Postfix double-bounce and fqdn

[richExt]

Hi

Setting up our 8.8.9 zimbra server, we are having our mail queue filling up with double-bounce mails to postmaster.
Our problem looks very much like what is described https://ubuntuforums.org/showthread.php?t=2308342

They suggest

adding in main.cf relay domains = former hostname and the current domainname

but in our /opt/zimbra/common/conf/main.cf
#relay_domains = $mydestination
is commented and I don't know what to write

here is what our log looks like

Oct 23 07:35:21 mta2 postfix/smtpd[7444]: connect from <our-nameProvider-DNS>[<nameProvider.IP>]
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: warning: unknown smtpd restriction: "OK"
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: NOQUEUE: reject: RCPT from <our-nameProvider-DNS>[<nameProvider.IP>]: 451 4.3.5 Server configuration error; from=<xxx@jamespot.pro> to=<user1@ourdomain.fr> proto=ESMTP helo=<our-nameProvider-dns>
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: warning: unknown smtpd restriction: "OK"
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: NOQUEUE: reject: RCPT from <our-nameProvider-DNS>[<nameProvider.IP>]: 451 4.3.5 Server configuration error; from=<xxx@apis2low.api.adullact.org> to=<user2@ourdomain.fr> proto=ESMTP helo=<our-nameProvider-dns>
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: warning: unknown smtpd restriction: "OK"
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: NOQUEUE: reject: RCPT from <our-nameProvider-DNS>[<nameProvider.IP>]: 451 4.3.5 Server configuration error; from=<xxx@facebookmail.com> to=<user3@ourdomain.fr> proto=ESMTP helo=<our-nameProvider-dns>
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: warning: unknown smtpd restriction: "OK"
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: NOQUEUE: reject: RCPT from <our-nameProvider-DNS>[<nameProvider.IP>]: 451 4.3.5 Server configuration error; from=<xxx@jamespot.pro> to=<user4@ourdomain.fr> proto=ESMTP helo=<our-nameProvider-dns>
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: warning: unknown smtpd restriction: "OK"
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: NOQUEUE: reject: RCPT from <our-nameProvider-DNS>[<nameProvider.IP>]: 451 4.3.5 Server configuration error; from=<xxx@gmail.com> to=<user5@ourdomain.fr> proto=ESMTP helo=<our-nameProvider-dns>
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: warning: unknown smtpd restriction: "OK"
Oct 23 07:35:21 mta2 postfix/smtpd[7444]: NOQUEUE: reject: RCPT from <our-nameProvider-DNS>[<nameProvider.IP>]: 451 4.3.5 Server configuration error; from=<claude.dupont@cdgreunion.fr> to=<service.rh@ourdomain.fr> proto=ESMTP helo=<our-nameProvider-dns>
Oct 23 07:35:21 mta2 postfix/smtp[7076]: 628E6288AB5: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.ourProvider.fr[provider.IP]:25, delay=6994, delays=6879/113/1/0.02, dsn=4.1.8, status=deferred (host smtp.ourProvider.fr[provider.IP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 23 07:35:22 mta2 postfix/smtp[9541]: 67413288BA2: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.ourProvider.fr[provider.IP]:25, delay=34095, delays=33980/115/0.05/0.01, dsn=4.1.8, status=deferred (host smtp.ourProvider.fr[provider.IP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 23 07:35:24 mta2 postfix/smtp[10318]: 66C7F288DC4: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.ourProvider.fr[provider.IP]:25, delay=27855, delays=27738/117/0.05/0.01, dsn=4.1.8, status=deferred (host smtp.ourProvider.fr[provider.IP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 23 07:35:24 mta2 postfix/smtp[9648]: 6E326288F65: to=<postmaster@mta2.ourdomain.fr>, orig_to=<postmaster>, relay=smtp.ourProvider.fr[provider.IP]:25, delay=19630, delays=19513/117/0.05/0.01, dsn=4.1.8, status=deferred (host smtp.ourProvider.fr[provider.IP] said: 450 4.1.8 <double-bounce@mta2.ourdomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 23 07:35:24 mta2 zmconfigd[12139]: zmconfigd started on mta2.ourdomain.fr with loglevel=3 pid=12139
Oct 23 07:35:24 mta2 zmconfigd[12139]: Fetching All configs

ps: we are using splitdomain / bind / NAT

[vavai]

Hi,

Its main problem from this error: "Server configuration error". It should be checked what kind of configuration problem produce these error. You can find some relevant info from zimbra.log.

The double bounce came as a side effect from Sender address rejected: Domain not found (in reply to RCPT TO command))

[richExt]

thank you for helping vavai

doesn't the post on ubuntuforums.org give a good hint ?

[vavai]

Hi,

I've read what Ubuntuforums described but based on your log, double-bounce is only a result of incorrect configuration. AFAIK, Zimbra never touches main.cf manually and its content setting up by default when install.

If you don't mind, you can also paste a relevant log from zimbra.log to see which config related to the error message. Did you try to improve smtpd restriction? The error message on your first post has shown an error: "warning: unknown smtpd restriction: "OK"

[richExt]

In our main.cf, some entries we are not sur of

smtp_dns_support_level = disabled
...
smtpd_reject_unlisted_sender = yes
...
myhostname = mta2.ourDomain.fr
...
relayhost = smtp.ourProvider.fr:25
...
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts
...
smtp_fallback_relay =
...
smtpd_reject_unlisted_recipient = yes

our zimbra.log looks like this

Oct 24 07:35:01 mta2 systemd-logind[1110]: New session c7 of user zimbra.
Oct 24 07:35:02 mta2 zmconfigd[12139]: Shutting down. Received signal 15
Oct 24 07:35:02 mta2 systemd-logind[1110]: Removed session c4.
Oct 24 07:35:02 mta2 postfix/postscreen[18495]: CONNECT from [<ourNameProvider.ip>]:38282 to [<our.ip>]:25
Oct 24 07:35:02 mta2 postfix/postscreen[18495]: PASS OLD [<ourNameProvider.ip>]:38282
Oct 24 07:35:02 mta2 postfix/smtpd[19675]: connect from nameProviderDNS.fr[<ourNameProvider.ip>]
Oct 24 07:35:02 mta2 postfix/smtpd[19675]: warning: unknown smtpd restriction: "OK"
Oct 24 07:35:02 mta2 postfix/smtpd[19675]: NOQUEUE: reject: RCPT from nameProviderDNS.fr[<ourNameProvider.ip>]: 451 4.3.5 Server configuration error; from=<bruno.oudard@cg974.fr> to=<user1@ourDomain.fr> proto=ESMTP helo=<nameProviderDNS.fr>
Oct 24 07:35:03 mta2 postfix/smtp[9022]: 93328288B4E: to=<postmaster@mta2.ourDomain.fr>, orig_to=<postmaster>, relay=smtp.providerDNS.fr[<ouProvider.ip>]:25, delay=23768, delays=23672/94/1.5/0.01, dsn=4.1.8, status=deferred (host smtp.providerDNS.fr[<ouProvider.ip>] said: 450 4.1.8 <double-bounce@mta2.ourDomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 24 07:35:03 mta2 postfix/smtp[11966]: 948FF288F56: to=<postmaster@mta2.ourDomain.fr>, orig_to=<postmaster>, relay=smtp.providerDNS.fr[<ouProvider.ip>]:25, delay=6948, delays=6852/96/0.08/0.01, dsn=4.1.8, status=deferred (host smtp.providerDNS.fr[<ouProvider.ip>] said: 450 4.1.8 <double-bounce@mta2.ourDomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 24 07:35:03 mta2 postfix/smtp[9023]: 93A38289141: to=<postmaster@mta2.ourDomain.fr>, orig_to=<postmaster>, relay=smtp.providerDNS.fr[<ouProvider.ip>]:25, delay=29909, delays=29813/96/0.08/0.34, dsn=4.1.8, status=deferred (host smtp.providerDNS.fr[<ouProvider.ip>] said: 450 4.1.8 <double-bounce@mta2.ourDomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 24 07:35:03 mta2 postfix/smtp[8646]: 98186289143: to=<postmaster@mta2.ourDomain.fr>, orig_to=<postmaster>, relay=smtp.providerDNS.fr[<ouProvider.ip>]:25, delay=29890, delays=29794/96/0.08/0.34, dsn=4.1.8, status=deferred (host smtp.providerDNS.fr[<ouProvider.ip>] said: 450 4.1.8 <double-bounce@mta2.ourDomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 24 07:35:04 mta2 postfix/smtp[11965]: 9B6BC2895D3: to=<postmaster@mta2.ourDomain.fr>, orig_to=<postmaster>, relay=smtp.providerDNS.fr[<ouProvider.ip>]:25, delay=15403, delays=15306/96/0.08/1.5, dsn=4.1.8, status=deferred (host smtp.providerDNS.fr[<ouProvider.ip>] said: 450 4.1.8 <double-bounce@mta2.ourDomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 24 07:35:07 mta2 postfix/cleanup[9697]: B808C28920D: message-id=<20181024033507.B808C28920D@mta2.ourDomain.fr>
Oct 24 07:35:07 mta2 postfix/smtpd[19675]: disconnect from nameProviderDNS.fr[<ourNameProvider.ip>] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5
Oct 24 07:35:07 mta2 postfix/qmgr[4136]: B808C28920D: from=<double-bounce@mta2.ourDomain.fr>, size=937, nrcpt=1 (queue active)
Oct 24 07:35:08 mta2 postfix/smtp[9025]: 97BAF2895D1: to=<postmaster@mta2.ourDomain.fr>, orig_to=<postmaster>, relay=smtp.providerDNS.fr[<ouProvider.ip>]:25, delay=15417, delays=15317/100/0.05/0.01, dsn=4.1.8, status=deferred (host smtp.providerDNS.fr[<ouProvider.ip>] said: 450 4.1.8 <double-bounce@mta2.ourDomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 24 07:35:08 mta2 postfix/smtp[9020]: 9A93F288E14: to=<postmaster@mta2.ourDomain.fr>, orig_to=<postmaster>, relay=smtp.providerDNS.fr[<ouProvider.ip>]:25, delay=19566, delays=19466/100/0.05/0.01, dsn=4.1.8, status=deferred (host smtp.providerDNS.fr[<ouProvider.ip>] said: 450 4.1.8 <double-bounce@mta2.ourDomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 24 07:35:08 mta2 postfix/smtp[12230]: CE497288B25: to=<postmaster@mta2.ourDomain.fr>, orig_to=<postmaster>, relay=smtp.providerDNS.fr[<ouProvider.ip>]:25, delay=46745, delays=46645/100/0.05/0.02, dsn=4.1.8, status=deferred (host smtp.providerDNS.fr[<ouProvider.ip>] said: 450 4.1.8 <double-bounce@mta2.ourDomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 24 07:35:08 mta2 postfix/smtp[9021]: CBCAF289604: to=<postmaster@mta2.ourDomain.fr>, orig_to=<postmaster>, relay=smtp.providerDNS.fr[<ouProvider.ip>]:25, delay=1510, delays=1410/100/0.05/0.01, dsn=4.1.8, status=deferred (host smtp.providerDNS.fr[<ouProvider.ip>] said: 450 4.1.8 <double-bounce@mta2.ourDomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 24 07:35:08 mta2 postfix/smtp[9019]: C186C289722: to=<postmaster@mta2.ourDomain.fr>, orig_to=<postmaster>, relay=smtp.providerDNS.fr[<ouProvider.ip>]:25, delay=6852, delays=6752/100/0.05/0.02, dsn=4.1.8, status=deferred (host smtp.providerDNS.fr[<ouProvider.ip>] said: 450 4.1.8 <double-bounce@mta2.ourDomain.fr>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Oct 24 07:35:10 mta2 postfix/postscreen[18495]: CONNECT from [<ourNameProvider.ip>]:43666 to [<our.ip>]:25
Oct 24 07:35:10 mta2 postfix/postscreen[18495]: PASS OLD [<ourNameProvider.ip>]:43666
Oct 24 07:35:10 mta2 postfix/smtpd[19675]: connect from nameProviderDNS.fr[<ourNameProvider.ip>]
Oct 24 07:35:10 mta2 postfix/smtpd[19675]: warning: unknown smtpd restriction: "OK"
Oct 24 07:35:10 mta2 postfix/smtpd[19675]: NOQUEUE: reject: RCPT from nameProviderDNS.fr[<ourNameProvider.ip>]: 451 4.3.5 Server configuration error; from=<Cellule.marche@cirrus-sa.com> to=<user2@ourDomain.fr> proto=ESMTP helo=<nameProviderDNS.fr>
Oct 24 07:35:10 mta2 zmconfigd[12539]: zmconfigd started on mta2.ourDomain.fr with loglevel=3 pid=12539
Oct 24 07:35:10 mta2 zmconfigd[12539]: Fetching All configs
Oct 24 07:35:11 mta2 zmconfigd[12539]: All configs fetched in 0.40 seconds
Oct 24 07:35:11 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/freshclam.conf with mode 600 (0.08 sec)
Oct 24 07:35:11 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/opendkim.conf with mode 440 (0.01 sec)
Oct 24 07:35:11 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/webapps/service/WEB-INF/web.xml with mode 440 (0.13 sec)
Oct 24 07:35:11 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/webapps/zimbraAdmin/WEB-INF/jetty-env.xml with mode 440 (0.00 sec)
Oct 24 07:35:11 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/dspam.conf with mode 440 (0.05 sec)
Oct 24 07:35:11 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/webapps/zimbra/WEB-INF/jetty-env.xml with mode 440 (0.00 sec)
Oct 24 07:35:11 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/clamd.conf with mode 440 (0.03 sec)
Oct 24 07:35:11 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/webapps/zimbraAdmin/WEB-INF/web.xml with mode 440 (0.05 sec)
Oct 24 07:35:11 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/etc/spnego.conf with mode 440 (0.01 sec)
Oct 24 07:35:11 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/common/conf/tag_as_originating.re with mode 440 (0.00 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/webapps/zimbra/WEB-INF/web.xml with mode 440 (0.09 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/etc/jetty.xml with mode 440 (0.15 sec)
Oct 24 07:35:12 mta2 postfix/smtpd[19675]: warning: unknown smtpd restriction: "OK"
Oct 24 07:35:12 mta2 postfix/smtpd[19675]: NOQUEUE: reject: RCPT from nameProviderDNS.fr[<ourNameProvider.ip>]: 451 4.3.5 Server configuration error; from=<Cellule.marche@cirrus-sa.com> to=<user2@ourDomain.fr> proto=ESMTP helo=<nameProviderDNS.fr>
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/spnego_java_options with mode 440 (0.00 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/sasl2/smtpd.conf with mode 440 (0.01 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/etc/spnego.properties with mode 440 (0.01 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/postfix_header_checks with mode 440 (0.02 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/opendkim-localnets.conf with mode 440 (0.00 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/etc/krb5.ini with mode 440 (0.00 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/stats.conf with mode 440 (0.01 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/common/conf/tag_as_foreign.re with mode 440 (0.00 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/saslauthd.conf with mode 440 (0.01 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/log4j.properties with mode 440 (0.04 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/amavisd.conf with mode 440 (0.08 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/common/conf/master.cf with mode 440 (0.02 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/webapps/zimlet/WEB-INF/web.xml with mode 440 (0.01 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/modules/setuid.mod with mode 440 (0.01 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/data/spamassassin/localrules/salocal.cf with mode 440 (0.01 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/conf/mta_milter_options with mode 440 (0.01 sec)
Oct 24 07:35:12 mta2 zmconfigd[12539]: Rewrote: /opt/zimbra/mailboxd/start.d/setuid.ini with mode 440 (0.01 sec)
Oct 24 07:35:16 mta2 zmconfigd[12539]: All rewrite threads completed in 4.68 sec
Oct 24 07:35:16 mta2 zmconfigd[12539]: All restarts completed in 0.00 sec
Oct 24 07:35:16 mta2 systemd-logind[1110]: New session c8 of user zimbra.
Oct 24 07:35:17 mta2 postfix/cleanup[9697]: 2CD332892D5: message-id=<20181024033517.2CD332892D5@mta2.ourDomain.fr>
Oct 24 07:35:17 mta2 postfix/smtpd[19675]: disconnect from nameProviderDNS.fr[<ourNameProvider.ip>] ehlo=1 mail=2 rcpt=0/2 rset=2 quit=1 commands=6/8
Oct 24 07:35:17 mta2 postfix/qmgr[4136]: 2CD332892D5: from=<double-bounce@mta2.ourDomain.fr>, size=1127, nrcpt=1 (queue active)
Oct 24 07:35:17 mta2 zmconfigd[12539]: Shutting down. Received signal 15

[richExt]

UPDATE

We looked for accounts that was using forwards using that
https://wiki.zimbra.com/wiki/Obtain_all ... ch_account

then we removed all the forwards and the double-bounce crisis seems to be over