| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Debian 12 |
| Webmin version | 2.610 |
| Virtualmin version | 7.50.2 GPL |
| Webserver version | Nginx version 1.22.1 |
| Related packages | Nginx, FastCGI, Postfix, Mailserver, Webserver |
Hello everybody from Virtualmin,
I have been reading your topics for years. Thank you for this amazing product/project.
I been using a VPS to host Virtualmin websites and mail for a long time. But after I see some websites in this server need to scale, I decide to move all the websites to another Virtualmin server and keep this original virtual mail server to be the Mail server.
My VPS servers have Nginx with FastCGI Cache + PHP-FPM setup. They are using Debian 12 OS.
(Detail to understand: I have the servers hostname called host.webserver.com and host.mailserver.com, and both have a virtual server website like webserver.com and mailserver.com respectively created to represent their website)
I already migrated all the websites (recreated all the servers with the same website domains) on this new webserver.
- So, websites are already in the new webserver and working just fine.
- Every mail account can receive emails normally. It’s working properly.
- But no email account can send emails. Something is very wrong here. I get the following error:
RCPT TO <xxx@destination-email.com> failed: <xxx@destination-email.com>: Recipient address rejected: User unknown in virtual alias table
I read a lot of topics about webserver connection with mailservers and this reject issue, but I never understood the whole setup. I feel like I’m missing something that is not making it to work properly. I’m into this a week and couldn’t figure out how to fix it. I’m not a specialist, but I try do my best to sort the things.
So I have some basic checklists I would like to understand if possible before to make this topic more complex (at least for me).
Virtualmin Config:
Feature and Plugins Enabled:
Mailserver: DNS for domain, Mail for domai, Spam filtering, Virus filtering, Log file rotation, Webmin login
Webserver: DNS for domain, Nginx website, nginx SSL website, mariaDB database, Log, file rotation, Webmin login, AWStats report
Users Accounts:
Besides I recreated the Virtual Server from MAIL server into the WEB server (all websites are here) I didn’t recreated the user accounts and email accounts, since I understand only the MAIL server need to do this, while the WEB server should focus only on “public_html” website space.
Conclusion: I think this is the best setup for make one VPS a webserver and another VPS a mailserver. What makes me confuse is that even the webserver (with mail server disabled) still has Postfix working, what makes me a little confuse about it.
Is it correct? I understand that we need a basic postfix to make the webserver send the data info to mailserver I guess…
DNS questions:
There are 2 DNS situations that I still have some questions:
1) Communication between the Webserver and Mailserver (remember they have their own main-website/virtual-server created with same domain)
Rules I followed for Webserver:
A record with mail.webserver.com to MAIL server IP
AAAA record with mail.webserver.com to MAIL server IP
MX record to 10 mail.mailserver.com
MX record to 20 mail2.mailserver.com
Question: Do I need to point “webmail.webserver.com” to MAIL server IP?
Rules I followed for Mailserver:
Changed A record with mailserver.com to WEB server IP
Changed AAAA record with mailserver.com to WEB server IP
Question: Do I need to point “www.mailserver.com” to WEB server IP as well?
2) A website (virtual server) communication between the Webserver and Mailserver
Using as example the website (virtual server) “super.com” I replicated the same DNS config from the servers:
Webserver:
A record with mail.super.com to MAIL server IP
AAAA record with mail.super.com to MAIL server IP
MX record to 10 mail.mailserver.com
MX record to 20 mail2.mailserver.com
Question: I didn’t changed webmail.super.com to MAIL server IP. Should I do this?
Mailserver:
Changed A record with super.com to WEB server IP
Changed AAAA record with super.com to WEB server IP
Domain DNS:
I point the domain DNS to the WEB server IP. SO the WEB server IP will point the MX and “mail.” subdomain to the MAIL server.
Jumping from the basic understanding (where I have a lot of questions), now I’ll post Postfix configs from both servers (MAIL server and WEB servers).
WEB SERVER
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = defer_unauth_destination permit_sasl_authenticated permit_mynetworks
myhostname = host.webserver.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, host.mailserver.com, localhost.mailserver.com, localhost
##mydestination = host.mailserver.com, localhost.mailserver.com, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, host.webserver.com, localhost.webserver.com, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_transport = virtual
#local_recipient_maps = $virtual_mailbox_maps
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 MAIL-SERVER-IP
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
#virtual_mailbox_domains = hash:/etc/postfix/virtual-mailbox-domains
#virtual_mailbox_maps = hash:/etc/postfix/virtual-mailbox-users
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
allow_percent_hack = no
resolve_dequoted_address = no
tls_server_sni_maps = hash:/etc/postfix/sni_map
#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth
#milter_default_action = accept
#smtpd_milters = inet:127.0.0.1:8891
#non_smtpd_milters = inet:127.0.0.1:8891
relayhost = host.mailserver.com
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_sasl_auth_enable = yes
MAIL SERVER
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_sasl_authenticated defer_unauth_destination permit_mynetworks
myhostname = host.mailserver.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, host.mailserver.com, localhost.mailserver.com, localhost
##mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_transport = virtual
#local_recipient_maps = $virtual_mailbox_maps
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
#virtual_mailbox_domains = hash:/etc/postfix/virtual-mailbox-domains
#virtual_mailbox_maps = hash:/etc/postfix/virtual-mailbox-users
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
allow_percent_hack = no
resolve_dequoted_address = no
tls_server_sni_maps = hash:/etc/postfix/sni_map
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
milter_default_action = accept
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = inet:127.0.0.1:8891
smtp_sasl_auth_enable = yes
That’s it. I’m tired of changing so much things. Sometimes in the basics, sometime in the “advanced” part of the setup, that is hard to find a clue of this case.
I have tried a lot of solutions that I find in the internet but no success. Is this a DNS setup issue, a Postfix setup issue, any other reason?
What should I do to make the website (in this case focusing on “super.com”) to send email properly?
All the best.
