Postfix - Sender address rejected: Domain not found (DNS records are ok)

I've been setting up a mail server this week, it was receiving mail when I started but somewhere along the way it has stopped being able to receive mail from any domain. Sending is still working fine and mail is still delivered locally.

The error log shows:

Jan  6 12:15:12 mailserver postfix/smtpd[24639]: NOQUEUE: reject: RCPT from unknown[90.100.xxx.xxx]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<green.serve.com>
Jan  6 12:15:12 mailserver postfix/smtpd[24639]: disconnect from unknown[90.100.xxx.xxx] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7

Any similar questions online all seem to be suggesting that DNS records from the sender are not correct, I have tried from two domains and neither can send to this server. The DNS records are correct. I have also used Dig to make sure the mail server can check the DNS records correctly and all is well.

NSlookup finds the correct IP for the sender domain:

#nslookup green.serve.com

Server:     1.0.0.1
Address:    1.0.0.1#53

Non-authoritative answer:
Name:   green.serve.com
Address: xx.400.112.xxx

Even removing reject_unknown_recipient_domain temporarily doesn't work.

This is my main.cf config:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
command_directory = /usr/sbin
compatibility_level = 2
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_transport = error:
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_transport = lmtp:unix:private/dovecot-lmtp
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 20971520
meta_directory = /etc/postfix
milter_default_action = accept
milter_protocol = 6
mydestination = localhost.$mydomain, localhost, $mydomain, $myhostname
myhostname = mailserver.net
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains =
relay_transport = error
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_loglevel = 1
smtpd_banner = $myhostname ESMTP
smtpd_milters = inet:127.0.0.1:8891
smtpd_proxy_options = speed_adjust
smtpd_recipient_restrictions = permit_mynetworks,reject_invalid_hostname, reject_unknown_recipient_domain,reject_unauth_destination,permit
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/letsencrypt/live/mailserver.net/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mailserver.net/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtputf8_enable = no
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:1002
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains =
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:1002

Master.cf:

smtp       inet  n       -       y       -       -       smtpd -o content_filter=spamassassin
submission inet  n       -       y       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_tls_wrappermode=no -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o content_filter=smtp-amavis:[127.0.0.1]:10026
smtps      inet  n       -       y       -       -       smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o content_filter=smtp-amavis:[127.0.0.1]:10026
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp -o syslog_name=postfix/$service_name
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
postlog    unix-dgram n  -       n       -       1       postlogd
dovecot    unix  -       n       n       -       -       pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
spamassassin unix -      n       n       -       -       pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
smtp-amavis unix -       -       n       -       2       smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes
127.0.0.1:10025 inet n   -       n       -       -       smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_milters=

This sounds like a DNS resolution problem.

I have also used Dig to make sure the mail server can check the DNS records correctly and all is well.

The dig DNS lookup utility performs the lookups directly, bypassing the name resolution your system provides to its applications and services. That is what you should be testing, e.g.,

• nslookup example.com

• nc example.com 25 (try an actual connection to the SMTP server)

On systems with systemd-resolved:

• dig example.com @127.0.0.53 (from local systemd-resolved)

• resolvectl status