sending mail ok, but incoming deferred

Discussion in 'Installation/Configuration' started by dumb-medic, Jan 11, 2006.

  1. dumb-medic

    dumb-medic New Member

    Hi,

    got this in var/log/mail:

    Jan 11 16:16:43 www postfix/smtpd[11550]: connect from mail.gmx.net[213.165.64.21]
    Jan 11 16:16:43 www postfix/smtpd[11550]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead
    Jan 11 16:16:43 www postfix/smtpd[11550]: 637801E148: client=mail.gmx.net[213.165.64.21]
    Jan 11 16:16:43 www postfix/cleanup[11553]: 637801E148: message-id=<[email protected]>
    Jan 11 16:16:43 www postfix/qmgr[4467]: 637801E148: from=<[email protected]>, size=886, nrcpt=1 (queue active)
    Jan 11 16:16:43 www postfix/qmgr[4467]: 637801E148: to=<[email protected]>, orig_to=<[email protected]>, relay=none, delay=0, status=deferred (delivery temporarily suspended: connect to mydomain.tld[x.x.x.x]: Connection refused)
    Jan 11 16:16:43 www postfix/smtpd[11550]: disconnect from mail.gmx.net[213.165.64.21]

    regards,
    dumb-medic
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Does the website for www.mydomain.tld has an co-domain mydomain.tld where the host field is empty? If not, create the co-domain.

    Is mydomain.tld in the file /etc/postfix/local-host-names ?
     
  3. dumb-medic

    dumb-medic New Member

    hi till,

    yep, mydomain.tld is a co-domain without <host> on ip 192.168.x.x

    cat of /etc/postfix/local-host-names (exactly, only fqdn changed)

    ###################################
    #
    # ISPConfig local-host-names Configuration File
    # Version 1.0
    #
    ###################################
    localhost
    www.mydomain.tld
    localhost.www.mydomain.tld
    localhost.mydomain.tld
    www.myseconddomain.tld
    mydomain.tld
    #### MAKE MANUAL ENTRIES BELOW THIS LINE!

    for info:
    mydomain.tld is bound to a fw which is masq. to 192.168..x.x
    but telnet mydomain.tld 25 (or www.mydomain.tld or mail.mydomain.tld) always get through, but i don't think that here's soemthing wrong, i would not be able to send mails if so.

    please have a look at this:
    zonefile:
    $TTL 86400
    @ IN SOA ns.somedomain.tld. admin.mydomain.tld. (
    2006011001 ; serial, todays date + todays serial #
    28800 ; refresh, seconds
    7200 ; retry, seconds
    604800 ; expire, seconds
    86400 ) ; minimum, seconds
    ;
    NS ns.somedomain.tld. ; Inet Address of name server 1
    NS mydomain.tld. ; Inet Address of name server 2
    ;

    mail MX 10 mydomain.tld.

    mydomain.tld. A x.x.x.x
    mydomain.tld A x.x.x.x
    mail A x.x.x.x
    www A x.x.x.x

    ;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;;

    wondering why "mydomain.tld" is listed twice, only difference is the dot after the first listed mydomain.tld
    could be the problem?
    i've had problems setting up dns (zonefiles werde edited manually), but i thought it was fixed because of 100% functionality...

    regards,
    dumb-medic
     
  4. falko

    falko Super Moderator Howtoforge Staff

    Do
    Code:
    dig mydomain.tld
    and
    Code:
    dig MX mydomain.tld
    show the correct values?
     
  5. dumb-medic

    dumb-medic New Member

    looks ok to me:
    # dig mydomain.at
    ; <<>> DiG 9.2.4 <<>> mydomain.at
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30748
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;mydomain.at. IN A

    ;; ANSWER SECTION:
    mydomain.tld. 86400 IN A 212.69.161.236

    ;; AUTHORITY SECTION:dig mydomain.at
    mydomain.tld. 86400 IN NS ns.sonedomain.tld.
    mydomain.tld. 86400 IN NS mydomain.tld.

    ;; ADDITIONAL SECTION:
    ns.sonedomain.tld. 86400 IN A x.x.x.x
    mydomain.tld. 86400 IN A x.x.x.x

    ;; Query time: 15 msec
    ;; SERVER: x.x.x.x#53(x.x.x.x)
    ;; WHEN: Wed Jan 11 21:29:40 2006
    ;; MSG SIZE rcvd: 121


    # dig mx mydomain.tld
    ; <<>> DiG 9.2.4 <<>> mx mydomain.tld
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32964
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;mydomain.tld. IN MX

    ;; AUTHORITY SECTION:
    mydomain.tld. 86400 IN SOA ns.somedomain.tld. admin.mydomain.tld. 2006011001 28800 7200 604800 86400

    ;; Query time: 15 msec
    ;; SERVER: 216.200.116.12#53(216.200.116.12)
    ;; WHEN: Wed Jan 11 21:39:21 2006
    ;; MSG SIZE rcvd: 87

    regards,
    dumb-medic
     
  6. dumb-medic

    dumb-medic New Member

    take tld as at ;-)
     
  7. falko

    falko Super Moderator Howtoforge Staff

    Looks ok, however you should consider creating an MX record for your domain.

    Please post the output of
    Code:
    netstat -tap
    Also, what's the value of inet_interfaces in /etc/postfix/main.cf?
     
  8. dumb-medic

    dumb-medic New Member

    netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:mysql *:* LISTEN 3643/mysqld
    tcp 0 0 *:netbios-ssn *:* LISTEN 3974/smbd
    tcp 0 0 *:5901 *:* LISTEN 4212/xinetd
    tcp 0 0 *:sunrpc *:* LISTEN 3419/portmap
    tcp 0 0 *:hosts2-ns *:* LISTEN 4306/ispconfig_http
    tcp 0 0 *:ftp *:* LISTEN 4586/proftpd: (acce
    tcp 0 0 192.168.x.x:domain *:* LISTEN 4525/named
    tcp 0 0 www.mydomain.a:domain *:* LISTEN 4525/named
    tcp 0 0 localhost:domain *:* LISTEN 4525/named
    tcp 0 0 *:ipp *:* LISTEN 3917/cupsd
    tcp 0 0 *:smtp *:* LISTEN 18602/master
    tcp 0 0 localhost:953 *:* LISTEN 4525/named
    tcp 0 0 localhost:6010 *:* LISTEN 27991/3
    tcp 0 0 *:microsoft-ds *:* LISTEN 3974/smbd
    tcp 0 0 *:imaps *:* LISTEN 3741/couriertcpd
    tcp 0 0 *:pop3s *:* LISTEN 3701/couriertcpd
    tcp 0 0 *:pop3 *:* LISTEN 3697/couriertcpd
    tcp 0 0 *:imap *:* LISTEN 3747/couriertcpd
    tcp 0 0 *:www-http *:* LISTEN 4378/httpd2-prefork
    tcp 0 0 *:ssh *:* LISTEN 3605/sshd
    tcp 0 0 *:smtp *:* LISTEN 18602/master
    tcp 0 0 localhost:953 *:* LISTEN 4525/named
    tcp 0 0 localhost:6010 *:* LISTEN 27991/3
    tcp 0 0 *:https *:* LISTEN 4378/httpd2-prefork
    tcp 48 0 www.mydomain.tld:ssh 192.168.x.x:1046 ESTABLISHED 27991/3


    Also, what's the value of inet_interfaces in /etc/postfix/main.cf?
    inet_interfaces = all

    complete file (skipped comments):

    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/lib/postfix
    mail_owner = postfix
    unknown_local_recipient_reject_code = 550
    debug_peer_level = 2
    debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail
    newaliases_path = /usr/bin/newaliases
    mailq_path = /usr/bin/mailq
    setgid_group = maildrop
    html_directory = /usr/share/doc/packages/postfix/html
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/packages/postfix/samples
    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    biff = no
    mail_spool_directory = /var/mail
    canonical_maps = hash:/etc/postfix/canonical
    #virtual_maps = hash:/etc/postfix/virtual
    relocated_maps = hash:/etc/postfix/relocated
    transport_maps = hash:/etc/postfix/transport
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    masquerade_exceptions = root
    masquerade_classes = envelope_sender, header_sender, header_recipient
    myhostname = mail.$mydomain
    program_directory = /usr/lib/postfix
    inet_interfaces = all
    masquerade_domains =
    #mydestination = $myhostname, localhost.$mydomain
    defer_transports =
    disable_dns_lookups = no
    relayhost =
    mailbox_command =
    mailbox_transport =
    smtpd_sender_restrictions = hash:/etc/postfix/access
    smtpd_client_restrictions =
    smtpd_helo_required = no
    smtpd_helo_restrictions =
    strict_rfc821_envelopes = no
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
    smtp_sasl_auth_enable = no
    smtpd_sasl_auth_enable = yes
    smtpd_use_tls = yes
    smtp_use_tls = yes
    alias_maps = hash:/etc/aliases
    mailbox_size_limit = 0
    message_size_limit = 10240000
    mydomain = mydomain.at
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_tls_auth_only = no
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    home_mailbox = Maildir/
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names

    regards,
    dumb-medic
     
  9. dumb-medic

    dumb-medic New Member

    found out that on my ispconfig-machine a nslookup of mydomain.tld points to the official internet-ip,
    this cannot be right i think, my firewall masquerades all traffic coming from the internet
    to my lan-ip 192.168.x.x

    if postfix tries to connect to mydomain.tld it is obviously connecting to my firewall.
    to proof this i've captured via tethereal while sending a mail to mydomain.tld, and i am right:
    Capturing on eth0 (ispconfig-machine)
    0.000000 192.168.x.x -> x.x.x.x TCP 53916 > smtp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=98438570 TSER=0 WS=2
    0.000191 x.x.x.x -> 192.168.x.x TCP smtp > 53916 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0

    192.168.x.x is the ispconfig-machine.
    x.x.x.x is my official ip, bound to the firewall.

    i am slightly confused why postfix don't know that mydomain.tld == localhost?

    regards,
    dumb-medic
     
  10. falko

    falko Super Moderator Howtoforge Staff

    Did you forward port 25 from your router to your server?
    Maybe your router isn't able to loop bak into its own local network...

    Postfix does DNS lookups.
     
  11. dumb-medic

    dumb-medic New Member

    thx falko, fixed that fw-mistake: enabling masquerading on the internal interface of my FW now allows postfix to connect, but i cannot receive mail anyway.

    mail sent from internet:
    /var/log/mail (192.168.x.x = internal interface of the fw):
    Jan 13 02:45:30 www postfix/smtpd[1333]: 63F80F95B: client=unknown[192.168.x.x]
    Jan 13 02:45:30 www postfix/cleanup[1336]: 63F80F95B: message-id=<[email protected]>
    Jan 13 02:45:30 www postfix/qmgr[1264]: 63F80F95B: from=<[email protected]>, size=1137, nrcpt=1 (queue active)
    Jan 13 02:45:31 www postfix/local[1337]: 63F80F95B: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=1, status=sent (delivered to command: /usr/bin/procmail -f-)
    Jan 13 02:45:31 www postfix/qmgr[1264]: 63F80F95B: removed

    mail sent from ispconfig-user to itself:
    Jan 13 03:02:41 www postfix/smtpd[1667]: E2CD1F966: client=localhost[127.0.0.1]
    Jan 13 03:02:41 www postfix/cleanup[1670]: E2CD1F966: message-id=<[email protected]>
    Jan 13 03:02:41 www postfix/qmgr[1264]: E2CD1F966: from=<[email protected]>, size=972, nrcpt=1 (queue active)
    Jan 13 03:02:43 www postfix/local[1671]: E2CD1F966: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=2, status=sent (delivered to command: /usr/bin/procmail -f-)
    Jan 13 03:02:43 www postfix/qmgr[1264]: E2CD1F966: removed

    "nrcpt=1" means the recipient is unknown to postfix?

    regards,
    dumb-medic
     
    Last edited: Jan 13, 2006
  12. falko

    falko Super Moderator Howtoforge Staff

    Both emails have been sent without problems. I guess you've disabled Maildir in ISPConfig. You must enable Maildir because you're using Courier-POP3 and Courier-IMAP.
     
  13. dumb-medic

    dumb-medic New Member

    strike!

    You have 216 messages, 216 unread in the folder Inbox

    unbelievable.

    thanks falko, thanks till, hat's off.

    thanks ispconfig for beeing one of the most awesome experience i've made through all my it-years.

    regards,
    dumb-medic
     

Share This Page