Solved Intranet smptd requiring reverse DNS to email client.

[Ferocious1881]

I have setup an intranet SMPT/Mail server in a FreeBSD Jail IP: 192.168.0.31 following the instructions in this post https://it-notes.dragas.net/2024/03...erver-freebsd-opensmptd-rspamd-dovecot-part1/ but just not configuring Redis nor an apache server not any form of senderscore, because is intranet and does not make sense asking the exterior world how to resolve intranet problems and because is a test server.

Which gave me something of the following:

1. The hostname of the jail is the FQDN `mail.test-mail-server.my-intranet.domain`, but configured from the jail.conf file.
2. I setup acme.sh instead of certbot against my intranet ACME provider.
3. Have generated my keys at /usr/local/etc/mail/dkim as the guide says.
4. Have the following file as my

$TTL 3600
$ORIGIN mail-probe-eins.my-domain.inexistent-top-level.
@   IN SOA ns1.my-domain.inexistent-top-level. admin.my-domain.inexistent-top-level. (
            21301334
            3600
            600
            604800
            1800 )


@   IN NS ns1.my-domain.inexistent-top-level.
@   MX 0 mail

;@           IN TXT "v=spf1 a:mail.mail-probe-eins.my-domain.inexistent-top-level mx -all ra=postmaster"
@            IN TXT "v=spf1 a ip4:192.168.0.41 mx ~all"
_dmarc       IN TXT "v=DMARC1;p=none;pct=100;rua=mailto:postmaster@mail-probe-eins.my-domain.inexistent-top-level"
mail         IN TXT "v=spf1 a -all ra=postmaster"

mail        IN A 192.168.0.41
mail._domainkey    IN TXT "v=DKIM1;K=rsa;p=The-first-part-of-my-2018-bits-public-key"
mail._domainkey    IN TXT "the-rest-of-the-key"

as my zone test-mail-server.my-intranet.domain in the named.conf file of my BIND9 instance, zone wich is configured in this way

zone "mail-probe-eins.my-domain.inexistent-top-level" IN {
  type master;
  file "/var/named/mail-probe-eins.my-domain.inexistent-top-level.db";
  allow-update { none; };
};

with the entire named.conf being

acl LAN {
     192.168.0.0/24;
};

acl ALLEN_LOCALHOST {
     127.0.0.1/32;
};

acl PUBLIC0 {
     192.168.0.3;
};

options {
  directory "/var/named";
  allow-recursion { LAN; localhost; };
  forwarders {
    1.1.1.1; // Cloudflare
    208.67.222.222; // OpenDNS
  };

  listen-on { 192.168.0.3; localhost; };
  listen-on-v6 { none; };

 pid-file "/var/run/named/pid";
  allow-transfer port 53 { PUBLIC0; 0.0.0.0; };
  allow-query { localhost; LAN; };

  recursion yes;

  dump-file "/var/named/data/cache_dump.db";
  statistics-file "/var/named/data/named_stats.txt";
  memstatistics-file "/var/named/data/named_mem_stats.txt";

zone "my-domain.inexistent-top-level" IN {
  type master;
  file "/var/named/my-domain.inexistent-top-level.db";
  allow-update { none; };
};

zone "mail-probe-eins.my-domain.inexistent-top-level" IN {
  type master;
  file "/var/named/mail-probe-eins.my-domain.inexistent-top-level.db";
  allow-update { none; };
};

zone "168.192.in-addr.arpa" IN {
  type master;
  file "/var/named/168.192.db";
  allow-update { none; };
};

5. Added vmail used as instructed. Id est

pw user add vmail -u 2000 -d /var/vmail -s /usr/sbin/nologin
mkdir /var/vmail
chown vmail /var/vmail

6. The /usr/local/etc/mail/smtpd.conf is set to the following:

table passwd passwd:/usr/local/etc/mail/passwd
table virtuals file:/usr/local/etc/mail/virtuals

pki mail.mail-probe-eins.my-domain.inexistent-top-level cert "/usr/local/etc/certs/mail.mail-probe-eins.my-domain.inexistent-top-level_ecc/fullchain.cer"
pki mail.mail-probe-eins.my-domain.inexistent-top-level key "/usr/local/etc/certs/mail.mail-probe-eins.my-domain.inexistent-top-level_ecc/mail.mail-probe-eins.my-domain.inexistent-top-level.key"

filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } \
    disconnect "550 no residential connections - Thou shalt not pass"

filter check_rdns phase connect match !rdns \
    disconnect "550 no rdns - Thou shalt not pass"

filter check_fcrdns phase connect match !fcrdns \
    disconnect "550 no FCrDNS - Thou shalt not pass"

filter rspamd proc-exec "/usr/local/libexec/opensmtpd/opensmtpd-filter-rspamd"

listen on 0.0.0.0 tls pki mail.mail-probe-eins.my-domain.inexistent-top-level \
    filter { check_dyndns, check_rdns, check_fcrdns, rspamd } auth-optional <passwd>

listen on 0.0.0.0 port submission tls-require pki mail.mail-probe-eins.my-domain.inexistent-top-level auth <passwd> filter rspamd mask-src

listen on 0.0.0.0 port 465 smtps pki mail.mail-probe-eins.my-domain.inexistent-top-level  auth <passwd> filter rspamd mask-src

action "local_mail" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual <virtuals>
action "outbound" relay helo mail.mail-probe-eins.my-domain.inexistent-top-level

match from any for domain mail.mail-probe-eins.my-domain.inexistent-top-level action "local_mail"
match for local action "local_mail"

match from any auth for any action "outbound"
match for any action "outbound"

7. No /usr/local/etc/rspamd/local.d/redis.conf, but /usr/local/etc/rspamd/local.d/spf.conf is

spf_cache_size = 1k;
spf_cache_expire = 1d;
max_dns_nesting = 10;
max_dns_requests = 30;
min_cache_ttl = 5m;

8. Also /usr/local/etc/rspamd/local.d/dkim_signing.conf is set to

domain {
  test-mail-server.my-intranet.domain {
    path = "/usr/local/etc/mail/dkim/test-mail-server.my-intranet.domain.key";
    selector = "mail";
  }
}

9. No /usr/local/etc/rspamd/local.d/phishing.conf
10. Nor /usr/local/etc/rspamd/local.d/surbl.conf
11. Nor /usr/local/etc/rspamd/local.d/url_reputation.conf
12. Nor /usr/local/etc/rspamd/local.d/url_tags.conf
13. And for what I know dovecot does not look very relevant as the message error will show below.

After configuring two test users benutzereins, and benutzerzwei, and strating the jail services, I tried to send a message from benutzereins to benutzerzwei from the eM Mail client, which got me a failure in delivery. Then after checking eM's logs I check the no rdns filter, with the configured error message `550 no rdns - Thou shalt not pass`, is rejecting the delivery.

Also after cheking the logs from the Jail's /var/log/maillog I got the following logs:

Oct  5 04:15:45 mail dma[f775][167]: new mail from user=root uid=26 envelope_from=<root@mail.mail-probe-eins.my-domain.inexistent-top-level>
Oct  5 04:15:45 mail dma[f775][167]: mail to=<root> queued as f775.2495f3648000
Oct  5 04:15:45 mail dma[f775.2495f3648000][696]: <root> trying delivery
Oct  5 04:15:45 mail dma[f775.2495f3648000][696]: <root> delivery successful
Oct  5 06:28:04 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=26830, TLS, session=<XPLb47QjPoHAqABH>
Oct  5 06:28:04 mail smtpd[90062]: 4444444444444444 smtp connected address=192.168.0.71 host=<unknown>
Oct  5 06:28:04 mail smtpd[90062]: 4444444444444444 smtp failed-command command="" result="550 no rdns - Thou shalt not pass"
Oct  5 06:28:04 mail smtpd[90062]: 4444444444444444 smtp disconnected reason=quit
Oct  5 06:28:53 mail dovecot[96578]: imap(benutzereins@mail-probe-eins.my-domain.inexistent-top-level)<26830><XPLb47QjPoHAqABH>: Disconnected: Connection closed (IDLE running for 0.001 + waiting input for 45.514 secs, 2 B in + 10 B out, state=wait-input) in=316 out=1802 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct  5 06:31:31 mail smtpd[90062]: 4444444444444444 smtp connected address=192.168.0.71 host=<unknown>
Oct  5 06:31:31 mail smtpd[90062]: 4444444444444444 smtp failed-command command="" result="550 no rdns - Thou shalt not pass"
Oct  5 06:31:31 mail smtpd[90062]: 4444444444444444 smtp disconnected reason=quit
Oct  5 06:31:35 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=38114, TLS, session=<3ml28LQjWIHAqABH>
Oct  5 06:31:35 mail dovecot[96578]: imap(benutzereins@mail-probe-eins.my-domain.inexistent-top-level)<38114><3ml28LQjWIHAqABH>: Disconnected: Logged out in=9 out=483 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct  5 06:31:49 mail smtpd[90062]: 4444444444444444 smtp connected address=192.168.0.71 host=<unknown>
Oct  5 06:31:49 mail smtpd[90062]: 4444444444444444 smtp failed-command command="" result="550 no rdns - Thou shalt not pass"
Oct  5 06:31:49 mail smtpd[90062]: 4444444444444444 smtp disconnected reason=quit
Oct  5 06:31:50 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=38395, TLS, session=<KHJW8bQjXIHAqABH>
Oct  5 06:31:50 mail dovecot[96578]: imap(benutzereins@mail-probe-eins.my-domain.inexistent-top-level)<38395><KHJW8bQjXIHAqABH>: Disconnected: Logged out in=9 out=483 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct  5 06:32:05 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=38674, TLS, session=<Q51C8rQjYIHAqABH>
Oct  5 06:32:06 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=39134, TLS, session=<EBhO8rQjYoHAqABH>
Oct  5 06:32:47 mail smtpd[90062]: 4444444444444444 smtp connected address=192.168.0.71 host=<unknown>
Oct  5 06:32:47 mail smtpd[90062]: 4444444444444444 smtp failed-command command="" result="550 no rdns - Thou shalt not pass"
Oct  5 06:32:47 mail smtpd[90062]: 4444444444444444 smtp disconnected reason=quit
Oct  5 06:32:57 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=39634, TLS, session=<Sw5V9bQjbIHAqABH>

Which makes me thing, that the eM email client tries to send the message to the SMPT server, instead of using the imap server, but because the server is configured to reject messages that lack reverse dns.

How can configure the smtp server to no require the email client rDNS, but still requiring rDNS to other possible smtpd servers, like it would do if it were my sefthosted email server?

 

[VladiBG]

MTA are connecting on smtp port 25 and are required to have valid rDNS record.
MUA should use dedicated obsolete SSL port 465 with AUTH or submission port 587 where is required all connection to have AUTH. When client MUA connect and auth successfully then it's allowed to send e-mails. If you just start configuring your e-mail server stop using port 465 and leave only port 587 with TLS.

When there's no port option it defaults to port 25 smtp the bellow example is for connections to port 25

listen on 0.0.0.0 tls pki mail.example.com filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } auth-optional <passwd>

The following is for port 587

listen on 0.0.0.0 port submission tls-require pki mail.example.com auth <passwd> filter rspamd mask-src

And Obsolete SSL port 465

listen on 0.0.0.0 port 465 smtps pki mail.example.com auth <passwd> filter rspamd mask-src

As you can see only the connection on smtp port 25 have filter that check for dyndns, rdns spam... etc. The clients which have valid user/pass for AUTH must connect on 587 with TLS or on 465 with SSL and they are check against spam only via filter rspamd.

 

[Ferocious1881]

MTA are connecting on smtp port 25 and are required to have valid rDNS record.
MUA should use dedicated obsolete SSL port 465 with AUTH or submission port 587 where is required all connection to have AUTH. When client MUA connect and auth successfully then it's allowed to send e-mails. If you just start configuring your e-mail server stop using port 465 and leave only port 587 with TLS.

When there's no port option it defaults to port 25 smtp the bellow example is for connections to port 25


The following is for port 587


And Obsolete SSL port 465


As you can see only the connection on smtp port 25 have filter that check for dyndns, rdns spam... etc. The clients which have valid user/pass for AUTH must connect on 587 with TLS or on 465 with SSL and they are check against spam only via filter rspamd.

I guess, that I just had an awful miss configured client. Thanks

 

[Ferocious1881]

I have setup an intranet SMPT/Mail server in a FreeBSD Jail IP: 192.168.0.31 following the instructions in this post https://it-notes.dragas.net/2024/03...erver-freebsd-opensmptd-rspamd-dovecot-part1/ but just not configuring Redis nor an apache server not any form of senderscore, because is intranet and does not make sense asking the exterior world how to resolve intranet problems and because is a test server.

Which gave me something of the following:

1. The hostname of the jail is the FQDN `mail.test-mail-server.my-intranet.domain`, but configured from the jail.conf file.
2. I setup acme.sh instead of certbot against my intranet ACME provider.
3. Have generated my keys at /usr/local/etc/mail/dkim as the guide says.
4. Have the following file as my

$TTL 3600
$ORIGIN mail-probe-eins.my-domain.inexistent-top-level.
@   IN SOA ns1.my-domain.inexistent-top-level. admin.my-domain.inexistent-top-level. (
            21301334
            3600
            600
            604800
            1800 )


@   IN NS ns1.my-domain.inexistent-top-level.
@   MX 0 mail

;@           IN TXT "v=spf1 a:mail.mail-probe-eins.my-domain.inexistent-top-level mx -all ra=postmaster"
@            IN TXT "v=spf1 a ip4:192.168.0.41 mx ~all"
_dmarc       IN TXT "v=DMARC1;p=none;pct=100;rua=mailto:postmaster@mail-probe-eins.my-domain.inexistent-top-level"
mail         IN TXT "v=spf1 a -all ra=postmaster"

mail        IN A 192.168.0.41
mail._domainkey    IN TXT "v=DKIM1;K=rsa;p=The-first-part-of-my-2018-bits-public-key"
mail._domainkey    IN TXT "the-rest-of-the-key"

as my zone test-mail-server.my-intranet.domain in the named.conf file of my BIND9 instance, zone wich is configured in this way

zone "mail-probe-eins.my-domain.inexistent-top-level" IN {
  type master;
  file "/var/named/mail-probe-eins.my-domain.inexistent-top-level.db";
  allow-update { none; };
};

with the entire named.conf being

acl LAN {
     192.168.0.0/24;
};

acl ALLEN_LOCALHOST {
     127.0.0.1/32;
};

acl PUBLIC0 {
     192.168.0.3;
};

options {
  directory "/var/named";
  allow-recursion { LAN; localhost; };
  forwarders {
    1.1.1.1; // Cloudflare
    208.67.222.222; // OpenDNS
  };

  listen-on { 192.168.0.3; localhost; };
  listen-on-v6 { none; };

 pid-file "/var/run/named/pid";
  allow-transfer port 53 { PUBLIC0; 0.0.0.0; };
  allow-query { localhost; LAN; };

  recursion yes;

  dump-file "/var/named/data/cache_dump.db";
  statistics-file "/var/named/data/named_stats.txt";
  memstatistics-file "/var/named/data/named_mem_stats.txt";

zone "my-domain.inexistent-top-level" IN {
  type master;
  file "/var/named/my-domain.inexistent-top-level.db";
  allow-update { none; };
};

zone "mail-probe-eins.my-domain.inexistent-top-level" IN {
  type master;
  file "/var/named/mail-probe-eins.my-domain.inexistent-top-level.db";
  allow-update { none; };
};

zone "168.192.in-addr.arpa" IN {
  type master;
  file "/var/named/168.192.db";
  allow-update { none; };
};

5. Added vmail used as instructed. Id est

pw user add vmail -u 2000 -d /var/vmail -s /usr/sbin/nologin
mkdir /var/vmail
chown vmail /var/vmail

6. The /usr/local/etc/mail/smtpd.conf is set to the following:

table passwd passwd:/usr/local/etc/mail/passwd
table virtuals file:/usr/local/etc/mail/virtuals

pki mail.mail-probe-eins.my-domain.inexistent-top-level cert "/usr/local/etc/certs/mail.mail-probe-eins.my-domain.inexistent-top-level_ecc/fullchain.cer"
pki mail.mail-probe-eins.my-domain.inexistent-top-level key "/usr/local/etc/certs/mail.mail-probe-eins.my-domain.inexistent-top-level_ecc/mail.mail-probe-eins.my-domain.inexistent-top-level.key"

filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } \
    disconnect "550 no residential connections - Thou shalt not pass"

filter check_rdns phase connect match !rdns \
    disconnect "550 no rdns - Thou shalt not pass"

filter check_fcrdns phase connect match !fcrdns \
    disconnect "550 no FCrDNS - Thou shalt not pass"

filter rspamd proc-exec "/usr/local/libexec/opensmtpd/opensmtpd-filter-rspamd"

listen on 0.0.0.0 tls pki mail.mail-probe-eins.my-domain.inexistent-top-level \
    filter { check_dyndns, check_rdns, check_fcrdns, rspamd } auth-optional <passwd>

listen on 0.0.0.0 port submission tls-require pki mail.mail-probe-eins.my-domain.inexistent-top-level auth <passwd> filter rspamd mask-src

listen on 0.0.0.0 port 465 smtps pki mail.mail-probe-eins.my-domain.inexistent-top-level  auth <passwd> filter rspamd mask-src

action "local_mail" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual <virtuals>
action "outbound" relay helo mail.mail-probe-eins.my-domain.inexistent-top-level

match from any for domain mail.mail-probe-eins.my-domain.inexistent-top-level action "local_mail"
match for local action "local_mail"

match from any auth for any action "outbound"
match for any action "outbound"

7. No /usr/local/etc/rspamd/local.d/redis.conf, but /usr/local/etc/rspamd/local.d/spf.conf is

spf_cache_size = 1k;
spf_cache_expire = 1d;
max_dns_nesting = 10;
max_dns_requests = 30;
min_cache_ttl = 5m;

8. Also /usr/local/etc/rspamd/local.d/dkim_signing.conf is set to

domain {
  test-mail-server.my-intranet.domain {
    path = "/usr/local/etc/mail/dkim/test-mail-server.my-intranet.domain.key";
    selector = "mail";
  }
}

9. No /usr/local/etc/rspamd/local.d/phishing.conf
10. Nor /usr/local/etc/rspamd/local.d/surbl.conf
11. Nor /usr/local/etc/rspamd/local.d/url_reputation.conf
12. Nor /usr/local/etc/rspamd/local.d/url_tags.conf
13. And for what I know dovecot does not look very relevant as the message error will show below.

After configuring two test users benutzereins, and benutzerzwei, and strating the jail services, I tried to send a message from benutzereins to benutzerzwei from the eM Mail client, which got me a failure in delivery. Then after checking eM's logs I check the no rdns filter, with the configured error message `550 no rdns - Thou shalt not pass`, is rejecting the delivery.

Also after cheking the logs from the Jail's /var/log/maillog I got the following logs:

Oct  5 04:15:45 mail dma[f775][167]: new mail from user=root uid=26 envelope_from=<root@mail.mail-probe-eins.my-domain.inexistent-top-level>
Oct  5 04:15:45 mail dma[f775][167]: mail to=<root> queued as f775.2495f3648000
Oct  5 04:15:45 mail dma[f775.2495f3648000][696]: <root> trying delivery
Oct  5 04:15:45 mail dma[f775.2495f3648000][696]: <root> delivery successful
Oct  5 06:28:04 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=26830, TLS, session=<XPLb47QjPoHAqABH>
Oct  5 06:28:04 mail smtpd[90062]: 4444444444444444 smtp connected address=192.168.0.71 host=<unknown>
Oct  5 06:28:04 mail smtpd[90062]: 4444444444444444 smtp failed-command command="" result="550 no rdns - Thou shalt not pass"
Oct  5 06:28:04 mail smtpd[90062]: 4444444444444444 smtp disconnected reason=quit
Oct  5 06:28:53 mail dovecot[96578]: imap(benutzereins@mail-probe-eins.my-domain.inexistent-top-level)<26830><XPLb47QjPoHAqABH>: Disconnected: Connection closed (IDLE running for 0.001 + waiting input for 45.514 secs, 2 B in + 10 B out, state=wait-input) in=316 out=1802 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct  5 06:31:31 mail smtpd[90062]: 4444444444444444 smtp connected address=192.168.0.71 host=<unknown>
Oct  5 06:31:31 mail smtpd[90062]: 4444444444444444 smtp failed-command command="" result="550 no rdns - Thou shalt not pass"
Oct  5 06:31:31 mail smtpd[90062]: 4444444444444444 smtp disconnected reason=quit
Oct  5 06:31:35 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=38114, TLS, session=<3ml28LQjWIHAqABH>
Oct  5 06:31:35 mail dovecot[96578]: imap(benutzereins@mail-probe-eins.my-domain.inexistent-top-level)<38114><3ml28LQjWIHAqABH>: Disconnected: Logged out in=9 out=483 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct  5 06:31:49 mail smtpd[90062]: 4444444444444444 smtp connected address=192.168.0.71 host=<unknown>
Oct  5 06:31:49 mail smtpd[90062]: 4444444444444444 smtp failed-command command="" result="550 no rdns - Thou shalt not pass"
Oct  5 06:31:49 mail smtpd[90062]: 4444444444444444 smtp disconnected reason=quit
Oct  5 06:31:50 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=38395, TLS, session=<KHJW8bQjXIHAqABH>
Oct  5 06:31:50 mail dovecot[96578]: imap(benutzereins@mail-probe-eins.my-domain.inexistent-top-level)<38395><KHJW8bQjXIHAqABH>: Disconnected: Logged out in=9 out=483 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Oct  5 06:32:05 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=38674, TLS, session=<Q51C8rQjYIHAqABH>
Oct  5 06:32:06 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=39134, TLS, session=<EBhO8rQjYoHAqABH>
Oct  5 06:32:47 mail smtpd[90062]: 4444444444444444 smtp connected address=192.168.0.71 host=<unknown>
Oct  5 06:32:47 mail smtpd[90062]: 4444444444444444 smtp failed-command command="" result="550 no rdns - Thou shalt not pass"
Oct  5 06:32:47 mail smtpd[90062]: 4444444444444444 smtp disconnected reason=quit
Oct  5 06:32:57 mail dovecot[96578]: imap-login: Login: user=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>, method=PLAIN, rip=192.168.0.71, lip=192.168.0.41, mpid=39634, TLS, session=<Sw5V9bQjbIHAqABH>

Which makes me thing, that the eM email client tries to send the message to the SMPT server, instead of using the imap server, but because the server is configured to reject messages that lack reverse dns.

How can configure the smtp server to no require the email client rDNS, but still requiring rDNS to other possible smtpd servers, like it would do if it were my sefthosted email server?

Now I am going bad, my setup somehow fails to send mail to the other registered user:

Oct  5 23:27:09 mail-probe-eins smtpd[39505]: 504b7791fb132ae2 smtp connected address=192.168.0.201 host=hp.my-domain.inexistent-top-level
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b7791fb132ae2 smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b7791fb132ae2 smtp authentication user=benutzereins@mail-probe-eins.my-domain.inexistent-top-level result=ok
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b7791fb132ae2 smtp message msgid=12dd923f size=2732 nrcpt=1 proto=ESMTP
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b7791fb132ae2 smtp envelope evpid=12dd923f5a32a2f3 from=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level> to=<benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level>
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b77941b6d2ba8 mta connecting address=smtp://192.168.0.41:25 host=mail.mail-probe-eins.my-domain.inexistent-top-level
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b77941b6d2ba8 mta connected
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b7795bb0618e4 smtp connected address=192.168.0.41 host=mail.mail-probe-eins.my-domain.inexistent-top-level
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b77941b6d2ba8 mta tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b77941b6d2ba8 mta cert-check result="unverified" fingerprint="SHA256:d817ad444d02fef23a15e2598d8f6dee24d7d93b2575ee86fef50b8c160bba61"
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b7795bb0618e4 smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b7795bb0618e4 smtp failed-command command="RCPT TO:<benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level>" result="550 Invalid recipient: <benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level>"
Oct  5 23:27:10 mail-probe-eins smtpd[39505]: 504b77941b6d2ba8 mta delivery evpid=12dd923f5a32a2f3 from=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level> to=<benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level> rcpt=<-> source="192.168.0.41" relay="192.168.0.41 (mail.mail-probe-eins.my-domain.inexistent-top-level)" delay=0s result="PermFail" stat="550 Invalid recipient: <benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level>"
Oct  5 23:27:11 mail-probe-eins smtpd[39505]: 504b7796efadd594 smtp connected address=local host=mail-probe-eins
Oct  5 23:27:11 mail-probe-eins smtpd[39505]: 504b7796efadd594 smtp message msgid=66ba03db size=3947 nrcpt=1 proto=ESMTP
Oct  5 23:27:11 mail-probe-eins smtpd[39505]: 504b7796efadd594 smtp envelope evpid=66ba03dbc34f5f18 from=<> to=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>
Oct  5 23:27:11 mail-probe-eins smtpd[39505]: 504b7796efadd594 smtp disconnected reason=quit
Oct  5 23:27:12 mail-probe-eins smtpd[39505]: 504b7795bb0618e4 smtp failed-command command="RCPT TO:<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>" result="550 Invalid recipient: <benutzereins@mail-probe-eins.my-domain.inexistent-top-level>"
Oct  5 23:27:12 mail-probe-eins smtpd[39505]: 504b77941b6d2ba8 mta delivery evpid=66ba03dbc34f5f18 from=<> to=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level> rcpt=<-> source="192.168.0.41" relay="192.168.0.41 (mail.mail-probe-eins.my-domain.inexistent-top-level)" delay=1s result="PermFail" stat="550 Invalid recipient: <benutzereins@mail-probe-eins.my-domain.inexistent-top-level>"
Oct  5 23:27:12 mail-probe-eins smtpd[39598]: warn: queue: no return path!
Oct  5 23:27:15 mail-probe-eins smtpd[39505]: 504b7791fb132ae2 smtp disconnected reason=quit



Oct  5 23:27:22 mail-probe-eins smtpd[39505]: 504b7795bb0618e4 smtp disconnected reason=quit
Oct  5 23:27:22 mail-probe-eins smtpd[39505]: 504b77941b6d2ba8 mta disconnected reason=quit messages=0
Oct  5 23:28:30 mail-probe-eins smtpd[39505]: 504b7798e5ae86eb smtp connected address=192.168.0.201 host=hp.my-domain.inexistent-top-level
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b7798e5ae86eb smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b7798e5ae86eb smtp authentication user=benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level result=ok
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b7798e5ae86eb smtp message msgid=9d8ddadf size=2733 nrcpt=1 proto=ESMTP
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b7798e5ae86eb smtp envelope evpid=9d8ddadf5775f264 from=<benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level> to=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b779bdb703bc0 mta connecting address=smtp://192.168.0.41:25 host=mail.mail-probe-eins.my-domain.inexistent-top-level
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b779bdb703bc0 mta connected
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b779cc3561d30 smtp connected address=192.168.0.41 host=mail.mail-probe-eins.my-domain.inexistent-top-level
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b779bdb703bc0 mta tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b779bdb703bc0 mta cert-check result="unverified" fingerprint="SHA256:d817ad444d02fef23a15e2598d8f6dee24d7d93b2575ee86fef50b8c160bba61"
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b779cc3561d30 smtp tls ciphers=TLSv1.3:TLS_AES_256_GCM_SHA384:256
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b779cc3561d30 smtp failed-command command="RCPT TO:<benutzereins@mail-probe-eins.my-domain.inexistent-top-level>" result="550 Invalid recipient: <benutzereins@mail-probe-eins.my-domain.inexistent-top-level>"
Oct  5 23:28:31 mail-probe-eins smtpd[39505]: 504b779bdb703bc0 mta delivery evpid=9d8ddadf5775f264 from=<benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level> to=<benutzereins@mail-probe-eins.my-domain.inexistent-top-level> rcpt=<-> source="192.168.0.41" relay="192.168.0.41 (mail.mail-probe-eins.my-domain.inexistent-top-level)" delay=0s result="PermFail" stat="550 Invalid recipient: <benutzereins@mail-probe-eins.my-domain.inexistent-top-level>"
Oct  5 23:28:32 mail-probe-eins smtpd[39505]: 504b779de29b842d smtp connected address=local host=mail-probe-eins
Oct  5 23:28:32 mail-probe-eins smtpd[39505]: 504b779de29b842d smtp message msgid=f8b77b79 size=3948 nrcpt=1 proto=ESMTP
Oct  5 23:28:32 mail-probe-eins smtpd[39505]: 504b779de29b842d smtp envelope evpid=f8b77b79ad5dfff9 from=<> to=<benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level>
Oct  5 23:28:32 mail-probe-eins smtpd[39505]: 504b779de29b842d smtp disconnected reason=quit
Oct  5 23:28:33 mail-probe-eins smtpd[39505]: 504b779cc3561d30 smtp failed-command command="RCPT TO:<benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level>" result="550 Invalid recipient: <benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level>"
Oct  5 23:28:33 mail-probe-eins smtpd[39505]: 504b779bdb703bc0 mta delivery evpid=f8b77b79ad5dfff9 from=<> to=<benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level> rcpt=<-> source="192.168.0.41" relay="192.168.0.41 (mail.mail-probe-eins.my-domain.inexistent-top-level)" delay=1s result="PermFail" stat="550 Invalid recipient: <benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level>"
Oct  5 23:28:33 mail-probe-eins smtpd[39598]: warn: queue: no return path!
Oct  5 23:28:36 mail-probe-eins smtpd[39505]: 504b7798e5ae86eb smtp disconnected reason=quit
Oct  5 23:28:43 mail-probe-eins smtpd[39505]: 504b779cc3561d30 smtp disconnected reason=quit
Oct  5 23:28:43 mail-probe-eins smtpd[39505]: 504b779bdb703bc0 mta disconnected reason=quit messages=0
Oct  5 23:29:41 mail-probe-eins dovecot[31932]: imap(benutzereins@mail-probe-eins.my-domain.inexistent-top-level)<43114><mZssvsIjwMLAqADJ>: Disconnected: Inactivity - no input for 1800 secs in=103 out=631 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

Think that the other user is an invalid recipient.

 

[VladiBG]

Wrong domain name.

TO:<benutzerzwei@mail-probe-eins.my-domain.inexistent-top-level>

Your local domain is "mail.mail-probe-eins.my-domain.inexistent-top-level" it should be your Top level domain TLD mail-probe-eins.my-domain.inexistent-top-level

match from any for domain mail.mail-probe-eins.my-domain.inexistent-top-level action "local_mail"

Also check your virtual table at /usr/local/etc/mail/virtuals

Note:
i get a headache reading your domain name. It would be much easy to read and spot errors using "example.com" like

example.com TLD
mx1.example.com MTA
client1.example.com MUA user1@example.com
client2.example.com MUA user2@example.com

 

[Ferocious1881]

Wrong domain name.



Your local domain is "mail.mail-probe-eins.my-domain.inexistent-top-level" it should be your Top level domain TLD mail-probe-eins.my-domain.inexistent-top-level


Also check your virtual table at /usr/local/etc/mail/virtuals

Note:
i get a headache reading your domain name. It would be much easy to read and spot errors using "example.com" like

example.com TLD
mx1.example.com MTA
client1.example.com MUA user1@example.com
client2.example.com MUA user2@example.com

I did some replication script that provisions a jail starting from a fresh bsdinstall jail /path/to/jail, and the problem fixed itself. No idea what happened.