Warning: hostname server.abc.com does not resolve to address aa.bb.cc.dd

SYSTEM INFORMATION
latest build as of last week:
Ubuntu Linux 22.04.3
Webmin 2.101
virtualmin 7.7

Help! cannot send email from local PHP applications, i.e opencart
warning: hostname server.abc.com does not resolve to address aa.bb.cc.dd

  1. tried with both my official SSL, and with lets encrypt
  2. my server does not use local BIND, i have an external registra with all records for the DNS, inc server.abc.com
  3. externally, when i ping my hostname, i.e ping server.abc.com, it correctly gets response from aa.bb.cc.dd
    when i do the same from the local server, i get a response from 127.0.0.1 →

ping server.abc.com
PING server.abc.com (127.0.0.1) 56(84) bytes of data.
64 bytes from server.abc.com (127.0.0.1): icmp_seq=1 ttl=64 time=0.052 ms

  1. when i type hostname:
    hostname
    server.abc.com

  2. errors:
    Aug 11 15:23:13 server postfix/smtpd[5600]: warning: hostname server.abc.com does not resolve to address aa.bb.cc.dd
    Aug 11 15:23:13 server postfix/smtpd[5600]: connect from unknown[aa.bb.cc.dd]
    Aug 11 15:23:13 server postfix/smtpd[5600]: SSL_accept error from unknown[aa.bb.cc.dd]: -1
    Aug 11 15:23:13 server postfix/smtpd[5600]: warning: TLS library problem: error:0A000418:SSL routines::tlsv1 alert unknown ca:…/ssl/record/rec_layer_s3.cSSL alert number 48:
    Aug 11 15:23:13 server postfix/smtpd[5600]: lost connection after CONNECT from unknown[aa.bb.cc.dd]
    Aug 11 15:23:13 server postfix/smtpd[5600]: disconnect from unknown[aa.bb.cc.dd] commands=0/0

  3. could it be the main.cf line:
    smtp_host_lookup = dns ?

  4. SMTP Client Restrictions = allow all

8) my postfix/main.cf:

See /usr/share/postfix/main.cf.dist for a commented, more complete version

Debian specific: Specifying a file name will cause the first

line of that file to be used as the name. The Debian default

is /etc/mailname.

#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

appending .domain is the MUA’s job.

append_dot_mydomain = no

Uncomment the next line to generate “delayed mail” warnings

#delay_warning_time = 4h

readme_directory = no

See Postfix Backwards-Compatibility Safety Net – default to 3.6 on

fresh installs.

compatibility_level = 3.6

TLS parameters

smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_security_level = may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server.abc.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.localdomain, server.abc.com, localhost.abc.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
allow_percent_hack = no
resolve_dequoted_address = no
tls_server_sni_maps = hash:/etc/postfix/sni_map
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem

note, is this a setup issue in resolve.conf ?
i have a standard install, without BIND (as external registra & DNS), so surprised if this is wrong as should be as default
but, i see DNS server 127.0.0.53
should this be an external DNS like google ?
if so, why did the install not set this ?
and how to i set this permanently so it doesn’t get overwritten on reboot ?

I tried to remove the 127, and adding external 8.8.8.8, no fix, similar error:

g 11 16:18:16 server postfix/smtpd[19224]: warning: hostname server.abc.com does not resolve to address aa.bb.cc.dd
Aug 11 16:18:16 server postfix/smtpd[19224]: connect from unknown[aa.bb.cc.dd]
Aug 11 16:18:16 server postfix/smtpd[19224]: SSL_accept error from unknown[aa.bb.cc.dd]: -1
Aug 11 16:18:16 server postfix/smtpd[19224]: warning: TLS library problem: error:0A000418:SSL routines::tlsv1 alert unknown ca:…/ssl/record/rec_layer_s3.c:1584:SSL alert number 48:
Aug 11 16:18:16 server postfix/smtpd[19224]: lost connection after CONNECT from unknown[aa.bb.cc.dd]
Aug 11 16:18:16 server postfix/smtpd[19224]: disconnect from unknown[aa.bb.cc.dd] commands=0/0

argh!!!
warning: hostname server.abc.com does not resolve to address aa.bb.cc.dd

If you are running your own dns then the local address should be OK I think.

try this command:
root@main:~# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
123.456.789.123 main.tadmin.com main
123.456.789.123 main.tadmin.com main
1234:f1c0:812:6a00::f:5673 main.tadmin.com main

cat /etc/hosts

127.0.0.1 server.abc.com server
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Do you have a public IPV4 address? It isn’t listed there.

yes, i do have a public IP address which is resolved externally, if you ping the hostname, it resolves correctly to the right IP. so the external DNS is doing its job correctly and is correct.
the issue here must be a postfix setting…, or virtualmin config.

I don’t know how the PHP program works but the IPV4 address should be in your hosts file. That would probably resolve the issue.

What do you see when you go here:
https://yourdomain.com:10000/net/list_hosts.cgi?xnavigation=1

as i posted prior:

and host addresses:

we really need Joe here to tell us the config for remote DNS
i do not have BIND for any virtual server OR the server.domain.com (System settings → Features and Plugins)

Are you logging into the VM panel remotely or directly on the machine? I’ve seen ICMP answer on hung machines. It is a much lower level protocol. I just don’t see any IPV4 addresses that are network accessible in your configuration.

under this line add your server external ip (ip that’s in your DNS A record) along with your hostname.

Save the file and reboot postfix so that your hosts file is copied over to postfix.

I don’t know how this got setup without an IPV4 address. Usually the system will put some special address there if nothing is found. I’m starting to think what got pinged wasn’t this box but something in front of it.

What is the content of the /etc/network/interfaces file? if it receives the address via DHCP, it is obvious that it is not communicating with the server, hence the lack of the IPv4 address. Then we go ahead and install the isc-dhcp-client package and run dhclient. There’s no way it won’t get an IPv4 address after that. I encountered this situation recently when it could not be connected externally and I had to use the installation DVD to use the mentioned package.

To follow up on my earlier post. Even if DHCP isn’t enabled I’ve never seen a machine not get one from this range:

linux - What is this IP address: 169.254.169.254? - Server Fault.

Addresses in the range 169.254.0.0 to 169.254.255.255 are used automatically by most network devices when they are configured to use IP, do not have a static IP Address assigned and are unable to obtain an IP address using DHCP.

I managed not getting an IPv4 address in Debian 12 after playing around deleting packages that were part of Virtualmin. There was listed only IPv6 and nothing else and localhost and ens33 as interfaces. Let’s see what the file I requested contains.

cat /etc/network/interfaces

This configuration file is auto-generated.

WARNING: Do not edit this file, otherwise your changes will be lost.

Please edit template /etc/network/interfaces.template instead.

auto lo
iface lo inet loopback

Auto generated venet0 interfaces

auto venet0
iface venet0 inet static
address 127.0.0.1
netmask 255.255.255.255
broadcast 0.0.0.0
up route add default dev venet0
dns-nameservers 8.8.8.8 8.8.4.4
dns-domain .
auto venet0:0
iface venet0:0 inet static
address aa.bb.cc.dd {changed for this post, is correct}
netmask 255.255.255.0

also:
ip route show
default dev venet0 scope link
aa.bb.cc.0/24 dev venet0 proto kernel scope link src aa.bb.cc.dd {changed by me for thsi post, is correct}

so the server has the correct address!
so why can postfix not see this ??

modified /etc/hosts file:

but after a reboot, it removes the new line

also, did not make any change, still the same error:

Aug 11 21:10:10 server postfix/smtpd[2027]: warning: hostname server.abc.com does not resolve to address aa.bb.cc.dd
Aug 11 21:10:10 server postfix/smtpd[2027]: connect from unknown[aa.bb.cc.dd]
Aug 11 21:10:10 server postfix/smtpd[2027]: SSL_accept error from unknown[aa.bb.cc.dd]: -1
Aug 11 21:10:10 server postfix/smtpd[2027]: warning: TLS library problem: error:0A000418:SSL routines::tlsv1 alert unknown ca:…/ssl/record/rec_layer_s3.c:1584:SSL alert number 48:
Aug 11 21:10:10 server postfix/smtpd[2027]: lost connection after CONNECT from unknown[aa.bb.cc.dd]
Aug 11 21:10:10 server postfix/smtpd[2027]: disconnect from unknown[aa.bb.cc.dd] commands=0/0

Don’t reboot the entire server after you make the changes to the hosts
Apply the changes within the Network configuration

Than shut down/ start up postfix from within Servers on Webmin.

You have a default config file that is changing your hosts file settings whenever you reboot the server.

This is common on most VPS

You can set your 127.0.0.1 with localhost
Your external IP as hostname

example:

127.0.0.1  Yes localhost
aa.bb.cc.dd Yes server.abc.com server

And make sure your hostname: server.abc.com has an A Record with your DNS provider

made some progress, if i delete the 127.0.0.1, and replace with the real ip address:

then error changes to: