Error 450

So you setup your postfix server, configure a few parameters for security, and then try to send some mail. Unfortunately, your email fails to go through. While checking your email logs, you find something similar to the following:

(host 10.2.15.240[10.2.15.240] said: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))

The issue here is that your mail server is configured to require verification but was unable to verify the sender. It's a server-side configuration issue, and it should be pretty simple to deal with.

In Postfix, this error occurs when you have reject_unknown_recipient_domain configured in your recipient restrictions. You may be tempted to just remove this line (and that would probably work), but for security reasons, it is best practice to leave that line in place and set it up properly.

A Deeper Look

To resolve our issue, we need to understand what it means to actually verify a sender. There are many different mechanisms to do so, and no one mechanism is a catchall for perfect verification. In the case of reject_unknown_recipient_domain, Postfix is not final destination for the recipient domain. When a message is queued, it wants to make sure the message is being sent to a valid place so it checks DNS for validation. This sender validation is performed in two parts.

  • First, it will check the DNS of the requesting mail server and sees if the HELO domain (origin domain) matches that machine's IP
  • Next, it will check the reverse DNS of the the requesting server to make sure it can match that IP to the domain in question

So How Do We Fix This?

To properly fix this issue and keep reject_unknown_recipient_domain active, just make sure the forward and reverse DNS lookups for your domain and mail server are valid and can be resolved properly on the machine you are sending mail to. If you are using a relay server in your mail chain, be sure to check that this server is also able to resolve DNS.

In the example above, I added the IP for my requesting server (10.2.15.60) into /etc/hosts on my relay server (10.2.15.240) and everything started working properly. I could have easily just added forward and reverse records into DNS to get the same result.

An example of that host record looks like the following:

10.2.15.60    da1bak001.domain da1bak001