Can't send mails from one to another server

Operating system: Debian
OS version: 9

We have two servers running on virtualmin. Some time ago we made a change regarding the hostnames. Before the change we used two different domains for the servers and everything was working fine. Now the first server is named first.webrex.host and the second one second.werex.host. After this modification, we can’t send mails from first.webrex.host to second.werex.host anymore (the other way around is still working). On second.webrex.host there is a virtual host named 3w4you.net with mail enabled. If we send a mail from first.webrex.host to a mailbox of this virtual host, we receive the following error per mail:

The mail system office@3w4you.net: Host or domain name not found. Name service error for name=second.webrex.host type=AAAA: Host not found

In the logs I could only find this warning:

Oct 13 20:06:59 first postfix/smtp[9890]: warning: no MX host for 3w4you.net has a valid address record

Restricting postfix to ipv4 only didn’t bring a change and the DNS records are also correct. I think the issue is related to the postfix configuration because the problem occured first after changing the hostnames.

postconf -n shows the following output:

postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
home_mailbox = Maildir/
inet_protocols = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
message_size_limit = 15728640
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname localhost.$mydomain localhost
mydomain = webrex.host
myhostname = first.webrex.host
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = subnet
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:8891
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual

I’m thankful for any advice.

You need to start here.

With Virtualmin, one normally points the MX to mail.domain.tld.

What you describe was also the way we were doing it before. We copied the certificate of second.webrex.host to postfix and dovecot. Postfix was using then the certificate of second.webrex.host and in mail user agents the host was set to mail.domain.tld. This led to a certificate domain mismatch so we decided to use second.webrex.host as SMTP and IMAP host directly instead of mail.domain.tld, which would point to the same IP anyways. The mail-subdomain was then superfluous so we removed this DNS record for all virtual hosts and we set the MX record for all virtual hosts on second.webrex.host to second.webrex.host. We were doing the same thing for virtual hosts on first.webrex.host. Can you explain me why this wouldn’t work? I mean we can send mails from second.webrex.host to first.webrex.host and on the latter one we have the exact same configuration. Shouldn’t it work the other way around too?

No, I shall not explain on these forums why that does not work. All I will do is tell you that Virtualmin expects MX to point to mail.domain.tld and if you follow that convention then your two Virtualmin servers will be able to send email to each other normally.

I am available for private consultation and as remote system admin at a very reasonable rate of USD 25 per hour. I could discuss this with you professionally but on these forums your particular situation does not apply to how the larger community uses Virtualmin so I shall not discuss it further, please.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.