I have setup an advanced email routing in the ispconfig interface for one domain I am having some weird routing issues with. The domain in question is actually on another machine on the same subnet. Both are behind a firewall. For some reason I can connect to port 25 of the local IP 192.168.5.2 but not the external IP. So I created a transport for it, so all mail to domain x goes to 192.168.5.2 and unchecked the box for mx lookup. I also added a host entry pointing mail.domain.com to 192.168.5.2. I have reloaded and restarted postfix. Tested in console by telnet mail.domain.com 25 and it works fine. However when I send a message, it is still doing a dns lookup and sending to the external IP address and failing. I will eventually fix the connectivity issue in the firewall, but as a temporary work around, why is this not working? I have verified the mysql user and pass in the mysql-virtual_transports.cf file and postconf -n looks right I think. Code: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no body_checks = regexp:/etc/postfix/body_checks broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix/html inet_interfaces = all mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 message_size_limit = 0 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = mail.actinc2000.com, localhost, localhost.localdomain myhostname = mail.actinc2000.com mynetworks = 127.0.0.0/8 [::1]/128 myorigin = /etc/mailname nested_header_checks = regexp:/etc/postfix/nested_header_checks proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_dom ains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps readme_directory = /usr/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = + relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, rej ect_rbl_client zen.spamhaus.org smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf biff = no body_checks = regexp:/etc/postfix/body_checks broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix/html inet_interfaces = all mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 message_size_limit = 0 mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = mail.actinc2000.com, localhost, localhost.localdomain myhostname = mail.actinc2000.com mynetworks = 127.0.0.0/8 [::1]/128 myorigin = /etc/mailname nested_header_checks = regexp:/etc/postfix/nested_header_checks proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_dom ains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps readme_directory = /usr/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = + relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, rej ect_rbl_client zen.spamhaus.org smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_transport = maildrop virtual_uid_maps = static:5000
error The error i get when i look in the mail queue is Code: (connect to mail.domain.com[external IP]:25: Connection timed out)
please post a screenshot of the transport that you created and the complete log olines from the mail.log file.
Here are the relevant lines from the log for a test message i just sent. mydomain.com is the sending domain on the ISPC3 server myotherdomain.com is the recipient on the other server. Code: Apr 6 05:38:49 mail postfix/qmgr[20439]: DCF5051A38F: from=<[email protected]>, size=1782, nrcpt=1 (queue active) Apr 6 05:38:49 mail amavis[2643]: (02643-13) Passed CLEAN, LOCAL [127.0.0.1] [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: G7vy94OsZQo2, Hits: -2.899, size: 1315, queued_as: DCF5051A38F, 259 ms Apr 6 05:38:49 mail postfix/smtp[4274]: A093551A38A: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.28, delays=0.01/0/0/0.26, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02643-13, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as DCF5051A38F) Apr 6 05:38:49 mail postfix/qmgr[20439]: A093551A38A: removed Apr 6 05:39:11 mail postfix/smtp[4317]: connect to mail.myotherdomain.com[67.X.X.X]:25: Connection timed out Apr 6 05:39:11 mail postfix/smtp[4317]: DCF5051A38F: to=<[email protected]>, relay=none, delay=21, delays=0.01/0.02/21/0, dsn=4.4.1, status=deferred (connect to mail.myotherdomain.com[67.210.233.67]:25: Connection timed out) Thanks for your help Till!
Please check if your server is blacklisted: http://mxtoolbox.com/blacklists.aspx Also make sure that port 25 is open on the other server. What are the outputs of Code: netstat -tap and Code: iptables -L on that server?
FIgured out the original issue To answer falko, the other server was a windows mail server, and all ports relevant to mail were open, and I could access them from all of the other 7 machines behind the same firewall, and externally. It finally occurred to me that about the only difference between my fresh debian squeeze install and the howto, was the iptables country blocking which i implemented just fine on Lenny. I disabled that and restarted, and was able to connect to the other server fine again. The question remains as to why the advanced ISPC3 mail routing did not work. Was it my alterations that messed it up or is it broken? Has anyone used this feature? The next task in my spare time is to completely rework my iptables country blocking routine to work with squeeze without randomly blocking access to a server on the same network. Whew
