Forums

Resolved
0 votes
I'm trying to get new user registration email notifications out to the new users who register on my Joomla site. However, my Joomla site is part of a new domain the world has never seen, so I believe most email servers are rejecting my mail. Short of running it through another server like gmail, I have been trying to implement Let's Encrypt and certbot on my ClearOS server. It's been a neat endeavor, but cumbersome.

I'm seeing this in my maillog after Joomla tries to send emails:

Nov 18 23:25:12 gateway postfix/qmgr[9865]: 956C940182FE9: removed

Any advise on how to make an smtp mail server acceptable to the rest of the world so that remote servers accept mail from my server and its domain?
In Mail
Monday, November 19 2018, 05:32 AM
Share this post:
Responses (22)
  • Accepted Answer

    Saturday, November 24 2018, 04:56 PM - #Permalink
    Resolved
    0 votes
    This issue has been resolved. There is an issue in the beta release of the Forwarder hook. So for now it's been disabled on our ClearOS server. Thanks to Clear Center for their support on this.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 22 2018, 03:10 PM - #Permalink
    Resolved
    0 votes
    Cool. I wasn't aware that Let's Encrypt was available in the Marketplace. I just installed it. It's nice being able to access it via the Webconfig. Seems to be working.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 22 2018, 08:36 AM - #Permalink
    Resolved
    0 votes
    Dirk Albring wrote:
    Well that's a bummer. I've really been appreciating your help. I didn't submit a ticket to lose it. They must've said something to you.
    You haven't particularly lost my help. It is just unfair on the engineer if we change anything in the configs while he is looking at it. It may confuse him with what he is looking at.

    Re Let's Encrypt, you've mentioned certbot which, I guess, most people would not know. Have you by any chance set up Let's Encrypt manually without using the app? If so, please can you install the app from the marketplace. It should take over an existing certbot implementation seamlessly. If you do that, you may understand more my comment about multiple domains on a single certificate. Also then click on the documentation for more information on how to change certificates.

    With respect to Webmin, it uses its own self-signed certificate which is combined in a single file with the key. Let's Encrypt does not have a file with the key and fullchain combined. You can probably specify the certificates here but I'd be wary of the Let's Encrypt tab in case it stamps on something in ClearOS.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 22 2018, 02:39 AM - #Permalink
    Resolved
    0 votes
    Well that's a bummer. I've really been appreciating your help. I didn't submit a ticket to lose it. They must've said something to you.

    Webserver certificates are specified in /etc/httpd/conf.d/flex-443.conf except for the webconfig. Use the Web Server web config to specify which certificate is used for which (sub-)domain. If you don't have a default website set up, set one up.


    When I use the web server configuration in the Webconfig, there are no additional certificate options available in the drop-down. Just the default. The same holds true in the SSL General Settings of the Webconfig. Would an additional selection appear in the drop-down if I added an external certificate(s) in the Certificate Manager of the Webconfig? If so, which one of the four in /Letsencrypt/Live/renncoautomation.us would I add to cover the Webconfig to stop the certificate warnings? Do you think this would also stop them when using Webmin on port 10000?

    Thanks for all of your help.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 21 2018, 10:02 PM - #Permalink
    Resolved
    0 votes
    Hi DIrk,
    As you've raised a ticket, I'll leave it to the engineer who's picked it up. I don't want to mess up anything he is trying to do.

    However, Let's Encrypt. It is up to you if you want to use it for the webconfig. I do. It just stops the certificate warning. On my certificate I have multiple domains and subdomains all at the same time. A single certificate covers howitts.co.uk, www.howitts.co.uk, mailserver.howitts.co.uk and my poweredbyclear.com FQDN. You can use anything which resolves back to your WAN IP. It is also possible to add domains to an existing certificate. Check the app documentation, but you have to go to the command line.

    Webserver certificates are specified in /etc/httpd/conf.d/flex-443.conf except for the webconfig. Use the Web Server web config to specify which certificate is used for which (sub-)domain. If you don't have a default website set up, set one up.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 21 2018, 08:08 PM - #Permalink
    Resolved
    0 votes
    Thanks for sticking with me, Nick. I corrected smtpd_tls_CAfile in the main.cf script. At the risk of getting off track, my Webconfig shows a digital Self-Signed-Default Certificate in my General Settings and in my web server configuration, but sys-0-cert.pem shows up as the Default Certificate in the Certificate Manager. Should I be adding one of the certificates that certbot created in my /Letsencrypt/Live/renncoautomation.us folder as an External one in the Webconfig? I had certbot configure Apache and install certificates, so my site is https now, but I don't see anything in my web root in the way of a certificate nor any script in my httpd.conf. There is this in the /var/log/httpd/ssl_error_log:

    [Sun Nov 18 03:42:02.971461 2018] [ssl:warn] [pid 30346] AH01909: RSA certificate configured for www.renncoautomation.us:443 does NOT include an ID which matches the server name
    [Sun Nov 18 23:33:33.661818 2018] [ssl:warn] [pid 12617] AH01909: RSA certificate configured for www.renncoautomation.us:443 does NOT include an ID which matches the server name
    [Sun Nov 18 23:33:33.751103 2018] [ssl:warn] [pid 12617] AH01909: RSA certificate configured for www.renncoautomation.us:443 does NOT include an ID which matches the server name
    [Wed Nov 21 11:07:56.836794 2018] [ssl:warn] [pid 12617] AH01909: RSA certificate configured for www.renncoautomation.us:443 does NOT include an ID which matches the server name
    [Wed Nov 21 11:08:03.882944 2018] [ssl:warn] [pid 12617] AH01909: RSA certificate configured for www.renncoautomation.us:443 does NOT include an ID which matches the server name
    [Wed Nov 21 11:08:10.071876 2018] [ssl:warn] [pid 12617] AH01909: RSA certificate configured for www.renncoautomation.us:443 does NOT include an ID which matches the server name


    Anyway...back to addressing your last post...

    So, I created an overrride.conf file and added your logging script to it, then tried to restart amavisd, but got an error. When I removed the override file from the picture, amavisd started back up. Do you know if that's the only script that would go into the override file, or does all of the script from the api.conf file need to be included? I assume you would only put script in the override.conf file for those parameters you wanted to change. Until you mentioned a log file, I never took notice of one for amavisd. There isn't one for it in my /var/log directory, anywhere. There are also no parameters in api.conf referencing a log file for amavis.

    I did notice there's a backup api.conf file under /var/clearos/mail_filter/backup that has a quite a bit more content in it than the one in /etc/amavisd, although it has no reference to my domain like the current one does. I assume that happens during the ClearOS installation process because the backup file is dated almost 3 weeks ago and my server is fairly new. I don't feel like there's a whole lot of content in /etc/amavisd/api.conf really. Take a look.

    # WARNING: If you want to override the settings in this file, please do so
    # in the /etc/amavisd/override.conf file.

    ## GENERAL

    $mydomain = "renncoautomation.us";
    @local_domains_maps = ( [ ".renncoautomation.us" ] );


    $enable_dkim_verification = 1; # enable DKIM signatures verification
    $enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key

    ## NOTIFICATIONS

    $mailfrom_notify_admin = undef;
    $mailfrom_notify_recip = undef;
    $mailfrom_notify_spamadmin = undef;

    ## MAIL FORWARDING

    $final_virus_destiny = D_DISCARD;
    $final_banned_destiny = D_BOUNCE;
    $final_spam_destiny = D_PASS;
    $final_bad_header_destiny = D_PASS;

    ## ANTI-SPAM CONTROLS

    $sa_spam_modifies_subj = 1;
    $sa_spam_subject_tag = "[SPAM] ";
    $sa_spam_level_char = '*';
    $sa_tag_level_deflt = -99;
    $sa_tag2_level_deflt = 5;
    $sa_kill_level_deflt = 10;
    $sa_mail_body_size_limit = 500*1024;
    $sa_local_tests_only = 0;

    ## ANTI-VIRUS AND INVALID/FORBIDDEN CONTENTS CONTROLS

    $banned_filename_re = new_RE(
    # Double extensions
    qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|bat|cmd|com|cpl|dll)\.?$'i,
    # MIME types
    qr'^application/x-msdownload$'i,
    qr'^application/x-msdos-program$'i,
    qr'^application/hta$'i,
    # Banned extensions
    qr'\.(chm|hlp|msc|crt|otf|sh|shb|ade|adp|app|bas|bat|cab|cmd|com|cpl|dll|exe|fxp|grp|hta|inf|ini|isp|jse|js|lnk|mda|mdb|mde|mdt|mdw|mdz|msi|msp|mst|ops|pif|prf|prg|reg|scf|scr|sct|shs|sys|url|vbe|vbs|vb|vxd|wsc|wsf|wsh)$'i,
    # Custom
    );

    ## QUARANTINE SETTINGS

    @storage_sql_dsn = ();
    $inet_socket_port = [10024,9998];
    $interface_policy{'9998'} = 'QRELEASE';
    $policy_bank{'QRELEASE'} = {protocol => 'AM.PDP', inet_acl => [qw( 127.0.0.1 [::1])], release_method => 'smtp:[127.0.0.1]:10026'};
    $mailfrom_to_quarantine = '';
    $virus_quarantine_method = '';
    $spam_quarantine_method = '';
    $banned_files_quarantine_method = '';
    $bad_header_quarantine_method = '';
    $sa_quarantine_cutoff_level = undef;

    ## TRANSIENT SETTINGS


    1;


    I'm curious as to what purpose a 1; transient setting does.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 21 2018, 01:58 PM - #Permalink
    Resolved
    0 votes
    More detailed looking and the problem with smtpd_tlsCAfile is that it is missing an "_". It should be smtpd_tls_CAfile. You can c&p my line:
    smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
    Can you also make sure you have a new line at the end of the file. Things can go wrong in the future if you don't. (Been there, done it :( )

    I have no idea what is going wrong. Try turning up the debugging and Google will be your friend. In my /etc/amavisd.conf I have to following commented out:
    # added by njh
    #$LOGFILE = "/var/log/amavis.log";
    #$DO_SYSLOG = 0;
    #$log_level = 5;
    So I must have had a look some time in the past. I don't know if you need to increase the amavisd or postfix logging or both. Also looking at the end of /etc/amavisd.conf you can put your own settings in /etc/amavisd/override.conf.

    [edit]
    and yes to your aliases edit. Mine is:
    # Person who should get root's mail
    root: nick

    [/edit]
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 21 2018, 01:37 PM - #Permalink
    Resolved
    0 votes
    You do appear to have one error. I think you may be getting certificate warnings with your Let's Encrypt certificates due to the last line of your "postconf -n" output. Can you put a space on either side of the "=" in the line "smtpd_tlsCAfile=/etc/pki/tls/certs/ca-bundle.crt"? This should not be relevant as the send error was happening before you implemented Lets Encrypt.


    When I look at this line in main.cf, there are spaces on either side of = . I redid it anyway.

    Can you give the output to:

    netstat -npl | egrep 'amavis|1002'

    to check postfix and amavisd are listening correctly.


    tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      22158/amavisd (mast
    tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 14195/master
    tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 14195/master
    tcp 0 0 127.0.0.1:9998 0.0.0.0:* LISTEN 22158/amavisd (mast
    unix 2 [ ACC ] STREAM LISTENING 34736874 14195/master private/smtp-amavis
    unix 2 [ ACC ] STREAM LISTENING 58350467 22158/amavisd (mast /var/lib/amavis/amavisd.sock


    To get round the errors about root, can you alias root to a valid user in /etc/aliases then issue the command "newaliases"?


    So, something like

    root:     marc
    ?
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 21 2018, 08:31 AM - #Permalink
    Resolved
    0 votes
    I think I understand the differences between your files an mine and nothing jumps out but I don't know what "kopano_destination_recipient_limit = 1" is.

    You do appear to have one error. I think you may be getting certificate warnings with your Let's Encrypt certificates due to the last line of your "postconf -n" output. Can you put a space on either side of the "=" in the line "smtpd_tlsCAfile=/etc/pki/tls/certs/ca-bundle.crt"? This should not be relevant as the send error was happening before you implemented Lets Encrypt.

    Can you give the output to:
    netstat -npl | egrep 'amavis|1002'
    to check postfix and amavisd are listening correctly.

    Then I'd guess it is a matter of turning up the debug logging.

    I also wonder about your mail forwarding due to the messages in your system log but I know nothing about it.

    To get round the errors about root, can you alias root to a valid user in /etc/aliases then issue the command "newaliases"?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 20 2018, 11:18 PM - #Permalink
    Resolved
    0 votes
    Yes I do have the mall anti-spam installed and running.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 20 2018, 09:13 PM - #Permalink
    Resolved
    0 votes
    I'm not going to get to look at it tonight - I'll need fresh eyes. I know my postconf -n will be different as I've tinkered a lot and I'll have to see if the differences are relevant. Even my -M output will be different as I've enabled STARTTLS.

    Do you have the Mail Antispam package installed and running?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 20 2018, 08:45 PM - #Permalink
    Resolved
    0 votes
    postconf -n

    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    bounce_queue_lifetime = 6h
    broken_sasl_auth_clients = yes
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    content_filter = mailprefilter
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    debug_peer_level = 2
    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
    header_checks = regexp:/etc/postfix/header_checks
    html_directory = no
    inet_interfaces = all
    inet_protocols = ipv4
    kopano_destination_recipient_limit = 1
    local_recipient_maps = $alias_maps $virtual_alias_maps
    luser_relay =
    mail_owner = postfix
    mailbox_size_limit = 102400000
    mailbox_transport = mailpostfilter
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    message_size_limit = 51200000
    message_strip_characters = \0
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    mydomain = renncoautomation.us
    myhostname = mail.renncoautomation.us
    mynetworks = 127.0.0.0/8 [::1]/128, [::1]/128, 192.168.9.0/24
    myorigin = $mydomain
    newaliases_path = /usr/bin/newaliases.postfix
    queue_directory = /var/spool/postfix
    recipient_delimiter = +
    relay_domains = $mydestination, renncoautomation.us
    relayhost =
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
    smtpd_sasl_auth_enable = no
    smtpd_sasl_local_domain = $mydomain
    smtpd_sasl_security_options = noanonymous
    smtpd_tls_auth_only = no
    smtpd_tls_cert_file = /etc/letsencrypt/live/renncoautomation.us/fullchain.pem
    smtpd_tls_key_file = /etc/letsencrypt/live/renncoautomation.us/privkey.pem
    smtpd_tls_loglevel = 1
    smtpd_use_tls = yes
    transport_maps = hash:/etc/postfix/transport
    unknown_local_recipient_reject_code = 550
    virtual_alias_maps = $alias_maps, $virtual_maps, ldap:/etc/postfix/kopano-aliases.cf, ldap:/etc/postfix/kopano-groups.cf
    postconf: warning: /etc/postfix/main.cf: unused parameter: smtpd_tlsCAfile=/etc/pki/tls/certs/ca-bundle.crt



    postconf -M

    smtp       inet  n       -       n       -       -       smtpd
    smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
    pickup fifo n - n 60 1 pickup
    cleanup unix n - n - 0 cleanup
    qmgr fifo n - n 300 1 qmgr
    tlsmgr unix - - n 1000? 1 tlsmgr
    rewrite unix - - n - - trivial-rewrite
    bounce unix - - n - 0 bounce
    defer unix - - n - 0 bounce
    trace unix - - n - 0 bounce
    verify unix - - n - 1 verify
    flush unix n - n 1000? 0 flush
    proxymap unix - - n - - proxymap
    proxywrite unix - - n - 1 proxymap
    smtp unix - - n - - smtp
    relay unix - - n - - smtp -o smtp_fallback_relay=
    showq unix n - n - - showq
    error unix - - n - - error
    retry unix - - n - - error
    discard unix - - n - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - n - - lmtp
    anvil unix - - n - 1 anvil
    scache unix - - n - 1 scache
    mailprefilter unix - n n - - pipe user=filter argv=/usr/sbin/mailprefilter -- -s ${sender} -r ${recipient} -u ${sasl_username} -c ${client_address}
    smtp-amavis unix - - n - 5 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
    127.0.0.1:10025 inet n - n - - smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
    127.0.0.1:10026 inet n - n - - smtpd -o content_filter= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0
    mailpostfilter unix - n n - - pipe user=filter argv=/usr/sbin/mailpostfilter -- -s ${sender} -r ${recipient} -c ${client_address}
    kopano unix - n n - 10 pipe flags= user=kopano argv=/usr/sbin/kopano-dagent ${user}
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 20 2018, 07:18 PM - #Permalink
    Resolved
    0 votes
    That should have been:
    rpm -q amavisd-new
    but you have it.

    Although you say it is running, I believe postfix calls it as a separate instance when it needs it. The running version **may** be for the web proxy. As an example of a working mail transaction I have in my logs (munged a bit):
    Nov 20 17:47:34 server postfix/smtpd[11795]: connect from mini-1.mydomain.com[172.17.2.118]
    Nov 20 17:47:34 server postfix/smtpd[11795]: Anonymous TLS connection established from mini-1.mydomain.com[172.17.2.118]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
    Nov 20 17:47:34 server postfix/smtpd[11795]: 364814092710: client=mini-1.mydomain.com[172.17.2.118], sasl_method=PLAIN, sasl_username=nick@mydomain.com
    Nov 20 17:47:34 server postfix/cleanup[11798]: 364814092710: message-id=<552fd091-1aa9-73a9-d083-0be7237a73a7@mydomain.com>
    Nov 20 17:47:34 server opendkim[1890]: 364814092710: DKIM-Signature field added (s=201809, d=mydomain.com)
    Nov 20 17:47:34 server postfix/qmgr[28636]: 364814092710: from=<nick@mydomain.com>, size=5155, nrcpt=1 (queue active)
    Nov 20 17:47:34 server postfix/smtpd[11795]: disconnect from mini-1.mydomain.com[172.17.2.118]
    Nov 20 17:47:34 server postfix/smtpd[11833]: connect from localhost[127.0.0.1]
    Nov 20 17:47:34 server postfix/smtpd[11833]: 5FB2C4092711: client=localhost[127.0.0.1]
    Nov 20 17:47:34 server postfix/cleanup[11798]: 5FB2C4092711: message-id=<552fd091-1aa9-73a9-d083-0be7237a73a7@mydomain.com>
    Nov 20 17:47:34 server opendkim[1890]: 5FB2C4092711: DKIM-Signature field added (s=201809, d=mydomain.com)
    Nov 20 17:47:34 server postfix/qmgr[28636]: 5FB2C4092711: from=<nick@mydomain.com>, size=5913, nrcpt=1 (queue active)
    Nov 20 17:47:34 server postfix/smtpd[11833]: disconnect from localhost[127.0.0.1]
    Nov 20 17:47:34 server postfix/pipe[11825]: 364814092710: to=<a_user@ntlworld.com>, relay=mailprefilter, delay=0.35, delays=0.13/0.01/0/0.21, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 20 17:47:34 server postfix/qmgr[28636]: 364814092710: removed
    Nov 20 17:47:34 server amavis[9406]: (09406-19) ESMTP :10024 /var/lib/amavis/tmp/amavis-20181120T054851-09406-iRZ7FMxl: <nick@mydomain.com> -> <a_user@ntlworld.com> SIZE=5913 BODY=8BITMIME Received: from mailserver.mydomain.com ([127.0.0.1]) by localhost (server.mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <a_user@ntlworld.com>; Tue, 20 Nov 2018 17:47:34 +0000 (GMT)
    Nov 20 17:47:34 server amavis[9406]: (09406-19) Checking: J4VqrlPgCcuE [127.0.0.1] <nick@mydomain.com> -> <a_user@ntlworld.com>
    Nov 20 17:47:34 server amavis[9406]: (09406-19) p001 1 Content-Type: text/html, size: 4186 B, name:
    Nov 20 17:47:34 server imaps[6500]: USAGE nick user: 0.020184 sys: 0.006918
    Nov 20 17:47:36 server postfix/smtpd[11843]: connect from localhost[127.0.0.1]
    Nov 20 17:47:36 server postfix/smtpd[11843]: B3C90409270F: client=localhost[127.0.0.1]
    Nov 20 17:47:36 server postfix/cleanup[11798]: B3C90409270F: message-id=<552fd091-1aa9-73a9-d083-0be7237a73a7@mydomain.com>
    Nov 20 17:47:36 server opendkim[1890]: B3C90409270F: DKIM-Signature field added (s=201809, d=mydomain.com)
    Nov 20 17:47:36 server postfix/qmgr[28636]: B3C90409270F: from=<nick@mydomain.com>, size=6375, nrcpt=1 (queue active)
    Nov 20 17:47:36 server postfix/smtpd[11843]: disconnect from localhost[127.0.0.1]
    Nov 20 17:47:36 server amavis[9406]: (09406-19) J4VqrlPgCcuE FWD from <nick@mydomain.com> -> <a_user@ntlworld.com>, BODY=8BITMIME 250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as B3C90409270F
    Nov 20 17:47:36 server amavis[9406]: (09406-19) Passed CLEAN {RelayedOutbound}, LOCAL [127.0.0.1]:58660 <nick@mydomain.com> -> <a_user@ntlworld.com>, Queue-ID: 5FB2C4092711, Message-ID: <552fd091-1aa9-73a9-d083-0be7237a73a7@mydomain.com>, mail_id: J4VqrlPgCcuE, Hits: 0.006, size: 5879, queued_as: B3C90409270F, 2304 ms
    Nov 20 17:47:36 server amavis[9406]: (09406-19) TIMING-SA total 2074 ms - parse: 1.02 (0.0%), extract_message_metadata: 3.0 (0.1%), get_uri_detail_list: 0.30 (0.0%), tests_pri_-1000: 1.50 (0.1%), tests_pri_-950: 0.76 (0.0%), tests_pri_-900: 0.56 (0.0%), tests_pri_-90: 0.43 (0.0%), tests_pri_0: 131 (6.3%), check_dkim_signature: 100 (4.8%), check_spf: 0.24 (0.0%), tests_pri_20: 1928 (93.0%), check_razor2: 1926 (92.8%), tests_pri_30: 0.72 (0.0%), check_pyzor: 0.11 (0.0%), tests_pri_500: 1.68 (0.1%), get_report: 0.29 (0.0%)
    Nov 20 17:47:36 server postfix/smtp[11835]: 5FB2C4092711: to=<a_user@ntlworld.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.5, delays=0.16/0.01/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as B3C90409270F)
    Nov 20 17:47:36 server postfix/qmgr[28636]: 5FB2C4092711: removed
    Nov 20 17:47:36 server amavis[9406]: (09406-19) size: 5879, TIMING [total 2306 ms] - SMTP greeting: 0.8 (0%)0, SMTP EHLO: 0.3 (0%)0, SMTP pre-MAIL: 0.2 (0%)0, SMTP pre-DATA-flush: 1.0 (0%)0, SMTP DATA: 39 (2%)2, check_init: 0.2 (0%)2, digest_hdr: 0.2 (0%)2, digest_body: 0.1 (0%)2, collect_info: 0.9 (0%)2, mime_decode: 3.0 (0%)2, get-file-type1: 11 (0%)2, parts_decode: 0.1 (0%)2, check_header: 0.3 (0%)2, AV-scan-1: 23 (1%)3, spam-wb-list: 0.3 (0%)3, SA msg read: 0.3 (0%)3, SA parse: 1.3 (0%)4, SA check: 2072 (90%)93, decide_mail_destiny: 2.0 (0%)93, notif-quar: 0.2 (0%)93, fwd-connect: 19 (1%)94, fwd-mail-pip: 3.7 (0%)94, fwd-rcpt-pip: 0.1 (0%)94, fwd-data-chkpnt: 0.0 (0%)94, write-header: 0.3 (0%)94, fwd-data-contents: 0.1 (0%)95, fwd-end-chkpnt: 120 (5%)100, prepare-dsn: 0.5 (0%)100, report: 1.2 (0%)100, main_log_entry: 3.1 (0%)100, update_snmp: 1.2 (0%)100, SMTP pre-response: 0.2 (0%)100, SMTP response: 0.1 (0%)100, unlink-2-files: 0.2 (0%)100, rundown: 0.5 (0%)100
    Nov 20 17:47:37 server postfix/smtp[11845]: B3C90409270F: to=<a_user@ntlworld.com>, relay=smtp.ntlworld.com[62.254.26.221]:25, delay=0.99, delays=0.12/0.01/0.09/0.76, dsn=2.0.0, status=sent (250 2.0.0 PA7cgIzG6UyimPA7cgooQY mail accepted for delivery)
    Nov 20 17:47:37 server postfix/qmgr[28636]: B3C90409270F: removed


    Your subnet notation is fine.

    Can you give the output of "postconf -n" and "postconf -M" and I'll compare them with mine.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 20 2018, 06:11 PM - #Permalink
    Resolved
    0 votes
    Well, your rpm shell command would have me believe that amavisd isn't installed, but the Webconfig services show it's installed and running, plus a shell prompt of

    service amavisd status


    shows it's installed and running.


    Would this be the proper format to add my LAN in the smtp trusted network configuration of the webconfig?

    192.168.9.0/24


    I did notice in the maillog when the content_filter = mailprefilter is enabled, that mail only shows delivered via the mailprefilter:

    Nov 20 09:38:55 gateway postfix/pipe[25290]: 7FF8E40475AF7: to=<dalbring@renncoautomation.com>, relay=mailprefilter, delay=0.14, delays=0.07/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 20 09:38:55 gateway postfix/pipe[25291]: 7FF8E40475AF7: to=<d_albring@roadrunner.com>, relay=mailprefilter, delay=0.15, delays=0.07/0.04/0/0.05, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 20 09:38:55 gateway postfix/pipe[25291]: 7FF8E40475AF7: to=<dalbring@roadrunner.com>, relay=mailprefilter, delay=0.15, delays=0.07/0.04/0/0.05, dsn=2.0.0, status=sent (delivered via mailprefilter service)


    but when content_filter = mailprefilter is disabled, mail shows accepted by the remote mail servers:

    Nov 20 13:21:43 gateway postfix/smtp[5499]: 4DC3840462E7C: to=<dalbring@renncoautomation.com>, relay=aspmx.l.google.com[108.177.111.26]:25, delay=0.94, delays=0.06/0.02/0.44/0.41, dsn=2.0.0, status=sent (250 2.0.0 OK 1542738103 e4-v6si3884862ioa.48 - gsmtp)
    Nov 20 13:21:44 gateway postfix/smtp[5500]: 4DC3840462E7C: to=<d_albring@roadrunner.com>, relay=dnvrco-cmedge01.email.rr.com[69.134.155.135]:25, delay=2.1, delays=0.06/0.03/1.3/0.62, dsn=2.0.0, status=sent (250 2.0.0 PAecgtVJ99dxgPAedgKrlC mail accepted for delivery)
    Nov 20 13:21:44 gateway postfix/smtp[5500]: 4DC3840462E7C: to=<dalbring@roadrunner.com>, relay=dnvrco-cmedge01.email.rr.com[69.134.155.135]:25, delay=2.1, delays=0.06/0.03/1.3/0.62, dsn=2.0.0, status=sent (250 2.0.0 PAecgtVJ99dxgPAedgKrlC mail accepted for delivery)
    Nov 20 13:21:44 gateway postfix/qmgr[2510]: 4DC3840462E7C: removed
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 20 2018, 04:30 PM - #Permalink
    Resolved
    0 votes
    Your first log cuts short if you look at the message ID in the second log, but it does not matter. It looks like it is not handing off to amavis. Do you have it installed? "rpm -q amavisd".

    With respect to the SASL attempts, I would follow this guide and turn off authentication. If you want to use authentication on your LAN use SMTPS on port 465. Alternatively just use Trusted Networks for your LAN's
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 20 2018, 02:56 PM - #Permalink
    Resolved
    0 votes
    Thanks for the reply, Nick.

    Here is the maillog (after a fresh logrotate), after sending an email with the content_filter = mailprefilter enabled:

    Nov 20 09:24:09 gateway postfix/smtpd[23140]: connect from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:24:10 gateway postfix/smtpd[23140]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:24:13 gateway postfix/smtpd[23140]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:24:15 gateway postfix/smtpd[23140]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:24:15 gateway postfix/smtpd[23140]: lost connection after AUTH from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:24:15 gateway postfix/smtpd[23140]: disconnect from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:27:35 gateway postfix/anvil[23141]: statistics: max connection rate 1/60s for (smtp:89.248.162.159) at Nov 20 09:24:09
    Nov 20 09:27:35 gateway postfix/anvil[23141]: statistics: max connection count 1 for (smtp:89.248.162.159) at Nov 20 09:24:09
    Nov 20 09:27:35 gateway postfix/anvil[23141]: statistics: max cache size 1 at Nov 20 09:24:09
    Nov 20 09:38:35 gateway postfix/smtpd[25255]: connect from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:38:38 gateway postfix/smtpd[25255]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:38:40 gateway postfix/smtpd[25255]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:38:43 gateway postfix/smtpd[25255]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:38:43 gateway postfix/smtpd[25255]: lost connection after AUTH from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:38:43 gateway postfix/smtpd[25255]: disconnect from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:38:55 gateway postfix/smtpd[25255]: connect from localhost[127.0.0.1]
    Nov 20 09:38:55 gateway postfix/smtpd[25255]: 7FF8E40475AF7: client=localhost[127.0.0.1]
    Nov 20 09:38:55 gateway postfix/cleanup[25289]: 7FF8E40475AF7: message-id=<kcim.5bf41c7f.62c4.06fa6d6346ae1362@gateway.renncoautomation.us>
    Nov 20 09:38:55 gateway postfix/qmgr[21164]: 7FF8E40475AF7: from=<dalbring@renncoautomation.us>, size=1332, nrcpt=3 (queue active)
    Nov 20 09:38:55 gateway postfix/smtpd[25255]: disconnect from localhost[127.0.0.1]
    Nov 20 09:38:55 gateway postfix/pipe[25290]: 7FF8E40475AF7: to=<dalbring@renncoautomation.com>, relay=mailprefilter, delay=0.14, delays=0.07/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 20 09:38:55 gateway postfix/pipe[25291]: 7FF8E40475AF7: to=<d_albring@roadrunner.com>, relay=mailprefilter, delay=0.15, delays=0.07/0.04/0/0.05, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 20 09:38:55 gateway postfix/pipe[25291]: 7FF8E40475AF7: to=<dalbring@roadrunner.com>, relay=mailprefilter, delay=0.15, delays=0.07/0.04/0/0.05, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 20 09:38:55 gateway postfix/qmgr[21164]: 7FF8E40475AF7: removed


    I'm not quite sure what the unsuccessful login attempts are. Someone trying to hack in to my email server. Now here is the maillog after sending a few emails with the content_filter disabled:

    Nov 20 09:24:09 gateway postfix/smtpd[23140]: connect from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:24:10 gateway postfix/smtpd[23140]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:24:13 gateway postfix/smtpd[23140]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:24:15 gateway postfix/smtpd[23140]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:24:15 gateway postfix/smtpd[23140]: lost connection after AUTH from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:24:15 gateway postfix/smtpd[23140]: disconnect from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:27:35 gateway postfix/anvil[23141]: statistics: max connection rate 1/60s for (smtp:89.248.162.159) at Nov 20 09:24:09
    Nov 20 09:27:35 gateway postfix/anvil[23141]: statistics: max connection count 1 for (smtp:89.248.162.159) at Nov 20 09:24:09
    Nov 20 09:27:35 gateway postfix/anvil[23141]: statistics: max cache size 1 at Nov 20 09:24:09
    Nov 20 09:38:35 gateway postfix/smtpd[25255]: connect from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:38:38 gateway postfix/smtpd[25255]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:38:40 gateway postfix/smtpd[25255]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:38:43 gateway postfix/smtpd[25255]: warning: vicnovo9x159.malwarestorage.com[89.248.162.159]: SASL LOGIN authentication failed: authentication failure
    Nov 20 09:38:43 gateway postfix/smtpd[25255]: lost connection after AUTH from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:38:43 gateway postfix/smtpd[25255]: disconnect from vicnovo9x159.malwarestorage.com[89.248.162.159]
    Nov 20 09:38:55 gateway postfix/smtpd[25255]: connect from localhost[127.0.0.1]
    Nov 20 09:38:55 gateway postfix/smtpd[25255]: 7FF8E40475AF7: client=localhost[127.0.0.1]
    Nov 20 09:38:55 gateway postfix/cleanup[25289]: 7FF8E40475AF7: message-id=<kcim.5bf41c7f.62c4.06fa6d6346ae1362@gateway.renncoautomation.us>
    Nov 20 09:38:55 gateway postfix/qmgr[21164]: 7FF8E40475AF7: from=<dalbring@renncoautomation.us>, size=1332, nrcpt=3 (queue active)
    Nov 20 09:38:55 gateway postfix/smtpd[25255]: disconnect from localhost[127.0.0.1]
    Nov 20 09:38:55 gateway postfix/pipe[25290]: 7FF8E40475AF7: to=<dalbring@renncoautomation.com>, relay=mailprefilter, delay=0.14, delays=0.07/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 20 09:38:55 gateway postfix/pipe[25291]: 7FF8E40475AF7: to=<d_albring@roadrunner.com>, relay=mailprefilter, delay=0.15, delays=0.07/0.04/0/0.05, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 20 09:38:55 gateway postfix/pipe[25291]: 7FF8E40475AF7: to=<dalbring@roadrunner.com>, relay=mailprefilter, delay=0.15, delays=0.07/0.04/0/0.05, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 20 09:38:55 gateway postfix/qmgr[21164]: 7FF8E40475AF7: removed
    Nov 20 09:42:15 gateway postfix/anvil[25256]: statistics: max connection rate 1/60s for (smtp:89.248.162.159) at Nov 20 09:38:35
    Nov 20 09:42:15 gateway postfix/anvil[25256]: statistics: max connection count 1 for (smtp:89.248.162.159) at Nov 20 09:38:35
    Nov 20 09:42:15 gateway postfix/anvil[25256]: statistics: max cache size 1 at Nov 20 09:38:35
    Nov 20 09:45:07 gateway postfix/postfix-script[26505]: refreshing the Postfix mail system
    Nov 20 09:45:07 gateway postfix/master[14195]: reload -- version 2.10.1, configuration /etc/postfix
    Nov 20 09:45:37 gateway postfix/smtpd[26562]: connect from localhost[127.0.0.1]
    Nov 20 09:45:37 gateway postfix/smtpd[26562]: 821DD4051160C: client=localhost[127.0.0.1]
    Nov 20 09:45:37 gateway postfix/cleanup[26565]: 821DD4051160C: message-id=<kcim.5bf41e11.67be.394340687962acfc@gateway.renncoautomation.us>
    Nov 20 09:45:37 gateway postfix/qmgr[26511]: 821DD4051160C: from=<dalbring@renncoautomation.us>, size=1334, nrcpt=3 (queue active)
    Nov 20 09:45:37 gateway postfix/smtpd[26562]: disconnect from localhost[127.0.0.1]
    Nov 20 09:45:38 gateway postfix/smtp[26566]: 821DD4051160C: to=<dalbring@renncoautomation.com>, relay=aspmx.l.google.com[74.125.202.27]:25, delay=1.3, delays=0.06/0.03/0.6/0.61, dsn=2.0.0, status=sent (250 2.0.0 OK 1542725138 c194si11312982itb.134 - gsmtp)
    Nov 20 09:45:40 gateway postfix/smtp[26567]: 821DD4051160C: to=<d_albring@roadrunner.com>, relay=dnvrco-cmedge01.email.rr.com[69.134.155.135]:25, delay=2.6, delays=0.06/0.05/1.3/1.2, dsn=2.0.0, status=sent (250 2.0.0 P7HVglS9Gei0zP7HWgAyYE mail accepted for delivery)
    Nov 20 09:45:40 gateway postfix/smtp[26567]: 821DD4051160C: to=<dalbring@roadrunner.com>, relay=dnvrco-cmedge01.email.rr.com[69.134.155.135]:25, delay=2.6, delays=0.06/0.05/1.3/1.2, dsn=2.0.0, status=sent (250 2.0.0 P7HVglS9Gei0zP7HWgAyYE mail accepted for delivery)
    Nov 20 09:45:40 gateway postfix/qmgr[26511]: 821DD4051160C: removed
    Nov 20 09:47:53 gateway postfix/smtpd[26795]: connect from localhost[127.0.0.1]
    Nov 20 09:47:53 gateway postfix/smtpd[26795]: 130734051160E: client=localhost[127.0.0.1]
    Nov 20 09:47:53 gateway postfix/cleanup[26797]: 130734051160E: message-id=<kcim.5bf41e99.68a6.10496ff467956408@gateway.renncoautomation.us>
    Nov 20 09:47:53 gateway postfix/qmgr[26511]: 130734051160E: from=<dalbring@renncoautomation.us>, size=1334, nrcpt=3 (queue active)
    Nov 20 09:47:53 gateway postfix/smtpd[26795]: disconnect from localhost[127.0.0.1]
    Nov 20 09:47:53 gateway postfix/smtp[26798]: 130734051160E: to=<dalbring@renncoautomation.com>, relay=aspmx.l.google.com[74.125.202.27]:25, delay=0.41, delays=0.06/0.02/0.12/0.21, dsn=2.0.0, status=sent (250 2.0.0 OK 1542725273 14si13272299itw.27 - gsmtp)
    Nov 20 09:47:55 gateway postfix/smtp[26799]: 130734051160E: to=<d_albring@roadrunner.com>, relay=dnvrco-cmedge01.email.rr.com[69.134.155.135]:25, delay=2.1, delays=0.06/0.03/1.4/0.66, dsn=2.0.0, status=sent (250 2.0.0 P7Jhg1SRt5sCcP7Jigtb0t mail accepted for delivery)
    Nov 20 09:47:55 gateway postfix/smtp[26799]: 130734051160E: to=<dalbring@roadrunner.com>, relay=dnvrco-cmedge01.email.rr.com[69.134.155.135]:25, delay=2.1, delays=0.06/0.03/1.4/0.66, dsn=2.0.0, status=sent (250 2.0.0 P7Jhg1SRt5sCcP7Jigtb0t mail accepted for delivery)
    Nov 20 09:47:55 gateway postfix/qmgr[26511]: 130734051160E: removed
    Nov 20 09:48:42 gateway postfix/smtpd[26795]: connect from localhost[127.0.0.1]
    Nov 20 09:48:42 gateway postfix/smtpd[26795]: 901A740511613: client=localhost[127.0.0.1]
    Nov 20 09:48:42 gateway postfix/cleanup[26797]: 901A740511613: message-id=<kcim.5bf41eca.6974.543435131d55c185@gateway.renncoautomation.us>
    Nov 20 09:48:42 gateway postfix/qmgr[26511]: 901A740511613: from=<dalbring@renncoautomation.us>, size=1334, nrcpt=3 (queue active)
    Nov 20 09:48:42 gateway postfix/smtpd[26795]: disconnect from localhost[127.0.0.1]
    Nov 20 09:48:43 gateway postfix/smtp[26798]: 901A740511613: to=<dalbring@renncoautomation.com>, relay=aspmx.l.google.com[74.125.202.27]:25, delay=0.52, delays=0.05/0/0.17/0.29, dsn=2.0.0, status=sent (250 2.0.0 OK 1542725323 z8si24146334jal.51 - gsmtp)
    Nov 20 09:48:44 gateway postfix/smtp[26799]: 901A740511613: to=<d_albring@roadrunner.com>, relay=dnvrco-cmedge01.email.rr.com[69.134.155.135]:25, delay=2.1, delays=0.05/0/1.5/0.51, dsn=2.0.0, status=sent (250 2.0.0 P7KUg5OfPZEHDP7KWgPDpk mail accepted for delivery)
    Nov 20 09:48:44 gateway postfix/smtp[26799]: 901A740511613: to=<dalbring@roadrunner.com>, relay=dnvrco-cmedge01.email.rr.com[69.134.155.135]:25, delay=2.1, delays=0.05/0/1.5/0.51, dsn=2.0.0, status=sent (250 2.0.0 P7KUg5OfPZEHDP7KWgPDpk mail accepted for delivery)
    Nov 20 09:48:44 gateway postfix/qmgr[26511]: 901A740511613: removed


    I see no references to amavis either before disabling or after disabling. However, when content_filter is disabled in postfix's main.cf, mail gets sent. I do see this in the system log when the content_filter feature is enabled in postfix:

    Nov 20 09:38:55 gateway mailfilter: dropping duplicate forwarder: dalbring@renncoautomation.com
    Nov 20 09:38:55 gateway mailfilter: dropping duplicate forwarder: d_albring@roadrunner.com
    Nov 20 09:45:01 gateway events: smtp - event occurred
    Nov 20 09:45:01 gateway events: smtp - triggered hook: mail_filter
    Nov 20 09:48:35 gateway events: accounts - event occurred
    Nov 20 09:48:35 gateway events: accounts - triggered hook: accounts
    Nov 20 09:48:35 gateway events: accounts - triggered hook: kopano


    Notice the time stamp of 9:38, which shows up in the maillog after sending mail with the content_filter = mailprefilter enabled. Come to think of it, the two emails shown as "dropping duplicate forwarder:" were two email addresses entered in the forwarders field of the user account on my ClearOS gateway (see explanation below). The funny thing is, I had removed one of those as a forwarder address, so it shouldn't have shown up in the maillog. It would seem that even after removing a forwarder email address via the Webconfig user account, it doesn't remove it from the script of whatever file the addresses are stored in. Maybe Ben Chambers can chime in and let me know where that file is so I can confirm this, because the d_albring email shouldn't have shown up as a duplicate forwarder since I removed it.

    In answer to your question:
    Please can you elaborate? Are you talking about the "Mail Forwarding" section of the SMTP Server app?


    Ben Chambers showed how to enable the forwarding feature for users on your ClearOS gateway here. So, of the 3 email accounts I was talking about, one of them was included as a forwarder address (in the user manager) for the user account sending the emails in the Kopano webapp.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 20 2018, 08:33 AM - #Permalink
    Resolved
    0 votes
    I am not totally following.

    If commenting out the content_filter works, then please give the full block of messages from the mail log, from start to end. It will include sections like amavis. In my case, from a LAN client, it generates about 30 lines of logs but I also use DKIM. If amavis is blocking, there should be a message. Are you sending attachments?

    Kopano Webapp will send as localhost. The web server deals with the external interface. All local processing is done on the local box.

    I am not following your comment:

    I tried sending mail from Kopano webapp to three external email accounts, only one of which is setup as a forwarder in the user account of the Webconfig.

    Please can you elaborate? Are you talking about the "Mail Forwarding" section of the SMTP Server app?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 19 2018, 10:27 PM - #Permalink
    Resolved
    0 votes
    A little something I noticed in the logs, since all outgoing mail is going through a prefilter and then removed. There is a content_filter setting in postfix's main.cf file, under the mail routing section, that is equal to the prefilter, so:

    content_filter = mailprefilter


    When I comment that out, mail gets sent. I'm sending mail through the online webapp, so it would be from my gateway server's IP address. What is the mailprefilter app? I don't have Attack Detector installed. I can only assume it's Amavis since it's included in the master.cf of postfix:

    #=====================================================================
    # Global antivirus/antispam pre-filter (Amavis)
    #=====================================================================
    smtp-amavis unix - - n - 5 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    # SMTP interface for injecting mail into Amavis
    127.0.0.1:10025 inet n - n - - smtpd
    -o content_filter=smtp-amavis:[127.0.0.1]:10024
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000


    It would seem that only my LAN is allowed to send mail. So how would I include a rule that would allow sending mail remotely, as in the case of Kopano's Webapp?

    Avoiding the mailprefilter also allows emails to be sent to new users who register on my Joomla site. It's def the issue.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 19 2018, 06:07 PM - #Permalink
    Resolved
    0 votes
    I tried sending mail from Kopano webapp to three external email accounts, only one of which is setup as a forwarder in the user account of the Webconfig. Here is the maillog:

    Nov 19 12:58:58 gateway postfix/smtpd[15304]: connect from localhost[127.0.0.1]
    Nov 19 12:58:58 gateway postfix/smtpd[15304]: B0EC1403ED7C7: client=localhost[127.0.0.1]
    Nov 19 12:58:58 gateway postfix/cleanup[15306]: B0EC1403ED7C7: message-id=<kcim.5bf2f9e2.3bc4.4572cdbc3a973beb@gateway.renncoautomation.us>
    Nov 19 12:58:58 gateway postfix/smtpd[15304]: disconnect from localhost[127.0.0.1]
    Nov 19 12:58:58 gateway postfix/qmgr[14197]: B0EC1403ED7C7: from=<dalbring@renncoautomation.us>, size=1325, nrcpt=3 (queue active)
    Nov 19 12:58:58 gateway postfix/pipe[15307]: B0EC1403ED7C7: to=<dalbring@renncoautomation.com>, relay=mailprefilter, delay=0.2, delays=0.09/0.02/0/0.09, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 19 12:58:58 gateway postfix/pipe[15308]: B0EC1403ED7C7: to=<d_albring@roadrunner.com>, relay=mailprefilter, delay=0.2, delays=0.09/0.04/0/0.08, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 19 12:58:58 gateway postfix/pipe[15308]: B0EC1403ED7C7: to=<dalbring@roadrunner.com>, relay=mailprefilter, delay=0.2, delays=0.09/0.04/0/0.08, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 19 12:58:58 gateway postfix/qmgr[14197]: B0EC1403ED7C7: removed


    But then my system log shows this:

    Nov 19 07:26:33 gateway mailfilter: starting up (sender=arpwatch@renncoautomation.us, recipients=root@renncoautomation.us, client_address=)
    Nov 19 07:26:33 gateway mailfilter: Failed to set recipient: 5.1.1 <root@renncoautomation.us>: Recipient address rejected: User unknown in local recipient table, code=550, original code 550 <ID: <20181119122633.1C5AC4026C2FD@mail.renncoautomation.us>>, /usr/clearos/apps/mail_routing/libraries/Transport.php, 83
    Nov 19 07:26:33 gateway mailfilter: starting up (sender=mailer-daemon, recipients=arpwatch@renncoautomation.us, client_address=)
    Nov 19 07:26:33 gateway mailfilter: Failed to set recipient: 5.1.1 User does not exist, code=503, original code 503 <ID: <20181119122633.1C5AC4026C2FD@mail.renncoautomation.us>>, /usr/clearos/apps/mail_routing/libraries/Transport.php, 83
    Nov 19 08:02:03 gateway proxy2db: Processed 5041 proxy log lines - 2281 records added.
    Nov 19 08:06:33 gateway mailfilter: dropping duplicate forwarder: spf-test@openspf.net
    Nov 19 08:10:25 gateway mailfilter: dropping duplicate forwarder: spf-test@openspf.net
    Nov 19 08:27:29 gateway mailfilter: dropping duplicate forwarder: spf-test@openspf.net
    Nov 19 09:02:02 gateway proxy2db: Processed 5905 proxy log lines - 861 records added.
    Nov 19 10:02:03 gateway proxy2db: Processed 2233 proxy log lines - 1862 records added.
    Nov 19 11:02:02 gateway proxy2db: Processed 4034 proxy log lines - 1786 records added.
    Nov 19 12:02:03 gateway proxy2db: Processed 6361 proxy log lines - 2295 records added.
    Nov 19 12:58:58 gateway mailfilter: dropping duplicate forwarder: d_albring@roadrunner.com
    Nov 19 12:58:58 gateway mailfilter: dropping duplicate forwarder: dalbring@renncoautomation.com
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 19 2018, 05:13 PM - #Permalink
    Resolved
    0 votes
    Certificates in mail don't seem to give much. It makes it easier when setting clients to use SMTPS/STARTTLS/IMAPS as you don't have to accept a certificate during set up. I believe Outlook 2016 will prompt you for a certificate every time you start it if you have a self-signed certificate, but it is the only client I've heard of which does that.

    If your SPF record is OK then you'll need to look further why your recipients are rejecting e-mails. You may see more info in the maillog or system log.

    If 99.32.54.25 is where you are sending your mail from then the SPF record looks OK. You could make it more draconian by using -all but that is up to you. Also, if 99.32.54.25 is your A record IP then you don't need to specify it. you may also what to add "mx" and will need to if your mx IP is different.

    You may have helped things setting up an SPF record, as GMail is tending to reject mail from domains without SPF records now.

    DKIM only really helps recipients know it is you who have sent the e-mail. It does not normally help with you sending.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 19 2018, 01:41 PM - #Permalink
    Resolved
    0 votes
    So what do SSL certificates do for you? Do they only make your web server look like a safe place to visit?

    I've got two MX records pointing my domain name to my mail hostname and my gateway hostname, the former having highest priority. I'm not sure the latter is necessary, but I entered it anyway. I don't have any SPF records. I wondered if I would need that, but I really don't know what to include in one since I really don't understand them. I did some reading at http://www.openspf.org/FAQ/Common_mistakes and made a simple spf record in my clear center account:

    v=spf1 a ip4:99.32.54.25 ~all


    However, I'm not getting a rejected email when I send one to spf-test@openspf.net. My maillog shows the typical:

    Nov 19 08:10:25 gateway postfix/smtpd[32386]: connect from localhost[127.0.0.1]
    Nov 19 08:10:25 gateway postfix/smtpd[32386]: 5549A403268D1: client=localhost[127.0.0.1]
    Nov 19 08:10:25 gateway postfix/cleanup[32388]: 5549A403268D1: message-id=<kcim.5bf2b641.7e7e.0109784b3de520d6@gateway.renncoautomation.us>
    Nov 19 08:10:25 gateway postfix/qmgr[14197]: 5549A403268D1: from=<dalbring@renncoautomation.us>, size=1713, nrcpt=1 (queue active)
    Nov 19 08:10:25 gateway postfix/smtpd[32386]: disconnect from localhost[127.0.0.1]
    Nov 19 08:10:25 gateway postfix/pipe[32389]: 5549A403268D1: to=<spf-test@openspf.net>, relay=mailprefilter, delay=0.08, delays=0.02/0.01/0/0.05, dsn=2.0.0, status=sent (delivered via mailprefilter service)
    Nov 19 08:10:25 gateway postfix/qmgr[14197]: 5549A403268D1: removed


    "spf-test@openspf.net" is what should be showing after to=.

    Maybe unrelated...what are DKIM records used for? Should I have that as well?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, November 19 2018, 08:28 AM - #Permalink
    Resolved
    0 votes
    Let's Encrypt will not help you get mails out of your current site.

    Have you set up the correct DNS records (MX, SPF) for your domain? Note the MX record for the comain can point to another domain so is best pointing to your Mail Hostname which should resolve somewhere to your WAN IP.
    Also do you have a static or dynamic IP? If dynamic, you'll need to relay via another SMTP server, which can often be your ISP's.
    The reply is currently minimized Show
Your Reply