1 Topic by AndyInNYC

  • AndyInNYC
  • Member
  • Offline
  • Registered: 2017-08-18
  • Posts: 141

Topic: No incoming mail / No errors / No entry in maillog

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
======== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
======== Required information ====
- iRedMail version (check /etc/iredmail-release): .0.9.7
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have added several domains to my iRedMail server and incorporated them to use the same DKIM certificate, etc.  I can send email from each of them.

However, none of the domains can receive email any longer - the last test I did was 3 days ago.  I don't get a bounce message back to the sender and more perplexing, there is no entry in maillog (or any other log) to indicate that the mail 'got there'.

I have restarted fail2ban, amavisd-new and rebooted several times.  /etc/log/maillog never shows an incoming mail attempt.

checking to see if things are running, ps aux returns:

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.2  0.1  37380  3952 ?        Ss   17:12   0:00 init -z
root         2  0.0  0.0      0     0 ?        S    17:12   0:00 [kthreadd/2589]
root         3  0.0  0.0      0     0 ?        S    17:12   0:00 [khelper/2589]
root        53  0.1  0.1  35224  2316 ?        Ss   17:12   0:00 /lib/systemd/systemd-journald
root        55  0.0  0.0  41636  1836 ?        Ss   17:12   0:00 /lib/systemd/systemd-udevd
root       194  0.0  0.0  47576  1856 ?        Ss   17:12   0:00 /sbin/rpcbind -f -w
syslog     230  0.0  0.0 184636  2072 ?        Ssl  17:12   0:00 /usr/sbin/rsyslogd -n
clamav     246  7.2  0.5 132180 12040 ?        Ss   17:12   0:07 /usr/bin/freshclam -d --foreground=true
root       247  0.0  0.0  26016  1276 ?        Ss   17:12   0:00 /usr/sbin/cron -f
clamav     248 38.8 25.3 772840 532608 ?       Ssl  17:12   0:41 /usr/sbin/clamd --foreground=true
root       328  0.0  0.0  89752  1360 ?        Ss   17:12   0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2
root       329  0.0  0.0  89752  1008 ?        S    17:12   0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2
memcache   338  0.0  0.0 335724  1456 ?        Ssl  17:12   0:00 /usr/bin/memcached -m 64 -p 11211 -u memcache -l 127.0.0.1
root       341  0.0  0.1  65560  3680 ?        Ss   17:12   0:00 /usr/sbin/sshd -D
root       371  0.0  0.0  12792   896 tty2     Ss+  17:12   0:00 /sbin/agetty --noclear tty2 linux
root       372  0.0  0.0  12792   896 tty1     Ss+  17:12   0:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
mysql      386  0.3  7.1 2090924 149260 ?      Ssl  17:12   0:00 /usr/sbin/mysqld
root       397  0.0  0.0  17984  1164 ?        Ss   17:12   0:00 /usr/sbin/dovecot
vmail      403  0.0  0.1  23980  3412 ?        S    17:12   0:00 dovecot/lmtp -L
dovecot    404  0.0  0.0   9468  1076 ?        S    17:12   0:00 dovecot/anvil
root       405  0.0  0.0   9600  1304 ?        S    17:12   0:00 dovecot/log
vmail      408  0.0  0.1  23980  3420 ?        S    17:12   0:00 dovecot/lmtp -L
vmail      409  0.0  0.1  23980  3416 ?        S    17:12   0:00 dovecot/lmtp -L
vmail      410  0.0  0.1  23980  3412 ?        S    17:12   0:00 dovecot/lmtp -L
vmail      411  0.0  0.1  23980  3416 ?        S    17:12   0:00 dovecot/lmtp -L
root       419  0.0  0.1  25524  2744 ?        S    17:12   0:00 dovecot/config
root       449  0.0  0.0  15004   940 ?        Ss   17:12   0:00 /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
iredapd    548  0.0  0.8  62436 16960 ?        S    17:12   0:00 /usr/bin/python /opt/iredapd/iredapd.py
sogo       564  0.1  0.8 281752 17492 ?        S    17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
root       568  0.0  1.1 430888 24364 ?        Ss   17:12   0:00 /usr/sbin/apache2 -k start
iredadm+   571  0.0  0.5 672692 10568 ?        Sl   17:12   0:00 /usr/sbin/apache2 -k start
www-data   572  0.1  1.0 434020 21128 ?        S    17:12   0:00 /usr/sbin/apache2 -k start
sogo       573  0.0  0.8 291472 17340 ?        Ss   17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
sogo       574  0.0  0.8 291472 17344 ?        Ss   17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
sogo       575  0.0  0.8 291472 17344 ?        Ss   17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
sogo       576  0.0  0.8 291472 17344 ?        Ss   17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
sogo       577  0.0  0.8 291472 17344 ?        Ss   17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
sogo       578  0.0  0.8 291472 17344 ?        Ss   17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
sogo       579  0.0  0.8 291472 17344 ?        Ss   17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
sogo       580  0.0  0.8 291472 17344 ?        Ss   17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
sogo       582  0.0  0.8 291472 17344 ?        Ss   17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
sogo       583  0.0  0.8 291472 17344 ?        Ss   17:12   0:00 /usr/sbin/sogod -WOWorkersCount 10 -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
root       643 33.2  0.7 1357168 15804 ?       Sl   17:12   0:35 /usr/bin/python3 /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
root       819  0.0  0.1  65356  2740 ?        Ss   17:13   0:00 /usr/lib/postfix/sbin/master
postfix    820  0.0  0.1  67424  2604 ?        S    17:13   0:00 pickup -l -t unix -u
postfix    821  0.0  0.1  67608  2716 ?        S    17:13   0:00 qmgr -l -t unix -u
postfix    822  0.0  0.1  77852  3012 ?        S    17:13   0:00 proxymap -t unix -u
amavis     845  2.3  6.0 260848 125836 ?       Ss   17:13   0:02 /usr/sbin/amavisd-new (master)
amavis     887  0.0  5.8 262352 123684 ?       S    17:13   0:00 /usr/sbin/amavisd-new (virgin child)
amavis     888  0.0  5.8 262352 123680 ?       S    17:13   0:00 /usr/sbin/amavisd-new (virgin child)
amavis     889  0.0  5.8 262352 123664 ?       S    17:13   0:00 /usr/sbin/amavisd-new (virgin child)
dovecot    892  0.0  0.1  40032  3088 ?        S    17:13   0:00 dovecot/auth
root       893  0.0  0.1  40032  3300 ?        S    17:13   0:00 dovecot/auth -w
www-data   894  0.0  0.5 433200 11268 ?        S    17:13   0:00 /usr/sbin/apache2 -k start
dovecot    897  0.0  0.1  33188  2792 ?        S    17:13   0:00 dovecot/dict
root       900  0.2  0.2  93092  4524 ?        Ss   17:13   0:00 sshd: root@pts/0
root       909  0.0  0.0  18216  2024 pts/0    Ss   17:13   0:00 -bash
root       928  2.0  0.2  91972  4272 ?        Ss   17:14   0:00 sshd: root [priv]
sshd       929  0.0  0.0  66904  1564 ?        S    17:14   0:00 sshd: root [net]
root       930  0.0  0.0  34372  1512 pts/0    R+   17:14   0:00 ps aux

I'm unsure where to look next.  I haven't made any changes except to add domains/users from the iredadmin and adjusted the DKIM section to allow other sites to use the mail server's DKIM info.

Help?


Andrew

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by AndyInNYC

  • AndyInNYC
  • Member
  • Offline
  • Registered: 2017-08-18
  • Posts: 141

Re: No incoming mail / No errors / No entry in maillog

Here are the current DNS settings on GoDaddy - perhaps I messed something up?

Type    Name    Value    TTL    Actions
A    @    107.150.18.25    
CNAME    ftp    @    
CNAME    www    @    
MX    @    mail.lifeassetsllc.com (Priority: 10)    
TXT    @    google-site-verification=blah blah    
TXT    @    v=spf1 ip4:107.150.18.25 -all    
TXT    dkim._domainkey    v=DKIM1; p=blah blah    
TXT    _dmarc    v=DMARC1; p=none; sp=none; rua=mailto:postmaster@lifeassetsllc.com; ruf=mailto:andrew@lifeassetsllc.com; rf=afrf; pct=100; ri=86400    
NS    @    ns47.domaincontrol.com    
NS    @    ns48.domaincontrol.com

9 days until I either cut over or renew GoDaddy <g>.


Andrew

3 Reply by RikuS (edited by RikuS 2017-09-01 10:25:51)

  • RikuS
  • Member
  • Offline
  • Registered: 2016-06-10
  • Posts: 116

Re: No incoming mail / No errors / No entry in maillog

Hey,

you have no A or CNAME record for mail.domain.com. You can fix this by adding A or CNAME record on domain.com DNS depending if the main domain and mail domain are hosted on same server or not.

Also you need to make sure that all of the following are same:
mail server hostname, reverse dns name for your mail server IP and MX record for all mail domains.

Also you don't need to specify the mail server IP in SFP record, you may use just "v=spf1 a mx -all" which accepts mail from servers on DNS A record and MX record.

EDIT: just noticed that you added the A record and it seems to work now.

4 Reply by AndyInNYC

  • AndyInNYC
  • Member
  • Offline
  • Registered: 2017-08-18
  • Posts: 141

Re: No incoming mail / No errors / No entry in maillog

send me some mail to username andrew@

We'll see if it works.


Thanks.

Andrew


RikuS wrote:

Hey,

you have no A or CNAME record for mail.lifeassetsllc.com. You can fix this by adding A or CNAME record on lifeassetsllc.com DNS depending if the main domain and mail domain are hosted on same server or not.

Also you need to make sure that all of the following are same:
mail server hostname, reverse dns name for your mail server IP and MX record for all mail domains.

Also you don't need to specify the mail server IP in SFP record, you may use just "v=spf1 a mx -all" which accepts mail from servers on DNS A record and MX record.

EDIT: just noticed that you added the A record and it seems to work now.

5 Reply by RikuS (edited by RikuS 2017-09-01 10:28:55)

  • RikuS
  • Member
  • Offline
  • Registered: 2016-06-10
  • Posts: 116

Re: No incoming mail / No errors / No entry in maillog

Just use gmail or any other outside account to mail yourself smile

Greylisting is on by default so it takes a while for the first emails to arrive to your inbox.

Btw: probably you want to remove your real domain out of these messages for security reasons.

6 Reply by AndyInNYC

  • AndyInNYC
  • Member
  • Offline
  • Registered: 2017-08-18
  • Posts: 141

Re: No incoming mail / No errors / No entry in maillog

I already edited out greylisting.  It shouldn't be running.
The error I'm getting now in maillog is an intentional rejection.

While writing this, the first email came through.  Not quite sure when that one was sent.

We'll see what happens as the evening/morning goes on.

This stuff is complicated <g>.


Andrew

7 Reply by RikuS

  • RikuS
  • Member
  • Offline
  • Registered: 2016-06-10
  • Posts: 116

Re: No incoming mail / No errors / No entry in maillog

AndyInNYC wrote:

I already edited out greylisting.  It shouldn't be running.
The error I'm getting now in maillog is an intentional rejection.

This message means that Greylisting is running and the sending server will try delivery again soon. Anyway you should keep Greylisting on, it's extremely useful against spam.

8 Reply by AndyInNYC

  • AndyInNYC
  • Member
  • Offline
  • Registered: 2017-08-18
  • Posts: 141

Re: No incoming mail / No errors / No entry in maillog

Well, lots of my test emails came through.  Woo hoo.
I had thought I had edited the settings.py to eliminate 'greylisting' in order to see if that was the cause of my delay/not receiving emails.
For some odd reason, it's there.  Either I didn't save when I edited with nano, or the system overwrote it.

Don't know, but for now I'm running and receiving.

Time to check some of the subdomains DNS records. 

On my SPF records, I'm using:

v=spf1 ip4:107.150.18.25 -all

for the non-lifeasseets (main domain) DNS settings.  Is this a minus sign like I'm using or a ~ (squiggle)?

Andrew

9 Reply by RikuS

  • RikuS
  • Member
  • Offline
  • Registered: 2016-06-10
  • Posts: 116

Re: No incoming mail / No errors / No entry in maillog

Minus is the best option when you're sure that all mails are sent through your own mail server. But as I wrote before, there's no reason to write IP in multiple places:
- if mail.domain.com is hosted on same server as domain.com, use CNAME mail @
- in SPF you can 'mx' instead of 'ip4:1.1.1.1' to allow your mail server to send

10 Reply by AndyInNYC

  • AndyInNYC
  • Member
  • Offline
  • Registered: 2017-08-18
  • Posts: 141

Re: No incoming mail / No errors / No entry in maillog

You are giving me great information that I don't fully understand.

I have lifeassetsllc.com which is the VPS and also one of my email addresses.  The machine is called mail.lifeassetsllc.com
I have server1, server2 and server3 (and on and on).

We've gone through the mx and A records for lifeassetsllc.com and it seems to work (THANK YOU).

On server1, server2, etc. I have:

A record provided by GoDaddy
MX record @ pointing to mail.lifeassetsllc.com
A second A record 'mail.lifeassetsllc.com' pointing to 107.150.18.25 ***********
spf1 record that reads "v=spf1 ip4:107.150.18.25 -all".  Are you saying I could just make this 'v=spf1 mx -all'?

This would save some typing, and if I updated the MX record to a new mail server it would 'fix itself', but other than those 2 reasons (valuable if I had 100 domains), is there another reason other than it looks clean?

*********** - the mail-test domain suggested that I have an A record that points to my mail service to help verify mail mail from server1, etc.  Is this correct in your opinion?  Or have I mis-implemented that as well?

I'm obviously trying to make this bulletproof for the WAF (wife acceptance factor) and my small business shouldn't be without me working or getting mail while I try to fix problems).  I really do appreciate all the input and help.

Thanks again for your time and expertise (and everyone else around here).


Andrew


RikuS wrote:

Minus is the best option when you're sure that all mails are sent through your own mail server. But as I wrote before, there's no reason to write IP in multiple places:
- if mail.domain.com is hosted on same server as domain.com, use CNAME mail @
- in SPF you can 'mx' instead of 'ip4:1.1.1.1' to allow your mail server to send

11 Reply by RikuS (edited by RikuS 2017-09-02 00:00:05)

  • RikuS
  • Member
  • Offline
  • Registered: 2016-06-10
  • Posts: 116

Re: No incoming mail / No errors / No entry in maillog

In your case, domain.com and mail.domain.com are hosted on same server (which has a hostname mail.domain.com), you should have the next DNS records:

A @ xx.xx.xx.xx (IP of mail and web server, points domain.com to your server)
CNAME mail @ domain.com (points mail.domain.com to same server as domain.com)
CNAME www @ domain.com (if you want www.domain.com to also work for web traffic)
MX @ mail.domain.com
TXT @ v="spf1 mx -all"
TXT _dmarc @ …
TXT dkim._domainkey @ …

For all other domain you need the next DNS, if all your domains are using domain.com DKIM:

A @ xx.xx.xx.xx (IP of web server, check bold note on the bottom)
MX @ mail.domain.com
TXT @ v="spf1 mx -all"
TXT _dmarc @ …

If mail server and web server are different and you want to send mail from the webserver, replace previous SPF with:

TXT @ v="spf1 a mx -all"

Every domain should have an A record, even if there's no actual website. If domain has no website, in your case I would point the A record to your mail server, create Apache virtualhost for it and display an empty page or put something there if you wish.

If you set up DNS records this way and i.e. mail server (and web server) IP changes, you only need to update domain.com A record, nothing else (well of course secondary domain A record as well if it's pointing to the same server). Secondary mail domains don't need CNAME or A record for "mail" at all, this is only needed for the actual mail server DNS (domain.com in your case).

12 Reply by AndyInNYC

  • AndyInNYC
  • Member
  • Offline
  • Registered: 2017-08-18
  • Posts: 141

Re: No incoming mail / No errors / No entry in maillog

Wonderful.  This should be made into a iRedMail doc (added to the 'Setup DNS records for your iRedMail server (A, PTR, MX, SPF, DKIM)' document).

Much cleaner and easier to understand.

Do you administer mail servers for a living or are you just some form of a savant <g>?

Thanks again.


Andrew

13 Reply by RikuS

  • RikuS
  • Member
  • Offline
  • Registered: 2016-06-10
  • Posts: 116

Re: No incoming mail / No errors / No entry in maillog

This is not really mail server related so much, more like just basic DNS stuff. And the above records are working only with your and other similar cases, then there's multiple other ways to set these up depending on other services and configs. So there's no golden rule that applies for all.

I think docs about this are pretty fine for the usual cases, maybe they should be constructed slightly better though. Basic knowledge about domains and DNS helps a lot.

Happy to help with this amazing software smile

14 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: No incoming mail / No errors / No entry in maillog

RikuS wrote:

I think docs about this are pretty fine for the usual cases, maybe they should be constructed slightly better though. Basic knowledge about domains and DNS helps a lot.

Mind helping improve it? Send a pull request to our doc repo big_smile
https://bitbucket.org/zhb/iredmail-docs/src