1 (edited by williethebadger 2013-09-30 23:34:53)

Topic: Can send but not receive

==== Required information ====
iredmail: 0.8.5
mysql
ubuntu server 12.04 LTS
all logs are clean
====
==== Additional information ====
* greylisting: off
* hostname: mail.mydomain.tld (changed for privacy reasons)
* hosting mx: setup with namecheap, using MXE, pointing to my server IP (https://www.namecheap.com/support/knowl … .aspx/579/)
* on comcast but correctly sending through port 587 (via postfix)
* able to send and receive internally
* mx pointed to correct ip, http://mxlookup.online-domain-tools.com/ confirms it
* dns pointing to correct ip, managed via A record
* ports 587,993,995,80,443 are open to public and working correctly on both the router and iptables
* Sent a test email from my work email (different server) and got this:

A temporary error occurred while delivering to the following address(es):

  <myhomeserver@mydomain.tld>: 451 All MX servers are unavailable for domain mydomain.tld
====

Hello,

So I'm really really close to having this working, however, inbound email never makes it to the inbox.  Also, upon checking the logs, I see no reference of any inbound emails attempting to contact the server.

This is my first time setting up a mail server, so I'm a little lost on the receiving email part.  I have a suspicion that I shouldn't be using namecheaps MXE configuration.. but I really can't figure out how to set up MX records correctly.

Since my hostname is mail.mydomain.tld, how do I tell the MX record how to talk to my box?  If I look up my domain using an MX search site, it shows mail.mydomain.tld and my servers IP.  Any help would be greatly appreciated, thanks!

2

Re: Can send but not receive

Ok, let me pass some more info here.  Here's what I got with namecheap setup right now:


* I named my servers hostname as mail.diskonnect.us
* domain is http://diskonnect.us - @ and www are set to my servers ip of 50.137.167.156
* spf: v=spf1 +a +mx +ip4:50.137.167.156 ~all
* mx hostname: @
* mx mailserver hostname: diskonnect.us.
* amavisd-new showkeys gave me a key.  not sure if you want that to be shared.
* it appears that my ip got blacklisted by Spamhaus ZEN

Here's the results of dig:

dig diskonnect.us

; <<>> DiG 9.8.1-P1 <<>> diskonnect.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16542
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;diskonnect.us.                 IN      A

;; ANSWER SECTION:
diskonnect.us.          232     IN      A       50.137.167.156

;; Query time: 13 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Mon Sep 30 13:52:35 2013
;; MSG SIZE  rcvd: 47

Doing an ssl test on port 465

openssl s_client -connect mail.diskonnect.us:465
CONNECTED(00000003)
depth=0 C = CN, ST = GuangDong, L = ShenZhen, O = mail.diskonnect.us, OU = IT, CN = mail.diskonnect.us, emailAddress = root@mail.diskonnect.us
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CN, ST = GuangDong, L = ShenZhen, O = mail.diskonnect.us, OU = IT, CN = mail.diskonnect.us, emailAddress = root@mail.diskonnect.us
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=GuangDong/L=ShenZhen/O=mail.diskonnect.us/OU=IT/CN=mail.diskonnect.us/emailAddress=root@mail.diskonnect.us
   i:/C=CN/ST=GuangDong/L=ShenZhen/O=mail.diskonnect.us/OU=IT/CN=mail.diskonnect.us/emailAddress=root@mail.diskonnect.us
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEGzCCAwOgAwIBAgIJAMu3Dv5tSd9TMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYD
VQQGEwJDTjESMBAGA1UECAwJR3VhbmdEb25nMREwDwYDVQQHDAhTaGVuWmhlbjEb
MBkGA1UECgwSbWFpbC5kaXNrb25uZWN0LnVzMQswCQYDVQQLDAJJVDEbMBkGA1UE
AwwSbWFpbC5kaXNrb25uZWN0LnVzMSYwJAYJKoZIhvcNAQkBFhdyb290QG1haWwu
ZGlza29ubmVjdC51czAeFw0xMzA5MjgwMDUxMTlaFw0yMzA5MjYwMDUxMTlaMIGj
MQswCQYDVQQGEwJDTjESMBAGA1UECAwJR3VhbmdEb25nMREwDwYDVQQHDAhTaGVu
WmhlbjEbMBkGA1UECgwSbWFpbC5kaXNrb25uZWN0LnVzMQswCQYDVQQLDAJJVDEb
MBkGA1UEAwwSbWFpbC5kaXNrb25uZWN0LnVzMSYwJAYJKoZIhvcNAQkBFhdyb290
QG1haWwuZGlza29ubmVjdC51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL+hIYSpKUBf8QDxs71X87kr0j9X7dN2gdpC9LKL8IoPix3Jmq8iESaVSf3U
DB9XfQyemsg7Nh+KbmcUZsulHQK4OnY5YAQGTpu0QlD3SWkFmJnjNdGxH74oAirs
1Vf8y+uw2aozl8QXDitTjOOyM6BjD8KHLaZ4a/re3IK5vFn7NCeCyPMq3Q6lVC2x
lQj/+ETBW2pY0YKuCIDf6vME1UvwWs1fb6OFYawA3padYEmyj7gbx++EZ+HvB/da
YEsHHXna54KokBxDFLcIqJYEbn5HmVbTclav2B3y+mfQHkF56+dcyY47Y4PXlhbe
dSHzOSFC+1H/UVALdB5VZGdNQfMCAwEAAaNQME4wHQYDVR0OBBYEFPudoxQbwrWa
KBq57sOzhzDI0E3vMB8GA1UdIwQYMBaAFPudoxQbwrWaKBq57sOzhzDI0E3vMAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABafoY8WZWS+7fvpUi7YaaNB
u2EnCq38/pwf+fBHKeEYIEO8AW7GkkUVo8zvntY/Nwox7REU5mrqQ1xT7+KI9MXH
VzOwfqMrBbw26G69qfaoW6Boa7tVKRkeUAez1IeUBmVekJDNWwUzeQWwls3Oerrw
BsjDy5RdnP1jSu+oUdgWjKwvJycv2ns6gZCJJLmRgYp+M9gs/ypMgeu8fFINSYaA
Zo0FX6fbeCjXgPEa4m6aS8+L7epTc5QehfdbuHFyDQ9W4DuAhMkPHnbntPw0/fMp
klhAAtHStsw2mEoRgo+oFLpKdF8Dw3zrZggkGrVMxZtiadS8RXGlo60KPs3/WI8=
-----END CERTIFICATE-----
subject=/C=CN/ST=GuangDong/L=ShenZhen/O=mail.diskonnect.us/OU=IT/CN=mail.diskonnect.us/emailAddress=root@mail.diskonnect.us
issuer=/C=CN/ST=GuangDong/L=ShenZhen/O=mail.diskonnect.us/OU=IT/CN=mail.diskonnect.us/emailAddress=root@mail.diskonnect.us
---
No client certificate CA names sent
---
SSL handshake has read 1736 bytes and written 375 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: 5D3D7A494E73B4A551A248235C21B35F6BC285EABB4757DC5E4B8CD896ABEFE3
    Session-ID-ctx:
    Master-Key: 95F7648AE76094B0456723448ED62CAA22135F5D8874451BDE7C3680BAF58D6096B36EC83A7F15578458759019DC6F40
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    0000 - a8 d6 d2 19 eb 7a 63 55-5f df 21 d7 9d 79 dd 0c   .....zcU_.!..y..
    0010 - 26 c9 d1 97 fc 40 fb c7-9c a9 cd 20 28 f5 72 e4   &....@..... (.r.
    0020 - 2c d0 66 48 82 6c 80 9e-09 f1 0a 50 39 8c c5 e2   ,.fH.l.....P9...
    0030 - 0d 12 bb 6f 94 f1 20 5a-01 ee 18 ce 43 7b 1e 9f   ...o.. Z....C{..
    0040 - 4d 06 82 5c b0 dc 6b d1-e3 15 60 c2 56 b6 b6 54   M..\..k...`.V..T
    0050 - 31 ae 7d 03 e5 02 59 fb-b1 3c 65 a2 c8 ab f2 ea   1.}...Y..<e.....
    0060 - 59 ef be d7 9a 7c 89 53-7b 84 f5 0e 29 2f 56 b9   Y....|.S{...)/V.
    0070 - e0 eb 3c 20 ac 03 30 c9-e1 31 4a 33 ae e8 50 cf   ..< ..0..1J3..P.
    0080 - de 4d 1f 8d 0e 8c f0 e0-91 40 63 1c 05 5b c2 74   .M.......@c..[.t
    0090 - 03 37 01 f1 ef 25 41 22-c3 35 3d e5 48 26 94 36   .7...%A".5=.H&.6

    Start Time: 1380574729
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
220 mail.diskonnect.us ESMTP Postfix (Ubuntu)

I'm out of ideas.. any help would be greatly appreciated...

3

Re: Can send but not receive

williethebadger wrote:

  <myhomeserver@mydomain.tld>: 451 All MX servers are unavailable for domain mydomain.tld

*) I checked your DNS records, both A/MX records points to server which has IP address 50.137.167.156. so far so good.

*) I tried to connect to your server 'diskonnect.us' through port 25, but it times out. It makes sense why you got error message "All MX servers are unavailable".

$ telnet diskonnect.us 25
Trying 50.137.167.156...
telnet: connect to address 50.137.167.156: Operation timed out
telnet: Unable to connect to remote host

*) Port 587 seems fine, but it's slow response:

$ telnet diskonnect.us 587
Trying 50.137.167.156...
Connected to diskonnect.us.
Escape character is '^]'.
220 mail.diskonnect.us ESMTP Postfix (Ubuntu)

*) Telnet port 993/995 (IMAP/POP3 services), no welcome info sent by Dovecot:

$ telnet diskonnect.us 995
Trying 50.137.167.156...
Connected to diskonnect.us.
Escape character is '^]'.

*) Web access looks fine. http://diskonnect.us/ and https://diskonnect.us/iredadmin/ work.

So, it looks like a network problem. For example, Does your network router/firewall correctly forward smtp connections (port 25) to your mail server? And port 993/995?

4

Re: Can send but not receive

Hi, thanks for the reply.  Let me get these answers to you;

*) Port 587 seems fine, but it's slow response:

Hmmm.. what can I do to address that?  If it's strictly related to my ISP, then at most I can upgrade service.  If you've seen this kind of thing before, do you have any insights?

*) Telnet port 993/995 (IMAP/POP3 services), no welcome info sent by Dovecot:

Ok.  I'll look into how to get that fixed.  Is this a critical thing?

So, it looks like a network problem. For example, Does your network router/firewall correctly forward smtp connections (port 25) to your mail server? And port 993/995?

I have a feeling this is the missing piece to the puzzle.  Comcast has outright blocked all traffic for port 25.  So in reality, I'm not really sure what I can do to work around this.  Suggestions?

I do have 993/995 opened up on the router and iptables.  Also done checks with online port scanners and nmap to verify that these 2 ports are ready for business.  So at least these 2 ports are ready.