fresh ubuntu 20.04 with ispconfig 3.2.1 and mail issues out of the box

Discussion in 'Installation/Configuration' started by ragy, Dec 17, 2020.

  1. ragy

    ragy New Member

    hello everyone from the ISPconfig team and fans/forum helpers and many thanks for your efforts in this awesome project.

    i have a problem with my setup that i can't send mail using any mail client from an outside network like from a cell phone (with 3g/4g network), i have been trying for two or more weeks to follow other guides on the internet that talking about relying and but i wasn't able to fix the issue ... please some guidance.

    i did install a fresh new ubuntu 20.04 following the perfict server guide [https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/], and followed the mail server guide [https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/].
    and right now i have all required dns records as per the tutorials, so now when testing with mail-tester.com i get 6.9/10.
    - A mail x.x.x.58
    - A web x.x.x.59
    - A www x.x.x.59
    - mx mail.my-domain.com
    - txt dkim(generated with ispconfig)
    - txt spf(generated with tools as per mail tutorial)
    - txt dkim(generated with tools as per mail tutorial)
    - ptr 58.x.x.x.in-addr.arpa domain name pointer mail.my-domain.com.(done with my isp)

    my two servers are behind router running 1:1 nat so
    mail.my-domain ( local_ip= 172.16.0.101, real_ip=x.x.x.58, ip_in_hosts_file=local_ip as per perfect server guide)
    mail.my-domain ( local_ip= 172.16.0.102, real_ip=x.x.x.59, ip_in_hosts_file=local_ip as per perfect server guide)

    this is a mail.log when sending mail from my mobile client (with lte network), wan ip=196.132.13.129
    Code:
    Dec 16 20:01:10 mail postfix/submission/smtpd[138201]: connect from unknown[196.132.13.129]
    Dec 16 20:01:11 mail postfix/submission/smtpd[138201]: NOQUEUE: filter: RCPT from unknown[196.132.13.129]: <[email protected]>: Sender address triggers FILTER lmtp:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[10.167.31.70]>
    Dec 16 20:01:11 mail postfix/submission/smtpd[138201]: 8F61F16020C: client=unknown[196.132.13.129], sasl_method=PLAIN, [email protected]
    Dec 16 20:01:11 mail postfix/cleanup[138203]: 8F61F16020C: message-id=<[email protected]>
    Dec 16 20:01:11 mail postfix/qmgr[3918]: 8F61F16020C: from=<[email protected]>, size=1538, nrcpt=1 (queue active)
    Dec 16 20:01:11 mail postfix/submission/smtpd[138201]: disconnect from unknown[196.132.13.129] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
    Dec 16 20:01:12 mail postfix/smtpd[138207]: connect from localhost[127.0.0.1]
    Dec 16 20:01:12 mail postfix/smtpd[138207]: 6FD9B16020E: client=localhost[127.0.0.1]
    Dec 16 20:01:12 mail postfix/cleanup[138203]: 6FD9B16020E: message-id=<[email protected]>
    Dec 16 20:01:12 mail postfix/qmgr[3918]: 6FD9B16020E: from=<[email protected]>, size=2639, nrcpt=1 (queue active)
    Dec 16 20:01:12 mail postfix/smtpd[138207]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Dec 16 20:01:12 mail amavis[133547]: (133547-04) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [127.0.0.1] [196.132.13.129] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: G9F_7B-x33Mc, Hits: -0.998, size: 1538, queued_as: 6FD9B16020E, dkim_new=default:my-domain.com, 655 ms
    Dec 16 20:01:12 mail postfix/lmtp[138204]: 8F61F16020C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.1, delays=0.44/0.01/0/0.66, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 6FD9B16020E)
    Dec 16 20:01:12 mail postfix/qmgr[3918]: 8F61F16020C: removed
    Dec 16 20:01:22 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=138236, secured, session=<CDO9qZi2tMh/AAAB>
    Dec 16 20:01:22 mail dovecot: imap([email protected])<138236><CDO9qZi2tMh/AAAB>: Logged out in=156 out=1073 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
    Dec 16 20:01:25 mail postfix/smtp[138234]: 6FD9B16020E: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.76.26]:25, delay=13, delays=0.06/0.04/1.6/11, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[173.194.76.26] said: 554 5.7.1 Message refused by DNSBL check. bl.nsZones.com / 196.132.13.129 This email from IP x.x.x.58 has been rejected. The email message was detected as spam. (in reply to end of DATA command))
    Dec 16 20:01:25 mail postfix/cleanup[138203]: 52D0F16020F: message-id=<[email protected]>
    Dec 16 20:01:25 mail postfix/qmgr[3918]: 52D0F16020F: from=<>, size=4940, nrcpt=1 (queue active)
    Dec 16 20:01:25 mail postfix/bounce[138237]: 6FD9B16020E: sender non-delivery notification: 52D0F16020F
    Dec 16 20:01:25 mail postfix/qmgr[3918]: 6FD9B16020E: removed
    Dec 16 20:01:25 mail dovecot: lda([email protected])<138238><MvcXGXVL2l/+GwIA+5twOw>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
    Dec 16 20:01:25 mail postfix/pipe[138208]: 52D0F16020F: to=<[email protected]>, relay=dovecot, delay=0.41, delays=0.04/0.01/0/0.36, dsn=2.0.0, status=sent (delivered via dovecot service)
    Dec 16 20:01:25 mail postfix/qmgr[3918]: 52D0F16020F: removed
     
  2. ragy

    ragy New Member

    and this is the postfix config no changes at all made (ispconfig 3.2.1 configs)
    Code:
    # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
    # fresh installs.
    compatibility_level = 2
    
    
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_security_level = may
    
    smtp_tls_CApath=/etc/ssl/certs
    smtp_tls_security_level = dane
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    
    smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    myhostname = mail.rasnix.com
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = mail.rasnix.com, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023
    smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status
    smtpd_use_tls = yes
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
    smtpd_helo_required = yes
    smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_reject_unlisted_sender = yes
    smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining , permit
    smtpd_etrn_restrictions = permit_mynetworks, reject
    smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    smtpd_tls_mandatory_ciphers = medium
    tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
    tls_preempt_cipherlist = yes
    address_verify_negative_refresh_time = 60s
    enable_original_recipient = no
    smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS
    address_verify_sender_ttl = 15686s
    smtp_dns_support_level = dnssec
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = lmtp:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
     
  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Google rejected the message because your client's address (which would appear in a Received: header) is on a blacklist; everything on your server appears to be working properly.
     
  4. ragy

    ragy New Member

    @jesse thanks for your reply.
    I did notice that but from what I do understand the mail server should accept the mail even if it comes from a blacklisted IP because this is an authenticated user then it should forward / relay the email from the server's IP which is not blacklisted, do i understand this correctly ???
    from my previous attempts to overcome this issue for some unknown reason if i UN-comment this line"-o smtpd_recipient_restrictions=" in /etc/postfix/master.cf of the submission section the email will be delivered to some email providers like yahoo ... :confused:
     
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Yes, that's exactly what is happening; google doesn't reject because of the server's ip, it cites your client's ip in the message, so it's inspecting Received headers in addition to the connecting ip (of your server).

    This sounds like a different issue; if you want to look into it more, put config back to default, send another email which gets rejected, and post the message/details.
     
  6. ragy

    ragy New Member

    once again jesse thank you for you help.
    and about the change i mentioned in the master file, i wasn't able to reproduce the same effect as i think i did change more than that parameter but can't remember exactly, sorry - my bad.
     

Share This Page