mailserver on Alibaba Cloud installation The Perfect Sever Ubuntu 20.04 does not work

Discussion in 'Installation/Configuration' started by Maik Kramer, Sep 24, 2020.

  1. Maik Kramer

    Maik Kramer New Member HowtoForge Supporter

    I made the installation now more then 15times (I The Perfect Server - Ubuntu 20.04 with Apache, PHP, MariaDB, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3.2 (Beta)) and ISPConfig works fine, but I can not send emails out and can not send emails to the email address are all returned with 550 5.1.1 Recipient address rejected: User unknown in local recipient table.
    The Firewall on the server was disabled and on Alibaba Cloud I open all ports, which has to be open. The DNS for the mailserver is set with mail.wanliju.asia. The mail.domain. is also set to the Internet IP 8.210.252.209.
    I run the MX lookup on MXtoolbox.com for wanliju.asia and DMARC Record Published, DMARC Policy Not Enabled and DNS Record Published shows up ok. Also the Test Email Server shows OK. I have no idea anymore where to look. May be some can tell me, what I have to look for, if I do the installiation in a cloud (Alibaba Cloud). Thank you!
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Can you share your main.cf and master.cf, both in separate code blocks (in the editor: Insert -> Code)?
     
  3. Maik Kramer

    Maik Kramer New Member HowtoForge Supporter

    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
    # fresh installs.
    compatibility_level = 2
    
    
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_security_level = may
    
    smtp_tls_CApath=/etc/ssl/certs
    smtp_tls_security_level = may
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    
    smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    myhostname = wanliju.asia
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = wanliju.asia, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023
    smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status
    smtpd_use_tls = yes
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions
    smtpd_helo_required = yes
    smtpd_helo_restrictions = reject_invalid_helo_hostname, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, reject_rbl_client zen.spamhaus.org, permit_sasl_authenticated, reject_unauth_pipelining , permit
    smtpd_etrn_restrictions = permit_mynetworks, reject
    smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
    smtpd_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
    smtp_tls_protocols = !SSLv2,!SSLv3, !TLSv1, !TLSv1.1
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    smtpd_tls_mandatory_ciphers = medium
    tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    tls_preempt_cipherlist = no
    enable_original_recipient = no
    address_verify_sender_ttl = 15686s
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = lmtp:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
     
    Last edited: Sep 24, 2020
  4. Maik Kramer

    Maik Kramer New Member HowtoForge Supporter

    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master" or
    # on-line: http://www.postfix.org/master.5.html).
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (no)    (never) (100)
    # ==========================================================================
    smtp      inet  n       -       y       -       -       smtpd
    #smtp      inet  n       -       y       -       1       postscreen
    #smtpd     pass  -       -       y       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       y       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       y       -       -       qmqpd
    pickup    unix  n       -       y       60      1       pickup
    cleanup   unix  n       -       y       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       y       1000?   1       tlsmgr
    rewrite   unix  -       -       y       -       -       trivial-rewrite
    bounce    unix  -       -       y       -       0       bounce
    defer     unix  -       -       y       -       0       bounce
    trace     unix  -       -       y       -       0       bounce
    verify    unix  -       -       y       -       1       verify
    flush     unix  n       -       y       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       y       -       -       smtp
    relay     unix  -       -       y       -       -       smtp
            -o syslog_name=postfix/$service_name
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       y       -       -       showq
    error     unix  -       -       y       -       -       error
    retry     unix  -       -       y       -       -       error
    discard   unix  -       -       y       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       y       -       -       lmtp
    anvil     unix  -       -       y       -       1       anvil
    scache    unix  -       -       y       -       1       scache
    postlog   unix-dgram n  -       n       -       1       postlogd
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    #  mailbox_transport = lmtp:inet:localhost
    #  virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus     unix  -       n       n       -       -       pipe
    #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix    -    n    n    -    2    pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    dovecot   unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
            -o smtp_bind_address=
    
    
    127.0.0.1:10025 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o smtpd_end_of_data_restrictions=
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
            -o disable_dns_lookups=yes
    
    
    127.0.0.1:10027 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o smtpd_end_of_data_restrictions=
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
            -o milter_default_action=accept
            -o milter_macro_daemon_name=ORIGINATING
            -o disable_dns_lookups=yes
     
    Last edited: Sep 24, 2020
  5. Maik Kramer

    Maik Kramer New Member HowtoForge Supporter

    The first one is the main.cf and the second is the master.cf
     
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    myhostname should be mail.wanliju.asia
    I would remove your domain from mydestination

    What maybe causes this is address_verify_sender_ttl = 15686s, could you remove that and restart postfix?

    Also, please put configs and stuff like that in code blocks (Insert -> code or by putting them between [ code ] [ /code ] without the spaces between the brackets)
     
  7. Maik Kramer

    Maik Kramer New Member HowtoForge Supporter

    @Thom: Thank you. I did the changes and now I do receive the first email. Whow. But I still can not send emails.
    And sorry, I just found now they way how to put the code in this textfields
     
  8. Maik Kramer

    Maik Kramer New Member HowtoForge Supporter

    When sending an email, the error I get is "SMTP Error (250): Authentification failed.
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Are you sending through a local mail client or through roundcube?
    If it's a local client, you have entered the wrong credentials. If it is roundcube, share your roundcube config.
     
  10. Maik Kramer

    Maik Kramer New Member HowtoForge Supporter

    Code:
    <?php
    
    /*
    +-----------------------------------------------------------------------+
    | Local configuration for the Roundcube Webmail installation.           |
    |                                                                       |
    | This is a sample configuration file only containing the minimum       |
    | setup required for a functional installation. Copy more options       |
    | from defaults.inc.php to this file to override the defaults.          |
    |                                                                       |
    | This file is part of the Roundcube Webmail client                     |
    | Copyright (C) The Roundcube Dev Team                                  |
    |                                                                       |
    | Licensed under the GNU General Public License version 3 or            |
    | any later version with exceptions for skins & plugins.                |
    | See the README file for a full license statement.                     |
    +-----------------------------------------------------------------------+
    */
    
    $config = array();
    
    // Do not set db_dsnw here, use dpkg-reconfigure roundcube-core to configure database!
    include_once("/etc/roundcube/debian-db-roundcube.php");
    
    // The IMAP host chosen to perform the log-in.
    // Leave blank to show a textbox at login, give a list of hosts
    // to display a pulldown menu or set one host as string.
    // Enter hostname with prefix ssl:// to use Implicit TLS, or use
    // prefix tls:// to use STARTTLS.
    // Supported replacement variables:
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %s - domain name after the '@' from e-mail address provided at login screen
    // For example %n = mail.domain.tld, %t = domain.tld
    $config['default_host'] = 'localhost';
    
    // SMTP server host (for sending mails).
    // Enter hostname with prefix ssl:// to use Implicit TLS, or use
    // prefix tls:// to use STARTTLS.
    // Supported replacement variables:
    // %h - user's IMAP hostname
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %z - IMAP domain (IMAP hostname without the first part)
    // For example %n = mail.domain.tld, %t = domain.tld
    $config['smtp_server'] = 'localhost';
    
    // SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (default)
    $config['smtp_port'] = 587;
    
    // SMTP username (if required) if you use %u as the username Roundcube
    // will use the current username for login
    $config['smtp_user'] = '%u';
    
    // SMTP password (if required) if you use %p as the password Roundcube
    // will use the current user's password for login
    $config['smtp_pass'] = '%p';
    
    // provide an URL where a user can get support for this Roundcube installation
    // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
    $config['support_url'] = '';
    
    // Name your service. This is displayed on the login screen and in the window title
    $config['product_name'] = 'Roundcube Webmail';
    
    // this key is used to encrypt the users imap password which is stored
    // in the session record (and the client cookie if remember password is enabled).
    // please provide a string of exactly 24 chars.
    // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
    $config['des_key'] = 'xxxxxxxxxxxxxxxxx';
    
    // List of active plugins (in plugins/ directory)
    // Debian: install roundcube-plugins first to have any
    $config['plugins'] = array(
    );
    
    // skin name: folder from skins/
    $config['skin'] = 'elastic';
    
    // Disable spellchecking
    // Debian: spellshecking needs additional packages to be installed, or calling external APIs
    //         see defaults.inc.php for additional informations
    $config['enable_spellcheck'] = false;
    
     
  11. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Please change your smtp_port to 25. This is fine for localhost connections.

    We removed the des key from the text because it is not secure to share that ;) I should have noted that, sorry.
     
  12. Maik Kramer

    Maik Kramer New Member HowtoForge Supporter

    @Thom: Port 25 is working, but only if I send an email from [email protected] account to [email protected] account. Sending out to external Emailaddresses works, but they never arrive.
    I found this on the web:
    So I changed the port from 25 to 465, and there is no error message, but the message is also not going out. It only shows sending message for very long and that is.
    Could you tell me, what else I have to change, that I can send with Port 465?
    Thank you
     
  13. Maik Kramer

    Maik Kramer New Member HowtoForge Supporter

    This I found on Alibaba Cloud:
     
  14. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    This port is where roundcube connects to your mail server to send mail from webmail users - 465 is probably preferred (used to be 587 preferred for submission, but that's back to 465 now because you can't screw it up as easily, it *always* has ssl in use).

    There is no way to work around if you want your server to deliver mail directly to the internet, it will always use port 25 for server-to-server delivery. If Alibaba cloud will not unblock port 25 at all, you could use an external mail delivery service to send your mail, or even install a mail server somewhere else and route all your mail there on a different port.
     
  15. Maik Kramer

    Maik Kramer New Member HowtoForge Supporter

    I sent a request to Alibaba as I found a workaround for SquirrelMail, where they use DirectMail from Alibaba.
    If I get a positiv feedback, I will post it here.
    Thank you
     
    till likes this.
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    I've moved the thread to the ISPConfig installation sub-forum.
     
  17. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  18. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe a short note on hosting mail systems on cloud servers, some cloud servers restrict sending email, like Alibaba, Amazon or Google. But there are others without such restriction which are therefore better when you want to run a mail system. Personally, I use the cloud service from hetzner.com. But others are fine too, just check if they restrict email sending (block port 20 incoming or outgoing).
     

Share This Page