Bug report: "What domain to use in outbound mail" bounces ...incoming mail

Virtualmin
1
SYSTEM INFORMATION
OS type and version Ubuntu 20.04 LTS
Webmin version 2.105
Virtualmin version 7.9.0
Related packages Postfix 3.4.13

When setting “What domain to use in outbound mail” to “Use domainname” instead of the default /etc/mailname then all incoming mail gets bounced!

Explainer:
the HELO or EHLO output string in SMTP for outgoing mail was outputing the base system name (instead of the domain for which the mail was sent), according to https://www.mail-tester.com/ . As the base system name domain doesn’t have SPF set, this marked some mails as spam, and I wanted to fix that, by changing this parameter for outbound mails. But this made all incoming mails bounced instead of no change on incoming mail.

This looks like a bug to me.

Or did I miss something ? Or is there another setting in Virtualmin elsewhere to configure the domain outputed with the HELO SMTP command correctly the domain name from which the mail is being sent instead of the base system domain name (or fixed value in that/a file) ?

The incoming mails were bounced, because this outgoing mail setting was changing the rewriting of incoming mails users!

Below a log example: See how recipient=recipient.name@domainname.com gets mapped to recipient.name.domainname@basesystemdomainname.com but then not recognized anymore ?

Setting the setting back made incoming mails work fine again…

Feb 28 09:11:55 basesystemname postfix/smtpd[1028705]: connect from mailer151033.service.govdelivery.com[209.134.151.33]
Feb 28 09:11:56 basesystemname postgrey[1059]: action=pass, reason=triplet found, delay=917, client_name=mailer151033.service.govdelivery.com, client_address=209.134.151.33/32, sender=messages@subscriptions.ssa.gov, recipient=recipient.name@domainname.com
Feb 28 09:11:56 basesystemname postgrey[1059]: cleaning up old logs...
Feb 28 09:11:56 basesystemname postfix/smtpd[1028705]: E69BD7E671: client=mailer151033.service.govdelivery.com[209.134.151.33]
Feb 28 09:11:57 basesystemname postfix/cleanup[1028720]: E69BD7E671: message-id=<11111111.555555@subscriptions.ssa.gov>
Feb 28 09:11:58 basesystemname opendkim[812]: E69BD7E671: s=14q3 d=subscriptions.ssa.gov a=rsa-sha256 SSL
Feb 28 09:11:58 basesystemname postfix/qmgr[1022484]: E69BD7E671: from=<messages@subscriptions.ssa.gov>, size=51496, nrcpt=1 (queue active)
Feb 28 09:11:58 basesystemname postfix/smtp[1028721]: E69BD7E671: host mail.basesystemdomainname.com[11.22.33.55] said: 450 4.2.0 <recipient.name.domainname@basesystemdomainname.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/basesystemdomainname.com.html (in reply to RCPT TO command)
Feb 28 09:11:58 basesystemname postfix/smtpd[1028705]: disconnect from mailer151033.service.govdelivery.com[209.134.151.33] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Feb 28 09:11:58 basesystemname postfix/smtp[1028721]: E69BD7E671: to=<recipient.name.domainname@basesystemdomainname.com>, orig_to=<recipient.name@domainname.com>, relay=mx2.basesystemdomainname.com[11.22.33.44]:25, delay=2.2, delays=1.8/0.01/0.19/0.22, dsn=5.1.1, status=bounced (host mx2.basesystemdomainname.com[11.22.33.44] said: 550 5.1.1 <recipient.name.domainname@basesystemdomainname.com>: Recipient address rejected: User unknown in relay recipient table (in reply to RCPT TO command))
Feb 28 09:11:58 basesystemname postfix/cleanup[1028720]: 8A9A78520E: message-id=<11111111111111.3333333333@basesystemname.basesystemdomainname.com>
Feb 28 09:11:58 basesystemname postfix/qmgr[1022484]: 8A9A78520E: from=<>, size=4780, nrcpt=1 (queue active)
Feb 28 09:11:58 basesystemname postfix/bounce[1028722]: E69BD7E671: sender non-delivery notification: 8A9A78520E
Feb 28 09:11:58 basesystemname postfix/qmgr[1022484]: E69BD7E671: removed
Feb 28 09:12:28 basesystemname postfix/smtp[1028721]: 8A9A78520E: to=<messages@subscriptions.ssa.gov>, relay=mx.public.govdelivery.com[209.134.144.241]:25, delay=30, delays=0.01/0/2.8/28, dsn=2.0.0, status=sent (250 2.0.0 41R0fxuq1637454 Message accepted for delivery)
Feb 28 09:12:28 basesystemname postfix/qmgr[1022484]: 8A9A78520E: removed

Ids and names anonymized for privacy.

2

Sorry to follow-up to myself, the above might not have been a clear question.

Some SMTP servers require the HELO domainname to match the reverse lookup for the contacting IP address.

Anyone having any indea on how to achieve with Virtualmin/Webmin Postfix saying “HELO domain.name” for which it is posting, especially if that domain has a dedicated IP address ?

Or alternatively, shouldn’t Virtualmin set a specific reverse DNS entry for base system name so that this matches ?

3

You need to get the ip owner to set the rdns record… so give you the ability to change it others don’t. Have you checked what it is currently set to ?

4

There is almost never a good reason to change that value, and yes, it has surprising side effects.

I don’t think I have ever seen that. It should not be done.

In general, you need a reverse lookup to work (so a PTR record must exist), and it must resolve a name that resolves back to the same IP. Note I have said nothing about what the PTR record needs to be. It does not have to be any name you host mail for on the system, and it doesn’t need to be the name in the HELO/EHLO (but it could be, but if you’re going to do that you should make the system hostname that name, and not try to mess around with how Postfix thinks about names directly).

5

Also, this is not a bug, and if it were, it’d be a Postfix bug, not related to Virtualmin. But, it’s been the behavior in Postfix for decades, so I think it’s behaving as intended.