fresh ubuntu 20.04 with ispconfig 3.2.1 and mail issues out of the box

hello everyone from the ISPconfig team and fans/forum helpers and many thanks for your efforts in this awesome project.

i have a problem with my setup that i can't send mail using any mail client from an outside network like from a cell phone (with 3g/4g network), i have been trying for two or more weeks to follow other guides on the internet that talking about relying and but i wasn't able to fix the issue ... please some guidance.

i did install a fresh new ubuntu 20.04 following the perfict server guide [https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/], and followed the mail server guide [https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/].
and right now i have all required dns records as per the tutorials, so now when testing with mail-tester.com i get 6.9/10.
- A mail x.x.x.58
- A web x.x.x.59
- A www x.x.x.59
- mx mail.my-domain.com
- txt dkim(generated with ispconfig)
- txt spf(generated with tools as per mail tutorial)
- txt dkim(generated with tools as per mail tutorial)
- ptr 58.x.x.x.in-addr.arpa domain name pointer mail.my-domain.com.(done with my isp)

my two servers are behind router running 1:1 nat so
mail.my-domain ( local_ip= 172.16.0.101, real_ip=x.x.x.58, ip_in_hosts_file=local_ip as per perfect server guide)
mail.my-domain ( local_ip= 172.16.0.102, real_ip=x.x.x.59, ip_in_hosts_file=local_ip as per perfect server guide)

this is a mail.log when sending mail from my mobile client (with lte network), wan ip=196.132.13.129

Code:

Dec 16 20:01:10 mail postfix/submission/smtpd[138201]: connect from unknown[196.132.13.129]
Dec 16 20:01:11 mail postfix/submission/smtpd[138201]: NOQUEUE: filter: RCPT from unknown[196.132.13.129]: <[email protected]>: Sender address triggers FILTER lmtp:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[10.167.31.70]>
Dec 16 20:01:11 mail postfix/submission/smtpd[138201]: 8F61F16020C: client=unknown[196.132.13.129], sasl_method=PLAIN, [email protected]
Dec 16 20:01:11 mail postfix/cleanup[138203]: 8F61F16020C: message-id=<[email protected]>
Dec 16 20:01:11 mail postfix/qmgr[3918]: 8F61F16020C: from=<[email protected]>, size=1538, nrcpt=1 (queue active)
Dec 16 20:01:11 mail postfix/submission/smtpd[138201]: disconnect from unknown[196.132.13.129] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
Dec 16 20:01:12 mail postfix/smtpd[138207]: connect from localhost[127.0.0.1]
Dec 16 20:01:12 mail postfix/smtpd[138207]: 6FD9B16020E: client=localhost[127.0.0.1]
Dec 16 20:01:12 mail postfix/cleanup[138203]: 6FD9B16020E: message-id=<[email protected]>
Dec 16 20:01:12 mail postfix/qmgr[3918]: 6FD9B16020E: from=<[email protected]>, size=2639, nrcpt=1 (queue active)
Dec 16 20:01:12 mail postfix/smtpd[138207]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec 16 20:01:12 mail amavis[133547]: (133547-04) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [127.0.0.1] [196.132.13.129] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: G9F_7B-x33Mc, Hits: -0.998, size: 1538, queued_as: 6FD9B16020E, dkim_new=default:my-domain.com, 655 ms
Dec 16 20:01:12 mail postfix/lmtp[138204]: 8F61F16020C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.1, delays=0.44/0.01/0/0.66, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 6FD9B16020E)
Dec 16 20:01:12 mail postfix/qmgr[3918]: 8F61F16020C: removed
Dec 16 20:01:22 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=138236, secured, session=<CDO9qZi2tMh/AAAB>
Dec 16 20:01:22 mail dovecot: imap([email protected])<138236><CDO9qZi2tMh/AAAB>: Logged out in=156 out=1073 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Dec 16 20:01:25 mail postfix/smtp[138234]: 6FD9B16020E: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.76.26]:25, delay=13, delays=0.06/0.04/1.6/11, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[173.194.76.26] said: 554 5.7.1 Message refused by DNSBL check. bl.nsZones.com / 196.132.13.129 This email from IP x.x.x.58 has been rejected. The email message was detected as spam. (in reply to end of DATA command))
Dec 16 20:01:25 mail postfix/cleanup[138203]: 52D0F16020F: message-id=<[email protected]>
Dec 16 20:01:25 mail postfix/qmgr[3918]: 52D0F16020F: from=<>, size=4940, nrcpt=1 (queue active)
Dec 16 20:01:25 mail postfix/bounce[138237]: 6FD9B16020E: sender non-delivery notification: 52D0F16020F
Dec 16 20:01:25 mail postfix/qmgr[3918]: 6FD9B16020E: removed
Dec 16 20:01:25 mail dovecot: lda([email protected])<138238><MvcXGXVL2l/+GwIA+5twOw>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
Dec 16 20:01:25 mail postfix/pipe[138208]: 52D0F16020F: to=<[email protected]>, relay=dovecot, delay=0.41, delays=0.04/0.01/0/0.36, dsn=2.0.0, status=sent (delivered via dovecot service)
Dec 16 20:01:25 mail postfix/qmgr[3918]: 52D0F16020F: removed

 

and this is the postfix config no changes at all made (ispconfig 3.2.1 configs)

Code:

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2



# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
myhostname = mail.rasnix.com
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = mail.rasnix.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status
smtpd_use_tls = yes
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_reject_unlisted_sender = yes
smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining , permit
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
tls_preempt_cipherlist = yes
address_verify_negative_refresh_time = 60s
enable_original_recipient = no
smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS
address_verify_sender_ttl = 15686s
smtp_dns_support_level = dnssec
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
content_filter = lmtp:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0

 

@jesse thanks for your reply.
I did notice that but from what I do understand the mail server should accept the mail even if it comes from a blacklisted IP because this is an authenticated user then it should forward / relay the email from the server's IP which is not blacklisted, do i understand this correctly ???
from my previous attempts to overcome this issue for some unknown reason if i UN-comment this line"-o smtpd_recipient_restrictions=" in /etc/postfix/master.cf of the submission section the email will be delivered to some email providers like yahoo ...

 

once again jesse thank you for you help.
and about the change i mentioned in the master file, i wasn't able to reproduce the same effect as i think i did change more than that parameter but can't remember exactly, sorry - my bad.