Recipient address rejected: undeliverable address: unknown user: "nigel"

kez · Feb 14, 2024

Hi there,

On our PMG Cluster, we have 1 node that rejects all mail for one of our users.

Here is a NDR:

Code:

node1 said reject: RCPT from smtp2.e.amses.net[213.161.89.103]: 550 5.1.1 <nigel@example.co.uk>: Recipient address rejected: undeliverable address: unknown user: "nigel"; from=<keith.deleted@deleted.net> to=<nigel@example.co.uk> proto=ESMTP helo=<smtp2.e.amses.net>

Here is a log from node1:

Code:

Feb 14 16:49:35 node1 postfix/local[48307]: 6D3941C029A: to=<nigel@example.co.uk>, relay=local, delay=0.11, delays=0.05/0.02/0/0.04, dsn=5.1.1, status=bounced (unknown user: "nigel")

Mail is working fine on all other cluster nodes.

Any ideas at all?

Thanks,
C

UPDATE

We are able to send an email via a telnet test from node1 to the users mail server:

Code:

root@node1:~# telnet mail.example.co.uk 25
Trying 1.2.3.4...
Connected to example.co.uk.
Escape character is '^]'.
220-cpanel93.deleted.uk ESMTP Exim 4.96.2 #2 Wed, 14 Feb 2024 16:34:43 +0000
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO node1.deleted.uk
250-cpanel93.deleted.uk Hello node1.deleted.uk [4.5.6.7]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-PIPECONNECT
250-STARTTLS
250 HELP
MAIL FROM: info@test.uk
250 OK
RCPT TO: nigel@example.co.uk
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
Testing
.
250 OK id=1raIF9-00Dg64-21

We can see this on the cPanel server in Exim etc. so it worked.

But it seems if the mail comes into node1 via the domain MX it does not work.

Bit stuck here.

Stoiko Ivanov · Feb 15, 2024

my guess is that node1 thinks it is the final destination for example.co.uk - did you maybe set its hostname to example.co.uk?

suggestion:
* set the hostname to something that is not the domain (e.g. pmg.example.co.uk)
* set either the default relay to the cpanel server (if you only have one downstream server) - or create a transport entry for example.co.uk (pointing to the cpanel server)

kez · Feb 15, 2024

Stoiko Ivanov said:
my guess is that node1 thinks it is the final destination for example.co.uk - did you maybe set its hostname to example.co.uk?

suggestion:
* set the hostname to something that is not the domain (e.g. pmg.example.co.uk)
* set either the default relay to the cpanel server (if you only have one downstream server) - or create a transport entry for example.co.uk (pointing to the cpanel server)

Thanks, sorry, I should have said.

node1 is a different domain. It's hard to give the real details in a public place like here.

It looks like this:

PMG Domain: isp.com
PMG Server Hostname: node1.isp.com
Customer Email: nigel@customer.co.uk
Customer MX: node1-6,etc..isp.com
Our cPanel server for this customer: cpanel93.isp.com
DNS: mail.customer.co.uk > CNAME > cpanel93.isp.com

There is both a 'relay' and 'transport' entry for this customer:

PMG > Configuration > Mail Proxy > Relay Domains > customer.co.uk

PMG > Configuration > Mail Proxy > Transports;
Relay Domain: customer.co.uk
Host: mail.customer.co.uk
Protocol: SMTP
Port: 25
Use MX: No

Does this help to clarify and see the issue?

Stoiko Ivanov · Feb 15, 2024

Do you have any modifications to the postfix config in place? - /etc/pmg/templates (the files main.cf.in and master.cf.in)

kez said:
PMG Domain: isp.com

is this also the first entry in /etc/resolv.conf?

kez said:
PMG Server Hostname: node1.isp.com

is this the output of `hostname -f`?

see https://www.postfix.org/ADDRESS_CLASS_README.html for the classification and when mails are considered local

kez · Feb 15, 2024

Stoiko Ivanov said:
Do you have any modifications to the postfix config in place? - /etc/pmg/templates (the files main.cf.in and master.cf.in)

is this also the first entry in /etc/resolv.conf?

is this the output of `hostname -f`?

see https://www.postfix.org/ADDRESS_CLASS_README.html for the classification and when mails are considered local

Hi Stoiko,

To answer:

> Do you have any modifications to the postfix config in place? - /etc/pmg/templates (the files main.cf.in and master.cf.in)

Yes, we have these. I am happy to send them over.

Code:

root@node1:~# ls -la  /etc/pmg/templates
total 48
drwxr-xr-x 2 root root 4096 Feb 14 13:38 .
drwxr-xr-x 6 root root 4096 Feb 14 17:00 ..
-rw-r--r-- 1 root root 5010 Feb 14 13:38 main.cf.in
-rw-r--r-- 1 root root 4828 Jun  2  2023 main.cf.in.ucf-dist
-rw-r--r-- 1 root root 4841 Mar 30  2023 main.cf.in.ucf-old
-rw-r--r-- 1 root root  442 Mar 30  2023 spamreport-short.tt
-rw-r--r-- 1 root root  524 Jun  2  2023 spamreport-short.tt.ucf-dist
-rw-r--r-- 1 root root 1531 Mar 30  2023 spamreport-verbose.tt
-rw-r--r-- 1 root root 1615 Jun  2  2023 spamreport-verbose.tt.ucf-dist

For `main.cf.in` we changed the `mail_name` on line 56.

> is this also the first entry in /etc/resolv.conf?

Yes:

Code:

root@node1:~# cat /etc/resolv.conf
search isp.com
nameserver 127.0.0.1

> is this the output of `hostname -f`?

Yes:

Code:

root@node1:~# hostname -f
node1.isp.com

PS - I deleted the Relay Domain and Transport for the customer on the node1 master, then added it back, but same issue. All nodes work fine apart from the master node1.

Thanks for the help so far!
C

Stoiko Ivanov · Feb 15, 2024

My guess is the issue is in your main.cf.in - either compare it to the shipped version (/var/lib/pmg/templates/main.cf.in) and check each option you changed for the potential cause of your customer domains being considered local
or share it (anonymize only what you must, and do so consistently inside the file) - maybe we'll be able to say more ...

kez · Feb 15, 2024

Stoiko Ivanov said:
My guess is the issue is in your main.cf.in - either compare it to the shipped version (/var/lib/pmg/templates/main.cf.in) and check each option you changed for the potential cause of your customer domains being considered local
or share it (anonymize only what you must, and do so consistently inside the file) - maybe we'll be able to say more ...

Hi Stoiko,

Please see the custom template on the left vs the default on the right.

Any difference between the 2 files has a pipe symbol "|" next to them. All we did was change to 'mail_name = Qmail' from 'mail_name = Proxmox'.

Code:

root@node2:~# sdiff main.cf.in.node1 /var/lib/pmg/templates/main.cf.in
# auto-generated by proxmox                    # auto-generated by proxmox


compatibility_level = 2                        compatibility_level = 2
command_directory = /usr/sbin                    command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin            daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix                data_directory = /var/lib/postfix


# appending .domain is the MUA's job.                # appending .domain is the MUA's job.
append_dot_mydomain = yes                    append_dot_mydomain = yes


smtpd_banner = $myhostname [% pmg.mail.banner %]        smtpd_banner = $myhostname [% pmg.mail.banner %]
biff = no                            biff = no


[% IF pmg.mail.dwarning %]                    [% IF pmg.mail.dwarning %]
delay_warning_time = [% pmg.mail.dwarning %]h            delay_warning_time = [% pmg.mail.dwarning %]h
[% END %]                            [% END %]


best_mx_transport = local                    best_mx_transport = local
message_size_limit = [% pmg.mail.maxsize %]            message_size_limit = [% pmg.mail.maxsize %]
mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pm    mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pm


mydomain = [% dns.domain %]                    mydomain = [% dns.domain %]
myhostname = [% dns.hostname %].[% dns.domain %]        myhostname = [% dns.hostname %].[% dns.domain %]


parent_domain_matches_subdomains = debug_peer_list,fast_flush    parent_domain_matches_subdomains = debug_peer_list,fast_flush


alias_maps = hash:/etc/aliases                    alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases                alias_database = hash:/etc/aliases
mydestination = localhost, $myhostname                mydestination = localhost, $myhostname
mynetworks = [% postfix.mynetworks %]                mynetworks = [% postfix.mynetworks %]


relay_domains = hash:/etc/pmg/domains                relay_domains = hash:/etc/pmg/domains


transport_maps = hash:/etc/pmg/transport            transport_maps = hash:/etc/pmg/transport


[% IF pmg.mail.relay %]                        [% IF pmg.mail.relay %]
[% IF pmg.mail.relayprotocol == 'lmtp' %]            [% IF pmg.mail.relayprotocol == 'lmtp' %]
relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.ma    relay_transport = [% pmg.mail.relayprotocol %]:inet:[% pmg.ma
[% ELSE %]                            [% ELSE %]
[% IF pmg.mail.relaynomx %]                    [% IF pmg.mail.relaynomx %]
relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.r    relay_transport = [% pmg.mail.relayprotocol %]:[[% pmg.mail.r
[% ELSE %]                            [% ELSE %]
relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.re    relay_transport = [% pmg.mail.relayprotocol %]:[% pmg.mail.re
[% END %]                            [% END %]
[% END %]                            [% END %]
[% END %]                            [% END %]


[% IF pmg.mail.smarthost %]                    [% IF pmg.mail.smarthost %]
default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail    default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail
[% END %]                            [% END %]


[% IF ! pmg.mail.before_queue_filtering -%]            [% IF ! pmg.mail.before_queue_filtering -%]
content_filter=scan:127.0.0.1:10024                content_filter=scan:127.0.0.1:10024
[%- END %]                            [%- END %]


mail_name = Qmail                          |    mail_name = Proxmox


[% IF pmg.mail.helotests %]                    [% IF pmg.mail.helotests %]
smtpd_helo_required = yes                    smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_h    smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_h
[% ELSE %]                            [% ELSE %]
smtpd_helo_restrictions =                    smtpd_helo_restrictions =
[% END %]                            [% END %]


postscreen_access_list =                    postscreen_access_list =
        permit_mynetworks,                            permit_mynetworks,
        cidr:/etc/postfix/postscreen_access                    cidr:/etc/postfix/postscreen_access


[% IF postfix.dnsbl_sites %]                    [% IF postfix.dnsbl_sites %]
postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]        postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]    postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
[% END %]                            [% END %]


postscreen_dnsbl_action = enforce                postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce                postscreen_greet_action = enforce


smtpd_sender_restrictions =                    smtpd_sender_restrictions =
        permit_mynetworks                            permit_mynetworks
        reject_non_fqdn_sender                            reject_non_fqdn_sender
        check_client_access     cidr:/etc/postfix/clientacces            check_client_access     cidr:/etc/postfix/clientacces
        check_sender_access     regexp:/etc/postfix/senderacc            check_sender_access     regexp:/etc/postfix/senderacc
        check_sender_access     hash:/etc/pmg/tls_inbound_dom            check_sender_access     hash:/etc/pmg/tls_inbound_dom
        check_recipient_access  regexp:/etc/postfix/rcptacces            check_recipient_access  regexp:/etc/postfix/rcptacces
[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostna    [%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostna
[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_    [%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_


smtpd_recipient_restrictions =                    smtpd_recipient_restrictions =
        permit_mynetworks                            permit_mynetworks
        reject_unauth_destination                        reject_unauth_destination
        reject_non_fqdn_recipient                        reject_non_fqdn_recipient
        check_recipient_access  regexp:/etc/postfix/rcptacces            check_recipient_access  regexp:/etc/postfix/rcptacces
[%- IF postfix.usepolicy %] check_sender_access  regexp:/etc/    [%- IF postfix.usepolicy %] check_sender_access  regexp:/etc/
[%- IF postfix.usepolicy %] check_client_access  cidr:/etc/po    [%- IF postfix.usepolicy %] check_client_access  cidr:/etc/po
[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0    [%- IF postfix.usepolicy %] check_policy_service inet:127.0.0
[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_d    [%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_d
[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipien    [%- IF pmg.mail.verifyreceivers %] reject_unverified_recipien


[% IF pmg.mail.verifyreceivers %]                [% IF pmg.mail.verifyreceivers %]
unverified_recipient_reject_code = [% pmg.mail.verifyreceiver    unverified_recipient_reject_code = [% pmg.mail.verifyreceiver
[% END %]                            [% END %]


smtpd_data_restrictions = reject_unauth_pipelining        smtpd_data_restrictions = reject_unauth_pipelining


smtpd_forbid_bare_newline = yes                    smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions =                smtpd_forbid_bare_newline_exclusions =
        $mynetworks,                                $mynetworks,
        cidr:/etc/postfix/clientaccess                        cidr:/etc/postfix/clientaccess


smtpd_client_connection_count_limit = [% pmg.mail.conn_count_    smtpd_client_connection_count_limit = [% pmg.mail.conn_count_
smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_li    smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_li
smtpd_client_message_rate_limit = [% pmg.mail.message_rate_li    smtpd_client_message_rate_limit = [% pmg.mail.message_rate_li


[% IF pmg.mail.tls %]                        [% IF pmg.mail.tls %]
smtp_tls_security_level = may                    smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/pmg/tls_policy            smtp_tls_policy_maps = hash:/etc/pmg/tls_policy
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt        smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_security_level = may                    smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem            smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem
smtpd_tls_key_file = $smtpd_tls_cert_file            smtpd_tls_key_file = $smtpd_tls_cert_file


lmtp_tls_security_level = $smtp_tls_security_level        lmtp_tls_security_level = $smtp_tls_security_level
lmtp_tls_policy_maps = $smtp_tls_policy_maps            lmtp_tls_policy_maps = $smtp_tls_policy_maps
lmtp_tls_CAfile = $smtp_tls_CAfile                lmtp_tls_CAfile = $smtp_tls_CAfile
[% IF pmg.mail.tlslog %]                    [% IF pmg.mail.tlslog %]
smtpd_tls_loglevel = 1                        smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1                        smtp_tls_loglevel = 1
lmtp_tls_loglevel = $smtp_tls_loglevel                lmtp_tls_loglevel = $smtp_tls_loglevel
[% END %]                            [% END %]
[% IF pmg.mail.tlsheader %]                    [% IF pmg.mail.tlsheader %]
smtpd_tls_received_header = yes                    smtpd_tls_received_header = yes
[% END %]                            [% END %]
[% END %]                            [% END %]


smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp    smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smt    smtpd_tls_session_cache_database = btree:/var/lib/postfix/smt
lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp    lmtp_tls_session_cache_database = btree:/var/lib/postfix/lmtp


[% IF pmg.mail.hide_received %]                    [% IF pmg.mail.hide_received %]
unverified_recipient_reject_reason = Recipient address lookup    unverified_recipient_reject_reason = Recipient address lookup
[% END %]                            [% END %]


[% IF ! pmg.mail.smtputf8 %]                    [% IF ! pmg.mail.smtputf8 %]
smtputf8_enable = no                        smtputf8_enable = no
[% END %]                            [% END %]




default_destination_concurrency_limit = 40            default_destination_concurrency_limit = 40
lmtp_destination_concurrency_limit = 20                lmtp_destination_concurrency_limit = 20
relay_destination_concurrency_limit = 20            relay_destination_concurrency_limit = 20
smtp_destination_concurrency_limit = 20                smtp_destination_concurrency_limit = 20
virtual_destination_concurrency_limit = 20            virtual_destination_concurrency_limit = 20


recipient_delimiter = +                        recipient_delimiter = +

Is there anything you can see here or anything else I can provide?

Stoiko Ivanov · Feb 15, 2024

kez said:
Is there anything you can see here or anything else I can provide?

please paste the file as is (in code-tags, or attach it) - the `sdiff` output is incomplete for longer lines, and for me personally a bit painful to read in the forum's renderings....

kez · Feb 15, 2024

Stoiko Ivanov said:
please paste the file as is (in code-tags, or attach it) - the `sdiff` output is incomplete for longer lines, and for me personally a bit painful to read in the forum's renderings....

Hi Stoiko,

No problem, attaching it here...

Thanks!

Stoiko Ivanov · Feb 15, 2024

thanks - indeed only the mail_name is changed ...
how does /etc/pmg/transports look like?
anything apart from:
<domain.name> [smtp|lmtp]:<hostname_or_ip>:<portnumber>
?

kez · Feb 15, 2024

Stoiko Ivanov said:
thanks - indeed only the mail_name is changed ...
how does /etc/pmg/transports look like?
anything apart from:
<domain.name> [smtp|lmtp]:<hostname_or_ip>:<portnumber>
?

The file `/etc/pmg/transport` file looks fine, I am happy to send it to you privately, but they all look like:

customer.com smtp:[mail.customer.com]:25

Stoiko Ivanov · Feb 15, 2024

hm - that's really odd then ...
is the issue restricted to example.co.uk from nigel@example.co.uk ? - or are multiple domains affected in the same way (or even all of them)?

the next question might be to look at the DNS-configuration (also keeping in mind that you seem to do that on the PMG-nodes them selves)

What's the result of:
* dig example.co.uk @127.0.0.1 (both on that node and on one where this does not happen - similarly - for a domain where the issue does not happen)
* dig mx example.co.uk @127.0.0.1

(you might have to install dig - `apt install bind9-dnsutils`)

kez · Feb 15, 2024

Stoiko Ivanov said:
hm - that's really odd then ...
is the issue restricted to example.co.uk from nigel@example.co.uk ? - or are multiple domains affected in the same way (or even all of them)?

the next question might be to look at the DNS-configuration (also keeping in mind that you seem to do that on the PMG-nodes them selves)

What's the result of:
* dig example.co.uk @127.0.0.1 (both on that node and on one where this does not happen - similarly - for a domain where the issue does not happen)
* dig mx example.co.uk @127.0.0.1

(you might have to install dig - `apt install bind9-dnsutils`)

Indeed I’m so confused with this!

I've looped through all domains in `/etc/pmg/transport` and searched the mail.log but it's only this one domain with the issue, and it is affecting all users on the domain.

for i in `cat /etc/pmg/transport | awk {' print $1 '} | grep -v '#'`;do grep $i /var/log/mail.log | grep node1 | grep "unknown user"; done

For the DNS, yes we are using the individual nodes for DNS as per your unbound user guide.

The DNS seems fine and we get the correct A,MX, etc using dig and also we can complete a telnet mail.example.co.uk 25 test as posted in my first message:

Code:

root@node1:~# dig mail.example.co.uk


; <<>> DiG 9.16.48-Debian <<>> mail.example.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38583
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;mail.example.co.uk.        IN    A


;; ANSWER SECTION:
mail.example.co.uk.    14400    IN    CNAME    example.co.uk.
example.co.uk.        14383    IN    A   1.2.3.4  (cpanel93 IP)


;; Query time: 8 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Feb 15 13:52:26 GMT 2024
;; MSG SIZE  rcvd: 77

And telnet test:

Code:

root@node1:~# telnet mail.example.co.uk 25
Trying 1.2.3.4...
Connected to example.co.uk.
Escape character is '^]'.
220-cpanel93.deleted.uk ESMTP Exim 4.96.2 #2 Wed, 14 Feb 2024 16:34:43 +0000
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO node1.deleted.uk
250-cpanel93.deleted.uk Hello node1.deleted.uk [4.5.6.7]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-PIPECONNECT
250-STARTTLS
250 HELP
MAIL FROM: info@test.uk
250 OK
RCPT TO: nigel@example.co.uk
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
Testing
.
250 OK id=1raIF9-00Dg64-21

So it seems the issue only happens when the email comes into postfix from outside.

Stoiko Ivanov · Feb 15, 2024

As I saw the domain-name in your dig-output (I edited your post to not keep the information public...)
I poked around a bit - please check the transports entry for example.co.uk again
is it really:
example.co.uk smtp:[mail.example.co.uk]:25

because if the [] are missing that would explain the issue - i.e. example.co.uk smtp:mail.example.co.uk:25
(then postfix makes an mx-lookup for mail.example.co.uk, which results in your PMG (as it's the MX for example.co.uk, and mail.example.co.uk is a CNAME to example.co.uk)

next suggestion for debugging:
* add a DNS-record in another zone (maybe your own - examplemail.isp.com - pointing to the IP of the respective cpanel host and use that in the transport entry) - does that change anything?

finally - you get a quite good picture at why postfix is doing the thing's it's doing by adding -v to the respective daemons:
https://www.postfix.org/DEBUG_README.html#debug_peer

kez · Feb 15, 2024

Stoiko Ivanov said:
As I saw the domain-name in your dig-output (I edited your post to not keep the information public...)
I poked around a bit - please check the transports entry for example.co.uk again
is it really:
example.co.uk smtp:[mail.example.co.uk]:25

because if the [] are missing that would explain the issue - i.e. example.co.uk smtp:mail.example.co.uk:25
(then postfix makes an mx-lookup for mail.example.co.uk, which results in your PMG (as it's the MX for example.co.uk, and mail.example.co.uk is a CNAME to example.co.uk)

next suggestion for debugging:
* add a DNS-record in another zone (maybe your own - examplemail.isp.com - pointing to the IP of the respective cpanel host and use that in the transport entry) - does that change anything?

finally - you get a quite good picture at why postfix is doing the thing's it's doing by adding -v to the respective daemons:
https://www.postfix.org/DEBUG_README.html#debug_peer

Oops, thank you!

Here is the `/etc/pmg/transport` file excerpt. It does have the brackets [ ].

Code:

root@node1:~# cat /etc/pmg/transport
example.co.uk smtp:[mail.example.co.uk]:25

Nearly all of the domains in `/etc/pmg/transport` use this same cPanel server.

I've changed the transport section from mail.example.co.uk to the cpanel server IP and now it seems to work:

Code:

Feb 15 15:39:02 node1 postfix/smtp[357964]: A00541C01E1: to=<nigel@example.co.uk>, relay=1.2.3.4[1.2.3.4]:25, delay=0.16, delays=0.06/0/0.09/0.01, dsn=2.0.0, status=sent (250 OK id=1radpJ-000xPt-2B)

Of course, this isn't ideal as users can change their servers and migrate etc. so we really need to use the DNS mail.example.co.uk.

Do you have any other ideas on this? It does seem to be a node1 issue thinking its a local domain?

Stoiko Ivanov · Feb 15, 2024

kez said:
It does seem to be a node1 issue thinking its a local domain?

hm - it remains odd - and since telnet from the node seems to get DNS resolution (at least the A lookup) right - I'm not sure where this comes from

A few ideas:
* check /etc/hosts (unlikely but still)
* restart both postfix and unbound on that node (or reboot the complete node)
* If this all does not help - enable debug-logs for unbound and for the relevant postfix processes
* to find out which postfix process might be relevant the complete logs of this mail might help (from /var/log/syslog)

kez · Feb 20, 2024

Just to update you on this, we have been unable to resolve this use DNS mail.example.co.uk as the transit host and now we are getting more DNS issues reported such as bounce back emails from other nodes like mailer-daemon@node4.isp.uk with the error message 'nullMX' for the domain: anotherdomain.co.uk

But the DNS via dig and host and whois etc. all work fine on node4 using localhost.

Do you have any other ideas at all about what else might be going on here?

Stoiko Ivanov · Feb 20, 2024

this sounds really odd - anything in the debug logs of unbound?

kez · Feb 20, 2024

Stoiko Ivanov said:
this sounds really odd - anything in the debug logs of unbound?

I did enable verbosity level 4 but there are no issues logged. Happy to provide the logs privately if needed, but they seem to suggest everything is working fine. I think.

Stoiko Ivanov · Feb 20, 2024

do you see the correct queries coming in? - as far as I can tell - after you said, that using an external record makes everything work correctly - it seems that postfix gets a wrong answer when looking up the A/AAAA record for mail.example.co.uk (or it makes the error of doing an MX lookup- which I think is even more unlikely as all domains are configured equally)

carefully going through the verbose logs of postfix might also help

as would a complete comparison of the configs of node1 and one of your other nodes ....

Recipient address rejected: undeliverable address: unknown user: "nigel"

Member

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Attachments

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Proxmox Staff Member

Member

Proxmox Staff Member