Unable to relay via postfix ... but telnet works...?

2012-02-17 Thread A. Abd-Allah 


Hello,
At work, we've set up a small Linux server with postfix on it, and configured 
postfix to use an external SMTP mail server. The related settings in main.cf:

myhostname = scm1.ourdomain.commydestination = scm1.ourdomain.com, 
localhostrelayhost = [externalmailer.ourdomain.com]
The external mail server is set up to trust internal connections, so there are 
no authentication or authorization constraints to worry about.
On the Linux server, if I use telnet externalmailer.ourdomain.com 25, and 
then manually enter in a small email message to send email to an *EXTERNAL* 
email address (e.g. b...@gmail.com) all the way from HELO... to ...QUIT, 
this works. The email is successfully received over at gmail.com.
However, if I (as user s...@scm1.ourdomain.com) try to use mail 
b...@gmail.com from the Linux server, then this goes through the Postfix 
installation which in turn is configured to relay. However, this does not work 
ultimately. What happens:
1. The message is successfully delivered to the externalmailer.ourdomain.com. 
I see this recorded in /var/log/mail.log.2. But a few seconds later, a message 
is delivered back to the sender on our Linux machine, and the relevant part of 
the error message is as follows:
Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: 5.0.0Remote-MTA: 
smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; Error transferring to 
MAILGW1.OURDOMAIN.COM;  Maximum hop count exceeded.  Message probably in a 
routing loop.
What I would like to ask is what is Postfix doing differently from me when I do 
a simple telnet to the external mail server? Why am I - by hand - able to send 
email via the relay, but Postfix is not? I know that I have misconfigured 
*something* ... but I can't figure out what.
I am attaching the full email message below.
Any help would be greatly appreciated!
Ahmed.
Return-Path: X-Original-To: scm@scm1.ourdomain.comDelivered-To: 
scm@scm1.ourdomain.comReceived: from mailgw.ourdomain.com 
(mailgw1.ourdomain.com [10.221.2.109])by scm1.ourdomain.com (Postfix) 
with ESMTP id A7D1D440196for s...@scm1.ourdomain.com; Fri, 17 Feb 
2012 22:09:52 +0300 (AST)X-AuditID: 
c74b5969-b7b85ae01be8-92-4f3ea1446f3bReceived: from mail1.ourdomain.com 
(mail1.internal.ourdomain.com [10.221.2.110])by mailgw.ourdomain.com 
(Symantec Messaging Gateway) with SMTP id 88.F0.07144.441AE3F4; Fri, 17 Feb 
2012 21:49:40 +0300 (AST)To: s...@scm1.ourdomain.com (SCM User)Subject: 
DELIVERY FAILURE: Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop 
count exceeded.  Message probably in a routing loop.X-Mailer: mail (GNU 
Mailutils 2.2)Date: Fri, 17 Feb 2012 22:09:46 +0300 (AST)From: 
postmas...@ourdomain.comx-MIMETrack: Itemize by SMTP Server on 
EXTERNALMAILER/OURDOMAIN(Release 7.0.3|September 26, 2007) at 02/17/2012 
10:09:34 PM,Serialize b
 y Router on mail1/OURDOMAIN(Release 8.0.1|February 07, 2008) at 02/17/2012 
10:07:17 PM,Serialize complete at 02/17/2012 10:07:17 PMMessage-ID: 
of6dfeeb1b.0e59d703-on432579a7.00693efb-432579a7.00690...@ourdomain.comMIME-Version:
 1.0Content-Type: multipart/report; report-type=delivery-status; 
boundary===IFJRGLKFGIR14727182UHRUHIHDX-Brightmail-Tracker: 
H4sIA+NgFnrFLMWRmVeSWpSXmKPExsXCdZcpT9dloZ2/waZd5hZ7W7uYHBg9Gr+8
ZA5gjOKySUnNySxLJdK3S+DKuLTsGmvBed6KCT8PsjYwPuPuYuTjkBAwkWg5vY0FwhaTuHBv
PVsXIxeHkMAFRok1v54xgSREBFQljnzaxAqSEBboZpSY8mwzI0SHkkTPvq9gNouAtsSxiSvY
QWw2ATmJ5zevM4M0SAh0MklcfP0TyOHg4BUIldg/RQGkhldAUOLkzCdgm5kFUiVWTuhhm8DI
MwtJahaS1CygbmYBdYn184QgwooSU7ofskPYqhKzdjWwQdgyEpundjKC2EIC1xglHu70hrCL
Jc6cW846C+wdUYk3rTPAbGEBAYm751aAzYH5ZhaSb0DWsgGtPb3KcBayZ2YhPLOAkX8Vo0hu
YmZOerledlpxRlGyXmpKqV5x4iZGYPwc947M3MHYdF37EKMAB6MSD++LTjt/IdbEsuLK3EOM
EhzMSiK833KBQrwZVVqUX58UWlOanFhxiZODilGhj1mfpfLDH+z5K18ICQWtmVtLe
 7hC4E
fnGcP1PL5NQU7SgVs4WR871Xq7xjnfHteyLX/ejlcyZc6vssbyUyceblJrae1FmyIs9/1d5z
3r5y51qvpU2RazYs/PZo44eDs/+X+bh97Uq/G+nJeNpxZvDqC/ZTZ+45tt5zcdH0qqj7ByK/
837f0GgjqsRSnJFoqMVcVJwIAFdMkpJ9AgAA
--==IFJRGLKFGIR14727182UHRUHIHDContent-Type: text/plain; 
charset=UTF-8Content-Transfer-Encoding: base64
WW91ciBtZXNzYWlDQoNCiAgU3ViamVjdDogVGVzdGluZw0KDQp3YXMgbm90IGRlbGl2ZXJlZCB0bzoNCg0KICBhaG1lZBzeXNjcy5jb20NCg0KYmVjYXVzZToNCg0KICBFcnJvciB0cmFuc2ZlcnJpbmcgdG8gTUFJTEdXM5LRlNIUkMuRURVLlNBOyBNYXhpbXVtIGhvcCBjb3VudCBleGNlZWRlZC4gIE1lc3NhZ2UgcHJvYmFibHkgaW4gYSByb3V0aW5nIGxvb3AuIA0KDQo=
--==IFJRGLKFGIR14727182UHRUHIHDContent-Type: message/delivery-status
Reporting-MTA: dns;mail1.ourdomain.com
Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: 5.0.0Remote-MTA: 
smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; Error transferring to 
MAILGW1.OURDOMAIN.COM  Maximum hop count exceeded.  Message probably in a 
routing loop.
--==IFJRGLKFGIR14727182UHRUHIHDContent-Type: message/rfc822
Received: from scm1.ourdomain.com ([10.248.200.233])  by 
externalmailer.ourdomain.com (Lotus Domino Release 7.0.3)

RE: Unable to relay via postfix ... but telnet works...?

2012-02-17 Thread A. Abd-Allah 
Dr. Wietse,

Thank you for your valuable time, not just for this question, but for the 
entire postfix product.

If I understood you correctly, increasing the hop count limit may help in this 
case. I only see 1 or 2 headers that are being added, but I am not sure. I can 
try changing the limit and then seeing the effect.

Thank you again.

 Subject: Re: Unable to relay via postfix ... but telnet works...?
 To: postfix-users@postfix.org
 Date: Fri, 17 Feb 2012 14:52:41 -0500
 From: wie...@porcupine.org
 
 A. Abd-Allah:
  Final-Recipient: rfc822;bob@gmail.comAction: failedStatus:
  5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes;
  Error transferring to MAILGW1.OURDOMAIN.COM;  Maximum hop count
  exceeded.  Message probably in a routing loop. 
 
 When a mail server receives mail via SMTP, the standard requires
 that it adds a header with:
 
 Received: stuff.
 
 Many MTAs count the number of such message header lines and report
 a Maximum hop count exceeded error because the number exceeds
 some upper bound.
 
 With Postfix, the default is hopcount_limit = 50.
 
 Your telnet message had no such header, while the non telnet
 message presumably had several. That's why one triggers the
 error and the other does not.
 
   Wietse

RE: Unable to relay via postfix ... but telnet works...?

2012-02-17 Thread A. Abd-Allah 

Dr. Wietse,
Thank you again for your time. I have been an off-and-on-again user of Postfix 
for many years, and it is a real honor (and surprise!) to get support directly 
from its originator.
 The hop-count limit is reached in the REMOTE mail server. 
I suspected as much, but I wasn't sure. Thanks for clarifying this.
 There are two possibilities:
 
 - The failing message already has lots of Received: headers (which
 is something that you may be able to fix by removing some or all).
It doesn't because the message is being created at the server where Postfix is 
installed.
 - The REMOTE mail server has an unreasonably-low hop-count limit
 (which is something that only the remote system adminstrator can
 fix).

This is the only possibility that remains... and since the system administrator 
for that system is difficult to communicate with, my guess was that the single 
innocent Received: header added by Postfix was the tipping point. For this 
reason, I used the header_checks parameter to strip it off before sending it 
to the external mail server...
...and now everything works.
Thank you very much! Your work makes a real difference.
Ahmed.