Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

General Mail Settings Changing Automatically - Server

Hello,



I am having a major issue with a fairly new installation of 10.6 Leopard Server. My settings under the General tab are changing on their own and blocking around 99% of mail. Under Domain Name. I enter mydomain.com but every few hours the entry changes to the word 'local' rendering the mail server non functional pretty well sending 554 errors to almost every incoming mail. I know Main.cf in the Postfix folder, has these settings and sure enough when I check it has been changed. My bigger question is what controls the Main.cf file other than the mail settings GUI? Luckily this server still has 10.5 Server on a separate Raid so I have had to reboot back into the old system until this is resolved. This post is now more specific than my last thread.



Any help would appreciated, thanks.

Posted on Dec 31, 2011 7:56 AM

Reply
Question marked as Best reply

Posted on Jan 1, 2012 6:16 AM

Launch Terminal.app and issue the command:


sudo changeip -checkhostname


The usual reason for these sorts of weirdnesses involves an invalid local DNS configuration.

23 replies

Jan 1, 2012 12:07 PM in response to Darryl M

Please post the output of the command:


postconf -n


If you feel you must expurgate (and I don't recommend that here, as providing your DNS address of your mail server means we can verify your public MX and DNS settings) then perform a global replace of your domain name for /example.com/


Ensure you are only using a domain you permission to use, or have registered for your own use. This includes not using the Bonjour .local top-level domain for your mail server, and not using a domain you don't have registered.


Without intending offense, what "looks fine" to you may be invalid. (We wouldn't be discussing any of this if things were actually fine, and we're a bit further away from the details of your configuration. And if you're looking directly at the zone files, then you're also potentially not configuring the DNS settings through Server Admin; through the "normal" means for Mac OS X Server configurations.)

Jan 2, 2012 8:20 AM in response to MrHoffman

Very true. Is it the mydomain_fallback entry?


postconf -n


biff = no

command_directory = /usr/sbin

config_directory = /etc/postfix

content_filter = smtp-amavis:[127.0.0.1]:10024

daemon_directory = /usr/libexec/postfix

debug_peer_level = 2

enable_server_options = yes

header_checks = pcre:/etc/postfix/custom_header_checks

html_directory = /usr/share/doc/postfix/html

inet_interfaces = all

local_recipient_maps =

mail_owner = _postfix

mailbox_size_limit = 0

mailbox_transport = dovecot

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

maps_rbl_domains =

message_size_limit = 20971520

mydestination = $myhostname, localhost.$mydomain, mail.dmimage.ca, server.dmimage.ca, $mydomain

mydomain = dmimage.ca

mydomain_fallback = localhost

myhostname = mail.dmimage.ca

mynetworks = 127.0.0.0/31,192.168.6.0/24

newaliases_path = /usr/bin/newaliases

queue_directory = /private/var/spool/postfix

readme_directory = /usr/share/doc/postfix

recipient_delimiter = +

relayhost =

sample_directory = /usr/share/doc/postfix/examples

sendmail_path = /usr/sbin/sendmail

setgid_group = _postdrop

smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated hash:/etc/postfix/smtpdreject cidr:/etc/postfix/smtpdreject.cidr reject_rbl_client zen.spamhaus.org permit

smtpd_enforce_tls = no

smtpd_helo_required = yes

smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname

smtpd_pw_server_security_options = cram-md5

smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit

smtpd_sasl_auth_enable = yes

smtpd_tls_CAfile = /etc/certificates/server.dmimage.ca.chain.pem

smtpd_tls_cert_file = /etc/certificates/server.dmimage.ca.cert.pem

smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL

smtpd_tls_key_file = /etc/certificates/server.dmimage.ca.key.pem

smtpd_tls_loglevel = 0

smtpd_use_pw_server = yes

smtpd_use_tls = yes

tls_random_source = dev:/dev/urandom

unknown_local_recipient_reject_code = 550

virtual_alias_maps =

Jan 2, 2012 9:54 AM in response to Darryl M

It's not likely the mydomain_fallback setting at fault here. That's the default and typical setting, too.


Your public reverse DNS for your mail server is incorrect. That won't cause the symptoms you're seeing, but will cause various other mail servers on the Internet to assume your server is a rogue server, and some won't choose to send mail to and/or to accept mail from your mail server. This setting can only be resolved with the assistance of your ISP; with the organization that's provided you with your public IP address.


The usual triggers for host-name-level changes are DNS configuration or DNS server issues, or network configuration issues. I see both a private IP address block (192.168.6.0/24) and a public domain name, which could imply there might be a gateway router of some sort here (with port forwarding), or that there might be multiple network controllers on the server, and - in either case - that there might potentially multiple DNS server(s) referenced.


Do you have LAN-local DNS services established, if you're using 192.168.6.0/24 for that server?


And are you referencing LAN-local DNS services, as well as external DNS services?


What's your network look like?


The SMTP 554 mentioned earlier is unfortunately somewhat vague; it's one of the the "D'oh" errors. The receiving mail server found something it didn't like in the message. But no details on what. The header traffic up to the DATA is typically needed to sort those out. (And I definitely wouldn't expect mail servers to reliably send to a mail server with errant reverse DNS. If you're testing mail into your server, confirm whether the 554 is arising from your receiving mail server, or if it is arising from the remote sending server.)

Jan 2, 2012 10:22 AM in response to MrHoffman

Firstly the 554 error only happens when the mail server settings have automatically assigned itself the word 'local' as it's domain name.


My local LAN uses my server as the DNS resource. I have confgured forwarding addresses form my ISP and yes there is a router within the local subnet that port forwards. On the server DNS settings, the mail name is mail.dmimage.ca but the server name is server.dmimage.ca.


How can the public reverse DNS settings be fixed? It is just one server, one router with all clients referencing the server as their DNS.


Thanks.

Jan 2, 2012 11:54 AM in response to Darryl M

DNS forwarding is typically only useful if you think you're going to get a translation (faster) from your ISP's DNS cache than you'll get from your own local DNS caches in your local DNS server, or if you're using (for instance) some sort of DNS-level filtering implemented within the forwarding DNS server. Otherwise, it adds an extra hop to the translations.


Given you do need your own DNS server on your LAN, I'd strongly encourage you to use a different registered domain or a subdomain of your registered domain on your LAN . If you are set on running a "split" configuration with two sets of authoritative DNS servers for that dmimage.ca. domain (your LAN DNS server(s) and the "public" DNS servers at your DNS provider), then you'll likely want to set the local name and the A record for your mail server to mail.dmimage.ca. in the local DNS.


Your public reverse DNS setting can only be resolved with the assistance of your ISP; with the organization that's provided you with your public IP address. That is, your ISP controls this particular DNS setting. (Access to or the ability to request this reverse DNS setting is typically provided as part of a business-class static-IP service. If you're not in a business-class static-IP service tier, there can be other impediments to running a mail server erected by the ISP.)

Jan 2, 2012 2:41 PM in response to Darryl M

I did make some DNS changes both locally and on my registrar. I noticed in my DNS logs locally my CNAME I created on my mail.dmimage.ca was illegal so I created a Machine (A) record for mail and cleared that error. With the changes I noticed the test mails are quicker, and ones were getting delayed are no longer delayed with a 450 error. I also removed the forwarders.

Jan 3, 2012 6:44 AM in response to MrHoffman

I had to change the permissions for the System on main.cf to Read Only, from RW. It is the only way I see to work around this issue because I do not know which postfix process is responsible for changing the domain name setting in main.cf besides the mail GUI of course. Last night I noticed no email coming in and sure enough it had changed again back to the entry 'local'.


Thanks MrHoffman for helping out, upon creating new threads I always hope you and Camelot stop by for your input.

Jan 3, 2012 10:14 AM in response to Darryl M

I'm (still) seeing mismatched reverse DNS for the public IP for the host; a teksavvy domain.


For the LAN-local DNS settings, a couple of common errors:


How are you referencing the local DNS server on the (mail server and DNS server) box? As 127.0.0.1? Or by the box's IP address?


Do you have ANY references to ANY DNS servers other than your local LAN DNS?


And FWIW, I generally don't prefer to edit the Postfix configuration files directly. That's feasible, of course, but there's a command-level interface for making changes. Here's an example of using postconf to make a change:


sudo postconf -e "smtpd_helo_restrictions = permit_sasl_authenticated

permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname"


sudo postfix reload


There are two commands there. The first is the (long) postconf command, the second is the reload.

Jan 3, 2012 1:46 PM in response to MrHoffman

Well the mail and DNS server are one in the same and I use the assigned IP as reference, not the loopback IP. When I originally setup this server I used a tutorial from online step by step instruction but have since found some of their methods are not quite correct, with the CNAME for the mail as an example. There are no references to any other DNS servers on the network. Thanks for the command tips. I'm not sure if my ISP will allow for changes to their system for the reverse DNS but I can submit a ticket to ask. They generally do not allow mail servers but they asked me to ensure my mail server was secure and once they tested for an open relay, they opened the necessary port.


🙂

General Mail Settings Changing Automatically - Server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.