Incoming email bouncing

Virtualmin
1

Looking at 2 virtual domains, one is accepting incoming email, and the other domain is rejecting everything. I’m pretty sure this was working before I started trying to get outgoing mail to work, which is a story for another day.

Anyway, I think I’ve put everything back to the way it was but this domain is still rejecting all incoming mail. The only domain specific change I can recall I made was to the mx record and I know I’ve returned that correctly (I changed it from mail.virtualdomain.tld to hostname.tld in a fit of rage trying to get outgoing to work). The errors in the log are like this:

Apr 14 01:24:07 lisn-mdv postfix/smtpd[31213]: connect from a2s61.a2hosting.com[75.98.165.130]
Apr 14 01:24:07 lisn-mdv postfix/smtpd[31213]: NOQUEUE: reject: RCPT from a2s61.a2hosting.com[75.98.165.130]: 554 5.7.1 me@virtualdomain.tld: Recipient address rejected: Access denied; from=them@incomingdomain.tld to=me@virtualdomain.tld proto=ESMTP helo=<a2s61.a2hosting.com>
Apr 14 01:24:07 lisn-mdv postfix/smtpd[31213]: disconnect from a2s61.a2hosting.com[75.98.165.130]

host -t mx virtualdomain.tld

returns

virtualdomain.tld mail is handled by 5 mail.virtualdomain.tld.

and

host mail.virtualdomain.tld

resolves to the proper ip.

What else should I be looking at? This is maddening! :slight_smile:

2

Ok, it seems that the mx change was the first problem. Once the DNS entries got updated, that error went away. Now, the email is being bounced with the error:

The mail server could not deliver mail to me@virtualdomain.tld The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.

No such bounced email to other other virtual domain… No errors in the mail.log

Any suggestions?

3

I was hoping the problem would just go away (partial DNS update or some such) but no such luck. Incoming mail is still being rejected.

Sigh…

4

Just to be sure it was not account related, I created a new test account and it also fails to receive emails. If I could get a grip on what is wrong, I could figure out how to fix it.

In case someone sees this and could take a look, the test email account is test@whdt.net

Thanks

5

Hmm, “Access denied” is an unusual error.

What output do you receive if you run this command:

postconf -n

6

For postconf -n, I get:

alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases allow_percent_hack = no append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix home_mailbox = Maildir/ inet_interfaces = all mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mydestination = lisn-mdv.razercut.com, localhost.razercut.com, , localhost myhostname = lisn-mdv.razercut.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + sender_bcc_maps = hash:/etc/postfix/bcc smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject smtpd_sasl_auth_enable = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/virtual

(edited for clarity. Looks much better now than the one run-on sentence :slight_smile:

7

Looking at the data from postconf, none of it is specific to a single domain, so I doubt the error is in that? Seems like it would be specific to a domain configuration if one works and another does not?

Just guessing…

8

Just a little more info. I tried creating email accounts on other domains (I just have email accounts on two of the domains, one works and one doesn’t) and they don’t work either.

The only thing unique that I can tell is that the one that works has a unique ip, and the other domains had a shared ip. However, I tried changing one to a unique ip and that didn’t seem to make any difference.

Thanks!

9

Ok, I understand this may be too strange of a problem, or such an obvious noob question, that I won’t get a help here. Does someone at least have references to someplace where I might find answers? I don’t mind tracking the problem down myself, I just don’t know where to start. Maybe a more in-depth troubleshooting than the one on this system (my DNS all appear to be ok, including reverse DNS).

Thanks

10

I see in auth.log entries like:

Apr 16 14:08:03 lisn-mdv dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Apr 16 14:08:03 lisn-mdv dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=emailuser rhost=75.104.6.189 
Apr 16 14:08:12 lisn-mdv dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Apr 16 14:08:12 lisn-mdv dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=emailuser rhost=75.104.6.189 
Apr 16 14:08:29 lisn-mdv dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Apr 16 14:08:29 lisn-mdv dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=emailuser@myvirtualdomain.tld rhost=75.104.6.189 
Apr 16 14:08:39 lisn-mdv dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Apr 16 14:08:39 lisn-mdv dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=emailuser@myvirtualdomain.tld rhost=75.104.6.189

Wouldn’t it need to look for emailuser.myvirtualdomain.tld? Or is there some lookup that is supposed to say emailuser@myvirtualdomain.tld == emailuser.myvirtualdomain.tld?

11

If I run http://www.intodns.com/whdt.net it shows a different MX entry

Your MX records that were reported by your nameservers are:
5 mail.whdt.com No A Record (no glue either)

I guess you have to look into the dns zone and correct the errors including adding the IP for the A record mail.

12

Figures someone would take a look now :slight_smile:

In desperation I tried swapping the ips of the one that worked with the one that didn’t. Didn’t make any difference, so I swapped them back. You must have caught it while it was still updating!

In fact, it still shows the screwed up mx record.

Here is a 3rd domain which also doesn’t work:

http://www.intodns.com/marksteiner.ag

The one that does:

http://www.intodns.com/faroutprojects.com

And here is the dns record for whdt.net:

$ttl 38400
@	IN	SOA	lisn-mdv.razercut.com. root.lisn-mdv.razercut.com. (
			1315275273
			10800
			3600
			604800
			38400 )
whdt.net.	IN	NS	ns1.razercut.com.
whdt.net.	IN	A	67.215.190.59
www.whdt.net.	IN	A	67.215.190.59
ftp.whdt.net.	IN	A	67.215.190.59
m.whdt.net.	IN	A	67.215.190.59
localhost.whdt.net.	IN	A	127.0.0.1
webmail.whdt.net.	IN	A	67.215.190.59
admin.whdt.net.	IN	A	67.215.190.59
mail.whdt.net.	IN	A	67.215.190.59
whdt.net.	IN	MX	5 mail.whdt.com.
whdt.net.	IN	TXT	"v=spf1 a mx a:whdt.net ip4:67.215.190.59 ?all"
whdt.net.	IN	NS	ns2.razercut.com.

So I send an email to kazmaier at marksteiner dot ag (while whdt is in flux) and the syslog entry is:

Apr 17 10:16:34 lisn-mdv postfix/smtpd[9873]: connect from a2s61.a2hosting.com[75.98.165.130]
Apr 17 10:16:34 lisn-mdv postfix/smtpd[9873]: NOQUEUE: reject: RCPT from a2s61.a2hosting.com[75.98.165.130]: 554 5.7.1 <kazmaier@virtualdomain.ag>: Recipient address rejected: Access denied; from=<support@pagestream.org> to=<kazmaier@virtualdomain.ag> proto=ESMTP helo=<a2s61.a2hosting.com>
Apr 17 10:16:34 lisn-mdv postfix/smtpd[9873]: disconnect from a2s61.a2hosting.com[75.98.165.130]

Thanks for your help. I really am at wits end.

13

So the only thing I see at the moment is that the mail works on 67.215.190.58
as is razercut.com on that IP

So I would first change the the hostname of the server to ns1.razercut.com as currently your SOA is not listed and ns1 is.
Then change the SOA of all zonefiles from lisn-mdv.razercut.com to ns1.razercut.com if this is not done automatically
and also make sure that all sites and services are listening on IP 67.215.190.58

if you can per haps recreate the domains on the same shared IP