from unknown[192.168.2.254]: 554 5.7.1 <recipient@mydomain.com>: Recipient address rejected: Rejected by SPF: 192.168.2.254 is not a designated mailserver for sender@sender.com.tr (context mfrom, on mxp01.mydomain.com); from=<sender@sender.com.tr> to=<recipient@mydomain.com> proto=ESMTP helo=<EUR05-AM6-obe.outbound.protection.outlook.com>
2024-03-05T12:18:57.700274+03:00 mxp01 postfix/smtpd[328563]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "recipient@mydomain.com" from client "unknown[192.168.2.254]"
2024-03-05T12:18:57.796172+03:00 mxp01 postfix/smtpd[328563]: disconnect from unknown[192.168.2.254] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

As far as i understand it marks incoming traffic from 192.168.2.254 because it's my LAN router, so incoming traffic which comes to my wan ip, transporting through router to server, but why it started to check spf record to router with new version, this setup was working without any problem on 7.x version.

my /etc/hosts file :

127.0.0.1 localhost.localdomain localhost
192.168.2.24 mxp01.mydomain.com mxp01

# The following lines are desirable for IPv6 capable hosts

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

my /etc/hostname file :

mxp01

If i add sender's domain to whitelist through MailProxy->Whitelist then it starts to receive & deliver mails without any problem, but this option is not suitable because there are millions of domains

As a rookie most probably i'm doing something wrong but, my basic configuration as attached, what ami doing wrong here?

 

[Stoiko Ivanov]

My router (192.168.2.254)->PMG(192.168.2.24 - mxp01.mydomain.com)

The issue seems to be that your router does rewrite the source-ip of the smtp-server sending to your PMG

Rejected by SPF: 192.168.2.254

This says that the connection is made from your router - whitelisting this ip would result in basically allowing every IP on the internet to send you mail - not a good idea.

I'd check the port-forwarding and NAT settings of your router - make sure that it keeps the sending IP intact when forwarding SMTP-traffic to your PMG.

I hope this helps!

 

[sheshman]

The issue seems to be that your router does rewrite the source-ip of the smtp-server sending to your PMG

This says that the connection is made from your router - whitelisting this ip would result in basically allowing every IP on the internet to send you mail - not a good idea.

I'd check the port-forwarding and NAT settings of your router - make sure that it keeps the sending IP intact when forwarding SMTP-traffic to your PMG.

I hope this helps!

Thanks Stoiko, i'll work on that

 

[haebi5]

I have the same issue. Instead of a router, there is a postfix instance before the PMG. I'll have to disable SPF on the PMG, otherwhise I get the message:

NOQUEUE: reject: RCPT from relay.postfix.intern[IP]: 554 5.7.1 <receiver eMail-Address>: Recipient address rejected: Rejected by SPF: [IP of relay.postfix.intern] is not a designated mailserver for [sender eMail-Address] (context mfrom, on pgm.intern); from=<sender eMail-Address> to=<receiver eMail-Address> proto=ESMTP helo=<smtp>
2024-05-31T10:19:13.209476+02:00 mgw01 postfix/smtpd[7047]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "receiver eMail-Address" from client "relay.postfix.intern[IP of relay.postfix.intern]"

Any idea on how to fix this?

Best,
rene

 

[krolikofff]

Hello
Some emails are rejected by my pmg server.
In the Tracking center i see the message

2024-07-19T09:39:06.450712+03:00 mgtw postfix/smtpd[331477]: connect from forward101a.mail.yandex.net[178.154.239.84]
2024-07-19T09:39:06.653433+03:00 mgtw postfix/smtpd[331477]: NOQUEUE: reject: RCPT from forward101a.mail.yandex.net[178.154.239.84]: 554 5.7.1 <recipient@domain.com>: Recipient address rejected: Rejected by SPF: 178.154.239.84 is not a designated mailserver for manager3%40skzmk.ru (context mfrom, on mgtw.corp.mymailserver.com); from=<manager3@skzmk.ru> to=<recipient@domain.com> proto=ESMTP helo=<forward101a.mail.yandex.net>
2024-07-19T09:39:06.653514+03:00 mgtw postfix/smtpd[331477]: using backwards-compatible default setting smtpd_relay_before_recipient_restrictions=no to reject recipient "recipient@domain.com" from client "forward101a.mail.yandex.net[178.154.239.84]"
2024-07-19T09:39:06.691752+03:00 mgtw postfix/smtpd[331477]: disconnect from forward101a.mail.yandex.net[178.154.239.84] ehlo=1 mail=1 rcpt=0/3 data=0/1 rset=1 quit=1 commands=4/8Is this a mistake for me or a problem for the sender?

Is this a problem for me or for the sender?How can I fix this? These emails are not spam.