1 Topic by ronmitch4

  • ronmitch4
  • Member
  • Offline
  • Registered: 2012-02-28
  • Posts: 33

Topic: Still unable to receive email but I can send

==== Provide required information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====
A few months ago I had this problem but I found out that my issue was with not having a PTR record for my mail server and since then I acquired 5 static IP's, with the proper DNS entries, MX record and PTR record for the reverse lookup for my mail server and I an able to send email just fine, but I am not able to receive email I keep getting the below error in my mail log. This is a new installation with minimal to no changes to the main.cf file.

mail postfix/smtpd[31690]: NOQUEUE: reject: RCPT from mail-iy0-f176.google.com[209.85.210.176]: 554 5.7.1 <mail-iy0-f176.google.com[209.85.210.176]>: Client host rejected: Access denied; from=<mygmail40@gmail.com> to=<myname.mydomain@mail.mydomain.com> proto=ESMTP helo=<mail-iy0-f176.google.com>
Apr 10 18:45:18 mail postfix/smtpd[31690]: disconnect from mail-iy0-f176.google.com[209.85.210.176]

I can see the emails hit the server and I can receive emails between users in the one domain I have created but, when email coming from the internet it does not work.  When testing my email from MX tools out on the internet I get just get this.

Resolving hostname...
Connecting...
SMTP -> FROM SERVER:
220 mail.mydomain.com ESMTP Postfix
SMTP -> FROM SERVER:
250-mail.mydomain.com
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: myhoemeemail@comcast.net
SMTP -> FROM SERVER:
250 2.1.0 Ok
RCPT TO: myuser@mydomain.com
SMTP -> FROM SERVER:
554 5.7.1 : Client host rejected: Access denied
SMTP -> ERROR: RCPT not accepted from server: 554 5.7.1 : Client host rejected: Access denied

Message sending failed.
--------------------------------------------

Below is my main.cf

postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
canonical_maps =
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
defer_transports =
delay_warning_time = 0h
disable_dns_lookups = no
disable_mime_output_conversion = no
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
message_strip_characters = \0
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = mydomain.com
myhostname = mail.mydomain.com
mynetworks = 127.0.0.0/8, 172.16.30.0/24
mynetworks_style = subnet
myorigin = mail.mydomain.com
newaliases_path = /usr/bin/newaliases
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_clientcerts =
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap/relay_domains.cf
relayhost =
relocated_maps =
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf
sender_canonical_maps =
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_enforce_tls = no
smtp_sasl_auth_enable = no
smtp_sasl_password_maps =
smtp_sasl_security_options =
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_key_file =
smtp_tls_session_cache_database =
smtp_use_tls = no
smtpd_client_restrictions =
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_CApath =
smtpd_tls_ask_ccert = no
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf, proxy:ldap:/etc/postfix/ldap/catchall_maps.cf
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = dovecot
virtual_uid_maps = static:1001

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ronmitch4

  • ronmitch4
  • Member
  • Offline
  • Registered: 2012-02-28
  • Posts: 33

Re: Still unable to receive email but I can send

# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
#amavis    unix  -       -       n       -       4       smtp
#  -o smtp_data_done_timeout=1200
#  -o smtp_send_xforward_command=yes
#  -o disable_dns_lookups=yes
#  -o max_use=20
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       n       -       -       qmqpd
#pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
#localhost:10025 inet   n       -       n       -       -       smtpd
#  -o content_filter=
#  -o smtpd_delay_reject=no
#  -o smtpd_client_restrictions=permit_mynetworks,reject
#  -o smtpd_helo_restrictions=
#  -o smtpd_sender_restrictions=
#  -o smtpd_recipient_restrictions=permit_mynetworks,reject
#  -o smtpd_data_restrictions=reject_unauth_pipelining
#  -o smtpd_end_of_data_restrictions=
#  -o smtpd_restriction_classes=
#  -o mynetworks=127.0.0.0/8
#  -o smtpd_error_sleep_time=0
#  -o smtpd_soft_error_limit=1001
#  -o smtpd_hard_error_limit=1000
#  -o smtpd_client_connection_count_limit=0
#  -o smtpd_client_connection_rate_limit=0
#  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings
#  -o local_header_rewrite_clients=
#  -o local_recipient_maps=
#  -o relay_recipient_maps=
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}
#
#procmail  unix  -       n       n       -       -       pipe
#  flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
#
# Bypass checks for internally generated mail.
pickup    fifo  n       -       n       60      1       pickup
  -o content_filter=
submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
#  -o content_filter=smtp-amavis:[127.0.0.1]:10026

# Use dovecot deliver program as LDA.
dovecot unix    -       n       n       -       -      pipe
    flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain}
smtp-amavis unix -  -   -   -   2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -   -   -   -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Still unable to receive email but I can send

ronmitch4 wrote:

mail postfix/smtpd[31690]: NOQUEUE: reject: RCPT from mail-iy0-f176.google.com[209.85.210.176]: 554 5.7.1 <mail-iy0-f176.google.com[209.85.210.176]>: Client host rejected: Access denied; from=<mygmail40@gmail.com> to=<myname.mydomain@mail.mydomain.com> proto=ESMTP helo=<mail-iy0-f176.google.com>
Apr 10 18:45:18 mail postfix/smtpd[31690]: disconnect from mail-iy0-f176.google.com[209.85.210.176]

Could you please paste log content of the whole smtp session? Starts from client connect, ends with disconnect.

4 Reply by ronmitch4

  • ronmitch4
  • Member
  • Offline
  • Registered: 2012-02-28
  • Posts: 33

Re: Still unable to receive email but I can send

I will give you two emails from two different domains.

Apr 10 18:45:18 mail postfix/smtpd[31690]: connect from mail-iy0-f176.google.com[209.85.210.176]
Apr 10 18:45:18 mail postfix/smtpd[31690]: NOQUEUE: reject: RCPT from mail-iy0-f176.google.com[209.85.210.176]: 554 5.7.1 <mail-iy0-f176.google.com[209.85.210.176]>: Client host rejected: Access denied; from=<mygmail40@gmail.com> to=<email.user@mydomain.com> proto=ESMTP helo=<mail-iy0-f176.google.com>
Apr 10 18:45:18 mail postfix/smtpd[31690]: disconnect from mail-iy0-f176.google.com[209.85.210.176]
Apr 10 18:48:38 mail postfix/anvil[31694]: statistics: max connection rate 1/60s for (submission:209.85.210.176) at Apr 10 18:45:18
Apr 10 18:48:38 mail postfix/anvil[31694]: statistics: max connection count 1 for (submission:209.85.210.176) at Apr 10 18:45:18
Apr 10 18:48:38 mail postfix/anvil[31694]: statistics: max cache size 1 at Apr 10 18:45:18


Second One

Apr 10 11:27:41 mail postfix/smtpd[20041]: connect from qmta08.westchester.pa.mail.comcast.net[76.96.62.80]
Apr 10 11:27:41 mail postfix/smtpd[20041]: NOQUEUE: reject: RCPT from qmta08.westchester.pa.mail.comcast.net[76.96.62.80]: 554 5.7.1 <qmta08.westchester.pa.mail.comcast.net[76.96.62.80]>: Client host rejected: Access denied; from=<mypersonal@comcast.net> to=<email.userl@mydomain.com> proto=ESMTP helo=<qmta08.westchester.pa.mail.comcast.net>
Apr 10 11:28:41 mail postfix/smtpd[20041]: disconnect from qmta08.westchester.pa.mail.comcast.net[76.96.62.80]

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Still unable to receive email but I can send

Still no idea at all, sorry.

- Is Dovecot running? Please show me output of command 'dovecot -n' also.
- Is there any error log in Dovecot log files?
- Is Policyd running?
- Did you make any changes on this server? Configuration files? IP address? Any other changes after installed iRedMail?
- Is there any network router/firewall between your mail server and internet? Does the firewall rules matter?

6 Reply by ronmitch4

  • ronmitch4
  • Member
  • Offline
  • Registered: 2012-02-28
  • Posts: 33

Re: Still unable to receive email but I can send

I did not make any changes to the servers IP addresses and there is a Cisco ASA Firewall/Router but I have all of the needed ACL's in place with a hit counter logging the protocols to make sure it is working properly. I originally thought that this was my issue but when I made changes to the ACL's I can see that traffic was no longer making it to the server, which it does once my ACL's are in place. I can send mail to local domain users just fine. and I can check the validity of the server using the MX toolbox website, it just appears that on the RCPT message it gets disconnected.

Below is what it returns. plus other info you asked for.

220 mydomain.com ESMTP Postfix

OK - XX.XXX.XXX.XX resolves to mydomain.com

OK - Reverse DNS matches SMTP Banner
OK - Supports TLS.
0 seconds - Goodon Connection time
OK - Not an open relay.
0.484 seconds - Good on Transaction Time

Session Transcript:
EHLO please-read-policy.mxtoolbox.com
250-my.domain.com
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [47 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Ok [47 ms]
RCPT TO: <test@example.com>
554 5.7.1 <unknown[64.20.227.133]>: Client host rejected: Access denied [47 ms]
QUIT
221 2.0.0 Bye [47 ms]

-------------------------------------------
dovecot -n
# 1.2.17: /etc/dovecot/dovecot.conf
# OS: Linux 3.1.9-1.4-desktop i686 openSUSE 12.1 (i586)
log_path: /var/log/dovecot.log
protocols: pop3 pop3s imap imaps managesieve
listen(default): *
listen(imap): *
listen(pop3): *
listen(managesieve): 127.0.0.1:2000
ssl_ca_file: /etc/ssl/certs/iRedMail_CA.pem
ssl_cert_file: /etc/ssl/certs/iRedMail_CA.pem
ssl_key_file: /etc/ssl/private/iRedMail.key
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
first_valid_uid: 1001
last_valid_uid: 1001
mail_uid: 1001
mail_gid: 1000
mail_location: maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_process_size: 1024
mail_plugins(default): quota imap_quota autocreate
mail_plugins(imap): quota imap_quota autocreate
mail_plugins(pop3): quota
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
imap_client_workarounds(default): tb-extra-mailbox-sep
imap_client_workarounds(imap): tb-extra-mailbox-sep
imap_client_workarounds(pop3):
imap_client_workarounds(managesieve):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve):
namespace:
  type: private
  separator: /
  inbox: yes
  list: yes
  subscriptions: yes
namespace:
  type: shared
  separator: /
  prefix: Shared/%%u/
  location: maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
  list: children
  subscriptions: yes
lda:
  postmaster_address: root
  auth_socket_path: /var/run/dovecot/auth-master
  mail_plugins: quota sieve autocreate
  sieve_global_path: /var/vmail/sieve/dovecot.sieve
  log_path: /var/log/sieve.log
auth default:
  mechanisms: plain login
  default_realm: hurricanez.com
  user: vmail
  passdb:
    driver: ldap
    args: /etc/dovecot/dovecot-ldap.conf
  userdb:
    driver: ldap
    args: /etc/dovecot/dovecot-ldap.conf
  socket:
    type: listen
    client:
      path: /var/spool/postfix/dovecot-auth
      mode: 438
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 438
      user: vmail
      group: vmail
plugin:
  quota_warning: storage=85%% /usr/local/bin/dovecot-quota-warning.sh 85
  quota_warning2: storage=90%% /usr/local/bin/dovecot-quota-warning.sh 90
  quota_warning3: storage=95%% /usr/local/bin/dovecot-quota-warning.sh 95
  quota: dict:user::proxy::quotadict
  quota_rule: *:storage=0
  expire: Trash 7 Trash/* 7 Junk 30
  expire_dict: proxy::expire
  auth_socket_path: /var/run/dovecot/auth-master
  sieve: /%Lh/sieve/dovecot.sieve
  autocreate: INBOX
  autocreate2: Sent
  autocreate3: Trash
  autocreate4: Drafts
  autocreate5: Junk
  autosubscribe: INBOX
  autosubscribe2: Sent
  autosubscribe3: Trash
  autosubscribe4: Drafts
  autosubscribe5: Junk
  acl: vfile
  acl_shared_dict: proxy::acl
  sieve: /var/vmail/sieve/%Ld/%Ln/dovecot.sieve
  sieve_dir: /var/vmail/sieve/%Ld/%Ln
dict:
  expire: db:/var/lib/dovecot/expire/expire.db
  quotadict: mysql:/etc/dovecot/dovecot-used-quota.conf
  acl: mysql:/etc/dovecot/dovecot-share-folder.conf
--------------------------------------------------

Here are the only messages in the dovecot.log file, just that repeated

Apr 11 05:44:28 imap-login: Info: Login: user=<ron.mitchell@articulate2day.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Apr 11 05:44:28 IMAP(ron.mitchell@articulate2day.com): Info: Disconnected: Logged out bytes=314/1636

---------------------------------------------------------------------

mail:/etc/dovecot # ps aux | grep policyd
policyd   8279  0.0  0.0  45200   680 ?        S    Apr09   0:00 /usr/sbin/policyd -c /etc/policyd.conf
root      8865  0.0  0.0   3788   748 pts/2    S+   05:47   0:00 grep --color=auto policyd

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Still unable to receive email but I can send

Could you please turn on debug mode in Postfix to get more debug information to help troubleshoot?

Append '-v' in Postfix smtpd transport in master.cf. For example:

smtp inet n - - - - smtpd -v

Restart Postfix, and send one more testing email, paste full debug log here.

8 Reply by ronmitch4

  • ronmitch4
  • Member
  • Offline
  • Registered: 2012-02-28
  • Posts: 33

Re: Still unable to receive email but I can send

Unless it is logging to a different log file I don't see any difference in the /var/log/mail or /var/log/mail.info log file when adding the verbose mode to the smtp in my master.cf file. I don't think it logs to a different file in Opensuse 12.1!

Apr 11 15:18:57 mail postfix/master[17720]: terminating on signal 15
Apr 11 15:18:57 mail postfix/postfix-script[18039]: starting the Postfix mail system
Apr 11 15:18:57 mail postfix/master[18040]: daemon started -- version 2.8.8, configuration /etc/postfix
Apr 11 15:19:19 mail postfix/smtpd[18070]: connect from mail-iy0-f171.google.com[209.85.210.171]
Apr 11 15:19:20 mail postfix/smtpd[18070]: NOQUEUE: reject: RCPT from mail-iy0-f171.google.com[209.85.210.171]: 554 5.7.1 <mail-iy0-f171.google.com[209.85.210.171]>: Client host rejected: Access denied; from=<ronmitch40@gmail.com> to=<ron.mitchell.com> proto=ESMTP helo=<mail-iy0-f171.google.com>
Apr 11 15:19:20 mail postfix/smtpd[18070]: disconnect from mail-iy0-f171.google.com[209.85.210.171]

9 Reply by ronmitch4

  • ronmitch4
  • Member
  • Offline
  • Registered: 2012-02-28
  • Posts: 33

Re: Still unable to receive email but I can send

I was reviewing the postfix SMTP conversation process and after reviewing the information from www.wormly.com/smtp test website, it appears that my issue maybe with the smtpd_recipient_restrictions! Unfortunately I tried making modifications to this configuration parameter in my main.cf but it did not resolve my issue. Below is the output from https://www.wormly.com/test_smtp_server, and it appears that the process almost works but stops at the RCPT. Could this be some type of bug?

Resolving hostname...
Connecting...
SMTP -> FROM SERVER:
220 mail.mydomain.com ESMTP Postfix
SMTP -> FROM SERVER:
250-mail.articulate2day.com
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: internal.userll@mydomain.com
SMTP -> FROM SERVER:
250 2.1.0 Ok
RCPT TO: user.name@mydomain.com
SMTP -> FROM SERVER:
554 5.7.1 : Client host rejected: Access denied
SMTP -> ERROR: RCPT not accepted from server: 554 5.7.1 : Client host rejected: Access denied

Message sending failed.

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Still unable to receive email but I can send

ronmitch4 wrote:

Unless it is logging to a different log file I don't see any difference in the /var/log/mail or /var/log/mail.info log file when adding the verbose mode to the smtp in my master.cf file. I don't think it logs to a different file in Opensuse 12.1!

It works for me, and logging in both /var/log/mail and /var/log/mail.info.
Please try to make it work, we need debug info to help solve this issue.

11 Reply by ronmitch4

  • ronmitch4
  • Member
  • Offline
  • Registered: 2012-02-28
  • Posts: 33

Re: Still unable to receive email but I can send

Here is a partial copy of my master.cf file that shows the entry you told me to add for more detailed smtp information, and below are 3 separate email attempts from different domains in my /var/log/mail.log file. As you can see there does not appear to be anymore detailed information in regards to the smtp conversation. Please let me know if I have correctly configured this parameter, and I looked at my /var/log directory and I do not see any other place where that information would be in greater detail.

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd -v

------------------------------------------------------------------------------------------------------------

pr 11 22:34:43 mail postfix/smtpd[23913]: connect from node-mec2.wormly.com[184.72.226.23]
Apr 11 22:34:43 mail postfix/smtpd[23913]: NOQUEUE: reject: RCPT from node-mec2.wormly.com[184.72.226.23]: 554 5.7.1 <node-mec2.wormly.com[184.72.226.23]>: Client host rejected: Access denied; from=<internal.user@mydomain.com> to=<internal.userl@mydomain.com> proto=ESMTP helo=<www.wormly.com>
Apr 11 22:34:43 mail postfix/smtpd[23913]: lost connection after RCPT from node-mec2.wormly.com[184.72.226.23]
Apr 11 22:34:43 mail postfix/smtpd[23913]: disconnect from node-mec2.wormly.com[184.72.226.23]

---------------------------------------------------------------------------------------------------------------

Apr 11 22:38:48 mail postfix/smtpd[24064]: connect from mail-iy0-f171.google.com[209.85.210.171]
Apr 11 22:38:48 mail postfix/smtpd[24064]: NOQUEUE: reject: RCPT from mail-iy0-f171.google.com[209.85.210.171]: 554 5.7.1 <mail-iy0-f171.google.com[209.85.210.171]>: Client host rejected: Access denied; from=<mygmailaccount@gmail.com> to=<internal.user@mydomain.com> proto=ESMTP helo=<mail-iy0-f171.google.com>
Apr 11 22:38:49 mail postfix/smtpd[24064]: disconnect from mail-iy0-f171.google.com[209.85.210.171]

-------------------------------------------------------------------------------------------------------------
Apr 11 22:39:15 mail postfix/smtpd[24064]: connect from qmta15.westchester.pa.mail.comcast.net[76.96.59.228]
Apr 11 22:39:15 mail postfix/smtpd[24064]: NOQUEUE: reject: RCPT from qmta15.westchester.pa.mail.comcast.net[76.96.59.228]: 554 5.7.1 <qmta15.westchester.pa.mail.comcast.net[76.96.59.228]>: Client host rejected: Access denied; from=<mycomcasl@comcast.net> to=<internal.user@mydomain.com> proto=ESMTP helo=<qmta15.westchester.pa.mail.comcast.net>

12 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Still unable to receive email but I can send

Did you restart Postfix service after updating master.cf?
Also, did you get my email sent yesterday? i'm pleased to help solve it remotely via SSH if possible. Let me know if it's ok for you.

13 Reply by ronmitch4

  • ronmitch4
  • Member
  • Offline
  • Registered: 2012-02-28
  • Posts: 33

Re: Still unable to receive email but I can send

Zhang,

In making some configuration changes to my Cisco ASA and Server to give you ssh access,I figured what my issue was which was a static PAT on my ASA firewall! I guess I locked things down just a little to tight, but thanks for all your help and responding to my post.

14 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Still unable to receive email but I can send

Er, i was played by your CISCO ASA...