My platform
OpenSuse 10.2
Postfix 2.3.2_28
ISPConfig 2.2.23

DNS configs
Using "example" in lieu of my domain name, and 11.111.11.111 in lieu of my IP)
* I run my own DNS server as primary, and use 1and1's as secondary
* In ISPConfig, under ISP Manager: Co-Domains set up for example.com and www.example.com, with DNS MX unchecked
* In ISPConfig, under DNS Manager:
- A Names set up for www.example.com, example.com, mail.example.com, ns1.example.com
- MX set up for for mail.example.com priority 10, example.com priority 20
- SPF set up for for example.com
* I also checked that the above records are in my /var/lib/named/pri.example.com file

mail MX 10 example.com
MX 20 example.com

example.com. A 11.111.11.111
www A 11.111.11.111
ns1 A 11.111.11.111
mail A 11.111.11.111
example.com. A 11.111.11.111 --- somehow I have two of these, do I need to delete the A Name from ISPConfig? Does the creation of a Co-Domain in ISPConfig automatically create an A Name? Does this extra line matter?

example.com. TXT "v=spf1 a mx ptr ~all"

What's working
* DNS is working, I'm able to browse (via browser) to the domain name and co-domains set up in ISPConfig. I'm also able to ping the domain and various sub-domains.
* I'm able to hook up Outlook client to my mail server, have successfully send and received emails to/from Gmail/Yahoo Mail.

What's not quite working
1) When testing my server on pingability.com and mxtoolbox.com, the tools reports back that "No MX records for 'example.com', using its A record(s)". I don't understand why this is since ISPConfig shows that I have MX records set up, and file pri.example.com displays the MX records. What am I missing?

2) Mail sent to Yahoo Mail goes straight to Spam Folder. I read that one common issue is if the mail server has open relay. I checked my server using the diagnostic tool on mxtoolbox, and it says that the server is not open relay so that's not it. Someone else suggested using a signature, I did, but there's no impact either. Mail still gets sent to the spam folder. (But this doesn't happen on Gmail, the mail goes to my Inbox on Gmail just fine.) I wonder if problem #1 causes the problem #2? :confused:

1) When testing my server on pingability.com and mxtoolbox.com, the tools reports back that "No MX records for 'example.info', using its A record(s)". I don't understand why this is since ISPConfig shows that I have MX records set up, and file pri.example.com displays the MX records. What am I missing?Please check if your name server is responsible for the domain. you can do that by running dig ns example.com

2) Mail sent to Yahoo Mail goes straight to Spam Folder. I read that one common issue is if the mail server has open relay. I checked my server using the diagnostic tool on mxtoolbox, and it says that the server is not open relay so that's not it. Someone else suggested using a signature, I did, but there's no impact either. Mail still gets sent to the spam folder. (But this doesn't happen on Gmail, the mail goes to my Inbox on Gmail just fine.) I wonder if problem #1 causes the problem #2? :confused:Please check if your server is blacklisted: http://mxtoolbox.com/blacklists.aspx

Please check if your name server is responsible for the domain. you can do that by running

Yes it is. This information was seen on the pingability.com test as well.

; <<>> DiG 9.3.2 <<>> ns example.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50379
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com. IN NS

;; ANSWER SECTION:
example.com. 86400 IN NS slv1.1and1.com.
example.com. 86400 IN NS ns1.example.com.

;; Query time: 457 msec
;; SERVER: 11.111.11.1#53(11.111.11.1)
;; WHEN: Wed Jun 11 10:44:21 2008
;; MSG SIZE rcvd: 74

Please check if your server is blacklisted: http://mxtoolbox.com/blacklists.aspx

Checked, and it's not blacklisted from the servers that responded. 5 servers timed out.

Other ideas?

What's the output of dig mx example.com?

Do you have an SPF record for example.com?

Output for dig mx example.com -

; <<>> DiG 9.3.2 <<>> mx example.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46429
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com. IN MX

;; Query time: 590 msec
;; SERVER: 11.111.11.1#53(11.111.11.1)
;; WHEN: Thu Jun 12 12:10:36 2008
;; MSG SIZE rcvd: 28


I have example.com set up as a SPF record in ISPConfig. Here's the corresponding line on the pri.example.com file.

example.com. TXT "v=spf1 a mx ptr ~all"

Another funny thing is that mail sent via an Outlook client takes a while to receive at Yahoo Mail. But from the same server, mail from root gets to Yahoo Mail immediately. Why's that?

Another funny thing is that mail sent via an Outlook client takes a while to receive at Yahoo Mail. But from the same server, mail from root gets to Yahoo Mail immediately. Why's that?

Any errors in your mail log?

Can you run dig against your DNS server directly?
dig @your.dns.server mx example.comWhat's the output?

In /var/log/mail.err, I have a ton of these every time my Outlook is opened.

Jun 13 11:43:57 b169 imapd: Error: Input/output error
Jun 13 11:43:57 b169 imapd: Check for proper operation and configuration
Jun 13 11:43:57 b169 imapd: of the File Access Monitor daemon (famd).
Jun 13 11:44:30 b169 imapd: Failed to create cache file: maildirwatch (web2_xtine)

I get the following from tail /var/log/mail.warn. I guess this is benign.

Jun 13 08:48:22 b169 freshclam[31580]: Your ClamAV installation is OUTDATED!
Jun 13 08:48:22 b169 freshclam[31580]: Local version: 0.93 Recommended version: 0.93.1
Jun 13 08:48:22 b169 freshclam[31580]: Your ClamAV installation is OUTDATED!
Jun 13 08:48:22 b169 freshclam[31580]: Current functionality level = 29, recommended = 31
Jun 13 10:13:26 b169 postfix/smtpd[1903]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertable
Jun 13 10:13:31 b169 postfix/smtpd[1903]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead
Jun 13 11:12:22 b169 freshclam[31580]: Your ClamAV installation is OUTDATED!
Jun 13 11:12:22 b169 freshclam[31580]: Local version: 0.93 Recommended version: 0.93.1
Jun 13 11:12:23 b169 freshclam[31580]: Your ClamAV installation is OUTDATED!
Jun 13 11:12:23 b169 freshclam[31580]: Current functionality level = 29, recommended = 31


b169:/var/log # dig @ns1.example.com mx example.com


; <<>> DiG 9.3.2 <<>> @ns1.example.com mx example.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30627
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com. IN MX

;; AUTHORITY SECTION:
example.com. 86400 IN SOA ns1.example.com. myadminemail.yahoo.com. 2008061205 28800 7200 604800 86400

;; Query time: 1 msec
;; SERVER: 11.111.11.111#53(11.111.11.111)
;; WHEN: Fri Jun 13 12:55:02 2008
;; MSG SIZE rcvd: 87

Same answer was received from secondary DNS
b169:/var/log # dig @slv1.1and1.com mx example.com

; <<>> DiG 9.3.2 <<>> @slv1.1and1.com mx example.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46249
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com. IN MX

;; AUTHORITY SECTION:
example.com. 86400 IN SOA ns1.example.com. myadminemail.yahoo.com. 2008061205 28800 7200 604800 86400

;; Query time: 131 msec
;; SERVER: 217.160.224.4#53(217.160.224.4)
;; WHEN: Fri Jun 13 12:59:39 2008
;; MSG SIZE rcvd: 97

Jun 13 11:43:57 b169 imapd: of the File Access Monitor daemon (famd).Please restart famd.

Jun 13 10:13:26 b169 postfix/smtpd[1903]: warning: database /etc/postfix/virtusertable.db is older than source file /etc/postfix/virtusertableRun postmap /etc/postfix/virtusertable and restart Postfix.

Jun 13 10:13:31 b169 postfix/smtpd[1903]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" insteadReplace check_relay_domains with reject_unauth_destination in /etc/postfix/main.cf and restart Postfix.

What's in /etc/named.conf?

first off, is it 'example.info' or 'example.com' ?

there is no MX reported by the dig,
when is the last time you restarted the named ?
When you do restart it, check the /var/log/messages for all the information logged by named.

Falko -

I restarted famd, ran postmap /etc/postfix/virtusertable, and restarted postfix. It seems I have the same problem that's described in this thread in regards to the virtusertable. Should I run the postmap command and restart postfix every so often? How often?
http://www.howtoforge.com/forums/archive/index.php/t-10321.html

In /etc/named.conf. Note: substitution names are used, in navy (b169.my.servername.com and anothervirtualhostname.com).

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = b169.my.servername.com
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
defer_transports =
mynetworks_style = subnet
disable_dns_lookups = no
relayhost =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,rejec
t_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
mydomain = anothervirtualhostname.com
mynetworks = 127.0.0.0/8
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names

Chipsafts -

first off, is it 'example.info' or 'example.com' ?
I had a typo. It's just a substitution. ;)

there is no MX reported by the dig,
when is the last time you restarted the named ?

A couple of weeks ago when I set it up. I just restarted it and this is what's seen in /var/log/messages (substitutions in navy).

Jun 16 19:17:14 b169 named[31024]: shutting down: flushing changes
Jun 16 19:17:14 b169 named[31024]: stopping command channel on 127.0.0.1#953
Jun 16 19:17:14 b169 named[31024]: stopping command channel on ::1#953
Jun 16 19:17:14 b169 named[31024]: no longer listening on 127.0.0.1#53
Jun 16 19:17:14 b169 named[31024]: no longer listening on 11.111.11.111#53
Jun 16 19:17:14 b169 named[31024]: no longer listening on 192.168.1.2#53
Jun 16 19:17:14 b169 named[31024]: exiting
Jun 16 19:17:14 b169 named[27482]: starting BIND 9.3.2 -t /var/lib/named -u named
Jun 16 19:17:14 b169 named[27482]: found 1 CPU, using 1 worker thread
Jun 16 19:17:14 b169 named[27482]: loading configuration from '/etc/named.conf'
Jun 16 19:17:14 b169 named[27482]: listening on IPv4 interface lo, 127.0.0.1#53
Jun 16 19:17:14 b169 named[27482]: listening on IPv4 interface eth0, 11.111.11.111#53
Jun 16 19:17:14 b169 named[27482]: listening on IPv4 interface eth0:0, 192.168.1.2#53
Jun 16 19:17:14 b169 named[27482]: command channel listening on 127.0.0.1#953
Jun 16 19:17:14 b169 named[27482]: command channel listening on ::1#953
Jun 16 19:17:14 b169 named[27482]: zone 0.0.127.in-addr.arpa/IN: loaded serial 42
Jun 16 19:17:14 b169 named[27482]: zone 11.111.11.in-addr.arpa/IN: loaded serial 2008060101
Jun 16 19:17:14 b169 named[27482]: zone example.com/IN: loaded serial 2008061501
Jun 16 19:17:14 b169 named[27482]: zone anothervirtualhostname.com/IN: loaded serial 2008060101
Jun 16 19:17:14 b169 named[27482]: running
Jun 16 19:17:14 b169 named[27482]: zone example.com/IN: sending notifies (serial 2008061501)

Should I run the postmap command and restart postfix every so often? How often?I don't know why this happens (SUSE - sigh...), but you must do this whenever you see the warning.

Can you post your /etc/named.conf?

This is what's in my /etc/named.conf (I just chopped off the comments). Note: substitution names are used, in navy (b169.my.servername.com and anothervirtualhostname.com)

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = b169.my.servername.com
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
defer_transports =
mynetworks_style = subnet
disable_dns_lookups = no
relayhost =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,rejec
t_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
mydomain = anothervirtualhostname.com
mynetworks = 127.0.0.0/8
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names

A friend came over to my house and looked at this for me. Turns out the culprit is this line in the pri.example.com file.

mail MX 10 example.com

He explained to me that since this is the first line for MX, DNS is using the MX records for the mail.example.com subdomain. Once I removed that line, pingability.com is able to see my MX record. Yay!

I'm still getting a delay in sending mail to Yahoo though. I've emailed their support team, but haven't received anything useful yet. This is what's seen on my mail.info log.

Jun 17 13:33:11 b169 postfix/smtp[11973]: EF92A5E829E: to=<mytestemail@yahoo.com>, relay=f.mx.mail.yahoo.com[209.191.88.247]:25, delay=4, delays=0.81/0.02/3.1/0, dsn=4.0.0, status=deferred (host f.mx.mail.yahoo.com[209.191.88.247] refused to talk to me: 421 Message from (11.111.11.111) temporarily deferred - 4.16.50. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html)

The behavior is changing, it seems. Yesterday, there was no delay in delivering the mail, but it ended up in the Spam Folder still. Today, there's a delay in delivering the mail (around 30 minutes), but the mail arrived in my Inbox instead of the Spam Folder.

I wonder if the postfix virtusertable issue has something to do with ISPConfig.

This is what's in my /etc/named.conf (I just chopped off the comments). Note: substitution names are used, in navy (b169.my.servername.com and anothervirtualhostname.com)

This is your Postfix configuration. Is it possible that you saved it in your named.conf instead of in /etc/postfix/main.cf?

Hey Falko,

My bad. Below is the /etc/name.conf. I'm good with the MX record though now. :D

The only remaining problem I have is delay in getting email to Yahoo Mail at this point.

From Pingability.com, I got a "heads-up," do I need to do anything about this?
Heads-up: This mail server has no reverse DNS (PTR) record. Some email servers require a PTR record from any server that connects to them and reject any email from a mail server without a PTR record.

/etc/name.conf
options {
pid-file "/var/lib/named/var/run/named/named.pid";
directory "/var/lib/named";
auth-nxdomain no;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-recursion {127.0.0.1;217.160.224.4;};
};

//
// a caching only nameserver config
//
zone "." {
type hint;
file "root.hint";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0.zone";
};

zone "11.111.11.in-addr.arpa" {
type master;
file "pri.11.111.11.in-addr.arpa";
};


zone "anothervirtualhostname.com" {
type master;
file "pri.anothervirtualhostname.com";
};
zone "example.com" {
type master;
file "pri.example.com";
};

//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////

The named.conf looks good. What's in pri.example.com?

You should ask your hosting company to set up a PTR record for you.

In my pri.example.com

$TTL 86400
@ IN SOA ns1.example.com. myemail.yahoo.com. (
2008061703 ; serial, todays date + todays serial #
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;
NS ns1.example.com. ; Inet Address of name serv
er 1
NS slv1.1and1.com. ; Inet Address of name serv
er 2
;

MX 30 mail.example.com.

example.com. A 11.111.11.111
www A 11.111.11.111
qa A 11.111.11.111
ns1 A 11.111.11.111
mail A 11.111.11.111
bugzilla A 11.111.11.111
twiki A 11.111.11.111
wiki A 11.111.11.111
example.com. A 11.111.11.111

example.com. TXT "v=spf1 a mx ptr ~all"

;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;;

This is what I do dig -x 11.111.11.111 (my IP), I get

; <<>> DiG 9.3.2 <<>> -x 11.111.11.111
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11262
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;111.11.111.11.in-addr.arpa. IN PTR

;; ANSWER SECTION:
111.11.111.11.in-addr.arpa. 0 IN PTR b169.servername.serverdomain.com.

;; Query time: 4 msec
;; SERVER: 11.111.22.2#53(11.111.22.2)
;; WHEN: Thu Jun 19 08:58:00 2008
;; MSG SIZE rcvd: 84

Is this sufficient as far as PTR is concerned or do I need more?

In my pri.example.comLooks ok.


This is what I do dig -x 11.111.11.111 (my IP), I get


Is this sufficient as far as PTR is concerned or do I need more?Yes, that's sufficient.