Postfix DNS conflicts

Source: Internet
Author: User
Tags mx record

When sending an email,PostfixUse the system's resolver (that isDNSClient, which can query the domain information function library from the DNS server) to obtain DNS information. When receiving A mail, the DNS of your domain must provide delivery information (MX or A record) for external queries so that other MTA can find your postfix server.

Influence of DNS on the sender Program

The smtp MDA of postfix must be able to obtain MX and A records to determine the Host Name and IP address. That is to say, in the sender program, postfix requires at least two DNS queries. The first is to get the MX host name, and the other is to get the IP address of the host name. Because postfix uses the resolver of the operating system to access the DNS server, the system running postfix must be able to access at least one DNS server. Although most systems running postfix usually run DNS servers, this is not necessary.

If you suspect that your system cannot properly query DNS information, you can find out the problem through three command line tools: nslookup, dig, and host. Most unix systems should install these three tools. You can use these tools to identify all types of data records for a specific domain, including MX records that allow postfix to send mail to the correct host.

The DNS issue may be caused by a system error in which the postfix is located, or the DNS server of the target domain is not properly set. When looking for the cause of the problem, you must keep in mind that postfix always first queries the mx record and then queries the record. Even if you can find out the IP address of the domain name, if the domain does not provide mx information, postfix may not be able to send emails for the first time.

Configuration File Options

When a mail is delivered, the postfix identifies all MX resource records of the target domain from the DNS system, and then sorts the records based on the priority value. After the postfix is successfully connected to the recipient's smtp server, the recipient will use the status code to answer the requirements of smtp MDA. A status code between the 2xx range indicates that the request is accepted. If a status code within the 4xx range is returned, it indicates that the other party has encountered a temporary error. If the status code is within the 5xx range, indicates a permanent problem.

PTR record

To prevent spam, many SMTP servers require that the client IP address be able to identify valid PTR resource records. Therefore, the IP address of your postfix system must have a PTR record pointing to the specified postfix host name in the DNS system so that all SMTP servers will accept the emails you sent.

Influence of DNS on email receiving program

To enable postfix to receive emails from a specific domain, the host name running postfix must be listed in the MX record of the domain, and the postfix must also be set to be able to receive emails from the domain. Postfix can receive emails from three domains: local domain, relay domains, and virtual domains ). The virtual domain may use virtual aliases or virtual mailboxes ). Each domain must be listed in a specific postfix parameter for validity.

Domain type parameters

Local mydestination

Relay_domains

Virtual mailbox virtual_mailbox_domains

Virtual alias virtual_alias_domains

The same domain name cannot be listed in different parameters at the same time. If the postfix finds the same domain in two parameters, it will issue a warning. If you see an error message like "mail for example.com loops back to myself" in the log file, it is usually because your postfix server is listed in the MX list of a domain, however, the postfix is not set to accept emails for this domain.

FAQs

Problems caused by improper DNS settings usually do not have immediate visibility. You can only analyze the error information in the log file.

"Mail for domain loops back to myself" (emails in a domain are bypassed by myself)

Among all DNS errors, this is probably the most common. The problem is that your postfix server is listed in the MX list of a domain, but you didn't let the postfix know that it is the mail terminal of the domain. Therefore, the solution is to list the domain in the mydestination parameter, or set it to a virtual domain or a forwarding domain. If your postfix server is listed on a porxy or NAT device, it may not be aware that it is a domain's MX host. In this case, you must add the IP address of the proxy system to the proxy_interfaces parameter.

"Host found but no data record of requested type" (the host can be found, but no data type is specified for record)

The domain name cannot find the MX record in the DNS database, and the domain name itself does not have A record. You have to contact the DNS administrator for the domain to solve the problem. If you are the database administrator of the DNS domain name, make sure that the host name of your email server is indeed listed in the MX record of the domain.

"No mx host for domain has a valid A record"

The domain's DNS database has MX records, but the IP address corresponding to the mx host name cannot be found. You must contact the DNS administrator to solve the problem. For your own domain, make sure that each host name listed in the mx record has A valid and correct A record.

"Host not found, try again"

No meaningful results can be found from the DNS system. It may be caused by DNS serer disconnection, denial of service, or even failure. If you can confirm that the dns server of the domain is operating correctly, the problem may be the network, or the resolver of the postfix server system is not properly set. For the last possibility, check the/etc/nsswitch. conf and/etc/resolv. conf configuration files of the system.

Through the above introduction, we know the impact of DNS on the Postfix mailing and receiving program. Hope to help you!

  • Learn more about installing the DNS + Sendmail service in Linux
  • Considerations for High Availability of Server Clusters: DNS and Failover
  • Most enterprises are still vulnerable to DNS cache poisoning attacks
  • Is free DNS suitable for enterprises?
  • How to Set automatic Postfixadmin reply
  • How to control resources for Postfix
  • Address operations in Postfix

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.