Local delivery rejected
in [Postfix]
|
From: Paul McGougan on 3 Jun 2010 21:41 Hi. I have a domain hosted by a hosting service. They are running Postfix as the mail server there. I have started having a problem with delivery to local accounts, and they appear to be too stupid to figure out the problem, and additionally are not native English speakers, so I am having a lot of trouble trying to convince them that the problem is with their hosting. I was hoping if I describe the problem here, that someone would be able to give me some suggestions that I can put to them to check, as at the moment they keep telling me that they believe the problem to be a local PC email client configuration problem. So my investigation so far, that I sent to them, is below. The problem is: 1. I compose an email from an email account that is hosted on my limedomains service to an email account that is also hosted on my limedomains service (it could be the same or a different account as the FROM account, it doesn't appear to matter). 2. I press send in my email client which sends to my local ISP smtp server 3. My local ISP smtp server tries to deliver the email to the limedomains server 4. The limedomains server rejects the email, and my local ISP smtp server sends me a bounce with the following message: -- Message -- This is the mail system at host mail.braintree.com.au. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host mail.limedomains.net[64.90.182.179] said: 553 5.7.1 : Sender address rejected: not logged in (in reply to RCPT TO command) Reporting-MTA: dns; mail.braintree.com.au X-Postfix-Queue-ID: 737F02266FB X-Postfix-Sender: rfc822; paul(a)gallandro.net <mailto:paul(a)gallandro.net> Arrival-Date: Mon, 31 May 2010 09:44:27 +1000 (EST) Final-Recipient: rfc822; ben(a)gallandro.net <mailto:ben(a)gallandro.net> Original-Recipient: rfc822;ben(a)gallandro.net Action: failed Status: 5.7.1 Remote-MTA: dns; mail.limedomains.net Diagnostic-Code: smtp; 553 5.7.1 : Sender address rejected: not logged in -- End -- If I send the message TO the same person using the same local ISP smtp server but use a FROM address that is not hosted at limedomains then the email is delivered successfully. Does anyone have any suggestions? Paul McGougan Senior Software Engineer Braintree Communications Pty Ltd -- This information together with any attachments is for the use of the intended recipient(s) only and may contain confidential and/or privileged information and is subject to copyright. If you have received this email in error please inform the sender as quickly as possible and delete this email and any copies of this information from your computer system network. If you are not the intended recipient of this email, you must not copy, distribute or take any action(s) that relies on this information. Any form of disclosure, modification, distribution and/or publication of this email is strictly prohibited.
From: Sahil Tandon on 3 Jun 2010 22:12 On Fri, 04 Jun 2010, Paul McGougan wrote: > The problem is: > 1. I compose an email from an email account that is hosted on my > limedomains service to an email account that is also hosted on my > limedomains service (it could be the same or a different account as the > FROM account, it doesn't appear to matter). > 2. I press send in my email client which sends to my local ISP smtp server > 3. My local ISP smtp server tries to deliver the email to the > limedomains server > 4. The limedomains server rejects the email, and my local ISP smtp > server sends me a bounce with the following message: [ .. ] > : host mail.limedomains.net[64.90.182.179] said: 553 5.7.1 : Sender > address rejected: not logged in (in reply to RCPT TO command) [ .. ] > If I send the message TO the same person using the same local ISP smtp > server but use a FROM address that is not hosted at limedomains then the > email is delivered successfully. http://www.postfix.org/postconf.5.html#reject_unauthenticated_sender_login_mismatch -- Sahil Tandon <sahil(a)FreeBSD.org>
From: Victor Duchovni on 3 Jun 2010 22:17 On Fri, Jun 04, 2010 at 11:41:43AM +1000, Paul McGougan wrote: > 1. I compose an email from an email account that is hosted on my > limedomains service to an email account that is also hosted on my > limedomains service (it could be the same or a different account as the > FROM account, it doesn't appear to matter). What is your MUA? What SMTP submission service are you using? > 2. I press send in my email client which sends to my local ISP smtp server Not a good idea, since you are composing email purportedly from the hosted domain, but sending it from the ISP, so the hosted domain, this looks like sender domain forgery. You should use an MUA configuration for sending such email that uses the hosting provider's SMTP submission service (assuming they have port 587 + TLS + SASL support). > 3. My local ISP smtp server tries to deliver the email to the > limedomains server That's where things may get complicated... > 4. The limedomains server rejects the email, and my local ISP smtp > server sends me a bounce with the following message: Sure enough... > : host mail.limedomains.net[64.90.182.179] said: 553 5.7.1 : Sender > address rejected: not logged in (in reply to RCPT TO command) The ISP has implemented "reject_sender_login_mismatch" on their MX host, which I guess also does double duty as a submission service. Or perhaps they are actively seeking to preclude forgery. > If I send the message TO the same person using the same local ISP smtp > server but use a FROM address that is not hosted at limedomains then the > email is delivered successfully. > > Does anyone have any suggestions? See above. -- Viktor.
From: Paul McGougan on 3 Jun 2010 22:22 On 4/06/2010 12:12 PM, Sahil Tandon wrote: > http://www.postfix.org/postconf.5.html#reject_unauthenticated_sender_login_mismatch > Thanks Sahil. Yes, I can see how the description for that matches the problem I am having. And I can see how this is something that they'd like to use, but I would have thought that they only would have wanted to impose this sort of restriction on email that their mailserver was going to relay away from them, whereas what I'm trying to do is deliver an email to a local account. Is there some way that they could modify smtpd_sender_restrictions, so that they can still use this, but that local deliveries are accepted before this check is imposed? Thanks. Paul McGougan Senior Software Engineer Braintree Communications Pty Ltd -- This information together with any attachments is for the use of the intended recipient(s) only and may contain confidential and/or privileged information and is subject to copyright. If you have received this email in error please inform the sender as quickly as possible and delete this email and any copies of this information from your computer system network. If you are not the intended recipient of this email, you must not copy, distribute or take any action(s) that relies on this information. Any form of disclosure, modification, distribution and/or publication of this email is strictly prohibited.
From: Paul McGougan on 3 Jun 2010 22:33
Hi Victor. On 4/06/2010 12:17 PM, Victor Duchovni wrote: > What is your MUA? What SMTP submission service are you using? I'm not sure of the relevance of this, because as I have shown, my local ISP's SMTP server accepts the email and tries to deliver it, but for completeness sake I'm using Thunderbird and submitting email to the SMTP service (port 25). > > Not a good idea, since you are composing email purportedly from the hosted > domain, but sending it from the ISP, so the hosted domain, this looks like > sender domain forgery. You should use an MUA configuration for sending > such email that uses the hosting provider's SMTP submission service > (assuming they have port 587 + TLS + SASL support). > > I guess I personally disagree as this is a very common setup. For example if you have a laptop, many people would configure their email clients' SMTP server to be the one for the local network that they are connected to at that point in time, however would be retrieving email from POP servers not necessarily for their immediately connected ISP. Obviously if the remote domain supports a secure SMTP submission service that accepts external connections then this isn't necessary, but unfortunately you might be very surprised to know how few really do. A lot of ISPs have instructions for email sending and retrieval just as I've described. I should mention, that the webhosting I'm using does actually provide a secure SMTP submission mechanism, but SOOOOO many spammers have domains on their service that their SMTP servers are blocked by EVERYONE :( I also should mention that this has been working for about a year, and only failed in the last week or so, almost certainly due to a change that they have made. But I do appreciate your input. Regards, Paul McGougan Senior Software Engineer Braintree Communications Pty Ltd -- This information together with any attachments is for the use of the intended recipient(s) only and may contain confidential and/or privileged information and is subject to copyright. If you have received this email in error please inform the sender as quickly as possible and delete this email and any copies of this information from your computer system network. If you are not the intended recipient of this email, you must not copy, distribute or take any action(s) that relies on this information. Any form of disclosure, modification, distribution and/or publication of this email is strictly prohibited. |