Unable to relay via postfix ... but telnet works...?
Hello, At work, we've set up a small Linux server with postfix on it, and configured postfix to use an external SMTP mail server. The related settings in main.cf: myhostname = scm1.ourdomain.commydestination = scm1.ourdomain.com, localhostrelayhost = [externalmailer.ourdomain.com] The external mail server is set up to trust internal connections, so there are no authentication or authorization constraints to worry about. On the Linux server, if I use "telnet externalmailer.ourdomain.com 25", and then manually enter in a small email message to send email to an *EXTERNAL* email address (e.g. "b...@gmail.com") all the way from "HELO..." to "...QUIT", this works. The email is successfully received over at gmail.com. However, if I (as user "s...@scm1.ourdomain.com") try to use "mail b...@gmail.com" from the Linux server, then this goes through the Postfix installation which in turn is configured to relay. However, this does not work ultimately. What happens: 1. The message is successfully delivered to the "externalmailer.ourdomain.com". I see this recorded in /var/log/mail.log.2. But a few seconds later, a message is delivered back to the sender on our Linux machine, and the relevant part of the error message is as follows: Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: 5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop count exceeded. Message probably in a routing loop. What I would like to ask is what is Postfix doing differently from me when I do a simple telnet to the external mail server? Why am I - by hand - able to send email via the relay, but Postfix is not? I know that I have misconfigured *something* ... but I can't figure out what. I am attaching the full email message below. Any help would be greatly appreciated! Ahmed. Return-Path: <>X-Original-To: scm@scm1.ourdomain.comDelivered-To: scm@scm1.ourdomain.comReceived: from mailgw.ourdomain.com (mailgw1.ourdomain.com [10.221.2.109])by scm1.ourdomain.com (Postfix) with ESMTP id A7D1D440196for ; Fri, 17 Feb 2012 22:09:52 +0300 (AST)X-AuditID: c74b5969-b7b85ae01be8-92-4f3ea1446f3bReceived: from mail1.ourdomain.com (mail1.internal.ourdomain.com [10.221.2.110])by mailgw.ourdomain.com (Symantec Messaging Gateway) with SMTP id 88.F0.07144.441AE3F4; Fri, 17 Feb 2012 21:49:40 +0300 (AST)To: s...@scm1.ourdomain.com (SCM User)Subject: DELIVERY FAILURE: Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop count exceeded. Message probably in a routing loop.X-Mailer: mail (GNU Mailutils 2.2)Date: Fri, 17 Feb 2012 22:09:46 +0300 (AST)From: postmas...@ourdomain.comx-MIMETrack: Itemize by SMTP Server on EXTERNALMAILER/OURDOMAIN(Release 7.0.3|September 26, 2007) at 02/17/2012 10:09:34 PM,Serialize b y Router on mail1/OURDOMAIN(Release 8.0.1|February 07, 2008) at 02/17/2012 10:07:17 PM,Serialize complete at 02/17/2012 10:07:17 PMMessage-ID: MIME-Version: 1.0Content-Type: multipart/report; report-type=delivery-status; boundary="==IFJRGLKFGIR14727182UHRUHIHD"X-Brightmail-Tracker: H4sIA+NgFnrFLMWRmVeSWpSXmKPExsXCdZcpT9dloZ2/waZd5hZ7W7uYHBg9Gr+8 ZA5gjOKySUnNySxLJdK3S+DKuLTsGmvBed6KCT8PsjYwPuPuYuTjkBAwkWg5vY0FwhaTuHBv PVsXIxeHkMAFRok1v54xgSREBFQljnzaxAqSEBboZpSY8mwzI0SHkkTPvq9gNouAtsSxiSvY QWw2ATmJ5zevM4M0SAh0MklcfP0TyOHg4BUIldg/RQGkhldAUOLkzCdgm5kFUiVWTuhhm8DI MwtJahaS1CygbmYBdYn184QgwooSU7ofskPYqhKzdjWwQdgyEpundjKC2EIC1xglHu70hrCL Jc6cW846C+wdUYk3rTPAbGEBAYm751aAzYH5ZhaSb0DWsgGtPb3KcBayZ2YhPLOAkX8Vo0hu YmZOerledlpxRlGyXmpKqV5x4iZGYPwc947M3MHYdF37EKMAB6MSD++LTjt/IdbEsuLK3EOM EhzMSiK833KBQrwZVVqUX58UWlOanFhxiZODilGhj1mfpfLDH+z5K18ICQWtmVtLe 7hC4E fnGcP1PL5NQU7SgVs4WR871Xq7xjnfHteyLX/ejlcyZc6vssbyUyceblJrae1FmyIs9/1d5z 3r5y51qvpU2RazYs/PZo44eDs/+X+bh97Uq/G+nJeNpxZvDqC/ZTZ+45tt5zcdH0qqj7ByK/ 837f0GgjqsRSnJFoqMVcVJwIAFdMkpJ9AgAA --==IFJRGLKFGIR14727182UHRUHIHDContent-Type: text/plain; charset=UTF-8Content-Transfer-Encoding: base64 WW91ciBtZXNzYWlDQoNCiAgU3ViamVjdDogVGVzdGluZw0KDQp3YXMgbm90IGRlbGl2ZXJlZCB0bzoNCg0KICBhaG1lZBzeXNjcy5jb20NCg0KYmVjYXVzZToNCg0KICBFcnJvciB0cmFuc2ZlcnJpbmcgdG8gTUFJTEdXM5LRlNIUkMuRURVLlNBOyBNYXhpbXVtIGhvcCBjb3VudCBleGNlZWRlZC4gIE1lc3NhZ2UgcHJvYmFibHkgaW4gYSByb3V0aW5nIGxvb3AuIA0KDQo= --==IFJRGLKFGIR14727182UHRUHIHDContent-Type: message/delivery-status Reporting-MTA: dns;mail1.ourdomain.com Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: 5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; Error transferring to MAILGW1.OURDOMAIN.COM Maximum hop count exceeded. Message probably in a routing loop. --==IFJRGLKFGIR14727182UHRUHIHDContent-Type: message/rfc822 Received: from scm1.ourdomain.com ([10.248.200.233]) by externalmailer.ourdomain.com (Lotus Domino Release 7.0.3) with ESMTP id 2012021722093403-158141 ; Fri, 17 Feb 2012 22:09:34 +
Re: Unable to relay via postfix ... but telnet works...?
A. Abd-Allah: > Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: > 5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; > Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop count > exceeded. Message probably in a routing loop. When a mail server receives mail via SMTP, the standard requires that it adds a header with: Received: stuff. Many MTAs count the number of such message header lines and report a "Maximum hop count exceeded" error because the number exceeds some upper bound. With Postfix, the default is "hopcount_limit = 50". Your "telnet" message had no such header, while the "non telnet" message presumably had several. That's why one triggers the error and the other does not. Wietse
RE: Unable to relay via postfix ... but telnet works...?
Dr. Wietse, Thank you for your valuable time, not just for this question, but for the entire postfix product. If I understood you correctly, increasing the hop count limit may help in this case. I only see 1 or 2 headers that are being added, but I am not sure. I can try changing the limit and then seeing the effect. Thank you again. > Subject: Re: Unable to relay via postfix ... but telnet works...? > To: postfix-users@postfix.org > Date: Fri, 17 Feb 2012 14:52:41 -0500 > From: wie...@porcupine.org > > A. Abd-Allah: > > Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: > > 5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; > > Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop count > > exceeded. Message probably in a routing loop. > > When a mail server receives mail via SMTP, the standard requires > that it adds a header with: > > Received: stuff. > > Many MTAs count the number of such message header lines and report > a "Maximum hop count exceeded" error because the number exceeds > some upper bound. > > With Postfix, the default is "hopcount_limit = 50". > > Your "telnet" message had no such header, while the "non telnet" > message presumably had several. That's why one triggers the > error and the other does not. > > Wietse
Re: Unable to relay via postfix ... but telnet works...?
A. Abd-Allah: > Dr. Wietse, > > Thank you for your valuable time, not just for this question, but > for the entire postfix product. > > If I understood you correctly, increasing the hop count limit may > help in this case. I only see 1 or 2 headers that are being added, > but I am not sure. I can try changing the limit and then seeing > the effect. The hop-count limit is reached in the REMOTE mail server. There are two possibilities: - The failing message already has lots of Received: headers (which is something that you may be able to fix by removing some or all). - The REMOTE mail server has an unreasonably-low hop-count limit (which is something that only the remote system adminstrator can fix). Wietse > A. Abd-Allah: > > Final-Recipient: rfc822;bob@gmail.comAction: failedStatus: > > 5.0.0Remote-MTA: smtp;MAILGW1.OURDOMAIN.COMDiagnostic-Code: X-Notes; > > Error transferring to MAILGW1.OURDOMAIN.COM; Maximum hop count > > exceeded. Message probably in a routing loop. > > When a mail server receives mail via SMTP, the standard requires > that it adds a header with: > > Received: stuff. > > Many MTAs count the number of such message header lines and report > a "Maximum hop count exceeded" error because the number exceeds > some upper bound. > > With Postfix, the default is "hopcount_limit = 50". > > Your "telnet" message had no such header, while the "non telnet" > message presumably had several. That's why one triggers the > error and the other does not. > > Wietse
RE: Unable to relay via postfix ... but telnet works...?
Dr. Wietse, Thank you again for your time. I have been an off-and-on-again user of Postfix for many years, and it is a real honor (and surprise!) to get support directly from its originator. > The hop-count limit is reached in the REMOTE mail server. I suspected as much, but I wasn't sure. Thanks for clarifying this. > There are two possibilities: > > - The failing message already has lots of Received: headers (which > is something that you may be able to fix by removing some or all). It doesn't because the message is being created at the server where Postfix is installed. > - The REMOTE mail server has an unreasonably-low hop-count limit > (which is something that only the remote system adminstrator can > fix). This is the only possibility that remains... and since the system administrator for that system is difficult to communicate with, my guess was that the single innocent "Received:" header added by Postfix was the tipping point. For this reason, I used the "header_checks" parameter to strip it off before sending it to the external mail server... ...and now everything works. Thank you very much! Your work makes a real difference. Ahmed.