Solved Problems with Incoming Mail - postfix

jasonhirsh · May 15, 2011

I am running a server FreeBSD 8.1, IPFW with Postfix, Dovecot, amavisd-new... I am having issues with some, not all, incoming mail from several providers, primarily gmail and mindspring.com. The error message that was provided to a user was along the lines of:

Code:

Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more athttp://mail.google.com/support/bin/answer.py?answer=7720
 [mail.kasdivi.com. (5): Connection timed out]

The maillog shows no information relative to the un-accepted requests. I have started trying to one through tcpdump but unfortunately none of my gmail accounts are subject to this problem.

I have tried to address this on postfix list as I thought it was appropriate as some mail made it through from gmail and some doesn't. I have been informed, besides in their opinion I shouldn't be attempting to administer a server, that this is not a POSTFIX problems as there are no problems in the maillog and therefore it must be an OS issue.

IPFW has port 25 open and the problem continues even if I turn IPFW off. So it would not appear to be a firewall issue.

It would appear that I need to record tcpdump to files and hope to catch the bounce there.

Can anyone provide any other suggestions?

jasonhirsh · May 15, 2011

TCPDUMP shows not responding to TCP SYN.

I managed to catch an exchange as follows:

Code:

08:40:31.036997 IP mail-iy0-f182.google.com.51101 > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, options
 [mss 1430,sackOK,TS val 2972295960 ecr 0,nop,wscale 6], length 0
08:40:34.037857 IP mail-iy0-f182.google.com.51101 > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, options
 [mss 1430,sackOK,TS val 2972298960 ecr 0,nop,wscale 6], length 0
08:40:40.036791 IP mail-iy0-f182.google.com.51101 > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, options
 [mss 1430,sackOK,TS val 2972304960 ecr 0,nop,wscale 6], length 0
08:40:50.037758 IP mail-iy0-f182.google.com.51101 > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, options
 [mss 1430,sackOK,TS val 2972314960 ecr 0,nop,wscale 6], length 0
08:41:00.037805 IP mail-iy0-f182.google.com.51101 > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, options
 [mss 1430,sackOK,TS val 2972324960 ecr 0,nop,wscale 6], length 0
08:41:10.037831 IP mail-iy0-f182.google.com.51101 > tuna.theoceanwindow-bv.com.smtp: Flags [S], seq 850119283, win 5720, options
 [mss 1430,sackOK,TS val 2972334960 ecr 0,nop,wscale 6], length 0

I have been told that this indicates that my server is not responding to TCP SYN. How do I correct?

johnblue · May 16, 2011

I do not have something specific to suggest for you to try except a different troubleshooting point of view.

We all can agree that the problem you are having should not be happening. Given that you have extra software working in conjunction with Postfix, perhaps it would be helpful if you established a reference "baseline" before spending additional time on the problem.

I would recommend that you grab a spare hard drive and install only defaults for FreeBSD and Postfix. Given this base configuration, check and see if the problem continues to exist.

If the problem continues, then, clearly, something on the outside is affecting your mail delivery. If the problem goes away, then you can start looking at the interactions of the software you have installed by picking them apart to isolate the fault.

Good luck!

jasonhirsh · May 16, 2011

Unfortunately it is a leased server so I can't do a virgin drive. The thing that makes me wonder is why only certain users.. I would think all users on a domain/ISP would contact my server in the same manner.

AndyUKG · May 16, 2011

Hi,

As per the info from google, are your domain MX records correct? This type of problem could be caused, for example, if you have multple MX records and one of them is broken/incorrect...

thanks Andy.

AndyUKG · May 16, 2011

Hmm, not had any caffeine yet. The server is listed in the error "tuna.theoceanwindow-bv.com.smtp" so rather than checking the MX records, you just need to check that this server is accepting SMTP connections (which I guess you already did)...

jasonhirsh · May 16, 2011

Understand the Caffeine. Yes, the server is accepting connections. The vast majority of email goes fine. And at least some of the mail from the two known problem domains (mindspring.com and gmail) makes it. The error message the mindspring user got was similar to the gmail one.

Code:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

 [email]jason@kasdivi.com[/email]
   retry timeout exceeded

I was unable to get a TCPDUMP on that to see if it had the same TCP/IP issue.

jasonhirsh · May 16, 2011

Postfix list found my problem.. My IPs for my network interface had incorrect netmasks.. when corrected issue was solved.