1 (edited by williethebadger 2013-09-30 23:34:53)

Topic: Can send but not receive

==== Required information ====
iredmail: 0.8.5
ubuntu server 12.04 LTS
all logs are clean
==== Additional information ====
* greylisting: off
* hostname: mail.mydomain.tld (changed for privacy reasons)
* hosting mx: setup with namecheap, using MXE, pointing to my server IP (https://www.namecheap.com/support/knowl … .aspx/579/)
* on comcast but correctly sending through port 587 (via postfix)
* able to send and receive internally
* mx pointed to correct ip, http://mxlookup.online-domain-tools.com/ confirms it
* dns pointing to correct ip, managed via A record
* ports 587,993,995,80,443 are open to public and working correctly on both the router and iptables
* Sent a test email from my work email (different server) and got this:

A temporary error occurred while delivering to the following address(es):

  <myhomeserver@mydomain.tld>: 451 All MX servers are unavailable for domain mydomain.tld


So I'm really really close to having this working, however, inbound email never makes it to the inbox.  Also, upon checking the logs, I see no reference of any inbound emails attempting to contact the server.

This is my first time setting up a mail server, so I'm a little lost on the receiving email part.  I have a suspicion that I shouldn't be using namecheaps MXE configuration.. but I really can't figure out how to set up MX records correctly.

Since my hostname is mail.mydomain.tld, how do I tell the MX record how to talk to my box?  If I look up my domain using an MX search site, it shows mail.mydomain.tld and my servers IP.  Any help would be greatly appreciated, thanks!


Re: Can send but not receive

Ok, let me pass some more info here.  Here's what I got with namecheap setup right now:

* I named my servers hostname as mail.diskonnect.us
* domain is http://diskonnect.us - @ and www are set to my servers ip of
* spf: v=spf1 +a +mx +ip4: ~all
* mx hostname: @
* mx mailserver hostname: diskonnect.us.
* amavisd-new showkeys gave me a key.  not sure if you want that to be shared.
* it appears that my ip got blacklisted by Spamhaus ZEN

Here's the results of dig:

dig diskonnect.us

; <<>> DiG 9.8.1-P1 <<>> diskonnect.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16542
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;diskonnect.us.                 IN      A

diskonnect.us.          232     IN      A

;; Query time: 13 msec
;; WHEN: Mon Sep 30 13:52:35 2013
;; MSG SIZE  rcvd: 47

Doing an ssl test on port 465

openssl s_client -connect mail.diskonnect.us:465
depth=0 C = CN, ST = GuangDong, L = ShenZhen, O = mail.diskonnect.us, OU = IT, CN = mail.diskonnect.us, emailAddress = root@mail.diskonnect.us
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CN, ST = GuangDong, L = ShenZhen, O = mail.diskonnect.us, OU = IT, CN = mail.diskonnect.us, emailAddress = root@mail.diskonnect.us
verify return:1
Certificate chain
 0 s:/C=CN/ST=GuangDong/L=ShenZhen/O=mail.diskonnect.us/OU=IT/CN=mail.diskonnect.us/emailAddress=root@mail.diskonnect.us
Server certificate
No client certificate CA names sent
SSL handshake has read 1736 bytes and written 375 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1.1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: 5D3D7A494E73B4A551A248235C21B35F6BC285EABB4757DC5E4B8CD896ABEFE3
    Master-Key: 95F7648AE76094B0456723448ED62CAA22135F5D8874451BDE7C3680BAF58D6096B36EC83A7F15578458759019DC6F40
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    0000 - a8 d6 d2 19 eb 7a 63 55-5f df 21 d7 9d 79 dd 0c   .....zcU_.!..y..
    0010 - 26 c9 d1 97 fc 40 fb c7-9c a9 cd 20 28 f5 72 e4   &....@..... (.r.
    0020 - 2c d0 66 48 82 6c 80 9e-09 f1 0a 50 39 8c c5 e2   ,.fH.l.....P9...
    0030 - 0d 12 bb 6f 94 f1 20 5a-01 ee 18 ce 43 7b 1e 9f   ...o.. Z....C{..
    0040 - 4d 06 82 5c b0 dc 6b d1-e3 15 60 c2 56 b6 b6 54   M..\..k...`.V..T
    0050 - 31 ae 7d 03 e5 02 59 fb-b1 3c 65 a2 c8 ab f2 ea   1.}...Y..<e.....
    0060 - 59 ef be d7 9a 7c 89 53-7b 84 f5 0e 29 2f 56 b9   Y....|.S{...)/V.
    0070 - e0 eb 3c 20 ac 03 30 c9-e1 31 4a 33 ae e8 50 cf   ..< ..0..1J3..P.
    0080 - de 4d 1f 8d 0e 8c f0 e0-91 40 63 1c 05 5b c2 74   .M.......@c..[.t
    0090 - 03 37 01 f1 ef 25 41 22-c3 35 3d e5 48 26 94 36   .7...%A".5=.H&.6

    Start Time: 1380574729
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
220 mail.diskonnect.us ESMTP Postfix (Ubuntu)

I'm out of ideas.. any help would be greatly appreciated...


Re: Can send but not receive

williethebadger wrote:

  <myhomeserver@mydomain.tld>: 451 All MX servers are unavailable for domain mydomain.tld

*) I checked your DNS records, both A/MX records points to server which has IP address so far so good.

*) I tried to connect to your server 'diskonnect.us' through port 25, but it times out. It makes sense why you got error message "All MX servers are unavailable".

$ telnet diskonnect.us 25
telnet: connect to address Operation timed out
telnet: Unable to connect to remote host

*) Port 587 seems fine, but it's slow response:

$ telnet diskonnect.us 587
Connected to diskonnect.us.
Escape character is '^]'.
220 mail.diskonnect.us ESMTP Postfix (Ubuntu)

*) Telnet port 993/995 (IMAP/POP3 services), no welcome info sent by Dovecot:

$ telnet diskonnect.us 995
Connected to diskonnect.us.
Escape character is '^]'.

*) Web access looks fine. http://diskonnect.us/ and https://diskonnect.us/iredadmin/ work.

So, it looks like a network problem. For example, Does your network router/firewall correctly forward smtp connections (port 25) to your mail server? And port 993/995?


Re: Can send but not receive

Hi, thanks for the reply.  Let me get these answers to you;

*) Port 587 seems fine, but it's slow response:

Hmmm.. what can I do to address that?  If it's strictly related to my ISP, then at most I can upgrade service.  If you've seen this kind of thing before, do you have any insights?

*) Telnet port 993/995 (IMAP/POP3 services), no welcome info sent by Dovecot:

Ok.  I'll look into how to get that fixed.  Is this a critical thing?

So, it looks like a network problem. For example, Does your network router/firewall correctly forward smtp connections (port 25) to your mail server? And port 993/995?

I have a feeling this is the missing piece to the puzzle.  Comcast has outright blocked all traffic for port 25.  So in reality, I'm not really sure what I can do to work around this.  Suggestions?

I do have 993/995 opened up on the router and iptables.  Also done checks with online port scanners and nmap to verify that these 2 ports are ready for business.  So at least these 2 ports are ready.