View Single Post
  #9  
Old 13th February 2010, 18:01
mazgit mazgit is offline
Junior Member
 
Join Date: Jan 2010
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Please help...

Dear HowToForge experts,
I hope you have time to check this out and help us! Would really appreciate it!
Here you will have the results of when we lookup our IP and mailserver, then you have the configurations of our ISPConfig, and at the end the main.cf and master.cf.

As you look below, we use our ISP addresses as nameserver, even if we have declared our own nameservers in ISPConfig. Where and how can we make the changes so we don’t use our Internet providers address to send mail? Now they have blocked our smtp-port for outgoing from our school’s main IP address.
When we check smtp.example.com, that we have been using in our emailusers configurations in Outlook as Outgoing mail server, this address actually is resolved to our ISP’s address (mx1.x.net)

Quote:
We have checked one of our email addresses through MX Record Lookup:
Doing MX lookup on address x@example.com
Success: the SMTP server is: mail.example.com.
________________________________________
Executed command: nslookup -sil -q=MX example.com 2>&1 with response:
Non-authoritative answer:
example.com mail exchanger = 5 mail.example.com.

Authoritative answers can be found from:
example.com nameserver = ns2.x.net. (our Internet providers addresse)
example.com nameserver = ns1.x.net. (our Internet providers addresse)
mail.example.com internet address = 1.1.1.1 (our IP of the server)
ns2.x.net internet address = 2.2.2.2(our Internet providers addresse)
Another lookup:
Quote:
example.com DNS RECORDS (http://www.who.is/dns)

Record Type TTL Priority Content
example.com A 1 day 3.3.3.3 (Apo, AE, US) IP of our webserver
example.com MX 1 day 5 mail.example.com
example.com NS 1 day ns1.x.net (our Internet providers addresse)
example.com NS 1 day ns2.x.net (our Internet providers addresse)
example.com SOA 1 day ns1.x.net. root.x.net. 2010020508 10800 3600 604800 86400
mail.example.com A 1 day 1.1.1.1 (Apo, AE, US) IP of our mailserver
test.example.com CNAME 1 day example.com
www.example.com CNAME 1 day example.com
ISPConfig - Version: 2.2.18
Quote:
In ISP Manager we have:
example.com
webmail.example.com

In the example.org we have the email users.
Under ISP Site those are the configurations:
Basis:
- Server: xmail
- Hostname: www
- Domain: example.com
- IP Address: 1.1.1.1 (the static IP of the mailserver)
- Those settings are checked: PHP Scripts, FTP Access, MySQL and Mailuser Login
Co-Domains:
- IP 1.1.1.1
- Hostname empty (nothing)
- Domain: example.com
Management:
- Settings
o Server:
 Servername: xmail
 Hostname: xmail
 Domain: example.com
 IP 1.1.1.1
 Netmask: x.x.x.x
 Admin Email: root@localhost
o Email
 MTA Type: Postfix
 Virtuser File: /etc/postfix/virtusertable
 Sendmail CW: /etc/postfix/local-host-names
 Mail Log: /var/log/mail
 Antivirus-Admin: admispconfig@localhost
 Maildir and Spamfilter are checked
o DNS
 BIND USER: named
 BIND Group: named
 Named.conf: /etc/named.conf
 Zonefiles Dir.: /var/lib/named
 Default Ns1: xmail.example.com
 Default Ns2: xmail.example.com

- Server – Services:
o Services:
 All servers are only, only the FIREWALL is OFF
o Monitoring
 Service Port Active Hostname
web 80 yes localhost
mail 25 yes localhost
o Firewall
 Name Port Type Active
 FTP 21 tcp yes
 SSH 22 tcp yes
 SMTP 25 tcp yes
 DNS 53 tcp yes
 DNS 53 udp yes
 WWW 80 tcp yes
 ISPConfig 81 tcp yes
 POP3 110 tcp yes
 SSL (www) 443 tcp yes
 Webmin 10000 tcp yes


- DNS Manager
o Here we have only webmail.example.com
DNS Entry:
 Domain:
• Server: xmail
• Domain (SOA): webmail.example.com
• IP Address: 1.1.1.1
 Options:
• Admin Email: admin@webmail.example.com
• Nameserver 1: xmail.example.com
• Nameserver 2: xmail.example.com
 Records:
• A Record:
o IP-Adresse: 1.1.1.1
o Hostname: www
• MX:
o Mailserver: xmail.example.com
o Hostname: www
Part of main.cf
Code:
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
#virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
mydomain = example.com
myhostname = xmail.$mydomain
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname, $mydomain, localhost.$mydomain
defer_transports =
disable_dns_lookups = no
relayhost = localhost
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names
Part of master.cf
Code:
/etc/postfix> cat master.cf
#
# Postfix master process configuration file.  For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
#submission inet n      -       n       -       -       smtpd
#       -o smtpd_etrn_restrictions=reject
#       -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps    inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission   inet    n       -       n       -       -       smtpd
#  -o smtpd_etrn_restrictions=reject
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
#localhost:10025 inet   n       -       n       -       -       smtpd -o content_filter=
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail  unix  -       n       n       -       -       pipe
  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
Another thing:

The mailq has not increased anymore - does this mean that the server is not trying to send more spam ?

Have tried to send mail to outgoing addresses with changing the SMTP in Outlook to mail.example.com, server IP, xmail.example.com, but it returns with "Recipient address rejected: Relay access denied".

Looking forward to your reply on how to solve this problem, or maybe we just have to reinstall the server?
Thanks for your help!
Reply With Quote