As far as CSF goes, sorry I can not help you since I don’t use it, especially on an ubuntu server.
But you should take it off of test mode as long as you know the ports you need open are entered in the config file.
Still does not hurt to ask your provider if port 25 is not blocked on their end.
i took CSF out of test mode immediately upon doing the mxtools test - doesn’t look like it was the problem and though mxtools still tells me 25 isn’t reachable, i’m still getting mail
and looking at the mail headers i’m pleased; SPF: pass, there’s is a DKIM sig, encryption is TLS 1.2
i will ask the ISP about port 25 … or maybe i should change the port? i usually just change all the default ports
again, thanks - i don’t know that i can mark any one post as the solution, but you certainly did help me, as did others here, and i really appreciate it
as a novice (at best) i’d be interested in hearing your thinking regarding CSF on Ubuntu - Joe doesn’t like it either, but the only reason he gave was because the firewall rules are too complex
CSF caters more to RedHat/CentOS type distributions than Debian/Ubuntu
From what I have read in their documentation there are several regex patterns that you need to manually change if using Debian/Ubuntu. This is also stated on their download page.
I have been using firewalld with ipset and fail2ban creating my own ip ban list with ipset for so long I don’t feel the need to install something that will just create a lot of headaches on a Debian/Ubuntu server.
it is now apparently - that was my whole reason for going through all this; i wanted to disable as much mail stuff as i could to simplify whilst still sending all system mail to my 3rd party mail account
i also appreciate your POV regarding CSF - i may swap back to firewalld+fail2ban
Have you made any changes in your postfix configuration lately regarding inet?
for safety measure make sure they are as follows:
inet_interfaces = all
inet_protocols = ipv4
Save the config file and Stop Postfix and than Start Postfix
This should at least allow postfix to send out mails only on your ipv4 address.
and receive email on all including ipv6 if your server is setup to use it.
negative - i had changed inet_interfaces to localhost before, but changed it back yesterday or the day before, and i did restart postfix (+ i rebooted the server early this morning)
it is sending - sorry if i didn’t make that clear - as far as receiving, i didn’t test, and actually i’m not sure i want it to receive - if some ding-dong wants to send abuse or DMCA or whatever nonsense, they can deal with my ISP
hey @calport - i was 1/2 way through your msg when you deleted it
i don’t completely disagree with what you said - having learned more about how mail works, i think i would have kept a default stack except for clam, spamassassin and procmail - the first 2 are useless to me and it seems procmail can get in the way
rightly or wrongly, i also worry about widening the attack surface, so in my mind, less is sometimes more, but yes, i could’ve made it easier on myself had i known what i was getting into … that said, i’m sure i’ll rebuild the server at some point and not make as many drastic changes to the mail stuff