I have problems with one domain, and I guess it is related to domain alias. In domain alias domain.com source is sent to domain.fr when I send a mail to [email protected], I get a "loops back to myself", but mail to [email protected] is sent ok dig mx domain.com is ok on the server, as well as dig mx domain.fr No changes on config from a long time, I did an update a few days ago. I did a: ispconfig_update.sh --force (no change) Also, I noticed this problem when the user told me that he was not receiving mails due to mails bounced with "Relay access denied" this is not specific to one user, as 2 users are experiencing this problem last, the two mails [email protected] with problems are mail forwards to gmail address
You can't have domain.com as an alias domain and also forward individual addresses from that same domain to Gmail accounts. Does the ui let you create such a configuration?
Code: Sep 10 15:54:06 mail1 dovecot: imap-login: Login: user=<[email protected]>, me thod=PLAIN, rip=78.192.141.14, lip=212.83.177.127, mpid=6135, session=<Eb/qcqTLb pFOwI0O> Sep 10 15:54:26 mail1 postfix/submission/smtpd[5833]: warning: hostname crz75-2- 78-192-141-14.fbxo.proxad.net does not resolve to address 78.192.141.14: Name or service not known Sep 10 15:54:26 mail1 postfix/submission/smtpd[5833]: connect from unknown[78.19 2.141.14] Sep 10 15:54:26 mail1 postfix/submission/smtpd[5833]: NOQUEUE: filter: RCPT from unknown[78.192.141.14]: <[email protected]>: Sender address triggers FILTER l mtp:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> pro to=ESMTP helo=<[192.168.1.2]> Sep 10 15:54:26 mail1 postfix/submission/smtpd[5833]: F0678611A1: client=unknown [78.192.141.14], sasl_method=PLAIN, [email protected] Sep 10 15:54:26 mail1 postfix/cleanup[6104]: F0678611A1: message-id=<b222000c-1f [email protected]> Sep 10 15:54:27 mail1 postfix/qmgr[750]: F0678611A1: from=<[email protected]>, size=652, nrcpt=1 (queue active) Sep 10 15:54:27 mail1 postfix/submission/smtpd[5833]: disconnect from unknown[78.192.141.14] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8 Sep 10 15:54:27 mail1 postfix/smtpd[6142]: connect from localhost[127.0.0.1] Sep 10 15:54:27 mail1 postfix/smtpd[6142]: 5A20A636F3: client=localhost[127.0.0.1] Sep 10 15:54:27 mail1 postfix/cleanup[6104]: 5A20A636F3: message-id=<[email protected]> Sep 10 15:54:27 mail1 postfix/qmgr[750]: 5A20A636F3: from=<[email protected]>, size=1747, nrcpt=1 (queue active) Sep 10 15:54:27 mail1 postfix/smtpd[6142]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Sep 10 15:54:27 mail1 amavis[3994]: (03994-15) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [127.0.0.1] [78.192.141.14] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: B-RTZvXJFADf, Hits: -2.899, size: 652, queued_as: 5A20A636F3, dkim_new=default:liane.net, 364 ms Sep 10 15:54:27 mail1 postfix/lmtp[6112]: F0678611A1: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.42, delays=0.06/0/0/0.36, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 5A20A636F3) Sep 10 15:54:27 mail1 postfix/qmgr[750]: F0678611A1: removed Sep 10 15:54:27 mail1 postfix/smtp[6143]: 5A20A636F3: to=<[email protected]>, relay=none, delay=0.04, delays=0.03/0.01/0/0, dsn=5.4.6, status=bounced (mail for gling-glang.com loops back to myself) Sep 10 15:54:27 mail1 postfix/cleanup[6104]: 71E216552F: message-id=<[email protected]> Sep 10 15:54:27 mail1 postfix/bounce[6144]: 5A20A636F3: sender non-delivery notification: 71E216552F Sep 10 15:54:27 mail1 postfix/qmgr[750]: 71E216552F: from=<>, size=3670, nrcpt=1 (queue active) Sep 10 15:54:27 mail1 postfix/qmgr[750]: 5A20A636F3: removed Sep 10 15:54:27 mail1 dovecot: lmtp(6113): Connect from local Sep 10 15:54:27 mail1 dovecot: lmtp([email protected])<6113><aEjIHZNjO2HhFwAApn4/xw>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX' Sep 10 15:54:27 mail1 dovecot: lmtp(6113): Disconnect from local: Client has quit the connection (state=READY) Sep 10 15:54:27 mail1 postfix/lmtp[6105]: 71E216552F: to=<[email protected]>, relay=mail1.sitew3.com[private/dovecot-lmtp], delay=0.17, delays=0.03/0/0/0.14, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> aEjIHZNjO2HhFwAApn4/xw Saved) Sep 10 15:54:27 mail1 postfix/qmgr[750]: 71E216552F: removed
Ok, that should work. What you originally posted should not be allowed: Are you sure you have the setup you describe? I just tested it on the latest ISPConfig version and it worked fine. Or perhaps I misunderstand what you have setup. My test was: mail domain test.com mail forward [email protected] -> [email protected] mail alias domain alias.com -> test.com I then sent an email to [email protected]: Code: Sep 10 10:55:07 bullseye-test postfix/discard[712273]: DA042C1C84: to=<[email protected]>, orig_to=<[email protected]>, relay=none, delay=0.08, delays=0.07/0.01/0/0, dsn=2.0.0, status=sent (gmail.com) (Note the 'discard' is correct for my test system, as I set gmail.com to deliver via discard: rather than actually deliver my test mail.) It's not evident from that log line, but my test was also using amavis.
you're right, this was unclear, but I can confirm my setup is really what I described in the last mail That is indeed what I have, replace alias.com with domain.com and test.com with domain.fr in my case, and this worked with no problem for years. What makes me think that it is somehow related to domain alias is that it is the only domain alias I have on this server, and I have no problem sending to [email protected], so it is probably between domain.com and domain.fr that something goes wrong
Also, the "Relay access denied problem" looks like that when an "external" sender send an email Code: Sep 10 18:07:10 mail1 postfix/smtpd[15543]: NOQUEUE: filter: RCPT from sonic301- 22.consmr.mail.ir2.yahoo.com[77.238.176.99]: <[email protected]>: Sender addres s triggers FILTER lmtp:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<sonic301-22.consmr.mail.ir2.yahoo.com> Sep 10 18:07:10 mail1 postfix/smtpd[15543]: NOQUEUE: reject: RCPT from sonic301- 22.consmr.mail.ir2.yahoo.com[77.238.176.99]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto= ESMTP helo=<sonic301-22.consmr.mail.ir2.yahoo.com> I strongly suspect the 2 problems are the same, but I have no clue what's going on
Maybe update to the latest version? I don't think anything changed in the last few days there, but maybe it did. Other than that, the setup must be different. Do you have anything in 'Email Routing'? What OS do you have? Do you have any conf-custom templates that might need updated?
I already did an update then "ispconfig_update.sh --force" later nothing in "email routing" Code: # cat /etc/debian_version 10.10 honestly, I don't think of any custom conf (but I might be wrong) Edit: deleted domain names as it is irrelevant
So I tried with 2 other domain names, and I observe exactly the 2 same problems: "loop back to me" when I try to send to the domain alias from my account on the server, and "Relay access denied" when sending from gmail for ex... So the problem is *not* with the domain names, but with "domain alias" on my server I need to fix that, what could I check? Edit: in the last test, the destination address was a real mailbox, not a forward, so it is also not related to the forward to gmail.
If I understand correctly what postfix expects: in virtual_alias_maps, virtual-mailman is empty (I don't use it), mysql-virtual_email2email.cf does return only existing emails so they don't seem of any use in my case. So mysql-virtual_forwardings.cf *should be* the one returning the domain alias, but Code: query = SELECT s.destination AS target FROM mail_forwarding AS s WHERE (s.source = '%s' OR s.source = CONCAT(SUBSTRING_INDEX('%u', '+', 1), '@%d')) AND s.type IN ('alias', 'forward') AND s.active = 'y' AND s.server_id = 1 UNION SELECT s.destination AS target FROM mail_forwarding AS s WHERE s.source = '@%d' AND s.type = 'catchall' AND s.active = 'y' AND s.server_id = 1 AND NOT EXISTS (SELECT email FROM mail_user WHERE (email = '%s' OR email = CONCAT(SUBSTRING_INDEX('%u', '+', 1), '@%d')) AND EXISTS (SELECT domain_id FROM mail_domain WHERE domain = SUBSTRING_INDEX('%s', '@', -1) AND active = 'y' AND server_id = 1) AND server_id = 1) AND NOT EXISTS (SELECT source FROM mail_forwarding WHERE (source = '%s' OR source = CONCAT(SUBSTRING_INDEX('%u', '+', 1), '@%d')) AND active = 'y' AND server_id = 1) this query seems to ignore the type "aliasdomain" How is this really supposed to work? (when it doesn't, in fact) edit: ok, so the SQL returning the domain alias is in: virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf shouldn't it be in virtual_alias_maps instead?
looks like I got it: Code: virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf Now, *the* question: this domain alias thing worked for years until a few days ago, and I strongly suspect it started when I did the last update. What do you think happened?
These are nearly identical to the default settings (the only difference is the order of the last 2 items in virtual_alias_maps). If yours weren't already updated similarly, then either your previous update failed/was incomplete, or you have custom config which overrides these. You may have other settings which also need updated.
this file hasn't been changed since 2019, and unfortunately is dead wrong: Code: virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:{config_dir}/mysql-virtual_forwardings.cf, proxy:mysql:{config_dir}/mysql-virtual_email2email.cf So that explains why the last update mixed up things, but not why it worked before? I'll fix this one, but is there other config files that could be involved?
Are there any other files in conf-custom/ or conf-custom/install/ ? If so, you need to keep those updated with the changes made to the original templates distributed with ISPConfig.
Ok, my debian_postfix.conf.master was really different than yours, and there is no other conf files in conf-custom/ or conf-custom/install/ (should there be any?) I remember making a few changes in debian_postfix.conf.master (relax security for some smtp restriction params), but it seems that this file was never updated when I upgraded, is that correct? Also, if this file is meant to be updated in upgrade, where is the correct place to put changes?
Correct, the installer prints a message stating you have custom templates that need updated, shows you their names, and offers to rename them for you - if you decline that, you need to update them yourself. In general, you either A) see what changed upstream and integrate those changes into your template, or B) note what customizations you made, copy the new template over, and integrate your changes again. For postfix and dovecot specifically (but no other templates) you can create an override file; eg. create conf-custom/install/postfix_custom.conf.master, with only the lines you changed in it.
