Postfix Relay Issue - Name Service Error (A Record, not MX)

[LostInSpace82]

What I'm trying to accomplish is fairly simple, however I've hit a problem I can't seem to figure out. I have a Postfix server running on a router with tomato firmware. I've configured to relay mail through my web hosting/email provider. When viewing /etc/messages, I notice my message is deferred for the following reason:

Dec 20 10:35:36 tomato mail.info postfix/smtp[28942]: 46F5B483F7: to=<xxx@yyy.com>, relay=none, delay=338630, delays=338629/0.44/0.13/0, dsn=4.4.3, status=deferred (Name service error for name=smtpout.secureserver.net type=A: Malformed or unexpected name server reply)

Thinking this may be some issue with the way my server interfaces with smtp.secureserver.net, I tried to relay through smtp.gmail.com.

This results in the same error, leading me to think there is something wrong with my configuration, or the way my dns is functioning (also could be a configuration problem).

Below is the pertinent configuration options for relay as they are set now (before, replace smtp.gmail.com with smtp.secureserver.net, and the appropriate port): ('postconf -n' can be provided upon request.)

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/opt/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
mynetworks = 192.168.1.0/24 127.0.0.0/8

/opt/etc/postfix/sasl/sasl_passwd contains
[smtp.gmail.com]:587 myusername@domain:mypassword

Take note the error message is not of type=MX. It's type=A. (There are many similar errors floating around online with type=MX, and the name simply needed to be put in brackets).

Anyone have any ideas?!

 

[Noway2]

It appears to be a problem with the DNS. Specifically, Postfix is trying to do a lookup for smtpout.secureserver.net and getting an unexpected reply.

What happens when you do an nslookup for smtpout.secureserver.net, both for type A and for type MX, from the router? Do you get a valid reply and response code?

 

[LostInSpace82]

Hi Noway, thanks for replying.

By default, the nslookup on my router is the busybox version, so I went ahead and installed bind in order to 'set type=MX'. Here is the response, which looks normal to me. Do you agree?:


> smtpout.secureserver.net
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
smtpout.secureserver.net canonical name = smtpout.where.secureserver.net.
Name: smtpout.where.secureserver.net
Address: 72.167.82.80

> set type=MX
> smtpout.secureserver.net
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find smtpout.secureserver.net: SERVFAIL


I went ahead and checked the response from dig, too, just for kicks:


dig smtpout.secureserver.net

; <<>> DiG 9.6.1-P3 <<>> smtpout.secureserver.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49750
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;smtpout.secureserver.net. IN A

;; ANSWER SECTION:
smtpout.secureserver.net. 30 IN CNAME smtpout.where.secureserver.net.
smtpout.where.secureserver.net. 218 IN A 72.167.82.80

;; Query time: 49 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 27 10:15:49 2011
;; MSG SIZE rcvd: 86


At least if something strange happened here I'd have an idea as to where to start. Now, I just don't know...

 

[Noway2]

From the output you posted, it looks like the A record is working, but there is a problem (syntax?) in your zone for the MX record, notice the ** server can't find smtpout.secureserver.net: SERVFAIL.

I am not sure if you are obfuscating your information or not, but on the chance that you are not, when I run an nslookup on the domains and IP addresses that you mention in your post, I am getting different results. If the information in your post is valid, this may indicate a conflict or other problem. Specifically, I am receiving different addresses returned for the name query. I am also receiving a timeout from the type=mx. I have attempted to attach screen shot to this post of this information, but it that fails, here is a link:

http://www.mediafire.com/?vi59czs620l75qv