What are my options for simplifying mail delivery?

ubuntu 22.04, virtualmin 7.4

i have mail working and mxtools checks out ok but the whole mail thing is a massive topic and headache, as well as an inviting target for malicious actors

i’d like to get rid of as much mail software as possible and just send everything to my external mail provider since they know what they’re doing and i don’t :face_with_spiral_eyes:

all i need is system mail (receive) and mail sent from WordPress

so there’s postfix, dovecot and i don’t know what else - can all this be simplified somehow, such as by replacing these packages with a very simple, basic mail system that will send all mail to my personal mail address?


You don’t need to “get rid of” anything.

You CAN disable Dovecot (POP/IMAP) if you aren’t receiving email and therefore not needing to access over IMAP or POP.

You CAN disable SpamAssassin if you aren’t receiving email and therefore not needing to scan inbound email for spam.

You CAN disable ClamAV if you aren’t receiving email and therefore not needing to scan inbound email for viruses.

You SHOULD NOT disable Postfix (SMTP) as this is often used by the system to notify YOU of system events.

You CAN disable access to port 25/587 (SMTP), 110/995 (POP), 143/220/993 (IMAP), 20000 (Usermin), via your firewall to prevent inbound access to these ports.

You CAN setup an SMTP plugin for WordPress so you can directly send email via your external provider or continue to let Postfix deliver mail though it won’t be DKIM signed or SPF authorized which might lead to mail going to the spam folder of recipient.

*** Need more help? My consulting and technical services are affordable – Drop me a PM here or contact me via https://tpnassist.com ***


You SHOULD NOT disable Postfix…

gotchya - i was wondering though if it could be replaced with something far simpler given that i only need to receive system and wordpres mail - in other words, i would be the only one receiving mail, both from the system and WP

You CAN setup an SMTP plugin for WordPress so you can directly send email via your external provider or continue to let Postfix deliver mail though it won’t be DKIM signed or SPF authorized…

if i’m not mistaken, i believe WP uses php to send mail by default (whether that invokes anything beyond php, i dunno), however i already have DKIM and SPF enabled, so can i use an SMTP plug for WP and feed mail to postfix?

whoops … also, given that i’ve disabled dovecot (and set firewall accordingly), can i disable mail for the virtual server and still get system mail from the same domain (webmin, web server, etc., is all using the same domain)?

You’re misunderstanding what Peter said. You can choose to use a server other than the local server to send mail (“external provider” in Peter’s comment).

You’re asking to stop doing things locally with mail. Peter told you how.

The mail feature is about receiving mail. Has nothing to do with system messages about that domain (system messages are not “from” a domain, they are from the system). Webmin is not “using” a domain for mail or anything else. The “From:” field in email is set by the client, and has nothing to do with how the mail is sent. That said, if you don’t tell the world via DKIM/SPF that your IP is allowed to send mail for your domain, you won’t have much luck sending it from the server. If you want those messages delivered to root on the system, or some other real (not one in the virtual map) user on the system, you don’t need DKIM or SPF, as the server trusts itself and will deliver that mail.

The reason this is so confusing for you is you don’t know how to pieces fit together. Mail is complicated, not because of how we do it, but because it just is. As Peter said, you can disable just about anything you don’t use, except Postfix. If you don’t care about spam and AV scanning, then don’t use SpamAssassin or ClamAV (I never use ClamAV, as it’s too damned big)! If you don’t want to retrieve mail from the system using Thunderbird/Outlook/whatever, then you don’t need Dovecot!

Postfix is the simple mail server. Everything else in the stack is not the simple mail server, but it’s stuff people really want when they run a mail server.

But, you need to figure out what mail things you’re trying to do, and you need to at least understand why mail goes where it goes. If you want to use external mail for your users, you need to understand how MX records work, and you’ll still need to setup DKIM/SPF records if you want that external service to be able to send mail on your domain’s behalf.

that’s done and mxtools.com tells me all is well for DKIM, DMARC, SPF

  • dovecot is disabled
  • clam, spamassassin, greylisting, procmail - all disabled and then removed
  • Webmin > Servers Postfix Mail Server > Local Delivery:
    “External command to use instead of mailbox delivery” - field is blank
  • WordPress mail is working fine with an SMTP plug

the remaining problem is getting postfix to send mail to my personal mail address - the mail queue fills with…

root@12bytes.org [redacted]@rbox.me 32.64 KiB connect to mx.runbox.com[]:25: Connection refused

(note that rbox and runbox are the same - one can choose from several domains/TLD’s at Runbox and any can be used to receive/send mail)

PTR/reverse DNS set by the ISP is which is not my mail server - whether this needs to be changed, and what to change it to, i don’t know

whether DNS records (set on registrar) are ok, i don’t know…


I don’t quite understand what you are trying to accomplish. One moment you are talking about using an external provider, now you are talking about using your own mail server… If you are using an external provider, your mail server does not belong in the equation.

Perhaps it’s time to have a one-on-one conversation about this. However, while my rates are fair and affordable to most, my time is NOT free. Though I assure you will get results and spend a fraction of the time you have spent on this thread. Frankly, your inquiry isn’t really Virtualmin specific.

  • my mail address: [name]@rbox.me
  • root’s address: root@12bytes.org

root@12bytes.org [redacted]@rbox.me 32.64 KiB connect to mx.runbox.com[]:25: Connection refused

i’m simply trying to get mail from posfix sent to my mail address

or, more accurately, i’m trying to get all system mail sent to my personal address

In postfix main.cf file make sure your inet_interfaces = all
and check to make sure that port 25 is open on your firewall

You should also check to see if the data center has port 25 open on their end.

hi @cyberndt - thanks for joining in on this mess :slight_smile:

inet_interfaces was ‘all’

root@host:~# nmap localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-08 09:50 EST
Nmap scan report for localhost (
Host is up (0.0000040s latency).
Not shown: 995 closed ports
25/tcp  open  smtp
80/tcp  open  http
443/tcp open  https
465/tcp open  smtps
587/tcp open  submission

The hostname you have setup for your server/vps is the hostname postfix uses.
If your provider allows you to have a mail server than you will need to ask your provider to create a rDNS/PTR for your hostname.

While that is happening setup the dkim for your server hostname and domain.
include an spf txt to your dns record: v=spf1 a mx -all

Once this is done than you can move on to trouble shooting.

i just now set the ptr to:

dkim and spf were already set, but spf is different than what you wrote - i got the spf value from the dns record on the virtual host (DNS/named is disabled, but the records are still there):
"v=spf1 a mx a:12bytes.org ip4: ip4: ?all"

subdomain: mail._domainkey
record type: text
value: "v=DKIM1; k=rsa; t=s; p=[several double quoted strings removed]"

also dns records can be seen in my earlier post - they remain unchanged

even after a LOT of reading, i’m not sure any of this is correct

You need to have your server provider create a rDNS/PTR on their end. Since they own the IP

did you create a _dmarc record as well?

I don’t see an A record for
host.12bytes.org and mail.12bytes.org Scratched that you have them

Did a test to your email server and got timed out: Is port 25 open on your providers end?

unless i’m misunderstanding, i believe i have access to the setting you’re referring to from the ISP control panel for my server - i changed the PTR/reverse DNS as mentioned - originally it was

yes - this was done prior to today…

the host.* record is in the subdomain records section of the registrar

the bolded part of your question i don’t understand - i suspect you mean to dump the mail.* record?

may i ask how you’re testing so i can troubleshoot the port myself? are you using a dig command or an SMTP test of the hostname on mxtools.com?

Yes mxtoolbox shows unable to connect as well.

Connecting to
1/8/2023 10:09:13 AM Connection attempt #1 - Unable to connect after 15 seconds. [15.03 sec]

On this link: Open Port Check Tool - Test Port Forwarding on Your Router
Enter in your server ip and port 25 to check if it’s open.
If it can’'t connect than your provider has it blocked on their end.

ah ha! so nmap lied to me

let me work on opening the port and testing

and thank you both for your expertise and patience - i realize working with nooblets can be frustrating :slight_smile:

1 Like

Your DNS records look good, great job!
You got this, not really all that complicated.

When I mentioned “Scratch this” in recent post, it meant forget about what I have asked.
I had to zoom in on your image to see that you had already entered in the needed A records and such.

a few days ago i swapped firewalld for CSF, but i just put it in testing mode and mxtools still times-out on 25

immediately after running the port 25 test i re-enabled CSF… after which i got a pile of mails from the server while, at the same time, mxtools still times out on 25

i’m trying to document all i do so my learning process isn’t wasted, but i don’t know of anything i did to get mail (somewhat) working - as i write this the server sent ~22 mails, then slowed to batches of 4 every couple minutes (~30 still in queue)

since i nothing i did, that i know of, can be timed to match the mail flow, i’m assuming it was the ISP PTR record that i changed several minutes ago which has now propagated ??? beats me, but 25 is still not reachable externally