Join Log in
Score:1
terano avatar Server

postfix mail to relayhost gets bounced dsn=5.0.0: how to debug?

cn flag
terano

Postfix sends mail to relayhost, but relayhost bounces back with dsn=5.0.0 and no further details.

Q: How can I debug this in detail so that I can find out where I made the mistake?

Setup:

smtp-client.test.com : this is a test server on which I installed postfix with Debian 10. This test server simulates the situation when it hosts a company's website and it should be able to send e-mails generated from scripts. So no user e-mail. Only outbound e-mails generated by scripts on this server. Postfix relays these e-mails to the following smtp-server:

relayhost.test.com : this is server space at a hosting service. This is now a test server, but in production it wil act as the company mail server. It accepts smtp-traffic on port 587 with TLS. (for example with Thunderbird this server can be used as smtp-server on port 587 without any problem).

Problem/question: postfix is configured to send mail to the relayhost, but the relayhost bounces the e-mail back with dsn=5.0.0 status=bounced, and without any further details.

all settings in /etc/postfix/main.cf:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

readme_directory = no

compatibility_level = 2

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

myhostname = test.mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, testX.novalocal, localhost.novalocal, localhost
relayhost = [relayhost.test.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
default_transport = error
relay_transport = error
inet_protocols = all

smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

/etc/postfix/sasl_passwd looks like:

[relayhost.test.com]:587 [email protected]:mypassword

hash database file /etc/postfix/sasl_passwd.db and restarting postfix:

sudo postmap sasl_passwd
sudo systemctl restart postfix

next: sending a test mail:

mailx -s "testmail" [email protected] < testmessage.txt

This results in the following lines in /var/log/mail.log:

Jan 29 23:35:26 testX postfix/postfix-script[13256]: stopping the Postfix mail system
Jan 29 23:35:26 testX postfix/master[13023]: terminating on signal 15
Jan 29 23:35:27 testX postfix/postfix-script[13384]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
Jan 29 23:35:27 testX postfix/postfix-script[13420]: starting the Postfix mail system
Jan 29 23:35:27 testX postfix/master[13422]: daemon started -- version 3.4.14, configuration /etc/postfix
Jan 29 23:35:34 testX postfix/pickup[13423]: 60836C262C: uid=1000 from=<user>
Jan 29 23:35:34 testX postfix/cleanup[13431]: 60836C262C: message-id=<[email protected]>
Jan 29 23:35:34 testX postfix/qmgr[13424]: 60836C262C: from=<[email protected]>, size=473, nrcpt=1 (queue active)
Jan 29 23:35:34 testX postfix/error[13433]: 60836C262C: to=<[email protected]>, relay=none, delay=0.12, delays=0.09/0.01/0/0.02, dsn=5.0.0, status=bounced ([relayhost.test.com]:587)
Jan 29 23:35:34 testX postfix/cleanup[13431]: 6C649C262D: message-id=<[email protected]>
Jan 29 23:35:34 testX postfix/qmgr[13424]: 6C649C262D: from=<>, size=2312, nrcpt=1 (queue active)
Jan 29 23:35:34 testX postfix/bounce[13434]: 60836C262C: sender non-delivery notification: 6C649C262D
Jan 29 23:35:34 testX postfix/qmgr[13424]: 60836C262C: removed
Jan 29 23:35:34 testX postfix/local[13436]: 6C649C262D: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Jan 29 23:35:34 testX postfix/qmgr[13424]: 6C649C262D: removed

I tried to get more details in mail.log adding the following lines to main.cf:

debug_peer_list = relayhost.test.com
debug_peer_level = 3

...but this doesn't give me more details in mail.log nor in syslog.

How can I find out at what stage in the authentication process the relayhost refuses the connection, without having access to the logs of the hosting provider (who hosts my relayhost)?

363
1 + 0
Score:1
anx avatar Server
fr flag
anx

If you tell postfix to stop with an error..

default_transport = error
relay_transport = error

.. it will do just that. Next time you use that feature, specify a human-readable status text:

default_transport = error:This system only processes local mail, look <here> or ask <person>.
relay_transport = error:This system only processes local mail, look <here> or ask <person>.

That way your logs will contain some text that you could search your configuration for to see what is going on.

Remove those overrides if you want the system to actually relay mail to the internet (if unset, they default to smtp and relay, which should already be configured in a manner appropriate for your use case).

If this is not manual configuration, but something your distributions postinst script has setup as a result of your choices during installation, then ask the Debian maintainer to add the clearly desirable status text (I have not checked, just mentioning the possibility in case you believe that configuration was not yours).

+ 1
terano avatar
cn flag
terano
Thanks, this answers my question completely. I completely overlooked these settings, because they come as the default setting and I never considered checking them.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.