Good evening, I am unable to email from within the domain. I use mailgun as an external provider. When I email from one user ([email protected]) to another user ([email protected]) within the same domain, I get 'User unknown in virtual mailbox table'. From external email addresses outside of my domain, ie from my gmail, after removing $myhostname from mydestination, at least these arrive. This is a clean install with the ISPconfig autoinstaller on Ubuntu 20.04. Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Ubuntu 20.04.2 LTS [INFO] uptime: 23:25:09 up 3:32, 2 users, load average: 0.01, 0.02, 0.00 [INFO] memory: total used free shared buff/cache available Mem: 1.9Gi 664Mi 678Mi 74Mi 645Mi 1.1Gi Swap: 0B 0B 0B [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION ● clamav-daemon.service loaded failed failed Clam AntiVirus userspace daemon LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.4 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.4.16 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 348838) [INFO] I found the following mail server(s): Postfix (PID 356738) [INFO] I found the following pop3 server(s): Dovecot (PID 348785) [INFO] I found the following imap server(s): Dovecot (PID 348785) [INFO] I found the following ftp server(s): PureFTP (PID 349033) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:993 (348785/dovecot) [anywhere]:995 (348785/dovecot) [localhost]:11332 (348775/rspamd:) [localhost]:11333 (348775/rspamd:) [localhost]:11334 (348775/rspamd:) [localhost]:10023 (33035/postgrey) [anywhere]:587 (356738/master) [localhost]:11211 (70759/memcached) [localhost]:6379 (32746/redis-server) [anywhere]:110 (348785/dovecot) [anywhere]:143 (348785/dovecot) [anywhere]:465 (356738/master) ***.***.***.***:53 (349040/named) ***.***.***.***:53 (349040/named) ***.***.***.***:53 (349040/named) [localhost]:53 (349040/named) [anywhere]:21 (349033/pure-ftpd) ***.***.***.***:53 (510/systemd-resolve) [anywhere]:22 (658/sshd:) [anywhere]:25 (356738/master) [localhost]:953 (349040/named) [anywhere]:4190 (348785/dovecot) *:*:*:*::*:993 (348785/dovecot) *:*:*:*::*:995 (348785/dovecot) *:*:*:*::*:3306 (348103/mysqld) *:*:*:*::*:587 (356738/master) *:*:*:*::*:6379 (32746/redis-server) [localhost]10 (348785/dovecot) [localhost]43 (348785/dovecot) *:*:*:*::*:8080 (348838/apache2) *:*:*:*::*:80 (348838/apache2) *:*:*:*::*:465 (356738/master) *:*:*:*::*:8081 (348838/apache2) *:*:*:*::*2837:acff:fe8f:53 (349040/named) *:*:*:*::*e4a7:ff:fe71:5:53 (349040/named) *:*:*:*::*:53 (349040/named) *:*:*:*::*:21 (349033/pure-ftpd) *:*:*:*::*:22 (658/sshd:) *:*:*:*::*:25 (356738/master) *:*:*:*::*:953 (349040/named) *:*:*:*::*:443 (348838/apache2) *:*:*:*::*:4190 (348785/dovecot) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-postfix-sasl (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 main.cf file Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_security_level = may smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level = dane smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination myhostname = isp.remedium.sg alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = localhost.$mydomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status smtpd_use_tls = yes transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender smtpd_reject_unlisted_sender = no smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining , permit smtpd_etrn_restrictions = permit_mynetworks, reject smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = lmtp:unix:private/dovecot-lmtp header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL smtpd_tls_mandatory_ciphers = medium tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA tls_preempt_cipherlist = yes address_verify_negative_refresh_time = 60s enable_original_recipient = no sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd smtp_sender_dependent_authentication = yes smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_tls_security_options = noanonymous smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS address_verify_sender_ttl = 15686s smtp_dns_support_level = dnssec dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_milters = inet:localhost:11332 non_smtpd_milters = inet:localhost:11332 milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_default_action = accept I tested incoming mail from Roundcube, and local mail delivery seems to be working fine. My FQDN/hostname: isp.remedium.sg. Mail.log below (as you can see the first two arrive, the third from mailgun in the same domain it's rejected) Code: Apr 7 23:36:49 isp dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=358794, secured, session=<3b6mZ2q/3qp/AAAB> Apr 7 23:36:50 isp dovecot: imap([email protected])<358794><3b6mZ2q/3qp/AAAB>: Logged out in=90 out=967 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Apr 7 23:36:53 isp dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=358796, secured, session=<5XfWZ2q/4Kp/AAAB> Apr 7 23:36:53 isp dovecot: imap([email protected])<358796><5XfWZ2q/4Kp/AAAB>: Logged out in=458 out=1913 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=292 body_count=1 body_bytes=6 Apr 7 23:36:55 isp dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=358798, secured, session=<1Vr+Z2q/4qp/AAAB> Apr 7 23:36:55 isp dovecot: imap([email protected])<358798><1Vr+Z2q/4qp/AAAB>: Logged out in=32 out=520 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Apr 7 23:36:55 isp dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=358800, secured, session=<X/7+Z2q/5Kp/AAAB> Apr 7 23:36:55 isp dovecot: imap([email protected])<358800><X/7+Z2q/5Kp/AAAB>: Logged out in=44 out=627 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Apr 7 23:37:06 isp postfix/smtpd[358815]: connect from localhost[127.0.0.1] Apr 7 23:37:06 isp postfix/smtpd[358815]: DEAB313F1A7: client=localhost[127.0.0.1], sasl_method=LOGIN, [email protected] Apr 7 23:37:06 isp postfix/cleanup[358818]: DEAB313F1A7: message-id=<[email protected]> Apr 7 23:37:06 isp postfix/qmgr[356741]: DEAB313F1A7: from=<[email protected]>, size=636, nrcpt=1 (queue active) Apr 7 23:37:06 isp postfix/smtpd[358815]: disconnect from localhost[127.0.0.1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6 Apr 7 23:37:06 isp dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=358822, secured, session=<HNCpaGq/FKt/AAAB> Apr 7 23:37:06 isp dovecot: lmtp(358821): Connect from local Apr 7 23:37:06 isp dovecot: imap([email protected])<358822><HNCpaGq/FKt/AAAB>: Logged out in=465 out=701 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Apr 7 23:37:06 isp dovecot: lmtp([email protected])<358821><kOJEOiJCbmCleQUAe/Z/7g>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX' Apr 7 23:37:07 isp postfix/lmtp[358819]: DEAB313F1A7: to=<[email protected]>, relay=isp.remedium.sg[private/dovecot-lmtp], delay=0.1, delays=0.02/0.03/0.02/0.02, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> kOJEOiJCbmCleQUAe/Z/7g Saved) Apr 7 23:37:07 isp postfix/qmgr[356741]: DEAB313F1A7: removed Apr 7 23:37:07 isp dovecot: lmtp(358821): Disconnect from local: Client has quit the connection (state=READY) Apr 7 23:37:07 isp dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=358824, secured, session=<QyuzaGq/GKt/AAAB> Apr 7 23:37:07 isp dovecot: imap([email protected])<358824><QyuzaGq/GKt/AAAB>: Logged out in=70 out=668 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Apr 7 23:37:07 isp dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=358827, secured, session=<Mbu3aGq/Gqt/AAAB> Apr 7 23:37:07 isp dovecot: imap([email protected])<358827><Mbu3aGq/Gqt/AAAB>: Logged out in=318 out=2863 deleted=0 expunged=0 trashed=0 hdr_count=4 hdr_bytes=879 body_count=0 body_bytes=0 Apr 7 23:37:07 isp dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=358828, secured, session=</RG4aGq/HKt/AAAB> Apr 7 23:37:07 isp dovecot: imap([email protected])<358828></RG4aGq/HKt/AAAB>: Logged out in=120 out=801 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Apr 7 23:37:59 isp postfix/smtpd[358815]: connect from mail-ot1-f44.google.com[209.85.210.44] Apr 7 23:37:59 isp postfix/smtpd[358815]: C09F113F1A7: client=mail-ot1-f44.google.com[209.85.210.44] Apr 7 23:37:59 isp postfix/cleanup[358818]: C09F113F1A7: message-id=<[email protected]om> Apr 7 23:38:00 isp postfix/qmgr[356741]: C09F113F1A7: from=<[email protected]>, size=2733, nrcpt=1 (queue active) Apr 7 23:38:00 isp dovecot: lmtp(358821): Connect from local Apr 7 23:38:00 isp dovecot: lmtp([email protected])<358821><aJFyEVhCbmCleQUAe/Z/7g>: sieve: msgid=<[email protected]om>: stored mail into mailbox 'INBOX' Apr 7 23:38:00 isp postfix/lmtp[358819]: C09F113F1A7: to=<[email protected]>, relay=isp.remedium.sg[private/dovecot-lmtp], delay=0.57, delays=0.55/0/0/0.01, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> aJFyEVhCbmCleQUAe/Z/7g Saved) Apr 7 23:38:00 isp postfix/qmgr[356741]: C09F113F1A7: removed Apr 7 23:38:00 isp dovecot: lmtp(358821): Disconnect from local: Client has quit the connection (state=READY) Apr 7 23:38:00 isp postfix/smtpd[358815]: disconnect from mail-ot1-f44.google.com[209.85.210.44] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7 Apr 7 23:38:07 isp dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=358848, secured, session=<2PVLbGq/Qqt/AAAB> Apr 7 23:38:07 isp dovecot: imap([email protected])<358848><2PVLbGq/Qqt/AAAB>: Logged out in=318 out=3343 deleted=0 expunged=0 trashed=0 hdr_count=5 hdr_bytes=1145 body_count=0 body_bytes=0 Apr 7 23:38:24 isp postfix/smtpd[358815]: connect from rs241.mailgun.us[209.61.151.241] Apr 7 23:38:25 isp postfix/smtpd[358815]: NOQUEUE: reject: RCPT from rs241.mailgun.us[209.61.151.241]: 550 5.1.0 <[email protected]>: Sender address rejected: User unknown in virtual mailbox table; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<rs241.mailgun.us> Apr 7 23:38:25 isp postfix/smtpd[358815]: disconnect from rs241.mailgun.us[209.61.151.241] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6 Apr 7 23:39:07 isp dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=359204, secured, session=<S3rfb2q/Xqt/AAAB> Apr 7 23:39:07 isp dovecot: imap([email protected])<359204><S3rfb2q/Xqt/AAAB>: Logged out in=136 out=1169 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Any help would be GREATLY appreciated...! I thank you so much. Please let me know if you require any other information.
So mailgun is sending to you claiming the message is from an address in your domain which doesn't exist, and appears may even be randomly generated? That just seems like a wrong setup; eg. any mail they send which bounces will have the bounces going to your server and they will get rejected? Or mailgun is actually the mx host for your domain? If the latter, and you otherwise don't receive mail to your domain directly from the internet, they adding your domain to the postfix whitelist, type sender.
Morning Jesse! Appreciate the reply! It seems that adding remedium.sg to the whitelist type sender has solved the problem...! Thanks!! Mailgun is not the MX, see the attachment. Any explanation why? I have been busy with this for literally hours. This issue came when upgrading from 3.1 to 3.2. Thanks again, much much appreciated!
Various mail restrictions were added in 3.2 versions, which explains the change; it is still not clear why you would have an external mail delivery service send mail for you using generated bounce addresses for which they cannot receive the bounces, nor does it seem like a good idea that they would use addresses on your main domain to send from, which eg. will preclude you from ever setting up a restrictive dmarc policy (or you must allow mailgun to dkim sign for all addresses in your domain, which isn't ideal); it seems like them using a subdomain or different domain entirely would be the way to go. But, glad your current issue is solved.
