Smtp MIAB account to same MIAB failing

I’m attempting to smtp from a server to my MIAB from a MIAB address hosted on the same MIAB. I’m unsure why its not working as when I switch to gmail credentials it works.

Zoneminder (echo “Hello, World” | mail -s “My email check” notifications@customdomain.com)

Aug 14 22:48:52 zoneminder sendmail[4765]: x7F2mp80004765: to=notifications@customdomain.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30245, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (x7F2mqEV004766 Message accepted for delivery)
Aug 14 22:48:54 zoneminder sendmail[4768]: STARTTLS=client, relay=mail.customdomain.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Aug 14 22:48:54 zoneminder sendmail[4768]: x7F2mqEV004766: to=notifications@customdomain.com, ctladdr=root@zoneminder.lan (0/0), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, pri=120498, relay=mail.customdomain.com. [55.66.77.88], dsn=4.1.8, stat=Deferred: 450 4.1.8 root@zoneminder.lan: Sender address rejected: Domain not found

Mail-In-A-Box

Aug 14 22:48:53 mail postfix/smtpd[8400]: connect from 11.22-33-444.netnet.net[22.33.444.11]
Aug 14 22:48:54 mail postfix/smtpd[8400]: NOQUEUE: reject: RCPT from 11.22-33-444.netnet.net[22.33.444.11]: 450 4.1.8 root@zoneminder.lan: Sender address rejected: Domain not found; from=root@zoneminder.lan to=notifications@customdomain.com proto=ESMTP helo=<zoneminder.lan>
Aug 14 22:48:54 mail postfix/smtpd[8400]: disconnect from 11.22-33-444.netnet.net[22.33.444.11] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8

I am not understanding … can you elaborate please?

I THINK what you are saying is that you are attempting to authenticate with a user on your MiaB to your MiaB … and it is not working?

And what does Gmail have to do with it?

From the logs that you have posted … (it is hard to tell what you have obsfucated and what you have not) … it appears that you are attempting to log in with a device on your network without a internet routable domain name …

Logging in or not, that domain (zoneminder.lan) should in theory be rejected regardless, it’s not a valid domain name.

Correct. zoneminder.lan is where I’m logging in from and I do realize that it is not internet routable or a valid domain name (I don’t want it routable, etc). IE .lan is behind pfSense and MIAB is on Linode. How would I go about allowing it?

Assign it a valid domain name.

Can you configure zoneminder to relay through your MIAB instead of using the built in mail settings?

EDIT: Looks like you can: https://wiki.zoneminder.com/How_to_get_ssmtp_working_with_Zoneminder Replace settings with MIAB stuff.

@alento Technically it is a valid domain name and a “.com” or other shouldn’t be required as smtp works just fine when using gmail credentials but MIAB gives that error in the original post.

@murgero I have that configured.

“Technically” by what standard???

The standard that matters is the one that MiaB follows which is

reject_unknown_sender_domain Reject the request when Postfix is not final destination for the sender address, and the MAIL FROM domain has 1) no DNS MX and no DNS A record

If this is the case, then you should be using an alias in your MiaB for root@zoneminder.lan which is an alias to the miab user that you are using to authenticate.

That makes sense but is there a way to whitelist a domain with no DNS MX and no DNS A record?

Try this approach first:

Why exactly would that work? I’m attempting to authenticate as @.com.

Because the sender of the mail (envelope address) is root@zoneminder.lan.

At least that is what you are showing in the log entry in the OP.

You have to authenticate with a valid user account … and any email sent using that authenticated user must come from an alias that allows mail to be sent on its behalf by the authenticated sender (or itself).

Since you are logging in as user@xyz.com, but trying to send as root@zoneminder.lan, the email is being rejected.

MIAB allows it’s users to send as aliases, so once the alias is setup in MIAB it might just allow the email in.

I got it working by adding an alias but I’d have to do that for every different host… unless there is a better way that I don’t know of. IE hosts would be like (zoneminder.lan, ansible.lan, etc).

I found a fix I prefer. Thanks for the suggestions. Your alias one worked but I prefer the smtpd_recipient_restriction modification I found at https://wiki.centos.org/HowTos/postfix_restrictions.

I added under smtpd_recipient_restriction “check_sender_access hash:/etc/postfix/sender_access”

In the file /etc/postfix/sender_access

root@example.lan OK
root@example2.lan OK

Please be advised that your fix may be overwritten each time MiaB is updated. Postfix’s main.cf file is refreshed with each update.