Hello. I have a problem with email. Outgoing emails is sent fine, but incoming emails rejected by server (unknown user). Also have a question about 465 and 587 ports. Emails to the same address via webmail also does not come. CentOS Linux release 7.3.1611 (Core) ISPConfig version is 3.1.6 IMAP and POP3 server dovecot 2.2.10 SMTP server postfix 2.10.1 ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1.6 ##### VERSION CHECK ##### [INFO] php (cli) version is 5.4.16 ##### PORT CHECK ##### [WARN] Port 465 (SMTP server SSL) seems NOT to be listening ##### MAIL SERVER CHECK ##### [WARN] I found no "submission" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer port 587 for smtp connecti ons you have to enable this. ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Unknown process (httpd) (PID 691) [INFO] I found the following mail server(s): Postfix (PID 3331) [INFO] I found the following pop3 server(s): Dovecot (PID 1223) [INFO] I found the following imap server(s): Dovecot (PID 1223) [INFO] I found the following ftp server(s): PureFTP (PID 560) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:10024 (1117/amavisd) [localhost]:9000 (519/php-fpm [localhost]:10025 (3331/master) [localhost]:10026 (1117/amavisd) [anywhere]:3306 (941/mysqld) [localhost]:10027 (3331/master) [anywhere]:110 (1223/dovecot) [localhost]:9006 (520/php-fpm [anywhere]:143 (1223/dovecot) [localhost]:9007 (531/php-fpm ***.***.***.***:53 (628/named) [localhost]:53 (628/named) [anywhere]:21 (560/pure-ftpd) [anywhere]:22 (526/sshd) [anywhere]:25 (3331/master) [localhost]:953 (628/named) [anywhere]:993 (1223/dovecot) [anywhere]:995 (1223/dovecot) *:*:*:*::*:10024 (1117/amavisd) *:*:*:*::*:10026 (1117/amavisd) [localhost]10 (1223/dovecot) [localhost]43 (1223/dovecot) *:*:*:*::*:8080 (691/httpd) *:*:*:*::*:80 (691/httpd) *:*:*:*::*:8081 (691/httpd) *:*:*:*::*:53 (628/named) *:*:*:*::*:21 (560/pure-ftpd) *:*:*:*::*:22 (526/sshd) *:*:*:*::*:25 (3331/master) *:*:*:*::*:953 (628/named) *:*:*:*::*:443 (691/httpd) *:*:*:*::*:993 (1223/dovecot) *:*:*:*::*:995 (1223/dovecot) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 state NEW ACCEPT tcp -- [anywhere]/0 [anywhere]/0 state NEW tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 state NEW tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 state NEW tcp dpt:8080 ACCEPT all -- [anywhere]/0 [anywhere]/0 state RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 state NEW tcp dpt:22 REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
ensure that the domain that you use for email is not listed in /etc/postfix/main.cf nor /etc/hostname. you can use something like server.yourdomain.tld there but not just yourdomain.tld.
The domain i use for email is listed in /etc/postfix/main.cf (mydestination, myhostname) and /etc/hostname. Changing the hostname (hostnamectl set-hostname New_HostName) will solve my problem? Do you need some action on my part? Thank you for your time and assistance.
You have to change it in main.cf and you have to change the hostname and probably you have to change it in /etc/hosts as well, then restart the server.
Hi. After two weeks of normal operation i suddenly had a problem. The emails does not go away and did not come. In the logs appeared the entry "connect to 127.0.0.1[127.0.0.1]:10024: connection refused". After i have disabled amavisd in /etc/postfix/main.cf (#content_filter = amavis:[127.0.0.1]:10024) started to work internal mail and sending out. But external mail did not come. What could be the problem?
I have repeatedly rebooted the server but the problem persists. Thank you for your time and assistance.
/etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix inet_interfaces = all inet_protocols = all mydestination = srv.MYDOMAIN.nl, localhost, localhost.localdomain alias_maps = hash:/etc/aliases debug_peer_level = 2 queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix inet_interfaces = all inet_protocols = all mydestination = srv.MYDOMAIN.nl, localhost, localhost.localdomain unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.10.1/samples readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES virtual_alias_domains = virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix /mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2emai l.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, rej ect_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_acce ss mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tODag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL mynetworks = 127.0.0.0/8 [::1]/128 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth #content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings mailbox_size_limit = 0 message_size_limit = 0
Part of the file /etc/amavisd/amavisd.conf use strict; $max_servers = 2; # num of pre-forked children (2..15 is common), -m $daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u $daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g $mydomain = 'MYDOMAIN.nl'; # a convenient default for other settings $MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR = undef; # -Q $lock_file = "/var/run/amavisd/amavisd.lock"; # -L $pid_file = "/var/run/amavisd/amavisd.pid"; # -P $log_level = 0; # verbosity 0..5, -d $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string # e.g.: mail, daemon, user, local0, ... local7 $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, # choose from: emerg, alert, crit, err, warning, notice, info, debug $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed @local_domains_maps = ( [".$mydomain"] ); # list of all local domains @mynetworks = qw( 0.0.0.0/8 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter # option(s) -p overrides $inet_socket_port and $unix_socketname $inet_socket_port = [10024,10026]; # listen on multiple TCP ports $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients }; $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert\@$mydomain"], spam_admin_maps => ["virusalert\@$mydomain"], warnbadhsender => 1, # forward to a smtpd service providing DKIM signing service forward_method => 'smtp:[127.0.0.1]:10027', # force MTA conversion to 7-bit (e.g. before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, # do not require secret_id for amavisd-release }; $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 20; # add 'spam detected' headers at that level $sa_kill_level_deflt = 100; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 100; # spam level beyond which a DSN is not sent # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? $virus_admin = undef; # notifications recip. $mailfrom_notify_admin = undef; # notifications sender $mailfrom_notify_recip = undef; # notifications sender $mailfrom_notify_spamadmin = undef; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef @addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned'); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh'); $recipient_delimiter = undef; $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error $myhostname = 'MYDOMAIN.nl'; $notify_method = 'smtp:127.0.0.1:*'; $forward_method = 'smtp:127.0.0.1:*'; # set to undef with milter!
I found out and corrected 2 errors. The first MX record of DNS, the second is a typo in the file /etc/postfix/main.cf ("regexp:/etc/postfix/tODag_as_originating.re" instead of "regexp:/etc/postfix/tag_as_originating.re"). After the correction in the file /var/postfix/maillog has the following entry: Aug 18 11:53:20 srv postfix/smtpd[17307]: connect from forward100p.mail.yandex.net[77.88.28.100] Aug 18 11:53:20 srv postfix/smtpd[17307]: NOQUEUE: filter: RCPT from forward100p.mail.yandex.net[77.88.28.100]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<forward100p.mail.yandex.net> Aug 18 11:53:20 srv postfix/smtpd[17307]: NOQUEUE: filter: RCPT from forward100p.mail.yandex.net[77.88.28.100]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<forward100p.mail.yandex.net> Aug 18 11:53:20 srv postfix/smtpd[17307]: 9D21C8165D: client=forward100p.mail.yandex.net[77.88.28.100] Aug 18 11:53:20 srv postfix/cleanup[17370]: 9D21C8165D: message-id=<[email protected]> Aug 18 11:53:20 srv postfix/qmgr[1161]: 9D21C8165D: from=<[email protected]>, size=2102, nrcpt=1 (queue active) Aug 18 11:53:20 srv postfix/smtp[17371]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused Aug 18 11:53:20 srv postfix/smtp[17371]: 9D21C8165D: to=<[email protected]>, relay=none, delay=0.11, delays=0.1/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) Aug 18 11:53:20 srv postfix/smtpd[17307]: disconnect from forward100p.mail.yandex.net[77.88.28.100]