SYSTEM INFORMATION | |
---|---|
OS type and version | Ubuntu 24.04.1 |
Virtualmin version | 7.20.2 |
DNS | Namecheap |
I have a cloud server with a dozen domains, of which half need to forward email. I had great difficulty getting this working, so I’m recording my travails in case they are helpful to others.
Virtualmin has two ways to forward email. First choose the user:
- Select Virtual server
- Edit Users
- Choose a user
- Ensure that “Primary email address enabled” == Yes
1st way to forward:
- “Forward to other addresses” == Yes
- Fill in the address required
2nd way to forward:
- Click “Login to Usermin”
- Choose Usermin tab, Mail, Mail Forwarding and Replies
- “Forward to other address” == Yes
- Fill in the address required
Virtualmin has two methods of forwarding mail. The forward option in the Edit Users screen will forward mail without filtering it first via Spamassassin but the forward option in Usermin will first reject spam and then forward only non-spam messages.
My initial confusion was that sometimes forwarding would work; most often, it wouldn’t. It took me a while to learn to look at /var/log/mail.log
I wrote a python program to:
- read the log file
- collect entries by queue ID
- only look at entries containing “status=bounced”
This showed me errors like:
550-5.7.26 Your email has been blocked because the sender is unauthenticated.
550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM.
550-5.7.26 Unauthenticated email from myserver.org is not accepted due to
550-5.7.26 domain’s DMARC policy.
550-5.7.1 [my ipv6] Gmail has detected that this message is
550-5.7.1 likely suspicious due to the very low reputation of the sending
550-5.7.1 domain.
550-5.7.26 Unauthenticated email from myserver.org is not accepted due to
550-5.7.26 domain’s DMARC policy. Please contact the administrator of
550-5.7.26 myserver.org domain if this was a legitimate mail.
I think I have fixed my problems by:
- Adding SPF, DKIM, DMARC to the DNS records for all domains (note that I am using external DNSs from Namecheap)
- Adding SPF, DKIM, DMARC to the DNS records for the host machine myserver.org and the subdomain host.myserver.org
- Verifying my virtual domains with Google Postmaster at https://postmaster.google.com/managedomains by following their simple instructions to add a TXT record to my DNS records. I had to wait a few minutes before Google could verify.
One more thing: I could only get virtualmin mail forwarding working for the Virtual server owner. When I add another user and forward mail for them, I get “too many hops”. My fix is to instead add an additional email address for the virtual server owner. This works for me, but would not work if it needed to go to a different forwarding address. It’s probably a sign that I still don’t understand postfix and mail forwarding