Postfix lookup failure: works from localhost, not on other nodes in LAN

emailpostfixsmtp

I am getting temporary lookup failure for the recipient address when trying to send email using Postfix and Gmail from a machine other than the host, on the same network. It works just fine when testing on the Postfix host. EDIT: I have a client node on the same LAN asking this Postfix server to send an email for it. The server is refusing, citing temporary lookup failure.

To get where I am, I followed these instructions:
https://rtcamp.com/tutorials/linux/ubuntu-postfix-gmail-smtp/
Then, I changed the mynetworks parameter to include any node on the .3 subnet of our LAN.

What I've tried to fix the problem:
1) adding aliases for specific email addresses, then running newaliases
2) adding relay_domains to main.cf
3) changing the sasl_passwd file to contain: either smtp.gmail.com or COMPANYNAME.com
4) changing the value of relay_host to smtp.gmail.com or smtp.COMPANYNAME.com in main.cf
5) changing the values of mydestinations in in main.cf

Here's my main.cf: 

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = hans
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = smtp.COMPANYNAME.com, COMPANYNAME.com, smtp.gmail.com, localhost.localdomain,     localhost
relayhost = [smtp.gmail.com]:587
relay_domains = COMPANYNAME.com, gmail.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 192.168.3.0/255
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

UPDATE: Here's my mail.log, I'm fixing the net mask problem now. Still don't know how to fix the temp lookup issue. 

Jan 30 15:42:07 hans postfix/smtpd[10994]: NOQUEUE: reject: RCPT from unknown[192.168.3.3]: 451 4.3.0 <user@companyname.com>: Temporary lookup failure; from=<helpdesk@companyname.com> to=<user@companyname.com> proto=SMTP helo=<localhost>  
Jan 30 15:42:07 hans postfix/smtpd[10994]: warning: bad net/mask pattern: "192.168.3.0/255"

UPDATE 2: I've made a lot of changes to my main.cf. Here is the latest one. 

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = hans
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = hans, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587
relay_transport = relay
relay_domains = mail.companyname.com, companyname.com, gmail.com
mynetworks_style = subnet
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [192.168.3.0]/255
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
smtp_sasl_tls_security_options = noanonymous
smtp_connection_cache_destinations = smtp.gmail.com

smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
permit_auth_destination,
reject_unauth_destination

smtpd_sender_restrictions =
permit_mynetworks,
check_relay_domains

Latest Error log:

These are the latest messages, but I have got it fixed enough that it is no longer pertinent.

Feb  3 15:10:17 hans postfix/smtpd[18037]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

Advice from other people: Someone told me I need proper DNS between the clients and the Postfix server. Apparently being in the subnet listed in my configuration is not enough. I'm not sure it's relevant, because the whole point is that Postfix should not be doing local lookups but sending the email to Gmail. Am I mistaken?

Best Answer

Postfix itself has documentation about how to debug when something goes wrong. For debugging postfix process, the maillog was your friend. The first step of debugging is issuing this command

egrep '(warning|error|fatal|panic):' /some/log/file | more

From the maillog we can see that postfix complain about bad net/mask pattern: "192.168.3.0/255". From your main.cf, we can confirm that one of IP address at mynetworks (192.168.3.0/255) has wrong pattern. Maybe you mean 192.168.3.0/32.

OK, but why works from localhost, not on other nodes in LAN

Some speculative answers:

  • You use mail command to send email from locahost. With this mode, postfix won't even bother to use mynetworks parameter.
  • You use smtpd to send email (by telnet localhost 25). With this mode, postfix only checks the first entry of mynetworks (i.e. 127.0.0.0/8) and find out that the client was match this entry so postfix won't even bother to checks the rest of the list of mynetworks entries.
Related Topic