Can't connect to an MX for envelope sender's hostname
I'm trying to setup a send-only mail server using exim4. I've followed this Linode guide:
I'm able to send mail to my yahoo.com account from the command line using mail. However, when I try to send something to my non-VPS domain nothing comes through.
My /var/log/exim4/mainlog reports the following error:
2011-05-22 19:43:22 1QOJEv-0001Ez-Va ==
In the Linode DNS Manager I have a domain name of imperiumreclaimed.com. I have setup MX records for
portal.imperiumreclaimed.com
mail.imperiumreclaimed.com
imperiumreclaimed.com
I'd appreciate any tips on how I can configure my exim4 server to resolve this issue. I will post more information as needed / as requested.
Many thanks,
Matt
6 Replies
@tmboyington:
2011-05-22 19:43:22 1QOJEv-0001Ez-Va ==
matt@sacrointeract.com R=dnslookup T=remote_smtp defer (-45): SMTP error from remote mail server after MAIL FROM:<root@imperiumreclaimed.com >: host mail17.dotsterhost.com [66.11.233.57]: 421 Can't connect to an MX for envelope sender's hostname
NOTE: There is no SMTP service available at imperiumreclaimed.com [66.228.51.228] or maybe you have it firewalled. There are also no A records for mail.imperiumreclaimed.com or portal.imperiumreclaimed.com.
It appears as if dotsterhost.com is temporarily refusing the delivery attempts because it is unable to verify you have a working mail server. Once you have a mail server accepting SMTP connections for imperiumreclaimed.com, the queued messages will most likely be delivered.
–
Travis
Thanks for the reply. Does this mean I can't run a send-only mail server?
I can try changing the IP address where exim4 listens for incoming SMTP connections from 127.0.0.1 to the IP address of my VPS.
Matt
@tmboyington:
Does this mean I can't run a send-only mail server?
You can run a send-only server, but you will run into lots of problems if you try to run a send-only domain, which is what it appears you are currently trying to do. You don't need to receive the mail on the same server that is sending, but you should be able to receive it somewhere. At the least you are supposed to have a human receiving mail sent to the postmaster and abuse addresses for any email domain.
Thanks for the follow up.
I was able to resolve the error message and successfully send emails by rerunning dpkg-reconfigure exim4-config. I set exim4 to listen for incoming SMTP connections on the external IP address of the VPS running exim4.
I wanted to avoid having exim4 listen for SMTP connections for security concerns. Am I just being paranoid?
Is there a way to compose my outgoing messages (perhaps by adding a reply address in the header) so I won't get the error message if I set exim4 to only listen on 127.0.0.1?
I'm mostly interested in receiving error notifications and to eventually use an email verification during account creation. The messages aren't intended to be replied to but having a reply-to address for abuse and other issues is a good idea.
Thanks,
Matt
@tmboyington:
I wanted to avoid having exim4 listen for SMTP connections for security concerns. Am I just being paranoid?
No, I think that's a good policy - no reason to accept inbound connections if you don't need to.
> Is there a way to compose my outgoing messages (perhaps by adding a reply address in the header) so I won't get the error message if I set exim4 to only listen on 127.0.0.1?
It's up to the receiving system, but given the error in this case, I suspect it is always going to validate the envelope from address, independent of any reply-to header. But that doesn't mean you have to have exim receive connections - just have mail for your domain received somewhere else (like, for example, Google Apps).
The error, and what Stever was saying, is that you can't make up a domain for your sending address that can't itself receive mail, at least for that recipient server. But that inbound mail doesn't have to be sent to the same host doing the sending.
In other words, if you're using the domain imperiumreclaimed.com on your outbound mail, just make sure that mail sent to imperiumreclaimed.com goes somewhere valid. Otherwise, your mail just looks forged - well, and without a valid receiving system, arguably is forged - and will likely be rejected in a variety of ways.
> I'm mostly interested in receiving error notifications and to eventually use an email verification during account creation. The messages aren't intended to be replied to but having a reply-to address for abuse and other issues is a good idea.
Unfortunately, in today's spam-filled world, many systems are not going to be happy if you try to make up a domain for your sending address (even if not intended to be replied to) that has no facility for receiving mail. Different systems may impose different rules to try to isolate spamming/forgery - the one you ran into seems to specifically require the ability for the domain to receive mail.
– David
Nice post! It made perfect sense. Following your advice I was able to solve the issue.
To put closure on this thread I followed this guide to setup the send-only mail server:
Then I had to follow this guide to resolve the MX envelope error:
Many thanks to the people who responded to my post and to Linode for the great guides.
Matt