Postfix is not sending or receiving mails

Discussion in 'Installation/Configuration' started by gmbhneo, Sep 12, 2019.

Page 1 of 2
  1. gmbhneo

    gmbhneo New Member

    Hello :)

    I am very new to linux servers and ISP / Dovecot / Postfix

    So I got my server up and running with everything working for now, besides my mails. Postfix is configured as follows:

    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
mydomain = mail.nushara.com
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = mail.nushara.com, mail.nushara.com., nushara.com, nushara.com., localhost, localhost.localdomain
mynetworks = localhost
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql$
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting

greylisting = check_policy_service inet:127.0.0.1:10023
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamh$
smtpd_tls_security_level = may
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox$
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_i$
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenti$
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0
    I am able to log in with Mailbird to get access to the account. Roundcube is also working. But sending is not giving me any error but do not send mails and receiving is giving me

    Code:
    Reporting-MTA: dns; googlemail.com
Received-From-MTA: dns; [email protected]
Arrival-Date: Thu, 12 Sep 2019 06:43:28 -0700 (PDT)
X-Original-Message-ID: <[email protected]>

Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Remote-MTA: dns; mail.nushara.com. (85.114.133.20, the server for the domain nushara.com.)
Diagnostic-Code: smtp; 554 5.7.1 <[email protected]>: Relay access denied
Last-Attempt-Date: Thu, 12 Sep 2019 06:43:30 -0700 (PDT)
    Is there any way you can help me?
     
    gmbhneo, Sep 12, 2019
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You added the domain nushara.com manually in the mydestination line in main.cf, so all addresses for this domain must fail. Change the line to:

    mydestination = mail.nushara.com, localhost, localhost.localdomain

    and restart postfix.
     
    till, Sep 12, 2019
    #2
  3. gmbhneo

    gmbhneo New Member

    Thanks for the fast reply.

    At least this fixed something, but now I am getting the following issue:

    Code:
    This is the mail system at host v22019078654392401.mail.nushara.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<[email protected]>: host gmail-smtp-in.l.google.com[2a00:1450:400c:c08::1b]
said: 550-5.7.1 [2a03:4000:37:4ad:640a:8bff:fe7f:e663] Our system has
detected that 550-5.7.1 this message does not meet IPv6 sending guidelines
regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1
https://support.google.com/mail/?p=IPv6AuthError for more information 550
5.7.1 . l24si56014wmg.136 - gsmtp (in reply to end of DATA command)
    Also the "554 5.7.1 <[email protected]>: Relay access denied" issue is still present
     
    gmbhneo, Sep 12, 2019
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The message tells you what to do. Google tells you that they do not accept your email because you missed to set up a PTR record for the IPv6 address of your server at your server provider.
     
    till, Sep 12, 2019
    #4
  5. gmbhneo

    gmbhneo New Member

    Ok so I've checked my DNS records in ISP and found that there is no PTR record. But What do I have to put into the two inputs?
    Putting in my IPv6 is not working. And the onlything i found on the net are some "zones" but this still does not give me a clue what to do here.

    Would be great if you could explain this to me, since I am not that much into all this domain / networking stuff.

    Thank you in advance!
     
    gmbhneo, Sep 12, 2019
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The PTR is normally not set in ISPConfig, it is set in the server control panel of your datacenter provider or it is set by the provider which assigned you that IP.
     
    till, Sep 12, 2019
    #6
  7. gmbhneo

    gmbhneo New Member

    Ok so since I can not have an impact on this, I've changed the inet_protocols = ipv4 and restarted.
    Now the mail got into my spam but thats a gmail issue i think (already contacted barracuda or some sort of service)

    So now I need to figure out how to solve the receiving issue. Any idea on that?
     
    gmbhneo, Sep 12, 2019
    #7
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    You did not post any error messages about a receiving problem except the one that was solved already in post #2.
     
    till, Sep 12, 2019
    #8
  9. gmbhneo

    gmbhneo New Member

    Ok so when I try to send a mail to the address I get an error from google:

    Code:
    554 5.7.1 <[email protected]>: Relay access denied
    with a file attached:
    Code:
    Reporting-MTA: dns; googlemail.com
Received-From-MTA: dns; [email protected]
Arrival-Date: Thu, 12 Sep 2019 07:37:06 -0700 (PDT)
X-Original-Message-ID: <[email protected]>

Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Remote-MTA: dns; mail.nushara.com. (85.114.133.20, the server for the domain nushara.com.)
Diagnostic-Code: smtp; 554 5.7.1 <[email protected]>: Relay access denied
Last-Attempt-Date: Thu, 12 Sep 2019 07:37:25 -0700 (PDT)
    The IP shown (85.114.133.20) is not the same as the ip of my server. But I dont know, where this is coming from (maybe google?) this is also not my local ip of my ISP i am connected to atm.
     
    gmbhneo, Sep 12, 2019
    #9
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Then the DNS record of your domain is wrong then. Find out which the authoritative DNS server of your domain is and change the record there. you can e.g. use intodns.com to check the DNS record and find out the right server. The DNS server is not necessarily the one on your ISPConfig system! Also be aware that changes in DNS may take 24 hours, so don't expect and immediate change.
     
    till, Sep 12, 2019
    #10
  11. gmbhneo

    gmbhneo New Member

    Ok so it looks like the mx record is wrong in some way..

    MX Records
    10 mail.nushara.com 85.114.133.20

    Right now i have the following MX Records:
    MX mail mail.nushara.com 10 60
    MX nushara.com. nushara.com. 10 3600

    So I change this to nushara.com to see if the ip is valid after the dns refresh

    I will report back if there is any progress.

    Thank you very much for your help!
     
    gmbhneo, Sep 12, 2019
    #11
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    No, change the IP of the 'mail' DNS A-Record.
     
    till, Sep 12, 2019
    #12
  13. gmbhneo

    gmbhneo New Member

    But thats already pointing to the right IP? To what do I need to change this?
     
    gmbhneo, Sep 12, 2019
    #13
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    You said above that 85.114.133.20 is not the IP of the server, but it must point to the IP of the server.
     
    till, Sep 12, 2019
    #14
  15. gmbhneo

    gmbhneo New Member

    right now it is pointing to:

    A mail 91.132.145.24 0 3600

    So I dont know, there this other IP is coming from
     
    gmbhneo, Sep 12, 2019
    #15
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    According to intodns, you seem to have removed the mail A-Record "10 mail.nushara.com No A Record (no glue either)". You have to add it again with the right IPv4 address of your server.
     
    till, Sep 12, 2019
    #16
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    And take care to change it on the right dns servers, the ones you have to change are:

    ns01.domainssaubillig.de. ['195.191.92.10'] (NO GLUE) [TTL=172800]
    ns02.domainssaubillig.de. ['195.191.93.10'] (NO GLUE) [TTL=172800]
     
    till, Sep 12, 2019
    #17
  18. gmbhneo

    gmbhneo New Member

    Well I dont know but this looks strange .. i have this record on my ISPConfig.
     
    Last edited: Sep 12, 2019
    gmbhneo, Sep 12, 2019
    #18
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    Please re-read post #10 and #17, I explained it there. Your problem is not related to your ISPConfig server in any way because your ISPConfig server is not the DNS server of that domain. So if you add a dns record on your ISPConfig server does not matter when your ISPConfig server is not the DNS server of that domain. Or do you think your DNS server would be the one for google.com just because you add google.com in the dns manager? So, you registered the domain name at a company named domainssaubillig as it seems and the DNS servers of that company are responsible for your domain. What you have to do is: 1) Delete the DNS zone you added on your ISPConfig system as it makes no sense to add DNS records on servers that are not authoritative for a domain. 2) login to the domain management panel of the company where you registered your domain name and set the correct DNS records there.
     
    till, Sep 12, 2019
    #19
  20. gmbhneo

    gmbhneo New Member

    Ok, now that I have added them to the hoster it seems to work. I can now receive mails too :)

    But why is the service freaking out about the name server so much? You also mentioned this might be an issue right? Do I have to change them too?
     
    gmbhneo, Sep 12, 2019
    #20
Page 1 of 2

Share This Page