1 (edited by omoreno 2010-08-02 08:34:30)

Topic: Can't send to or receive from external domain.

Hello,

I recently installed iredmail on a CentOS 5.5 VM and I can only send mail to internal users.
I've tested the connection from outside the LAN and it has the same behavior.

Here are some logs:
...
Jul 29 06:02:04 mail postfix/smtpd[2792]: disconnect from unknown[IP]
Jul 29 06:03:00 mail postfix/smtpd[2792]: connect from unknown[IP]
Jul 29 11:03:30 mail policyd: rcpt=6, greylist=update, host=IP (unknown), from=name@domain, to=user@local, size=0
Jul 29 11:03:30 mail policyd: rcpt=6, throttle_rcpt=update(a), host=IP, from=name@domain, to=user@local, count=5/64(4), threshold=6%
Jul 29 06:03:30 mail postfix/smtpd[2792]: NOQUEUE: reject: RCPT from unknown[IP]: 450 4.1.8 <user@domain>: Sender address rejected: Domain not found; from=<name@domain> to=<user@local> proto=ESMTP helo=<mail-px0-f172.google.com>
Jul 29 06:03:30 mail postfix/smtpd[2792]: disconnect from unknown[IP]

-------------------
And the output of postconf -n:

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_name = iRedMail
mail_owner = postfix
mail_version = 0.6.0
mailbox_command = /usr/libexec/dovecot/deliver
mailbox_size_limit = 15728640
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = local-domain.com
myhostname = mail.local-domain.com
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = mail.local-domain.com
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.5.9/README_FILES
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap_relay_domains.cf
relay_recipient_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
sample_directory = /usr/share/doc/postfix-2.5.9/samples
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap_sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap_transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap_transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap_virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap_sender_login_maps.cf, proxy:ldap:/etc/postfix/ldap_catch_all_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:500

---------------------------

I've already checked the destination domains with host or dig and they resolve.

I googled around and found nothing. Any help would be great.

Thanks in advance.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Can't send to or receive from external domain.

You can try to query virtual domains & users from LDAP with 'postmap' command. e.g.

# postmap -q 'domain.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_domains.cf

3

Re: Can't send to or receive from external domain.

I did a check of my virtual domain from http://mydomain/ldap and it looks ok. It was created with the script included in the iredmail/ldap integration (the script to create users).

Is it possible that this is the default behavior?
I mean that only users from mydomain can email each other and not from an external domain or to an external domain.

4

Re: Can't send to or receive from external domain.

by default , iRedMail can reveive and send any domain.

5

Re: Can't send to or receive from external domain.

Well I guess I did something wrong when I installed it, so at this early point a clean install wouldn't harm.

Thanks again and I'll let you know if this corrects my issue.

6 (edited by omoreno 2010-08-02 08:39:58)

Re: Can't send to or receive from external domain.

I installed iredOS from scratch but I keep getting the same behavior.

Once again I attach my configuration file:

[root@mail ~]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_name = iRedMail
mail_owner = postfix
mail_version = 0.6.1
mailbox_command = /usr/libexec/dovecot/deliver
mailbox_size_limit = 15728640
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = local-domain.com
myhostname = mail.local-domain.com
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = mail.local-domain.com
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.5.9/README_FILES
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap_relay_domains.cf
relay_recipient_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
sample_directory = /usr/share/doc/postfix-2.5.9/samples
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap_sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap_transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap_transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap_virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap_sender_login_maps.cf, proxy:ldap:/etc/postfix/ldap_catch_all_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:500

And some logs from /var/log/maillog

Aug  1 10:19:44 mail postfix/smtpd[2375]: connect from unknown[209.85.216.44]
Aug  1 15:19:45 mail policyd: connection from: 127.0.0.1 port: 53156 slots: 0 of 2044 used
Aug  1 15:19:45 mail policyd: rcpt=1, greylist=new, host=209.85.216.44 (unknown), from=user@ext-domain.com, to=www@local-domain.com, size=0
Aug  1 10:19:45 mail postfix/smtpd[2375]: NOQUEUE: reject: RCPT from unknown[209.85.216.44]: 450 4.1.8 <user@ext-domain.com>: Sender address rejected: Domain not found; from=<user@ext-domain.com> to=<www@local-domain.com> proto=ESMTP helo=<mail-qw0-f44.google.com>
Aug  1 10:19:46 mail postfix/smtpd[2375]: disconnect from unknown[209.85.216.44]
Aug  1 10:23:06 mail postfix/anvil[2377]: statistics: max connection rate 1/60s for (smtp:209.85.216.44) at Aug  1 10:19:44
Aug  1 10:23:06 mail postfix/anvil[2377]: statistics: max connection count 1 for (smtp:209.85.216.44) at Aug  1 10:19:44
Aug  1 10:23:06 mail postfix/anvil[2377]: statistics: max cache size 1 at Aug  1 10:19:44
Aug  1 10:25:22 mail postfix/smtpd[2410]: connect from mail.local-domain.com[127.0.0.1]
Aug  1 10:25:22 mail postfix/smtpd[2410]: NOQUEUE: reject: RCPT from mail.local-domain.com[127.0.0.1]: 450 4.1.2 <user@ext-domain.com>: Recipient address rejected: Domain not found; from=<www@local-domain.com> to=<user@ext-domain.com> proto=ESMTP helo=<10.10.10.12>
Aug  1 10:25:22 mail roundcube: Invalid response code received from server (450):
Aug  1 10:25:22 mail roundcube: [01-Aug-2010 10:25:22 -0500]: SMTP Error: SMTP error: Failed to add recipient 'user@ext-domain.com' in /var/www/roundcubemail-0.3.1/program/steps/mail/func.inc on line 1365 (POST /mail/?_task=mail&_action=send)
Aug  1 10:25:22 mail postfix/smtpd[2410]: disconnect from mail.local-domain.com[127.0.0.1]
Aug  1 10:26:16 mail roundcube: [01-Aug-2010 10:26:16 -0500]: IMAP Error: Authentication for postmaster@local-domain.com failed (LOGIN): "a001 NO Authentication failed." (POST /mail/?_task=&_action=login)
Aug  1 10:26:34 mail roundcube: [01-Aug-2010 10:26:34 -0500]: IMAP Error: Authentication for postmaster@local-domain.com failed (LOGIN): "a001 NO Authentication failed." (POST /mail/?_task=&_action=login)
Aug  1 10:26:48 mail roundcube: [01-Aug-2010 10:26:48 -0500]: Successful login for www@local-domain.com (id 1) from 10.10.10.2
Aug  1 10:27:41 mail postfix/smtpd[2424]: connect from unknown[209.85.216.44]
Aug  1 15:27:42 mail policyd: connection from: 127.0.0.1 port: 54100 slots: 0 of 2044 used
Aug  1 15:27:42 mail policyd: rcpt=2, greylist=update, host=209.85.216.44 (unknown), from=user@ext-domain.com, to=www@local-domain.com, size=0
Aug  1 15:27:42 mail policyd: rcpt=2, throttle_rcpt=new(a), host=209.85.216.44, from=user@ext-domain.com, to=www@local-domain.com, count=1/64(1), threshold=0%
Aug  1 10:27:42 mail postfix/smtpd[2424]: NOQUEUE: reject: RCPT from unknown[209.85.216.44]: 450 4.1.8 <user@ext-domain.com>: Sender address rejected: Domain not found; from=<user@ext-domain.com> to=<www@local-domain.com> proto=ESMTP helo=<mail-qw0-f44.google.com>
Aug  1 10:27:42 mail postfix/smtpd[2424]: disconnect from unknown[209.85.216.44]
Aug  1 10:31:02 mail postfix/anvil[2426]: statistics: max connection rate 1/60s for (smtp:209.85.216.44) at Aug  1 10:27:41
Aug  1 10:31:02 mail postfix/anvil[2426]: statistics: max connection count 1 for (smtp:209.85.216.44) at Aug  1 10:27:41
Aug  1 10:31:02 mail postfix/anvil[2426]: statistics: max cache size 1 at Aug  1 10:27:41
Aug  1 10:31:39 mail postfix/smtpd[2437]: connect from unknown[209.85.210.44]
Aug  1 10:31:40 mail postfix/smtpd[2437]: NOQUEUE: reject: RCPT from unknown[209.85.210.44]: 550 5.1.1 <user@local-domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<user@ext-domain.com> to=<user@local-domain.com> proto=ESMTP helo=<mail-pz0-f44.google.com>
Aug  1 10:31:40 mail postfix/smtpd[2437]: disconnect from unknown[209.85.210.44]
Aug  1 10:35:00 mail postfix/anvil[2439]: statistics: max connection rate 1/60s for (smtp:209.85.210.44) at Aug  1 10:31:39
Aug  1 10:35:00 mail postfix/anvil[2439]: statistics: max connection count 1 for (smtp:209.85.210.44) at Aug  1 10:31:39
Aug  1 10:35:00 mail postfix/anvil[2439]: statistics: max cache size 1 at Aug  1 10:31:39

7

Re: Can't send to or receive from external domain.

Can you please post /root/iRedMail/config in your iRedOS system? HIDE passwords in this first before post here.

8

Re: Can't send to or receive from external domain.

/root/iRedMail/config:

export VMAIL_USER_HOME_DIR='/var/vmail'
export STORAGE_BASE_DIR='/var/vmail'
export SIEVE_DIR='/var/vmail/sieve'
export BACKEND='OpenLDAP'
export dn2dnsname="local-domain.com"
export LDAP_SUFFIX="dc=local-domain,dc=com"
export LDAP_SUFFIX_MAJOR="local-domain"
export LDAP_BINDDN="cn=vmail,dc=local-domain,dc=com"
export LDAP_ADMIN_DN="cn=vmailadmin,dc=local-domain,dc=com"
export LDAP_ROOTDN="cn=Manager,dc=local-domain,dc=com"
export LDAP_BASEDN_NAME="domains"
export LDAP_BASEDN="o=domains,dc=local-domain,dc=com"
export LDAP_ADMIN_BASEDN="o=domainAdmins,dc=local-domain,dc=com"
export LDAP_ROOTPW='********'
export USE_IREDAPD='YES'
export MYSQL_ROOT_PASSWD='********'
export FIRST_DOMAIN='local-domain.com'
export DOMAIN_ADMIN_NAME='postmaster'
export SITE_ADMIN_NAME='postmaster@local-domain.com'
export DOMAIN_ADMIN_PASSWD_PLAIN='********'
export DOMAIN_ADMIN_PASSWD='********'
export SITE_ADMIN_PASSWD='********'
export FIRST_USER='www'
export FIRST_USER_PASSWD='********'
export MAIL_ALIAS_ROOT='www@local-domain.com'
export ENABLE_DOVECOT="YES"
export DOVECOT_PROTOCOLS=' pop3 pop3s imap imaps'
export ENABLE_DOVECOT_SSL="YES"
export ENABLE_SPF='YES'
export ENABLE_DKIM='YES'
export USE_IREDADMIN='YES'
export USE_WEBMAIL='YES'
export USE_RCM='YES'
export REQUIRE_PHP='YES'
export USE_PHPLDAPADMIN='YES'
export REQUIRE_PHP='YES'
export USE_PHPMYADMIN='YES'
export REQUIRE_PHP='YES'
export USE_AWSTATS='YES'
export DEFAULT_LANG='es_ES'
#EOF

9

Re: Can't send to or receive from external domain.

I belive I solved it.

Searching on how does Postfix lookups names I found that in my case, with a clean iRedOS install, theres is another file 'resolv.conf' in '/var/spool/postfix/etc/' besides the one in '/etc/', so Postfix must be running chrooted (correct me if I'm wrong).

The two files were different so I only needed to copy the one in '/etc/' (because that one was working with host and dig)to '/var/spool...' and that corrected my problem.

I hope this helps to deal with similar issues.

10

Re: Can't send to or receive from external domain.

Thanks for your sharing smile

11

Re: Can't send to or receive from external domain.

No, thanks to you for your excellent work.

I'd like to add something: I needed to disable TLS in '/etc/openvpn/auth/ldap.conf' in order to make OpenVPN work with your integration howto. And because I'm using x64 I needed to change the location of the plugin 'openvpn-auth-ldap.so' to:

/usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so

in the file '/etc/openvpn/server.conf'.

12

Re: Can't send to or receive from external domain.

I'm experiencing a similar problem when trying to install the iRedOS on my XEN server.

Similar to what's reported above, the installation process is unable to setup my domain name (FQDN) properly. All configurations are "localhost.localdomain" and I answered the CentOS install prompt for FQDN appropriately.

Looks like it's something related to the virtual environment.

Please help if you can.

Regards,

13

Re: Can't send to or receive from external domain.

Just tried again a fresh new install of iRedOS under my XEN server.

I think the initial configuration script (iRedMail actually) isn't going to the end but I do receive a "successful installation of CentOS" screen in the end.

This virtual machine has enough free space (10GB) during install and 512MB of system memory allocated.

I'm trying to install the 64-bit version of iRedOS.

Any suggestions?

Regards,

14

Re: Can't send to or receive from external domain.

fgs wrote:

Similar to what's reported above, the installation process is unable to setup my domain name (FQDN) properly. All configurations are "localhost.localdomain" and I answered the CentOS install prompt for FQDN appropriately.

iRedMail uses output of command "hostname -f" to get FQDN, you should make sure it's correct before installing. It's mentioned in iRedMail installation guide.

15

Re: Can't send to or receive from external domain.

Dear friend,

I noticed that trying to create a new VM machine under XEN using the iRedOS CD won't create a paravirtualized machine, which isn't the ideal scenario. The iRedOS CD, understandably so, doesn't include the CentOS "XEN-ready" kernel. A paravirtualized kernel would output:

"Kernel 2.6.18-128.el5xen on an x86_64"

And that's what I did. Started by selecting the CentOS V.5.3 template included with Xen Server V.5.6 and selected a very bare minimal number of CentOS packages. Then followed the iRedMail script install guide and it worked great!

Finally, issued a "yum update" command and things look pretty ok now!

Regards,

16

Re: Can't send to or receive from external domain.

Thanks for your feedback, i will try to ship Xen kernel in next release. smile

17

Re: Can't send to or receive from external domain.

omoreno wrote:

I belive I solved it.

Searching on how does Postfix lookups names I found that in my case, with a clean iRedOS install, theres is another file 'resolv.conf' in '/var/spool/postfix/etc/' besides the one in '/etc/', so Postfix must be running chrooted (correct me if I'm wrong).

I hope this helps to deal with similar issues.

You save my ass! God bless you. Thanks.