Forums

Resolved
0 votes
if i outside send an email to example@mail.example.com is received but if i send to example@example.com not.

any help please?

here my main.cf
[root@laesperanzachiantleca ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_queue_lifetime = 6h
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = mailprefilter
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = $myhostname, $mydomain, localhost
inet_protocols = ipv4
local_recipient_maps = $alias_maps $virtual_alias_maps
luser_relay =
mail_owner = postfix
mailbox_size_limit = 102400000
mailbox_transport = mailpostfilter
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 51200000
message_strip_characters = \0
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, www.laesperanzachiantleca.com.gt
mydomain = laesperanzachiantleca.com.gt
myhostname = laesperanzachiantleca.com.gt
mynetworks = 127.0.0.0/8 [::1]/128, [::1]/128, 186.151.64.206, 192.168.19.0/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
recipient_delimiter = +
relayhost =
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:/var/spool/postfix/postgrey/socket
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $alias_maps, $virtual_maps, ldap:/etc/postfix/imap-aliases.cf, ldap:/etc/postfix/imap-groups.cf
Tuesday, January 29 2019, 09:33 PM
Share this post:

Accepted Answer

Thursday, January 31 2019, 11:16 PM - #Permalink
Resolved
1 votes
Alejandro - gave you a way of checking MX with an example - you could do that yourself..

Anyway, you can also install dig if you don't already have it - and do it another way e.g.

[root@danda ~]# dig +short @8.8.8.8 mail.laesperanzachiantleca.com.gt -t MX
[root@danda ~]# dig +short @8.8.8.8 laesperanzachiantleca.com.gt -t MX
5 mail.laesperanzachiantleca.com.gt.
10 mail.laesperanzachiantleca.com.gt.
[root@danda ~]# dig +short @8.8.8.8 www.laesperanzachiantleca.com.gt -t MX

MX records for "laesperanzachiantleca.com.gt"
For reliability the lower priority server is usually a different server which only gets the mail when the higher is down, then when the higher comes back up - should forward the mail - difficult to do with only one internet address unless you use a service provided by a third party.. Check the web for more e.g. MX example URL

Re. sending - have you looked in /var/log/maillog?

I notice your web-site displays the default ClearOS page for both http and https - so that is working...
The reply is currently minimized Show
Responses (16)
  • Accepted Answer

    Friday, February 01 2019, 05:32 PM - #Permalink
    Resolved
    1 votes
    If the SORBS DUHL is because your IP is in a block that has been declared as dynamic, all you can do is ask your ISP for a different IP address. There is nothing you can do about getting delisted. If your ISP cannot give you a static IP in a declared static IP block then you will have no choice but to relay out via another SMTP server or risk mail rejection (my mail server would directly reject you, for example).

    Here is the explanation of the RATS Dyna list. In this case you have now added a PTR record. Follow the link on my linked page to the RATS list site and see what you have to do to get de-listed. It may be automatic if you wait a while.

    There is a DKIM Howto here, but since I wrote it, I've found out Spamassassin can also do it and you should have that installed. I've never tried it but it looked easier than my method. You will need to google it.

    SPF is entirely a DNS solution, so nothing to do with ClearOS. Google it. There are some good sites there and even some with mini wizards. Do no more than soft-fail at the beginning. Only change to hard-fail once you are sure it is working correctly.
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, January 31 2019, 03:34 PM - #Permalink
    Resolved
    1 votes
    Not only is there no MX record for mail.xxxxxxx - but there is an interesting "mail addr" :)

    [root@danda ~]# nslookup
    > set type=MX
    > mail.laesperanzachiantleca.com.gt
    Server: 127.0.0.1
    Address: 127.0.0.1#53

    Non-authoritative answer:
    *** Can't find mail.laesperanzachiantleca.com.gt: No answer

    Authoritative answers can be found from:
    laesperanzachiantleca.com.gt
    origin = ns.telgua.com.gt
    mail addr = please_set_email.absolutely.nowhere
    serial = 4
    refresh = 10800
    retry = 3600
    expire = 2419200
    minimum = 900
    > ^C[root@danda ~]#

    My own... 60-242-196-96.static.tpgi.com.au. is my adsl static address

    [root@danda ~]# nslookup
    > set type=MX
    > sraellis.no-ip.com
    Server: 127.0.0.1
    Address: 127.0.0.1#53

    Non-authoritative answer:
    sraellis.no-ip.com mail exchanger = 5 60-242-196-96.static.tpgi.com.au.

    Authoritative answers can be found from:
    . nameserver = g.root-servers.net.
    . nameserver = m.root-servers.net.
    ... clipped
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, January 31 2019, 04:04 PM - #Permalink
    Resolved
    0 votes
    @Tony
    I've edited my post. I meant to say there was an A record for mail.laesperanzachiantleca.com.gt and mailers should fall back to that if there is no MX record. As you point out, there is no MX record. (FWIW, there is also a www record)

    @Alejandro,
    I suspect your Mail Hostname is set to www.laesperanzachiantleca.com.gt. Ideally it should match your MX record. You could create an MX for laesperanzachiantleca.com.gt pointing to www.laesperanzachiantleca.com.gt, in which case your Mail Hostname is correct
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, January 31 2019, 10:39 PM - #Permalink
    Resolved
    0 votes
    can you check again please the mx lookup.

    im receiving emails from outside but i cant send.

    thanks..
    The reply is currently minimized Show
  • Accepted Answer

    Friday, February 01 2019, 03:49 PM - #Permalink
    Resolved
    0 votes
    i have an estatic IP provided by Claro a new one amazing blacklisted.

    my question are:

    1.Do you have any manual or steps to implement SPF and DKIM

    Ill be checking RBL and see if there are some forms to fill and whitelist the IP


    Best Regards
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, January 31 2019, 02:45 PM - #Permalink
    Resolved
    1 votes
    Looking at your DNS records, you don't have an A or MX record for laesperanzachiantleca.com.gt, but I see you have one for mail.laesperanzachiantleca.com.gt. If you want to receive mail for laesperanzachiantleca.com.gt you should have an MX record pointing to either an A record or directly to your WAN IP address. I have a feeling that some mail systems also expect you the have an A record, but it does not have to point to anything useful.

    Alternatively, e-mails should just work with an A record pointing to your IP but this is a "fallback" set up and you may end up falling foul of some spam services if you're sending or receiving mail without an MX record.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 29 2019, 09:57 PM - #Permalink
    Resolved
    0 votes
    Please can you do me a favour and replace you output with the result of "postconf -n"? (and preferably between code tags)

    Then check Webconfig > System > Settings > Mail Settings and check that Mail Domain is the domain that you wish to receive mail for, so example.com and not mail.example.com. Also check that your external DNS records have an MX record either pointing to your WAN IP, or an A record pointing to your WAN IP. The A record could be for mail.example.com, but it you should not use CNAME records. I used to until a few days ago when one ISP started bouncing my mails and, technically they were correct but I didn't know it. Your MX record should match your Mail Hostname.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, January 31 2019, 02:28 PM - #Permalink
    Resolved
    0 votes
    [root@laesperanzachiantleca ~]# postconf -n
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    bounce_queue_lifetime = 6h
    broken_sasl_auth_clients = yes
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter = mailprefilter
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    debug_peer_level = 2
    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = no
    inet_interfaces = $myhostname, $mydomain, localhost
    inet_protocols = ipv4
    local_recipient_maps = $alias_maps $virtual_alias_maps
    luser_relay =
    mail_owner = postfix
    mailbox_size_limit = 102400000
    mailbox_transport = mailpostfilter
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    message_size_limit = 51200000
    message_strip_characters = \0
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, www.laesperanzachiantleca.com.gt
    mydomain = laesperanzachiantleca.com.gt
    myhostname = laesperanzachiantleca.com.gt
    mynetworks = 127.0.0.0/8 [::1]/128, [::1]/128, 186.151.64.206, 192.168.19.0/24
    myorigin = $mydomain
    newaliases_path = /usr/bin/newaliases.postfix
    queue_directory = /var/spool/postfix
    recipient_delimiter = +
    relayhost =
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:/var/spool/postfix/postgrey/socket
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $mydomain
    smtpd_sasl_security_options = noanonymous
    smtpd_tls_auth_only = no
    smtpd_tls_cert_file = /etc/postfix/cert.pem
    smtpd_tls_key_file = /etc/postfix/key.pem
    smtpd_tls_loglevel = 1
    smtpd_use_tls = yes
    transport_maps = hash:/etc/postfix/transport
    unknown_local_recipient_reject_code = 550
    virtual_alias_maps = $alias_maps, $virtual_maps, ldap:/etc/postfix/imap-aliases.cf, ldap:/etc/postfix/imap-groups.cf
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, February 07 2019, 07:02 PM - #Permalink
    Resolved
    0 votes
    our ISP have cleaned the IP now im implementing the dkim but im a little lost at

    Now you need to update your DNS records. Open the file '/etc/opendkim/keys/mydomain.com/YYYYMM.txt'.

    at this part, where are those records at Cos? (

    In your DNS records, create a new TXT record with a subdomain as the first field in the file which you can just copy. In this case it is “YYYYMM._domainkey”. For TXT Data copy and paste everything between the first and last set of quotes, excluding the first and last quotes and removing the middle quotes and whitespace between them.

    thanks by advance
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, February 07 2019, 07:34 PM - #Permalink
    Resolved
    0 votes
    Alejandro Perez wrote:

    our ISP have cleaned the IP now im implementing the dkim but im a little lost at

    Now you need to update your DNS records. Open the file '/etc/opendkim/keys/mydomain.com/YYYYMM.txt'.

    From the instructions:
    mkdir /etc/opendkim/keys/mydomain.com
    cd /etc/opendkim/keys/mydomain.com
    opendkim-genkey -r -h sha256 -b 2048 -d mydomain.com -s YYYYMM -v
    chown -R opendkim:opendkim /etc/opendkim/keys/mydomain.com

    Line 1 creates the folder. You step into it in line 2 and line 3 creates the file (which you may have called 201901.txt if you followed my naming).
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, February 07 2019, 11:25 PM - #Permalink
    Resolved
    0 votes
    i follow those steps:

    https://docs.iredmail.org/sign.dkim.signature.for.new.domain.html

    i have added amavisd.conf this lines:

    # DKIM SECTION
    $enable_dkim_verification = 1;
    $enable_dkim_signing = 1;
    dkim_key('laesperanzachiantleca.com.gt', "dkim", "/var/lib/dkim/laesperanzachiantleca.com.gt.pem");
    @dkim_signature_options_bysender_maps = (
    { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } });

    1; # insure a defined return

    ]# amavisd showkeys
    ; key#1 1024 bits, i=dkim, d=laesperanzachiantleca.com.gt, /var/lib/dkim/laesperanzachiantleca.com.gt.pem
    dkim._domainkey.laesperanzachiantleca.com.gt. 3600 TXT (
    "v=DKIM1; p="
    "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcs2fiH/b0hW0JLZBM7cIh+7QF"
    "/8OX46bYZz00gfa67W3Dyfr+IpjB0N7svuY+KW23ikq2ijO0WmilMEytheB6lj+C"
    "j0eh8FVU3VjBa1nTr5DeRMoaa3HKCfeCTdEcbXtu1vDKSshSXb9QXzfUqKquclF+"
    "pSwbFxKPUZ8VmIeX5wIDAQAB")


    now im signing fine

    dkim: signing (author), From: <hugo.cifuentes@laesperanzachiantleca.com.gt> (From:<hugo.cifuentes@laesperanzachiantleca.com.gt>;), KEY.key_ind=>0, a=>rsa-sha256, c=>relaxed/simple, d=>laesperanzachiantleca.com.gt, s=>dkim, ttl=>1814400, x=>1551395953

    but gmail and other free mails arent unreachable for me.

    any idea??
    The reply is currently minimized Show
  • Accepted Answer

    Friday, February 08 2019, 08:51 AM - #Permalink
    Resolved
    0 votes
    What are you trying to do with these free e-mails? Are you trying to pick up or send to GMail, for example? if you are trying to send from a desktop device, to send from a gmail account you should relay via gmail rather than send directly.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, February 08 2019, 06:51 PM - #Permalink
    Resolved
    0 votes
    @Nick

    What are you trying to do with these free e-mails? Are you trying to pick up or send to GMail, for example? if you are trying to send from a desktop device, to send from a gmail account you should relay via gmail rather than send directly.

    Im trying to send and receive emails from anywhere, but i can receive from anywhere but i cant send to nowhere

    thanks
    The reply is currently minimized Show
  • Accepted Answer

    Friday, February 08 2019, 07:00 PM - #Permalink
    Resolved
    0 votes
    So from you e-mail laesperanzachiantleca.com.gt address you are saying you can't send to any GMail address? If you can't, what does the maillog and system log say when you try to send?

    If you are trying to send from a GMail address via your server, you can't directly without falling foul of spf and dkim spam traps. You need to set up authentication and relay via gmail. This is a pain if you have a lot of gmail addresses.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, February 15 2019, 11:39 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    So from you e-mail laesperanzachiantleca.com.gt address you are saying you can't send to any GMail address? If you can't, what does the maillog and system log say when you try to send?

    If you are trying to send from a GMail address via your server, you can't directly without falling foul of spf and dkim spam traps. You need to set up authentication and relay via gmail. This is a pain if you have a lot of gmail addresses.


    noting wrong i guess at maillog

    Feb 15 17:34:18 laesperanzachiantleca postfix/qmgr[21393]: 8E666106B4F: from=<hugo.cifuentes@laesperanzachiantleca.com.gt>, size=5235, nrcpt=1 (queue active)
    Feb 15 17:34:18 laesperanzachiantleca postfix/smtpd[22834]: disconnect from localhost[127.0.0.1]
    Feb 15 17:34:18 laesperanzachiantleca amavis[23987]: (23987-04) dx4C799N6AuZ FWD from <hugo.cifuentes@laesperanzachiantleca.com.gt> -> <alex_perez83@yahoo.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 8E666106B4F
    Feb 15 17:34:18 laesperanzachiantleca amavis[23987]: (23987-04) Passed CLEAN {RelayedOutbound}, LOCAL [127.0.0.1]:57982 [190.149.41.184] <hugo.cifuentes@laesperanzachiantleca.com.gt> -> <alex_perez83@yahoo.com>, Queue-ID: C2BD4773, Message-ID: <00ba01d4c586$fcd27ed0$f6777c70$@cifuentes@laesperanzachiantleca.com.gt>, mail_id: dx4C799N6AuZ, Hits: 0.38, size: 4206, queued_as: 8E666106B4F, dkim_new=dkim:laesperanzachiantleca.com.gt, 768 ms
    Feb 15 17:34:18 laesperanzachiantleca amavis[23987]: (23987-04) TIMING-SA total 560 ms - parse: 0.86 (0.2%), extract_message_metadata: 6 (1.1%), get_uri_detail_list: 0.36 (0.1%), tests_pri_-1000: 3.8 (0.7%), tests_pri_-950: 0.79 (0.1%), tests_pri_-900: 0.60 (0.1%), tests_pri_-90: 0.51 (0.1%), tests_pri_0: 40 (7.1%), check_dkim_adsp: 14 (2.5%), check_spf: 0.16 (0.0%), tests_pri_20: 404 (72.1%), check_razor2: 396 (70.7%), tests_pri_30: 0.48 (0.1%), check_pyzor: 0.08 (0.0%), tests_pri_500: 96 (17.1%), poll_dns_idle: 88 (15.7%), get_report: 1.23 (0.2%)
    Feb 15 17:34:18 laesperanzachiantleca postfix/smtp[22799]: C2BD4773: to=<alex_perez83@yahoo.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.85, delays=0.08/0/0/0.77, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 8E666106B4F)
    Feb 15 17:34:18 laesperanzachiantleca postfix/qmgr[21393]: C2BD4773: removed
    Feb 15 17:34:18 laesperanzachiantleca amavis[23987]: (23987-04) size: 4206, TIMING [total 773 ms] - SMTP greeting: 2.7 (0%)0, SMTP EHLO: 0.2 (0%)0, SMTP pre-MAIL: 0.2 (0%)0, SMTP pre-DATA-flush: 1.0 (0%)1, SMTP DATA: 39 (5%)6, check_init: 0.3 (0%)6, digest_hdr: 0.7 (0%)6, digest_body_dkim: 0.1 (0%)6, collect_info: 1.7 (0%)6, mime_decode: 12 (1%)7, get-file-type2: 25 (3%)11, parts_decode: 0.1 (0%)11, check_header: 0.4 (0%)11, AV-scan-1: 20 (3%)13, spam-wb-list: 0.2 (0%)13, SA msg read: 0.3 (0%)13, SA parse: 1.2 (0%)14, SA check: 556 (72%)85, decide_mail_destiny: 6 (1%)86, notif-quar: 0.6 (0%)86, write-header: 8 (1%)87, fwd-data-dkim: 9 (1%)89, fwd-connect: 18 (2%)91, fwd-mail-pip: 2.4 (0%)91, fwd-rcpt-pip: 0.2 (0%)91, fwd-data-chkpnt: 0.1 (0%)91, write-header: 0.5 (0%)91, fwd-data-contents: 0.1 (0%)91, fwd-end-chkpnt: 54 (7%)98, prepare-dsn: 0.8 (0%)98, report: 1.8 (0%)99, main_log_entry: 7 (1%)100, update_snmp: 2.2 (0%)100, SMTP pre-response: 0.3 (0%)100, SMTP response: 0.2 (0%)100, unlink-3-files: 0.4 (0%)100, run...
    Feb 15 17:34:18 laesperanzachiantleca amavis[23987]: (23987-04) ...down: 0.6 (0%)100
    Feb 15 17:34:20 laesperanzachiantleca postfix/smtpd[22829]: disconnect from unknown[190.149.41.184]
    Feb 15 17:34:20 laesperanzachiantleca postfix/smtp[22835]: 8E666106B4F: to=<alex_perez83@yahoo.com>, relay=mta5.am0.yahoodns.net[66.218.85.52]:25, delay=2.1, delays=0.0
    6/0.02/0.6/1.5, dsn=2.0.0, status=sent (250 Requested mail action okay, completed.)
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, February 16 2019, 10:06 AM - #Permalink
    Resolved
    0 votes
    Your SPF record is broken. This is it for laesperanzachiantleca.com.gt:
    v=spf1 include:laesperanzachiantleca.com.gt ~all
    So it is saying, for my SPF also include the SPF belonging laesperanzachiantleca.com.gt. That is just going in circles.

    I'm not 100% sure but I think you want something like:
    v=spf1 mx ~all
    or
    v=spf1 ip4:190.149.156.171 ~all
    or, combining:
    v=spf1 mx ip4:190.149.156.171 ~all


    Use a site like https://www.dmarcanalyzer.com/spf/checker/ to validate your record. I just searched for "spf checker" to find this site. I am sure there are more. From the DKIM Howto also try sending a test email to check-auth@verifier.port25.com. This will give you an automated report on your DKIM and SPF set up.
    The reply is currently minimized Show
Your Reply