MM3 Postfix FROM header issue
Installed MM3 on Debian 11, followed the steps from the MM3 website.
I'm running into issues with Postfix headers. I can only get postfix to send emails to/from the list if I set the sender_canonical_maps in the main.cf file. I don't want to have to use that as I'd like the recipient to receive the following in their email header: <Subscriber> via <List Name> <FROM:LIST@DOMAIN>. But if I do the sender_canonical_maps, then the <FROM:LIST@DOMAIN> and all email headers are overwritten by the maps email address.
When I check the /var/log/mail.log without the sender_canonical_maps setting enabled, then the initial email sender is either rejected because 'Recipient address rejected: User unknown in virtual alias table' or '550-From header sender domain not verified (example.com), 550-On your sending > Verified senders page 550 verify the sender domain or email to be allowed to send'
I have smtp_sasl_passwd_maps disabled, since I'm trying a different SMTP relay
Here is my main.cf setup
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no
# appending .domain is the MUA's job. append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2
# Mailman related settings #owner_request_special = no transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp local_recipient_maps = hash:/var/lib/mailman3/data/postfix_lmtp relay_domains = hash:/var/lib/mailman3/data/postfix_domains #relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:/var/lib/mailman3/data/postfix_domains
# TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level=may
#smtp_tls_CApath=/etc/postfix/o365_smtp_cert.pem smtp_tls_security_level=may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = localhost alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain relayhost = [mail.smtp2go.com]:587 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = ipv4 sender_canonical_maps = regexp:/etc/postfix/sender_canonical smtp_use_tls = yes smtp_always_send_ehlo = yes
unknown_local_recipient_reject_code = 550 always_add_missing_headers = yes
#smtp_sasl_auth_enable = yes #smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd smtp_sasl_security_options = noanonymous header_size_limit = 409600
default_destination_recipient_limit = 30 default_destination_concurrency_limit = 15
header_checks = regexp:/etc/postfix/header_checks
mynetworks = 127.0.0.0/8 [::fff:127.0.0.0]/104 [::1]/128
On 12/16/23 8:00 AM, eboltz@lhtservices.com wrote:
Installed MM3 on Debian 11, followed the steps from the MM3 website.
I'm running into issues with Postfix headers. I can only get postfix to send emails to/from the list if I set the sender_canonical_maps in the main.cf file. I don't want to have to use that as I'd like the recipient to receive the following in their email header: <Subscriber> via <List Name> <FROM:LIST@DOMAIN>. But if I do the sender_canonical_maps, then the <FROM:LIST@DOMAIN> and all email headers are overwritten by the maps email address.
In Postorius -> Settings -> DMARC Mitigations set DMARC mitigation action to Replace From: with list address and DMARC Mitigate unconditionally to Yes.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark,
I tried using that, but it doesn't overwrite the sender_canonical_maps settings and with that disabled the emails don't route at all.
Here is one of the error messages that I get
550-From header sender domain not verified Verified Senders page 550 verify the sender domain or email to be allowed to send
"eboltz" == eboltz <eboltz@lhtservices.com> writes:
eboltz> Mark, I tried using that, but it doesn't overwrite the eboltz> sender_canonical_maps settings and with that disabled the eboltz> emails don't route at all.
eboltz> Here is one of the error messages that I get
eboltz> 550-From header sender domain not verified Verified Senders eboltz> page 550 verify the sender domain or email to be allowed to eboltz> send _______________________________________________
This means that you don't have SPF records set up for your system, or they're set up incorrectly.
It's the 'sender domain' that needs to be verified. You may also ned to set up SRS (Sender Reriting Scheme); but IIRC MM3 rewrites sender addresses anyway.
I suggest something like https://mxtoolbox.com/SPFRecordGenerator.aspx to help you generate a working TXT DNS record that will remove another a barrier to getting email through.
It can also help to debug if you gave a gmail account, and try to send email to it from an address using the domain of your list. Either it won't arrive at all with a similar SMTP-time error or you'll find debug info in the headers of the received email.
Peter C
Peter,
Thanks, I'll give MXToolbox a try. I've already added the IP address to TXT along with creating a separate MX and CNAME, but maybe something was off during the process.
I'll get it updated then let it populate out and try again.
On 12/16/23 3:13 PM, eboltz@lhtservices.com wrote:
Mark,
I tried using that, but it doesn't overwrite the sender_canonical_maps settings and with that disabled the emails don't route at all.
You should not be using sender_canonical_maps. See https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.ht...
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark,
I followed that guide initially, but I'd get the error message that I originally posted. I found some postfix forums saying that sender_canonical_maps was needed, so when I added that it would send using the email address I had listed in it.
On 12/16/23 6:41 PM, eboltz@lhtservices.com wrote:
Mark,
I followed that guide initially, but I'd get the error message that I originally posted.
Presumably that's the 'Recipient address rejected: User unknown in virtual alias table' message, but I see no virtual_alias_domains in your posted main.cf.
Instead, please post the error message from mail.log and the output of
postconf -n. If you are actually using a virtual alias domain, see
https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.ht...
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro writes:
Presumably that's the 'Recipient address rejected: User unknown in virtual alias table' message, but I see no virtual_alias_domains in your posted main.cf.
I'm pretty sure that what's going on here is that the message is coming in from outside, Postfix runs down the various relays (including local delivery) available, none matches, the last in line is virtual aliases, and that table is empty so the user is unknown.
That's the only way I can see the sender_canonical_maps variable affecting *recipient*-based decisions, by making it look like the sender is local, and so enabling delivery to non-local addresses. Why a Mailman list appears to be non-local is a question I am not sure. My guess is
myhostname = localhost
because Postfix doc says mydomain "is derived from $myhostname by stripping off the first part (unless the result would be a top-level domain)," so literally "localhost" is the only deliverable domain left, and some-list@the.actual.dom doesn't work. Except that the.actual.dom should be in postfix_domains.db, so ... ????
Steve
Mark,
Here is my postconf -n
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases always_add_missing_headers = yes append_dot_mydomain = no biff = no compatibility_level = 2 default_destination_concurrency_limit = 15 default_destination_recipient_limit = 30 header_checks = regexp:/etc/postfix/header_checks header_size_limit = 409600 inet_interfaces = all inet_protocols = ipv4 local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/var/lib/mailman3/data/postfix_lmtp mailbox_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = lists.example.com mynetworks = 127.0.0.0/8 [::fff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relay_domains = hash:/var/lib/mailman3/data/postfix_domains relayhost = [mail.smtp2go.com]:587 smtp_always_send_ehlo = yes smtp_sasl_security_options = noanonymous smtp_tls_CApath = /etc/postfix/o365_smtp_cert.pem smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/var/lib/mailman3/data/postfix_vmap
I think that I may try to start from scratch with postfix, as it doesn't seem to do what I want.
This is what I'm trying to do based off the clients existing MM2 setup, which I'm building MM3 from scratch on an entire new system. I wasn't involved with their old MM2 setup from years ago, so not quite sure how it was fully setup to route emails from the mailman.example.org (virtual domain)
Current client setup:
- MM2 is hosted on a separate system, then relays emails through an on-prem SMTP relay (physical server)
- example.org (their email domain) but routes through mailman.example.org
- They have contacts configured in their existing example.org email system, which route on a 1:1 to their matching mailman.example.org counterparts
New client setup:
- MM2 is hosted on a separate system, but relays emails through either SMTP2GO or O365 (whichever is easiest)
- example.org (their email domain) but will use lists.example.org for the MM3 lists
What would I have to do to ensure that MM3 and postfix (same new server) use the newly created lists.example.org domain, which only exists within Postfix when setting up the Postorius domain and lists? I want to have it so that whatever the list name is, for example 'Staff@lists.example.org' will route through Postfix correctly.
On 12/17/23 9:10 AM, eboltz@lhtservices.com wrote:
Mark,
Here is my postconf -n
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases always_add_missing_headers = yes append_dot_mydomain = no biff = no compatibility_level = 2 default_destination_concurrency_limit = 15 default_destination_recipient_limit = 30 header_checks = regexp:/etc/postfix/header_checks header_size_limit = 409600 inet_interfaces = all inet_protocols = ipv4 local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/var/lib/mailman3/data/postfix_lmtp mailbox_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = lists.example.com mynetworks = 127.0.0.0/8 [::fff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relay_domains = hash:/var/lib/mailman3/data/postfix_domains relayhost = [mail.smtp2go.com]:587 smtp_always_send_ehlo = yes smtp_sasl_security_options = noanonymous smtp_tls_CApath = /etc/postfix/o365_smtp_cert.pem smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/var/lib/mailman3/data/postfix_vmap
It looks like you are now following <https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.html#unusual-postfix-configuration>.
What would I have to do to ensure that MM3 and postfix (same new server) use the newly created lists.example.org domain, which only exists within Postfix when setting up the Postorius domain and lists? I want to have it so that whatever the list name is, for example 'Staff@lists.example.org' will route through Postfix correctly.
Have you set an alias_domain for the lists.example.org domain?
What are the contents of /var/lib/mailman3/data/postfix_vmap and /var/lib/mailman3/data/postfix_lmtp? If you feel it is necessary to anonymize the domains in these, please only change the tld so we can see the actual subdomains.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 12/17/23 9:42 AM, Mark Sapiro wrote:
On 12/17/23 9:10 AM, eboltz@lhtservices.com wrote:
Mark,
Here is my postconf -n
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases always_add_missing_headers = yes append_dot_mydomain = no biff = no compatibility_level = 2 default_destination_concurrency_limit = 15 default_destination_recipient_limit = 30 header_checks = regexp:/etc/postfix/header_checks header_size_limit = 409600 inet_interfaces = all inet_protocols = ipv4 local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/var/lib/mailman3/data/postfix_lmtp mailbox_size_limit = 0 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain myhostname = lists.example.com mynetworks = 127.0.0.0/8 [::fff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relay_domains = hash:/var/lib/mailman3/data/postfix_domains relayhost = [mail.smtp2go.com]:587 smtp_always_send_ehlo = yes smtp_sasl_security_options = noanonymous smtp_tls_CApath = /etc/postfix/o365_smtp_cert.pem smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/var/lib/mailman3/data/postfix_vmap
It looks like you are now following <https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.html#unusual-postfix-configuration>.
What would I have to do to ensure that MM3 and postfix (same new server) use the newly created lists.example.org domain, which only exists within Postfix when setting up the Postorius domain and lists? I want to have it so that whatever the list name is, for example 'Staff@lists.example.org' will route through Postfix correctly.
Have you set an alias_domain for the lists.example.org domain?
What are the contents of /var/lib/mailman3/data/postfix_vmap and /var/lib/mailman3/data/postfix_lmtp? If you feel it is necessary to anonymize the domains in these, please only change the tld so we can see the actual subdomains.
However, it looks like you don't need to follow <https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.html#unusual-postfix-configuration> as lists.example.org is not a virtual_alias_domain. You just need to add lists.example.org to mydestination, assuming lists.example.org and lists.example.com are actually different domains, and follow <https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.html#transport-maps>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark,
Thanks for the assistance thus far.
When I create a new Domain within Postorius. If I set the Mail Host to 'example.com' and the Alias Domain to 'lists.example.com', create a new list such as 'staff_test', it'll default to the 'example.com' domain (which is the real domain). Then when I subscribe, I'll get an email from 'staff_test@example.com', when I want it to be from 'staff_test@lists.example.com' instead, also if I reply back to the 'staff_test@example.com' then I"ll get a bounce-back that it doesn't exist, but if I send to 'staff_test@lists.example.com' it'll go to the newly created list. I'd like all defaults to be '@lists.example.com', if that makes sense.
Here are the settings of my postfix_lmtp and postfix_vmap
# AUTOMATICALLY GENERATED BY MAILMAN ON 2023-12-17 20:05:34 # # This file is generated by Mailman, and is kept in sync with the binary hash # file. YOU SHOULD NOT MANUALLY EDIT THIS FILE unless you know what you're # doing, and can keep the two files properly in sync. If you screw it up, # you're on your own.
# Aliases which are visible only in the @lists.example.com domain. staff_test@lists.example.com lmtp:[127.0.0.1]:8024 staff_test-bounces@lists.example.com lmtp:[127.0.0.1]:8024 staff_test-confirm@lists.example.com lmtp:[127.0.0.1]:8024 staff_test-join@lists.example.com lmtp:[127.0.0.1]:8024 staff_test-leave@lists.example.com lmtp:[127.0.0.1]:8024 staff_test-owner@lists.example.com lmtp:[127.0.0.1]:8024 staff_test-request@lists.example.com lmtp:[127.0.0.1]:8024 staff_test-subscribe@lists.example.com lmtp:[127.0.0.1]:8024 staff_test-unsubscribe@lists.example.com lmtp:[127.0.0.1]:8024
# AUTOMATICALLY GENERATED BY MAILMAN ON 2023-12-17 20:05:34 # # This file is generated by Mailman, and is kept in sync with the binary hash # file. YOU SHOULD NOT MANUALLY EDIT THIS FILE unless you know what you're # doing, and can keep the two files properly in sync. If you screw it up, # you're on your own.
# Virtual mappings for the @example.com domain. staff_test@example.com staff_test@lists.example.com staff_test-bounces@example.com staff_test-bounces@lists.example.com staff_test-confirm@example.com staff_test-confirm@lists.example.com staff_test-join@example.com staff_test-join@lists.example.com staff_test-leave@example.com staff_test-leave@lists.example.com staff_test-owner@example.com staff_test-owner@lists.example.com staff_test-request@example.com staff_test-request@lists.example.com staff_test-subscribe@example.com staff_test-subscribe@lists.example.com staff_test-unsubscribe@example.com staff_test-unsubscribe@lists.example.com
On 12/17/23 12:17 PM, eboltz@lhtservices.com wrote:
Mark,
Thanks for the assistance thus far.
When I create a new Domain within Postorius. If I set the Mail Host to 'example.com' and the Alias Domain to 'lists.example.com', create a new list such as 'staff_test', it'll default to the 'example.com' domain (which is the real domain). Then when I subscribe, I'll get an email from 'staff_test@example.com', when I want it to be from 'staff_test@lists.example.com' instead, also if I reply back to the 'staff_test@example.com' then I"ll get a bounce-back that it doesn't exist, but if I send to 'staff_test@lists.example.com' it'll go to the newly created list. I'd like all defaults to be '@lists.example.com', if that makes sense.
You want to create the list with Mail Host lists.example.com and no Alias domain.
Then in Postfix you want no virtual_alias_maps setting. The rest of what you show for postconf -n at https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/... is good.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Okay, created a new Mail Host with only 'list.example.com' and no alias domain. I then created a new list and tried subscribe/unsubscribe but got the following error message in mail.log file
Dec 17 21:14:26 mailman3 postfix/smtpd[6649]: 057E744552: client=localhost[127.0.0.1] Dec 17 21:14:26 mailman3 postfix/cleanup[6653]: 057E744552: message-id=<170284766462.1144.7361224077829393518@ec2-54-172-107-21.compute-1.amazonaws.com> Dec 17 21:14:26 mailman3 postfix/qmgr[6644]: 057E744552: from=<list_test-bounces@lists.example.com>, size=908, nrcpt=1 (queue active) Dec 17 21:14:26 mailman3 postfix/smtpd[6649]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Dec 17 21:14:27 mailman3 postfix/smtp[6654]: 057E744552: to=<eboltz@lhtservices.com>, relay=mail.smtp2go.com[45.79.114.202]:587, delay=1, delays=0.01/0.01/0.52/0.46, dsn=5.0.0, status=bounced (host mail.smtp2go.com[45.79.114.202] said: 550-From header sender domain not verified (lists.example.com) 550-On your Sending > Verified Senders page 550 verify the sender domain or email to be allowed to send. (in reply to end of DATA command)) Dec 17 21:14:27 mailman3 postfix/cleanup[6653]: 054DD4455A: message-id=<20231217211427.054DD4455A@lists.example.com> Dec 17 21:14:27 mailman3 postfix/bounce[6655]: 057E744552: sender non-delivery notification: 054DD4455A Dec 17 21:14:27 mailman3 postfix/qmgr[6644]: 054DD4455A: from=<>, size=3253, nrcpt=1 (queue active) Dec 17 21:14:27 mailman3 postfix/qmgr[6644]: 057E744552: removed Dec 17 21:14:27 mailman3 postfix/local[6656]: 054DD4455A: to=<list_test-bounces@lists.example.com>, relay=local, delay=0.01, delays=0/0/0/0, dsn=5.1.1, status=bounced (unknown user: "list_test-bounces") Dec 17 21:14:27 mailman3 postfix/qmgr[6644]: 054DD4455A: removed Dec 17 21:14:43 mailman3 postfix/smtpd[6649]: connect from localhost[127.0.0.1] Dec 17 21:14:43 mailman3 postfix/smtpd[6649]: 1030044552: client=localhost[127.0.0.1] Dec 17 21:14:43 mailman3 postfix/cleanup[6653]: 1030044552: message-id=<170284768167.1143.3082499628069977260@ec2-54-172-107-21.compute-1.amazonaws.com> Dec 17 21:14:43 mailman3 postfix/qmgr[6644]: 1030044552: from=<list_test-bounces@lists.example.com>, size=1505, nrcpt=1 (queue active) Dec 17 21:14:43 mailman3 postfix/smtpd[6649]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Dec 17 21:14:43 mailman3 postfix/smtp[6654]: 1030044552: to=<eboltz@lhtservices.com>, relay=mail.smtp2go.com[66.228.43.14]:587, delay=0.36, delays=0/0/0.12/0.23, dsn=5.0.0, status=bounced (host mail.smtp2go.com[66.228.43.14] said: 550-From header sender domain not verified (lists.example.com) 550-On your Sending > Verified Senders page 550 verify the sender domain or email to be allowed to send. (in reply to end of DATA command)) Dec 17 21:14:43 mailman3 postfix/cleanup[6653]: 6881D4455A: message-id=<20231217211443.6881D4455A@lists.example.com> Dec 17 21:14:43 mailman3 postfix/bounce[6655]: 1030044552: sender non-delivery notification: 6881D4455A Dec 17 21:14:43 mailman3 postfix/qmgr[6644]: 6881D4455A: from=<>, size=3849, nrcpt=1 (queue active) Dec 17 21:14:43 mailman3 postfix/qmgr[6644]: 1030044552: removed Dec 17 21:14:43 mailman3 postfix/local[6656]: 6881D4455A: to=<list_test-bounces@lists.example.com>, relay=local, delay=0.01, delays=0/0/0/0, dsn=5.1.1, status=bounced (unknown user: "list_test-bounces") Dec 17 21:14:43 mailman3 postfix/qmgr[6644]: 6881D4455A: removed
I'll check my SPF records, see if there is something amiss with them as well
On 12/17/23 1:20 PM, eboltz@lhtservices.com wrote:
Okay, created a new Mail Host with only 'list.example.com' and no alias domain. I then created a new list and tried subscribe/unsubscribe but got the following error message in mail.log file
Dec 17 21:14:26 mailman3 postfix/smtpd[6649]: 057E744552: client=localhost[127.0.0.1] Dec 17 21:14:26 mailman3 postfix/cleanup[6653]: 057E744552: message-id=<170284766462.1144.7361224077829393518@ec2-54-172-107-21.compute-1.amazonaws.com> Dec 17 21:14:26 mailman3 postfix/qmgr[6644]: 057E744552: from=<list_test-bounces@lists.example.com>, size=908, nrcpt=1 (queue active) Dec 17 21:14:26 mailman3 postfix/smtpd[6649]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Dec 17 21:14:27 mailman3 postfix/smtp[6654]: 057E744552: to=<eboltz@lhtservices.com>, relay=mail.smtp2go.com[45.79.114.202]:587, delay=1, delays=0.01/0.01/0.52/0.46, dsn=5.0.0, status=bounced (host mail.smtp2go.com[45.79.114.202] said: 550-From header sender domain not verified (lists.example.com) 550-On your Sending > Verified Senders page 550 verify the sender domain or email to be allowed to send. (in reply to end of DATA command))
Your relay host doesn't like lists.example.com as a sender. You need to fix this on the relay host mail.smtp2go.com. It seems to say that you need to go to the Sending > Verified Senders page on the relay host and add lists.example.com.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark,
I don't think the setup will work, as the client uses O365 for the emails and doesn't appear to like the virtual lists domain on the MM3 server. I've tried both using the O365 email connector as well Smtp2Go, both have the same issue with headers.
real email domain = example.org MM3 virtual domain = lists.example.org
The FROM: header is always what's causing the issue, plus it doesn't like any external emails as it can't send held messages or posts to users outside of the example.org domain.
I'm not sure if MM2 was setup differently, as the client used an on-prem SMTP relay with a virtual domain, then created internal contacts with external (virtual)/internal (real) email addresses attached.
On 12/18/23 12:18 PM, eboltz@lhtservices.com wrote:
Mark,
I don't think the setup will work, as the client uses O365 for the emails and doesn't appear to like the virtual lists domain on the MM3 server. I've tried both using the O365 email connector as well Smtp2Go, both have the same issue with headers.
real email domain = example.org MM3 virtual domain = lists.example.org
Actually, lists.example.org is a real email domain.
The FROM: header is always what's causing the issue, plus it doesn't like any external emails as it can't send held messages or posts to users outside of the example.org domain.
If you want to use these 3rd party smtp relays, you have to configure them to accept mail from the lists.example.org domain. It should not be difficult, but it is not a Mailman issue. It is strictly an issue with configuring the 3rd party relay to accept the mail.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
eboltz@lhtservices.com writes:
When I check the /var/log/mail.log without the sender_canonical_maps setting enabled,
The meaning of "canonical" here is that this is the original and universally acceptable accept-no-substitutes-or-aliases version of the sender's address. If you don't want to see it *literally everywhere* in the header of a message coming out of Postfix, you shouldn't put it in a canonical_map.
then the initial email sender is either rejected because 'Recipient address rejected: User unknown in virtual alias table'
Postfix is configured to relay only local senders to anywhere, or remote senders to local recipients and to relay_domains. This means that the list address doesn't look like a local address (I think it's a bad idea to set myhostname=localhost!) and it isn't in relay_domains (not sure why that might be if the postfix_domains file is present as a compiled .db), so the last try is virtual address (Postfix's way of delivering a possibly remote recipient address to a local recipient).
You should use postconf to check that all of the my* variables are set sanely.
or '550-From header sender domain not verified (example.com), 550-On your sending Verified senders page 550 verify the sender domain or email to be allowed to send'
Not sure where the "example.com" is coming from. If that is being set by the remote smtpd (smtp2go?), and isn't a hard-coded string, something's wrong either with your Postfix configuration or your test email -- that should be the envelope sender domain, which should be your host. The example.com domain actually exists, and I'm sure it doesn't allow you to send email!
As others mention, you probably need to have a valid SPF record in your DNS for your host as well.
Here is my main.cf setup
Check that both the .txt (produced by Mailman) and .db (produced by /usr/sbin/postmap) files exist for the postfix_lmtp and postfix_domains maps. The function that produces the .txt source is supposed to call postmap to generate the compiled .db database, you shouldn't need to do it by hand. But that's the only Mailman-specific reason for the "not in virtual address table" message. Postfix itself only looks at the .db file, it will not compile or even read the .txt.
transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp local_recipient_maps = hash:/var/lib/mailman3/data/postfix_lmtp relay_domains = hash:/var/lib/mailman3/data/postfix_domains
Make sure there are no Mailman mailing lists in the aliases file.
alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases
As mentioned, this is not a good idea:
myhostname = localhost
Steve
participants (4)
-
eboltz@lhtservices.com -
Mark Sapiro -
peter@chubb.wattle.id.au -
Stephen J. Turnbull