i have mail working and mxtools checks out ok but the whole mail thing is a massive topic and headache, as well as an inviting target for malicious actors
i’d like to get rid of as much mail software as possible and just send everything to my external mail provider since they know what they’re doing and i don’t
all i need is system mail (receive) and mail sent from WordPress
so there’s postfix, dovecot and i don’t know what else - can all this be simplified somehow, such as by replacing these packages with a very simple, basic mail system that will send all mail to my personal mail address?
You CAN disable Dovecot (POP/IMAP) if you aren’t receiving email and therefore not needing to access over IMAP or POP.
You CAN disable SpamAssassin if you aren’t receiving email and therefore not needing to scan inbound email for spam.
You CAN disable ClamAV if you aren’t receiving email and therefore not needing to scan inbound email for viruses.
You SHOULD NOT disable Postfix (SMTP) as this is often used by the system to notify YOU of system events.
You CAN disable access to port 25/587 (SMTP), 110/995 (POP), 143/220/993 (IMAP), 20000 (Usermin), via your firewall to prevent inbound access to these ports.
You CAN setup an SMTP plugin for WordPress so you can directly send email via your external provider or continue to let Postfix deliver mail though it won’t be DKIM signed or SPF authorized which might lead to mail going to the spam folder of recipient.
*** Need more help? My consulting and technical services are affordable – Drop me a PM here or contact me via https://tpnassist.com ***
gotchya - i was wondering though if it could be replaced with something far simpler given that i only need to receive system and wordpres mail - in other words, i would be the only one receiving mail, both from the system and WP
You CAN setup an SMTP plugin for WordPress so you can directly send email via your external provider or continue to let Postfix deliver mail though it won’t be DKIM signed or SPF authorized…
if i’m not mistaken, i believe WP uses php to send mail by default (whether that invokes anything beyond php, i dunno), however i already have DKIM and SPF enabled, so can i use an SMTP plug for WP and feed mail to postfix?
whoops … also, given that i’ve disabled dovecot (and set firewall accordingly), can i disable mail for the virtual server and still get system mail from the same domain (webmin, web server, etc., is all using the same domain)?
You’re misunderstanding what Peter said. You can choose to use a server other than the local server to send mail (“external provider” in Peter’s comment).
You’re asking to stop doing things locally with mail. Peter told you how.
The mail feature is about receiving mail. Has nothing to do with system messages about that domain (system messages are not “from” a domain, they are from the system). Webmin is not “using” a domain for mail or anything else. The “From:” field in email is set by the client, and has nothing to do with how the mail is sent. That said, if you don’t tell the world via DKIM/SPF that your IP is allowed to send mail for your domain, you won’t have much luck sending it from the server. If you want those messages delivered to root on the system, or some other real (not one in the virtual map) user on the system, you don’t need DKIM or SPF, as the server trusts itself and will deliver that mail.
The reason this is so confusing for you is you don’t know how to pieces fit together. Mail is complicated, not because of how we do it, but because it just is. As Peter said, you can disable just about anything you don’t use, except Postfix. If you don’t care about spam and AV scanning, then don’t use SpamAssassin or ClamAV (I never use ClamAV, as it’s too damned big)! If you don’t want to retrieve mail from the system using Thunderbird/Outlook/whatever, then you don’t need Dovecot!
Postfix is the simple mail server. Everything else in the stack is not the simple mail server, but it’s stuff people really want when they run a mail server.
But, you need to figure out what mail things you’re trying to do, and you need to at least understand why mail goes where it goes. If you want to use external mail for your users, you need to understand how MX records work, and you’ll still need to setup DKIM/SPF records if you want that external service to be able to send mail on your domain’s behalf.
that’s done and mxtools.com tells me all is well for DKIM, DMARC, SPF
dovecot is disabled
clam, spamassassin, greylisting, procmail - all disabled and then removed
Webmin > Servers Postfix Mail Server > Local Delivery:
“External command to use instead of mailbox delivery” - field is blank
WordPress mail is working fine with an SMTP plug
the remaining problem is getting postfix to send mail to my personal mail address - the mail queue fills with…
root@12bytes.org [redacted]@rbox.me 32.64 KiB connect to mx.runbox.com[185.226.149.25]:25: Connection refused
(note that rbox and runbox are the same - one can choose from several domains/TLD’s at Runbox and any can be used to receive/send mail)
PTR/reverse DNS set by the ISP is 45.42.246.86.static.as210632.net which is not my mail server - whether this needs to be changed, and what to change it to, i don’t know
whether DNS records (set on registrar) are ok, i don’t know…
I don’t quite understand what you are trying to accomplish. One moment you are talking about using an external provider, now you are talking about using your own mail server… If you are using an external provider, your mail server does not belong in the equation.
Perhaps it’s time to have a one-on-one conversation about this. However, while my rates are fair and affordable to most, my time is NOT free. Though I assure you will get results and spend a fraction of the time you have spent on this thread. Frankly, your inquiry isn’t really Virtualmin specific.
root@host:~# nmap localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-08 09:50 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
443/tcp open https
465/tcp open smtps
587/tcp open submission
The hostname you have setup for your server/vps is the hostname postfix uses.
If your provider allows you to have a mail server than you will need to ask your provider to create a rDNS/PTR for your hostname.
While that is happening setup the dkim for your server hostname and domain.
include an spf txt to your dns record: v=spf1 a mx -all
Once this is done than you can move on to trouble shooting.
i just now set the ptr to: 45.42.246.86.host.12bytes.org
dkim and spf were already set, but spf is different than what you wrote - i got the spf value from the dns record on the virtual host (DNS/named is disabled, but the records are still there): "v=spf1 a mx a:12bytes.org ip4:45.42.246.86 ip4:45.42.246.86 ?all"
dkim:
subdomain: mail._domainkey
record type: text
value: "v=DKIM1; k=rsa; t=s; p=[several double quoted strings removed]"
also dns records can be seen in my earlier post - they remain unchanged
even after a LOT of reading, i’m not sure any of this is correct
unless i’m misunderstanding, i believe i have access to the setting you’re referring to from the ISP control panel for my server - i changed the PTR/reverse DNS as mentioned - originally it was 45.42.246.86.static.as210632.net
Your DNS records look good, great job!
You got this, not really all that complicated.
When I mentioned “Scratch this” in recent post, it meant forget about what I have asked.
I had to zoom in on your image to see that you had already entered in the needed A records and such.
a few days ago i swapped firewalld for CSF, but i just put it in testing mode and mxtools still times-out on 25
immediately after running the port 25 test i re-enabled CSF… after which i got a pile of mails from the server while, at the same time, mxtools still times out on 25
i’m trying to document all i do so my learning process isn’t wasted, but i don’t know of anything i did to get mail (somewhat) working - as i write this the server sent ~22 mails, then slowed to batches of 4 every couple minutes (~30 still in queue)
since i nothing i did, that i know of, can be timed to match the mail flow, i’m assuming it was the ISP PTR record that i changed several minutes ago which has now propagated ??? beats me, but 25 is still not reachable externally
