Postfix and DNS
When sending mail, Postfix uses system resolvers, which are programs or libraries that make requests for DNS information. To receive mail, the DNS for your domain must be configured to route messages to your Postfix server. This section looks at DNS issues both for sending and receiving mail.
6.3.1 DNS and Sending Mail
The Postfix SMTP delivery agent must be able to obtain IP address and MX records for mail-routing information. Postfix must make at least two DNS lookups: one to get the MX hostname and one to get the IP address for that hostname. Since Postfix uses the normal operating system resolver libraries for its DNS queries, the system that runs Postfix must have access to a DNS server. The DNS server does not have to be on the same system, although for most circumstances it should be.
If your system does not seem to be resolving domain names correctly, there are three common command-line tools that you can use to troubleshoot the problem: nslookup, dig, and host. You should check your system documentation to see which of these tools is available on your server and how to use them. You can use these tools to query all types of resource records for a domain, including the MX record that Postfix needs in order to successfully deliver mail to a domain.
DNS problems might stem from your own system's configuration or a problem with the DNS server configuration for the domain Postfix is trying to send mail to. When you are troubleshooting a problem, it is very important to remember that Postfix first looks for MX records and not A records. Even if you can resolve a domain to an IP address, Postfix may not be able to deliver mail for that domain if there is a problem in retrieving MX information.
6.3.1.1 Configuration options
When delivering mail, Postfix performs a DNS lookup to retrieve all of the MX records for the destination domain. It sorts them in order of preference and tries each one in priority order. Once Postfix has established a connection with an SMTP server, the server replies to Postfix requests with a status code. Codes within the 2xx range indicate that everything is okay. Error codes in the 4xx range indicate a temporary problem, and those in the 5xx range indicate a permanent problem. See Chapter 2 for more information on SMTP reply codes.
To provide compatibility with Sendmail, Postfix, by default, treats SMTP servers that respond with 4xx or 5xx reply codes as if the servers had not responded at all. If you prefer that Postfix react to the error codes returned by the MX server rather than ignore them, set the smtp_skip_5xx_greeting and smtp_skip_4xx_greeting parameters:
smtp_skip_4xx_greeting = no smtp_skip_5xx_greeting = no
If smtp_skip_4xx_greeting is set to no, and Postfix attempts delivery to a mail exchanger that responds with a 4xx code, it does not try any more mail exchangers for the destination domain. It queues the message and attempts delivery later.
If smtp_skip_5xx_greeting is set to no, and Postfix attempts delivery to a mail exchanger that responds with a 5xx code, it does not try any more mail exchangers for the destination domain. It bounces the message back to the sender.
Some domains have MX records set to equal preference values. By default, the Postfix SMTP client randomly shuffles MX addresses of equal preference. You can change the default behavior by setting the smtp_randomize_addresses parameter:
smtp_randomize_addresses = no
Setting this parameter causes Postfix to attempt delivery to the MX servers in the same order it retrieved them.
6.3.1.2 Reverse PTR records
Due to the prevalence of spam, many sites now require that connecting clients have valid PTR records associated with their IP addresses. Your Postfix system's IP address should have a reverse PTR mapping to a hostname that returns the same IP address to ensure that you can deliver to all mail servers.
6.3.2 DNS and Receiving Mail
For Postfix to accept email for a particular domain, the system must be specified as an MX host in the domain's DNS setup, and Postfix must be configured to accept mail for the domain. Postfix accepts mail for domains that are either local to the system, relay domains, or virtual domains. Virtual domains might use virtual aliases or virtual mailboxes (see Chapter 8). Each type of domain must be listed in a different Postfix parameter, as shown in Table 6-1.
Domain type |
Parameter |
---|---|
Local |
mydestination |
Relay |
relay_domains |
Virtual mailboxes |
virtual_mailbox_domains |
Virtual aliases |
virtual_alias_domains |
Do not list a domain in more than one of the parameters. Postfix issues a warning if it detects a domain listed in two of the parameters. The error message "mail for example.com loops back to myself" occurs when the DNS configuration points to your mail server, but Postfix has not been configured to accept mail for the domain.
If your Postfix server accepts mail for the two local domains example.com and porcupine.org, then the mydestination parameter should look like the following in your main.cf file:
mydestination = example.com, porcupine.org
Chapter 9 explains configuration of relay domains. Chapter 8 covers virtual mailbox and virtual alias domains.