Home / server / Questions / 829210
Accepted
Alexis Wilke
Asked: 2017-01-29 18:14:06 +0800 CST

Postfix gives me "Sender address rejected: need fully-qualified address;" errors with what looks like strange addresses

  • 772

I am receiving some error messages like this:

Jan 28 17:20:47 halk postfix/smtpd[29413]: NOQUEUE:
    reject: RCPT from mail.m2osw.com[138.197.205.139]:
    504 5.5.2 <SRS1=R3xB=m2osw.com==hj4N=ZL=lime.ocn.ne.jp=@com>:
    Sender address rejected: need fully-qualified address;
    from=<SRS1=R3xB=m2osw.com==hj4N=ZL=lime.ocn.ne.jp=@com>
    to=<[email protected]> proto=ESMTP helo=<m2osw.com>

I'm not too sure I understand the "email" address found between the angle brackets:

SRS1=R3xB=m2osw.com==hj4N=ZL=lime.ocn.ne.jp=@com

That looks like crap to me, but maybe it's a form of envelop?

The original From looks like this:

From: western union <"westernunion1."@lime.ocn.ne.jp>

(which is a clear spam email, but that happens with non-spam as well.)

As far as I know my setup worked fine before, but I upgraded one of my mail servers to the newest postfix (well Ubuntu 16.04 instead of 14.04). The archive server was upgraded a while back.

This error happens when I send myself an email from gmail. Then gmail receives a bounce.

The setup is something like this:

+------------------+    +------------------+
|                  |    |                  |
| Client           |--->| Main Server      |
|                  |    |                  |
+------------------+    +------------------+
                                |
                                v
                        +------------------+
                        |                  |
                        | Archive Server   |
                        |                  |
                        +------------------+

On the Main Server, the email works as expected. The error occurs when the email reaches the Archive Server.

Is there something that could have changed that "breaks" the email address in such a way when forwarding from one postfix MTA to another?

postfix email-server ubuntu-16.04 email-bounces

2 Answers

  1. I don't think so, the log that you shared shows that everything looks OK and postfix working good. If you need to have more information about what is going on, add the following to main.cf:

    error_notice_recipient = [email protected]
delay_notice_recipient = $error_notice_recipient
bounce_notice_recipient = $error_notice_recipient
2bounce_notice_recipient = $error_notice_recipient
#The list of error classes that are reported to the postmaster
notify_classes = bounce, delay, policy, protocol, resource, software

    The rejection is because one of these lines:

    reject_non_fqdn_helo_hostname,
    reject_non_fqdn_recipient

    I hope this helps

    • 1
  2. Best Answer

    Okay, I found the culprit. These "weird" email addresses start with SRS, which points to the SPIF support that postfix can use through postsrsd. There are four entries that the postsrsd daemon author suggests to do in your postfix/main.cf file:

    sender_canonical_maps = tcp:localhost:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:localhost:10002
recipient_canonical_classes= envelope_recipient,header_recipient

    Clearly, that generates an envelope of the email address. The specification of that envelope is:

    [email protected]

    The problem in my case was that the domain name after the @ was being generated dynamically. This meant taking the full computer hostname and removing the first name. So if I have m2osw.com as the hostname, postsrsd ends up using com as the domain name. In other words, I would end up with email addresses that looked like:

    ...@com

    Obviously, @com is not a valid domain name.

    The postsrsd daemon uses some definitions found in file:

    /etc/default/postsrsd

    There we find a variable named SRS_DOMAIN. By setting that variable with the correct domain name:

    SRS_DOMAIN=m2osw.com

    Emails get enveloped as expected and the errors are gone. (i.e. we had that setup properly on our old "Main Server". We missed that while doing our transfer.)

    • 1