Hi, I have a problem on the email/Postfix configuration. I have installed ISPConfig 3 latest on Centos 7.6. Everything went smoothly. Perfect install congratulations guys the howto setup's work great. My setup: A single server on a dc that is standalone and runs all services like usual. I want to use it for everything including email for many domains I have. My problem: I have two domains already pointing to the IP of the server that runs ISPConfig. My server was instaled with hostname say: server1.mydomain.com I have dns records A records pointing to my ip, and MX records pointing to another A record that points to my ip. Everything works fine. I point another domain to the same IP. let's called it domain2.com On ISPConfig on this second domain I created some emails and they all work Perfectly! Even with roundcube access they're just fine I can send and receive emails from everywhere. Spam protection is enabled on both domains and all email's accounts. The funny thing is that on the first domain (mydomain.com), the one that actually is the hostname for my server when I receive email they're sent to Local Linux users! I even tested sending to emails accounts created on ISPConfif that the name does not exist on the OS users and the email gets back saying no user found. But I was fortunate to create an email account in ISPConfig with the Same name as a local user. On ISPConfig I created a [email protected] and there is a userexample on the Linux OS. After several tries I sent an email to [email protected], the emails was given as received on the /var/log/maillog ...and indeed they were ..simply instead of being delivered to the account created on ISPConfig they were all on the email spool for the local Linux user with the same name! The email was all in /var/spool/mail/userexample I installed mutt, created the .muttrc config and there it was! I can send and receive email for that local user using mutt ! Bonus But that was not what I intended. I want to be able to use the mydomain.com users on ISPConfig and Roundcube. I find it strange that for example I do not even see a /var/vmail/mydomain.com dir since indeed no email was sent to that domain so ISPConfig does not generate the vmail dir for that domain. On my other domain there is a /var/vmail/domain2.com dir and all works with no problem (Roundcube access with no problems). I also noticed the email I sent from the Local Linux OS from userexample (using mutt) and I receive in say gmail all have the sender as: [email protected] ..and not what I expected : [email protected] So I think this can be a problem with the Postfix configuration for this particular case. Would anyone have an idea to make this work correctly as intended ? My postconf -e is as follows: Code: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases body_checks = regexp:/etc/postfix/body_checks broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 dovecot_destination_recipient_limit = 1 greylisting = check_policy_service inet:127.0.0.1:10023 header_checks = regexp:/etc/postfix/header_checks html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_size_limit = 0 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 0 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = mail.mydomain.com, server1.mydomain.com, localhost, localhost.localdomain, mydomain.com myhostname = server1.mydomain.com mynetworks = 127.0.0.0/8 [::1]/128 nnn.nnn.nnn.nnn/32 nested_header_checks = regexp:/etc/postfix/nested_header_checks newaliases_path = /usr/bin/newaliases.postfix proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES receive_override_options = no_address_mappings relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf sample_directory = /usr/share/doc/postfix-2.10.1/samples sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_exclude_ciphers = RC4, aNULL smtp_tls_protocols = !SSLv2,!SSLv3 smtp_tls_security_level = may smtpd_client_message_rate_limit = 100 smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf smtpd_restriction_classes = greylisting smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_exclude_ciphers = RC4, aNULL smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_security_level = may smtpd_use_tls = yes transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf unknown_local_recipient_reject_code = 550 virtual_alias_domains = virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_transport = dovecot virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf the MX record is : Code: bash:>dig MX mydomain.com ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> MX mydomain.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28280 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mydomain.com. IN MX ;; ANSWER SECTION: mydomain.com. 172817 IN MX 20 mail.mydomain.com. ;; AUTHORITY SECTION: mydomain.com. 137869 IN NS ns3.dnsowl.com. mydomain.com. 137869 IN NS ns1.dnsowl.com. mydomain.com. 137869 IN NS ns2.dnsowl.com. ;; ADDITIONAL SECTION: mail.mydomain.com. 172817 IN A XXX.XXX.XXX.111 ;; Query time: 140 msec ;; SERVER: nnn.nnn.nnn.nnn#53(nnn.nnn.nnn.nnn) ;; WHEN: Thu Jun 06 03:51:13 CEST 2019 ;; MSG SIZE rcvd: 136 I can not see anything wrong with that? Thanks in advance, Best regards,
remove mydomain.com from mydestination line and restart postfix. Domains that you want to have mailboxes for shall not be listed in mydestination line.
Hi Till, Thanks a lot for your work and fast reply. I changed that, restarted postfix, and the result was: Code: Jun 6 10:54:39 server1 postfix/smtpd[12275]: NOQUEUE: filter: RCPT from mail-it1-f178.google.com[209.85.166.178]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-it1-f178.google.com> Jun 6 10:54:39 server1 postfix/smtpd[12275]: NOQUEUE: filter: RCPT from mail-it1-f178.google.com[209.85.166.178]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-it1-f178.google.com> Jun 6 10:54:39 server1 postfix/smtpd[12275]: NOQUEUE: reject: RCPT from mail-it1-f178.google.com[209.85.166.178]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-it1-f178.google.com> Jun 6 10:54:40 server1 postfix/smtpd[12275]: disconnect from mail-it1-f178.google.com[209.85.166.178] Jun 6 10:55:01 server1 postfix/smtpd[12275]: connect from localhost.localdomain[127.0.0.1] Jun 6 10:55:01 server1 postfix/smtpd[12275]: lost connection after CONNECT from localhost.localdomain[127.0.0.1] Jun 6 10:55:01 server1 postfix/smtpd[12275]: disconnect from localhost.localdomain[127.0.0.1] Jun 6 10:55:01 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<hmuO3qOKrK1/AAAB> Jun 6 10:55:01 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<hWuO3qOKlOt/AAAB> And there is still no /var/vmail/mydomain.com dir .... Do you need any other info since this is strange to say the least .... it get's this relay access denied ... Regards.
The directory is created when you add a mailbox in ispconfig. If the directory is not there, then there is probably another installation error in your setup. Ensure that /var/vmail is not a symlink.
Thanks for the reply. /var/vmail is not a symlink. Actually /var/symlink contains the other domain dirs I have. The one I can send and receive email from everywhere and is working fine inside it does contain all virtual email mailboxes created. I tried to delete on ISConfig the domain and created it again and indeed no dir is generated. Another strange thing is that when I send an email from gmail to: [email protected] the email is delivered to the Local user and is available on /var/spool/mail/userexample If I send the email to [email protected] ..I get the Code: 454 4.7.1 <[email protected]>: Relay access denied Could this be a problem only of the configuration ? also now that you talk about ISPConfig I have a some of errors on the log file: /var/www/clients/client4/web1/log, but they are all access related ... Code: [Thu Jun 06 17:16:01.496776 2019] [authz_core:error] [pid 8781] [client 187.122.248.165:5330] AH01630: client denied by server configuration: /var/www/jostd.com/web/api.php [Thu Jun 06 17:16:01.746300 2019] [authz_core:error] [pid 8781] [client 187.122.248.165:5330] AH01630: client denied by server configuration: /var/www/jostd.com/web/luso.php [Thu Jun 06 17:16:02.013425 2019] [authz_core:error] [pid 8781] [client 187.122.248.165:5330] AH01630: client denied by server configuration: /var/www/jostd.com/web/1ndex.php [Thu Jun 06 17:16:02.282334 2019] [authz_core:error] [pid 8781] [client 187.122.248.165:5330] AH01630: client denied by server configuration: /var/www/jostd.com/web/indexbak.php [Thu Jun 06 17:16:02.535059 2019] [authz_core:error] [pid 8781] [client 187.122.248.165:5330] AH01630: client denied by server configuration: /var/www/jostd.com/web/xmlrpc.php [Thu Jun 06 17:16:06.817500 2019] [authz_core:error] [pid 8781] [client 187.122.248.165:5330] AH01630: client denied by server configuration: /var/www/jostd.com/web/dong.php [Thu Jun 06 17:16:07.104090 2019] [authz_core:error] [pid 8781] [client 187.122.248.165:5330] AH01630: client denied by server configuration: /var/www/jostd.com/web/xun.php [Thu Jun 06 17:16:08.877219 2019] [authz_core:error] [pid 8781] [client 187.122.248.165:5330] AH01630: client denied by server configuration: /var/www/jostd.com/web/datas.php BTW I created a Reseller account on ISPConfig. Then that reseller account created a client ... then that client is the one that created the mydomain.com +virtualmailboxes and also the other domains and their repective mailboxes. Regards.
I forgot to mention I followed the ISPConfig Perfect setup for Centos 7.6, the version I'm using. On a fresh minimal install, and I did not have a single issue. Even Roundcube is working out of the box (sending and receiving) for emails in domains that are not the one registered in my DNS and MX record.... Also I forgot to mention that when I send and email from Roundcube from another domain and email address to [email protected] I get back an error ... saying: "loops back to myself" When the email is sent from and external server like gmail ... I get no reply at least not since yesterday ...
Check this: 1) ensure that mydomain.com is not listed anywhere in postfix main.cf file anymore, a subdomain is ok though like mail.mydomain.com. 2) check that the server hostname is not mydomain.com, the hostname must be a subdomain like server1.mydomain.com. 3) Double check that you don't have a typo in the domain name when adding mydomain.com as mail domain in ispconfig. 4) use debug mode when you add mydomain.com in ispconfig to see what happens behind the scenes in detail: https://www.faqforge.com/linux/debugging-ispconfig-3-server-actions-in-case-of-a-failure/
Solved! I simply deleted the mydomain.com (I made that before actually), made sure the main.cf was exactly the same as the original one ... and ... got this error: Code: 06.06.2019-20:47 - ERROR - Possible security violation when deleting the maildir: 06.06.2019-20:47 - ERROR - Possible security violation when deleting the maildir: 06.06.2019-20:47 - ERROR - Possible security violation when deleting the maildir: That was the output of the /usr/local/ispconfig/server/server.sh script. But, the /var/vmail for mydomain.com is there finally!! I recreated the previous virtual mailboxes and ! It Works! I knew that becoming a Supporter would solve everything And yes I had already made sure that 1) 2) and 3) were all ok, then enabled 4). Btw, the errors mentioned above were Already present on /var/log/ispconfig/ispconfig.log also. I think I may have changed some parameter ...like mydestination, myhostname ...during the initial instalation and test. DNS propagation times sometimes can reach some hours ... and that likelly can be also the problem ... I have to investigate further ... because the moment I made de dig MX mydomain.com ...those DNS servers were all jumping between calls on cli from the Older IP to the new IP of this server ... so could have been it. Thanks a lot for the help Till! Regards
Before I finish. There was one thing Changed on the initial configuration. The current running postconf -n is: Code: mydestination = mail.mydomain.com, localhost, localhost.localdomain myhostname = server1.mydomain.com The initial install had a difference there: Code: mydestination = server1.mydomain.com, localhost, localhost.localdomain myhostname = server1.mydomain.com That is a big difference to postfix. Also as a last note I've tested and sending an email to [email protected] Actually Delivers email to the Local user a Bonus ...or maybe not ... Regards.
In order to clarify the problem I've been analyzing logs of several services and the issue must have been related indeed to the DNS setup I was using and the propagation delay of those records also. I'm writing this down only to explain to possible future users with the same problem. As previously explained there was a default setup on the ISPConfing install for the very important parameters to postfix: Code: mydestination = server1.mydomain.com, localhost, localhost.localdomain myhostname = server1.mydomain.com This was the default setup from ISPConfig. What happened was that my server was migrated and installed freshly from a previous set of hosts I had on a now very messy Alpharacks.com situation (check webhostingtalk VPS forum for details). While migrating I re-assigned the DNS records on my domains to point to the new IP. And yes I had some issues I identified at that time because of the normal propagation time of DNS records. Those took about a day to settle. But I made a mistake. I had Already a MX record of mail.mydomain.com and the respective A type record. and changed that record to point to the new IP. But ..and this is the important one I did not have a DNS record for server1.mydomain.com since I changed the name of the current server to be different from the one used on the previous hosting. So while I was doing the fresh install of ISPconfig the server1.mydomain.com was not pointing anywhere from a DNS perspective, that is outside my server. It was only known to my Local server because it is the hostame. And that is why the initial configuration could not have worked. Even if the Local machine hostname was indeed server1.mydomain.com. The change I've made to: Code: mydestination = mail.mydomain.com, localhost, localhost.localdomain myhostname = server1.mydomain.com Worked Even without the DNS record being assigned to server1.mydomain.com, since mail.mydomain.com was a MX record and a A type record on my DNS configuration. Another note: I did not touch or change any DNS configuration locally on ISPConfig. I only use the very simple DNS records of my registar to point to my server. It is a very very simple setup everything I wrote about DNS was made on the DNS records of my registar, not ISPConfig. Regards.
