Email server from scratch - Step 10 - ingoing/outgoing emails now broken. Strange IP showing up in logs

Ubuntu Server
#1

Hi Xioa,

I have been following your guide “Build Your Own Email Server on Ubuntu: Basic Postfix Setup” and am in desperate need of your attention. So far, I have completed steps 1 through steps 10. Everything was working properly up until step 8 ( I believe). However, I only noticed that things weren’t working between after finishing step 10. So somewhere in between step 8 and step 10, thing have gone wrong, and I can’t figure out what exactly is happening here. It feels like I’ve got a misconfiguration somewhere, or I’m getting hacked or ddossed. But I am not an expert, so I desperately require your eye to take a look at things for me.

First, my configuration is on Ubuntu server 20.04, and is to the tee exactly according to your email server guide with the following 3 exceptions:

Exception # 1: On top of the email server, I also have a web server installed using wordpress and nginx, which as we speek, works perfectly.

Exception # 2: I am using openvpn3 on my server to tunnel my local IP address to an amazon OpenVPN-AS EC2 Instance, in order to obtain proper rDNS records and to use amazons public elastic (static) IP address. As of step 6, my emails were working, even using the amazon tunnel. No vpn changes have been made since then, so through the process of elimination, I suspect the VPN is not the issue here.

Exception # 3: After installing amavis, while looking at the logs, I would see the error: (!)Net::Server: 2021/08/16-19:33:18 Can't connect to TCP port 10024 on ::1 [Cannot assign requested address]\n at line 64 in file /usr/share/perl5/Net/Server/Proto/TCP.pm. After some googling, I suspect this has to do with ipv6 and amavis somehow. To (hopefully) solve this issue, I put inet_socket_bind = '127.0.0.1'; as the first line in /etc/amavis/conf.d/50-user, and this seemed to make the error go away. However, I don’t know the impact that this line makes on the rest of the system (any comments on this would be much appreciated).

Second, I am using apple mail. I am sometimes able to send emails out from my domain address to my gmail, however, sometimes apple mail shows my outgoing linuxbabe email server as down or unable to connect via ssl. Therefore, I am sometimes unable to send emails from my domain to to my gmail email. At the moment, my outgoing domain emails are not working (same goes for my inbound emails at the moment).

Third, I am never able to send emails from my gmail account to my domain address that I created from linuxbabe tutorials. I get the following errors when trying to send an email to my domain with my gmail account:

1. mail.facl.xyz. 149.28.114.20: FAILED_PRECONDITION: connect error (111): Connection refused]
2. Message blocked. Your message to [email protected] has been blocked. See technical details below for more information. 450 4.7.1 Client host rejected: cannot find your reverse hostname, [172.27.224.1]
3. Delivery incomplete. The response from the remote server was: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [172.27.224.1]

Lastly, I’ve noticed a very strang IP address of 172.27.224.1 that keeps showing up in all of my logs (postfix,fail2ban,dovecot,amavis,etc.).

A short summary of my issues would be:
1. Incoming and outgoing emails not working with my domain email server.
2. Strange IP addresses of 172.27.224.1 showing up in logs.
3. Amavis showing the error (!)Net::Server: 2021/08/16-19:33:18 Can't connect to TCP port 10024 on ::1 [Cannot assign requested address]\n at line 64 in file /usr/share/perl5/Net/Server/Proto/TCP.pm
4: Note: I am running a vpn client on this server, being tunneled to an amazon IP address with port 25 unblocked.

Below are my logs in order of specfied commands:

Command 1: sudo pflogsumm /var/log/mail.log
Command 2a: sudo systemctl status dovecot
Command 2b: sudo journalctl -eu dovecot
Command 3a: sudo systemctl status postfix
Command 3b: sudo journalctl -eu postfix
Command 4a: sudo systemctl status spamassassin
Command 4b: sudo journalctl -eu spamassassin
Command 5a: sudo systemctl status amavis
Command 5b: sudo journalctl -eu amavis
Command 6a: sudo systemctl status fail2ban
Command 6b: cat /var/log/fail2ban.log
Command 6c: sudo iptables -L

1a:

sudo pflogsumm /var/log/mail.log

Grand Totals
------------
messages

      7   received
     15   delivered
      0   forwarded
      5   deferred  (35  deferrals)
      0   bounced
     38   rejected (71%)
      0   reject warnings
      0   held
      0   discarded (0%)

  14182   bytes received
  37244   bytes delivered
      3   senders
      1   sending hosts/domains
      3   recipients
      3   recipient hosts/domains

Host/Domain Summary: Message Delivery
--------------------------------------
 sent cnt  bytes   defers   avg dly max dly host/domain
 -------- -------  -------  ------- ------- -----------
      6    19728       18     1.9 h    7.2 h  facl.xyz
      5     7899       10    12.5 h   54.1 h  nerd-tech.net
      4     9617        7     1.2 h    4.8 h  gmail.com

Host/Domain Summary: Messages Received
---------------------------------------
 msg cnt   bytes   host/domain
 -------- -------  -----------
      7    14182   facl.xyz

Senders by message count
------------------------
      3   [email protected]
      2   [email protected]
      2   [email protected]

Recipients by message count
---------------------------
      6   [email protected]
      5   [email protected]
      4   [email protected]

Senders by message size
-----------------------
   8409   [email protected]
   3826   [email protected]
   1947   [email protected]

Recipients by message size
--------------------------
  19728   [email protected]
   9617   [email protected]
   7899   [email protected]

message deferral detail
-----------------------
  amavis/smtp (total: 35)
        28   127.0.0.1[127.0.0.1]:10024: Connection refused
         7   127.0.0.1[127.0.0.1]:10026: Connection refused

message bounce detail (by relay): none

message reject detail
---------------------
  RCPT
    cannot find your reverse hostname (total: 37)
          37   172.27.224.1
    Helo command rejected: need fully-qualified hostname (total: 1)
           1   172.27.224.1

message reject warning detail: none

message hold detail: none

message discard detail: none

smtp delivery failures: none

Warnings
--------
  10025/smtpd (total: 7)
         7   connect to Milter service local:opendmarc/opendmarc.sock: No su...
  cleanup (total: 5)
         5   connect to Milter service local:opendmarc/opendmarc.sock: No su...
  postfix-script (total: 3)
         3   symlink leaves directory: /etc/postfix/./makedefs.out
  smtpd (total: 64)
        53   connect to Milter service local:opendmarc/opendmarc.sock: No su...
        11   unknown[172.27.224.1]: SASL LOGIN authentication failed: UGFzc3...

Fatal Errors
------------
  sendmail (total: 3)
         3   User netdata(997) is not allowed to submit mail

Panics: none

Master daemon messages
----------------------
      3   daemon started -- version 3.4.13, configuration /etc/postfix
      2   reload -- version 3.4.13, configuration /etc/postfix
      1   terminating on signal 15

2a:

sudo systemctl status dovecot

dovecot.service - Dovecot IMAP/POP3 email server
     Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2021-08-17 07:03:50 CDT; 3h 46min ago
       Docs: man:dovecot(1)
             http://wiki2.dovecot.org/
   Main PID: 2011 (dovecot)
      Tasks: 25 (limit: 9255)
     CGroup: /system.slice/dovecot.service
             ├─ 2011 /usr/sbin/dovecot -F
             ├─ 2157 dovecot/anvil
             ├─ 2158 dovecot/log
             ├─ 2159 dovecot/config
             ├─ 4229 dovecot/stats
             ├─15404 dovecot/imap-login
             ├─15406 dovecot/imap-login
             ├─15407 dovecot/imap-login
             ├─15408 dovecot/imap-login
             ├─15409 dovecot/imap-login
             ├─15410 dovecot/imap-login
             ├─15424 dovecot/imap
             ├─15426 dovecot/imap
             ├─15428 dovecot/imap
             ├─15429 dovecot/imap
             ├─15432 dovecot/imap
             ├─15434 dovecot/imap
             ├─16110 dovecot/imap-login
             ├─16111 dovecot/imap
             ├─16118 dovecot/imap-login
             ├─16120 dovecot/imap
             ├─16130 dovecot/imap-login
             ├─16132 dovecot/imap
             ├─16537 dovecot/imap-login
             └─16542 dovecot/imap

Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth-worker(38695): Debug: sql([email protected],172.27.224.1,<5aKu28LJb9msG+AB>): Performing userdb lookup
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth-worker(38695): Debug: sql([email protected],172.27.224.1,<5aKu28LJb9msG+AB>): SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '[email protected]' AND active='1'
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth-worker(38695): Debug: sql([email protected],172.27.224.1,<5aKu28LJb9msG+AB>): Finished userdb lookup
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth: Debug: sql([email protected],172.27.224.1,<5aKu28LJb9msG+AB>): Finished userdb lookup
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth: Debug: master userdb out: USER        515375105        [email protected]        maildir=oddcake.net/dan/        uid=2000        gid=2000        auth_token=6a27be66e01ae0ff0bc97556560a7f647dd09d26
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: auth-worker(38695): Debug: conn unix:auth-worker (pid=38693,uid=113): auth-worker<2>: Finished
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=172.27.224.1, lip=172.27.208.8, mpid=38698, TLS, session=<5aKu28LJb9msG+AB>
Aug 17 10:20:30 mail.facl.xyz dovecot[2158]: imap([email protected])<38698><5aKu28LJb9msG+AB>: Logged out in=34 out=518 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Aug 17 10:21:26 mail.facl.xyz dovecot[2158]: imap([email protected])<37366><1W1coMLJ49isG+AB>: Logged out in=4908 out=6305 deleted=1 expunged=1 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Aug 17 10:21:30 mail.facl.xyz dovecot[2158]: auth-worker(38695): Debug: conn unix:auth-worker (pid=38693,uid=113): Disconnected: Connection closed (fd=-1)

3a:

sudo systemctl status postfix

● postfix.service - Postfix Mail Transport Agent
     Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
     Active: active (exited) since Tue 2021-08-17 09:59:57 CDT; 57min ago
    Process: 33365 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
   Main PID: 33365 (code=exited, status=0/SUCCESS)

Aug 17 09:59:57 mail.facl.xyz systemd[1]: Starting Postfix Mail Transport Agent...
Aug 17 09:59:57 mail.facl.xyz systemd[1]: Finished Postfix Mail Transport Agent.

3b:

sudo journalctl -eu postfix

-- Reboot --
Aug 17 07:04:30 mail.facl.xyz systemd[1]: Starting Postfix Mail Transport Agent...
Aug 17 07:04:30 mail.facl.xyz systemd[1]: Finished Postfix Mail Transport Agent.
Aug 17 09:59:55 mail.facl.xyz systemd[1]: postfix.service: Succeeded.
Aug 17 09:59:55 mail.facl.xyz systemd[1]: Stopped Postfix Mail Transport Agent.
Aug 17 09:59:55 mail.facl.xyz systemd[1]: Stopping Postfix Mail Transport Agent...
Aug 17 09:59:57 mail.facl.xyz systemd[1]: Starting Postfix Mail Transport Agent...
Aug 17 09:59:57 mail.facl.xyz systemd[1]: Finished Postfix Mail Transport Agent.

5a:
sudo systemctl status amavis

● amavis.service - LSB: Starts amavisd-new mailfilter
     Loaded: loaded (/etc/init.d/amavis; generated)
     Active: active (running) since Tue 2021-08-17 07:04:29 CDT; 3h 57min ago
       Docs: man:systemd-sysv-generator(8)
    Process: 2014 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS)
      Tasks: 3 (limit: 9255)
     CGroup: /system.slice/amavis.service
             ├─2590 /usr/sbin/amavisd-new (master)
             ├─2625 /usr/sbin/amavisd-new (ch4-avail)
             └─2626 /usr/sbin/amavisd-new (ch3-avail)

Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No decoder for       .zoo
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Using primary internal av scanner code for ClamAV-clamd
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Aug 17 07:09:30 mail.facl.xyz amavis[2625]: (02625-01) Passed CLEAN {RelayedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: PBii-TznnW04, Hits: -, size: 1909, queued_as: 535D4136D, 289 ms
Aug 17 07:19:30 mail.facl.xyz amavis[2626]: (02626-01) Passed CLEAN {RelayedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: zR8b8BRl0kNW, Hits: -, size: 1506, queued_as: 467AB136D, 244 ms
Aug 17 07:23:22 mail.facl.xyz amavis[2625]: (02625-02) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [172.27.224.1]:53208 <[email protected]> -> <[email protected]>, Queue-ID: 9E6DD136D, Message-ID: <[email protected]>, mail_id: GMBci>
Aug 17 07:34:30 mail.facl.xyz amavis[2626]: (02626-02) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [172.27.224.1]:55243 <[email protected]> -> <[email protected]>, Queue-ID: 3F84D2311, Message-ID: <[email protected]>, mail_id: Q27RZ>
Aug 17 07:34:30 mail.facl.xyz amavis[2625]: (02625-03) Passed CLEAN {RelayedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: HTJlJzy2n6tg, Hits: -, size: 6512, queued_as: 6DD9120B2, 359 ms
Aug 17 07:57:21 mail.facl.xyz amavis[2626]: (02626-03) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: QLf0QAUln62T, Hits: -, size: 1464, queued_as: 60EF>
Aug 17 07:59:30 mail.facl.xyz amavis[2625]: (02625-04) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: aT99rHW5Mj24, Hits: -, size: 1501, queued_as: >




**5b:**
`sudo journalctl -eu amavis`

– Reboot –
Aug 17 07:03:50 mail.facl.xyz systemd[1]: Starting LSB: Starts amavisd-new mailfilter…
Aug 17 07:03:50 mail.facl.xyz amavis[2014]: Starting amavisd:
Aug 17 07:03:50 mail.facl.xyz amavis[2081]: changed ownership of ‘/var/run/amavis’ from root:root to amavis:amavis
Aug 17 07:03:55 mail.facl.xyz amavis[2094]: starting. /usr/sbin/amavisd-new at mail.facl.xyz amavisd-new-2.11.0 (20160426), Unicode aware, LC_ALL=“C”, LANG=“en_US.UTF-8”
Aug 17 07:04:29 mail.facl.xyz amavis[2014]: amavisd-new.
Aug 17 07:04:29 mail.facl.xyz systemd[1]: Started LSB: Starts amavisd-new mailfilter.
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Net::Server: Group Not Defined. Defaulting to EGID ‘133 133’
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Net::Server: User Not Defined. Defaulting to EUID ‘125’
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No $altermime, not using it
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No ext program for .zoo, tried: zoo
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No ext program for .doc, tried: ripole
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No decoder for .F
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No decoder for .doc
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: No decoder for .zoo
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Using primary internal av scanner code for ClamAV-clamd
Aug 17 07:04:29 mail.facl.xyz amavis[2590]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Aug 17 07:09:30 mail.facl.xyz amavis[2625]: (02625-01) Passed CLEAN {RelayedInbound}, [127.0.0.1] [email protected] -> [email protected], Message-ID: [email protected], mail_id: PBii-TznnW04, Hits: -, size: 1909, queued_as: 535D4136D, 289 ms
Aug 17 07:19:30 mail.facl.xyz amavis[2626]: (02626-01) Passed CLEAN {RelayedInbound}, [127.0.0.1] [email protected] -> [email protected], Message-ID: [email protected], mail_id: zR8b8BRl0kNW, Hits: -, size: 1506, queued_as: 467AB136D, 244 ms
Aug 17 07:23:22 mail.facl.xyz amavis[2625]: (02625-02) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [172.27.224.1]:53208 [email protected] -> [email protected], Queue-ID: 9E6DD136D, Message-ID: [email protected], mail_id: GMBci>
Aug 17 07:34:30 mail.facl.xyz amavis[2626]: (02626-02) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [172.27.224.1]:55243 [email protected] -> [email protected], Queue-ID: 3F84D2311, Message-ID: [email protected], mail_id: Q27RZ>
Aug 17 07:34:30 mail.facl.xyz amavis[2625]: (02625-03) Passed CLEAN {RelayedInbound}, [127.0.0.1] [email protected] -> [email protected], Message-ID: [email protected], mail_id: HTJlJzy2n6tg, Hits: -, size: 6512, queued_as: 6DD9120B2, 359 ms
Aug 17 07:57:21 mail.facl.xyz amavis[2626]: (02626-03) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] [email protected] -> [email protected], Message-ID: [email protected], mail_id: QLf0QAUln62T, Hits: -, size: 1464, queued_as: 60EF>
Aug 17 07:59:30 mail.facl.xyz amavis[2625]: (02625-04) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] [email protected] -> [email protected], Message-ID: [email protected], mail_id: aT99rHW5Mj24, Hits: -, size: 1501, queued_as:





**6a:**

`sudo systemctl status fail2ban`

● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-08-17 07:03:49 CDT; 4h 1min ago
Docs: man:fail2ban(1)
Process: 1897 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 1923 (f2b/server)
Tasks: 9 (limit: 9255)
CGroup: /system.slice/fail2ban.service
└─1923 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Aug 17 07:03:48 mail.facl.xyz systemd[1]: Starting Fail2Ban Service…
Aug 17 07:03:49 mail.facl.xyz systemd[1]: Started Fail2Ban Service.
Aug 17 07:03:52 mail.facl.xyz fail2ban-server[1923]: Server ready


**6b:**
`cat /var/log/fail2ban.log`

2021-08-17 07:03:51,347 fail2ban.server [1923]: INFO Starting Fail2ban v0.11.1
2021-08-17 07:03:51,358 fail2ban.observer [1923]: INFO Observer start…
2021-08-17 07:03:51,413 fail2ban.database [1923]: INFO Connected to fail2ban persistent database ‘/var/lib/fail2ban/fail2ban.sqlite3’
2021-08-17 07:03:51,462 fail2ban.jail [1923]: INFO Creating new jail ‘sshd’
2021-08-17 07:03:51,771 fail2ban.jail [1923]: INFO Jail ‘sshd’ uses pyinotify {}
2021-08-17 07:03:51,797 fail2ban.jail [1923]: INFO Initiated ‘pyinotify’ backend
2021-08-17 07:03:51,852 fail2ban.filter [1923]: INFO maxLines: 1
2021-08-17 07:03:52,135 fail2ban.filter [1923]: INFO maxRetry: 5
2021-08-17 07:03:52,137 fail2ban.filter [1923]: INFO findtime: 600
2021-08-17 07:03:52,138 fail2ban.actions [1923]: INFO banTime: 1200
2021-08-17 07:03:52,139 fail2ban.filter [1923]: INFO encoding: UTF-8
2021-08-17 07:03:52,160 fail2ban.filter [1923]: INFO Added logfile: ‘/var/log/auth.log’ (pos = 29053, hash = 647d772821ca854ff7f545b466d2881515965943)
2021-08-17 07:03:52,185 fail2ban.jail [1923]: INFO Creating new jail ‘postfix’
2021-08-17 07:03:52,185 fail2ban.jail [1923]: INFO Jail ‘postfix’ uses pyinotify {}
2021-08-17 07:03:52,234 fail2ban.jail [1923]: INFO Initiated ‘pyinotify’ backend
2021-08-17 07:03:52,313 fail2ban.filter [1923]: INFO maxRetry: 3
2021-08-17 07:03:52,316 fail2ban.filter [1923]: INFO findtime: 600
2021-08-17 07:03:52,317 fail2ban.actions [1923]: INFO banTime: 3600
2021-08-17 07:03:52,318 fail2ban.filter [1923]: INFO encoding: UTF-8
2021-08-17 07:03:52,370 fail2ban.filter [1923]: INFO Added logfile: ‘/var/log/mail.log’ (pos = 1102894, hash = 92f390993e3afc6852360ecc3a2243321232c865)
2021-08-17 07:03:52,374 fail2ban.jail [1923]: INFO Creating new jail ‘postfix-flood-attack’
2021-08-17 07:03:52,376 fail2ban.jail [1923]: INFO Jail ‘postfix-flood-attack’ uses pyinotify {}
2021-08-17 07:03:52,405 fail2ban.jail [1923]: INFO Initiated ‘pyinotify’ backend
2021-08-17 07:03:52,410 fail2ban.filter [1923]: INFO maxRetry: 3
2021-08-17 07:03:52,411 fail2ban.filter [1923]: INFO findtime: 600
2021-08-17 07:03:52,412 fail2ban.actions [1923]: INFO banTime: 1200
2021-08-17 07:03:52,413 fail2ban.filter [1923]: INFO encoding: UTF-8
2021-08-17 07:03:52,415 fail2ban.filter [1923]: INFO Added logfile: ‘/var/log/mail.log’ (pos = 1102894, hash = 92f390993e3afc6852360ecc3a2243321232c865)
2021-08-17 07:03:52,460 fail2ban.jail [1923]: INFO Jail ‘sshd’ started
2021-08-17 07:03:52,650 fail2ban.jail [1923]: INFO Jail ‘postfix’ started
2021-08-17 07:03:52,663 fail2ban.jail [1923]: INFO Jail ‘postfix-flood-attack’ started
2021-08-17 07:03:52,666 fail2ban.actions [1923]: NOTICE [postfix] Restore Ban 172.27.224.1
2021-08-17 07:15:46,935 fail2ban.actions [1923]: NOTICE [postfix] Unban 172.27.224.1
2021-08-17 07:22:29,621 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 07:22:29
2021-08-17 07:24:53,218 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 07:24:52
2021-08-17 07:28:23,070 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 07:28:22
2021-08-17 07:28:23,263 fail2ban.actions [1923]: NOTICE [postfix] Ban 172.27.224.1
2021-08-17 08:28:22,320 fail2ban.actions [1923]: NOTICE [postfix] Unban 172.27.224.1
2021-08-17 09:08:44,018 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 09:08:43
2021-08-17 09:20:37,479 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 09:20:37
2021-08-17 09:24:14,736 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 09:24:14
2021-08-17 09:26:41,101 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 09:26:40
2021-08-17 09:26:41,399 fail2ban.actions [1923]: NOTICE [postfix] Ban 172.27.224.1
2021-08-17 10:26:40,609 fail2ban.actions [1923]: NOTICE [postfix] Unban 172.27.224.1
2021-08-17 10:26:54,374 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 10:26:53
2021-08-17 10:31:30,242 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 10:31:29
2021-08-17 10:31:56,744 fail2ban.filter [1923]: INFO [postfix] Found 172.27.224.1 - 2021-08-17 10:31:56
2021-08-17 10:31:57,074 fail2ban.actions [1923]: NOTICE [postfix] Ban 172.27.224.1

#2

Sorry @LinuxBabe but my OP above is giving me a 403 error when I try to edit it for proper formatting. You may have to sift through my slopiness, or somehow correct the 403 error that happens when editing a post. That way I can format things properly.

Finally, I just wanted to really thank you and hope you got my donation for all of your hard work! I am a linuxbabe fan and want to contribute as much as possible! Thanks again @LinuxBabe !

#3

Any experienced users who might be able to help me out there?

#4

This is the nmap scan result of your mail server.

PORT    STATE  SERVICE
25/tcp  closed smtp
80/tcp  closed http
143/tcp closed imap
443/tcp closed https
465/tcp closed smtps
587/tcp closed submission
993/tcp closed imaps

You need to open the inbound port 25/tcp to the public Internet, in order to receive emails from other SMTP servers.

Open TCP port 465 and 587 in order to sumbit emails from mail client (Apple Mail) to your mail server.
Open the IMAP ports (143, 993) in order to download emails from your mail server to your mail client (Apple Mail)

#5

I see you are using VPN to tunnel email traffic. Maybe you should set up SMTP and IMAP proxy.

#6

Unfortunately, before you could respond, I reverted to an offline backup to try to backtrack and see where I misconfigured something. I didn’t strike gold in my quest, and temporarily gave up, turning off my server to prevent any possible misconfiguration vulnerabilities from being exploited during the server’s partially working state. While you ran your nmap test, I am almost certain that my server was actually down. Shortly, I am going to revert to the original state that the server was in when I asked this question. I will get back to you as soon as I do, so hopefully you can rerun the nmap test and possibly help me out here. I really appreciate all of your time and effort in helping us users out. You are easily the best tutorial writer on the internet and I really appreciate it!

Thanks @LinuxBabe.
P.S. I will notifiy you when the server is back up and running, and will keep it that way for you.

#7

Ok, my server is back up and running and here are a few notes of what I have figured out:

After reverting to an earlier backup, and re-creating my steps, I have found that my emails stopped working after I began the Linuxbabe chapter entitled

7 Effective Tips for Blocking Email Spam with Postfix SMTP Server
.
Particularly, emails stopped working after Tip #1 and Tip#2. On my regression, before that chapter, emails seem to work perfectly for both incoming and outgoing. However, my /etc/postfix/main.cf file, as soon as I add the smtpd_sender_restrictions and smtpd_helo_restrictions that are defined in the tutorial, my emails no longer work.

Another thing I noticed, is that in my mail/ufw logs, when I try to send an email from my gmail on my lan to my server from my mac, it seems that postfix or ufw is blacklisting my mac, because it starts looking for a rDNS and PTR record for the local VPN IP address of my VPN Client (the email server) computer, as opposed to looking for a PTR and rDNS of gmails public ip address in which the email was sent from. I could severely lack understanding here, but If I am not, this seems like extremely odd behavior to me.

Finally,
as we speak, I have booted up the same server image (in its broken state, with smtpd_sender_restrictions and smtpd_helo_restrictions enabled) that I made this original post about. I wont be touching the server until you run an nmap or whatever other tests that may be necesssary to help debug this. If you or any other experienced users have some time, would you please be so kind as to offer me some help in debugging this?

Thanks so much!

Dan

#8

If you can’t receive or send emails, you did something wrong. As a rule of thumb, you should always check the mail log (/var/log/mail.log) on your mail server when an error happens, and post the error message here so others can help.

#9

And post the content of /etc/postfix/main.cf file here.

#10 
cat /etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
# Don't use self-signed certificates
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_security_level=may

### Linuxbabe
# Enable TLS Encryption when Postfix receives incoming emails
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.facl.xyz/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.facl.xyz/privkey.pem
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

### Linuxbabe
#Enable TLS Encryption when Postfix sends outgoing emails
smtp_tls_security_level=may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

### Linuxbabe
#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

# Default 3 = uncommented
#smtp_tls_CApath=/etc/ssl/certs
#smtp_tls_security_level=may
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# The blow line prevents you from being an open relay, which means that your mail server wont forward email on behalf of anyone towards any destination, like open relays do.
# This line tells Postfix to forward email only from clients in trusted networks, from clients that have authenticated with SASL, or to domains that are configured as authorized relay destinations.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.facl.xyz
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
message_size_limit = 104857600

#### Linuxbabe
# Tell Postfix to deliver incoming emails to local message store via the Dovecot LMTP server.
mailbox_transport = lmtp:unix:private/dovecot-lmtp
# Disable SMTPUTF8 in Postfix, because Dovecot-LMTP doesn't support this email extension
smtputf8_enable = no

### Linuxbabe Chapter 3
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
   proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
   proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_alias_maps =
   proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
   proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
   proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

### Linuxbabe chapter 3
virtual_transport = lmtp:unix:private/dovecot-lmtp

### Linuxbabe Chapter 3
# The first line defines the base location of mail files. The remaining 3 lines
# define which user ID and group ID Postfix will use when delivering incoming
# emails to the mailbox. We use the user ID 2000 and group ID 2000.
virtual_mailbox_base = /var/vmail
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000

### Linuxbabe Chapter 3 Ending
# By default, any local user can use the sendmail binary to submit outgoing emails.
# Now that your mail server is using virtual mailboxes, you might want to restrict
# access to the sendmail binary to trusted local users only, so a malicious user
# can’t use it to send a large volume of emails to damage your mail server’s reputation
authorized_submit_users = root,www-data,danranuser,netdata

# deliver emails to local message store via the dovecot LMTP server (roundcube tutorial, sieve section, linuxbabe)
mailbox_transport = lmtp:unix:private/dovecot-lmtp
# disables SMTPUTF8 in Postfix, because Dovecot-LMTP doesn’t support this email extension (roundcube tutorial, seive section, linuxbabe)
smtputf8_enable = no

### Linuxbabe, rouncube tutorial, sieve section
# Help remove sensitive info (such as roundcube version number) from email headers
# This line is overridden by smtp_header_checks line at bottom of page
#smtp_header_checks = regexp:/etc/postfix/smtp_header_checks

### LINUXBABE CHAPTER 4
# The first line specifies the Postfix policy agent timeout setting. The following lines will impose a restriction on incoming emails by rejecting unauthorized email and checking SPF record.
policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_unauth_destination,
   check_policy_service unix:private/policyd-spf,
### LinuxBabe Chapter "7 Effective Tips for Blocking Email Spam with Postfix SMTP Server"
   # Make Postfix use the Postgrey policy server.
   check_policy_service inet:127.0.0.1:10023,
   # Tip #6, Whitelisting
   check_client_access hash:/etc/postfix/rbl_override,
### LinuxBabe Chapter ""7 Effective Tips for Blocking Email Spam with Postfix SMTP Server"
   # Tip #6: Using Public Realtime Blacklists
   reject_rhsbl_helo dbl.spamhaus.org,
   reject_rhsbl_reverse_client dbl.spamhaus.org,
   reject_rhsbl_sender dbl.spamhaus.org,
   # The single line below is for public whitelisting, with dnswl whitelisting by ip address
   permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3],
   # The single line below is for whitelisting, however, if using spamhaus.org for blacklisting, then you don't need this on a whitelist as it is impossible for an IP address to be listed in Spamhaus whitelist and blacklist at the same time.
   #permit_dnswl_client swl.spamhaus.org,
   reject_rbl_client zen.spamhaus.org

### LINUXBABE CHAPTER 4
# Milter configuration for Postfix to be able to call OpenDKIM via the milter protocol.
# Note: This configuration is set in a later section of the email server tutorial (read below), 
# so milter config is commented out here.

#milter_default_action = accept
#milter_protocol = 6
#smtpd_milters = local:opendkim/opendkim.sock
#non_smtpd_milters = $smtpd_milters

### Linuxbabe Chapter "7 Effective Tips for Blocking Email Spam with Postfix SMTP Server"
## Tip #1
smtpd_sender_restrictions =
   permit_mynetworks
   permit_sasl_authenticated
## Tip #4
   # Add the following line to reject email if the domain name of the address supplied with the MAIL FROM command has neither MX record nor A record.
   reject_unknown_sender_domain
   # This directive rejects an email if the client IP address has no PTR Record.
   reject_unknown_reverse_client_hostname
## Tip #3
   # A legitimate email server should have an IP address returned from an A record, that matches the IP address of the email server.
   # To filter out emails from hosts that don't have a valid A record (IP doesnt match that of the server) add the following two lines below.
   #reject_unknown_reverse_client_hostname # Duplicate from above.
   reject_unknown_client_hostname
   # ^^^ NOTE: reject_unknown_client_hostname does not require HELO from SMTP client. It will fetch the hostname from PTR record, then check the A record.

## Tip #2
# Add the following line to require the client to provide a HELO/EHLO hostname.
smtpd_helo_required = yes
# Add the following 3 lines to enable smtpd_helo_restrictions
smtpd_helo_restrictions =
   permit_mynetworks
   permit_sasl_authenticated
   # Ocasionally, a legitimate mail server doesn't have a valid A record for the HELO/EHLO hostname. You need to whitelist them with the line below ("check_helo_access" directive).
   # Don't forget to add whitelisted domains the the helo_access whitelist file, located at /etc/postfix/helo_access
   check_helo_access hash:/etc/postfix/helo_access
   # Use the following line to reject clients who provide malformed HELO/EHLO hostname.
   reject_invalid_helo_hostname
   # Use the following line to reject non-fully qualified HELO/EHLO hostname.
   reject_non_fqdn_helo_hostname
   # Use the following line to reject emails when the HELO/EHLO hostname has neither DNS A records nor MX Records.
   reject_unknown_helo_hostname

### Linuxbabe, Chapter "Block Email Spam with Postfix and SpamAssassin Content Filter"
# Use header checks with PCRE
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks

# Milter configuration (Note: Order of these matters. Don't change the order.)
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:opendkim/opendkim.sock,local:opendmarc/opendmarc.sock,local:spamass/spamass.sock
non_smtpd_milters = $smtpd_milters

### LInuxbabe "Spamassassin and Sieve Chapter"
# You can use smtp_header_checks to delete email headers that could show sensitive information.
# smtp_header_checks are only applied when Postfix is acting as an SMTP client, so it won’t affect incoming emails.
# You might not want the recipient to know that you are using SpamAssassin on your mail server.
# So add the following line, which tells Postfix to delete the X-Spam-Status and X-Spam-Checker-Version header
# from the email message when sending emails
smtp_header_checks = pcre:/etc/postfix/smtp_header_checks

### Linuxbabe "Postfix-amavis" chapter
# This tells Postfix to turn on content filtering by sending every incoming email message to Amavis, which listens on 127.0.0.1:10024.
content_filter = smtp-amavis:[127.0.0.1]:10024
# This will delay Postfix connection to content filter until the entire email message has been received, which can prevent content filters from wasting time and resources for slow SMTP clients.
smtpd_proxy_options = speed_adjust
#11 
cat /var/log/mail.log

Sep 14 13:36:24 mail postfix/10025/smtpd[4955]: 07BB3402E: client=mail.facl.xyz[127.0.0.1]
Sep 14 13:36:24 mail postfix/lmtp[4963]: 72A6F20F6: to=<[email protected]>, relay=mail.facl.xyz[private/dovecot-lmtp], delay=0.59, delays=0.34/0.06/0.03/0.15, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> NJeWNKfrQGFlEwAAb5hK8w Saved)
Sep 14 13:36:24 mail postfix/cleanup[4960]: 07BB3402E: message-id=<[email protected]>
Sep 14 13:36:24 mail postfix/qmgr[2684]: 72A6F20F6: removed
Sep 14 13:36:24 mail postfix/qmgr[2684]: 053E44027: from=<[email protected]>, size=1870, nrcpt=1 (queue active)
Sep 14 13:36:24 mail dovecot: lmtp([email protected])<4964><kQAjNKfrQGFkEwAAb5hK8w>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
Sep 14 13:36:24 mail postfix/lmtp[4961]: 774E120F8: to=<[email protected]>, relay=mail.facl.xyz[private/dovecot-lmtp], delay=0.67, delays=0.32/0.05/0.06/0.25, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> kQAjNKfrQGFkEwAAb5hK8w Saved)
Sep 14 13:36:24 mail dovecot: lmtp(4964): Disconnect from local: Client has quit the connection (state=READY)
Sep 14 13:36:24 mail postfix/qmgr[2684]: 774E120F8: removed
Sep 14 13:36:24 mail postfix/qmgr[2684]: 07BB3402E: from=<[email protected]>, size=2371, nrcpt=1 (queue active)
Sep 14 13:36:24 mail amavis[2562]: (02562-02) Passed CLEAN {RelayedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: QKAKSxT5VYDk, Hits: -, size: 1909, queued_as: 07BB3402E, 296 ms
Sep 14 13:36:24 mail dovecot: lmtp(4964): Connect from local
Sep 14 13:36:24 mail postfix/amavis/smtp[2688]: 6BFDF4050: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=308164, delays=308090/73/0.03/0.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 07BB3402E)
Sep 14 13:36:24 mail amavis[2565]: (02565-02) Passed CLEAN {RelayedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: B_YDz5djxMnv, Hits: -, size: 1408, queued_as: 053E44027, 302 ms
Sep 14 13:36:24 mail dovecot: auth: Debug: master in: USER#0112#[email protected]#011service=lmtp
Sep 14 13:36:24 mail dovecot: auth: Debug: sql([email protected]): Performing userdb lookup
Sep 14 13:36:24 mail dovecot: auth: Debug: sql([email protected]): Finished userdb lookup
Sep 14 13:36:24 mail dovecot: auth: Debug: userdb out: USER#0112#[email protected]#011maildir=facl.xyz/admin007/#011uid=2000#011gid=2000
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<12>: Handling USER request
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): Performing userdb lookup
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '[email protected]' AND active='1'
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): Finished userdb lookup
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<12>: Finished
Sep 14 13:36:24 mail postfix/qmgr[2684]: 6BFDF4050: removed
Sep 14 13:36:24 mail dovecot: lmtp(4965): Connect from local
Sep 14 13:36:24 mail dovecot: auth: Debug: master in: USER#0112#[email protected]#011service=lmtp
Sep 14 13:36:24 mail postfix/amavis/smtp[2691]: 2D6D620DF: to=<[email protected]>, orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=194287, delays=194214/73/0.04/0.31, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 053E44027)
Sep 14 13:36:24 mail dovecot: auth: Debug: sql([email protected]): Performing userdb lookup
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<13>: Handling USER request
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): Performing userdb lookup
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '[email protected]' AND active='1'
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): Finished userdb lookup
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<13>: Finished
Sep 14 13:36:24 mail dovecot: auth: Debug: sql([email protected]): Finished userdb lookup
Sep 14 13:36:24 mail dovecot: auth: Debug: userdb out: USER#0112#[email protected]#011maildir=facl.xyz/admin007/#011uid=2000#011gid=2000
Sep 14 13:36:24 mail postfix/qmgr[2684]: 2D6D620DF: removed
Sep 14 13:36:24 mail postfix/lmtp[4961]: 053E44027: to=<[email protected]>, relay=mail.facl.xyz[private/dovecot-lmtp], delay=0.16, delays=0.1/0.02/0/0.04, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> KKxLCKjrQGFkEwAAb5hK8w Saved)
Sep 14 13:36:24 mail dovecot: lmtp([email protected])<4964><KKxLCKjrQGFkEwAAb5hK8w>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
Sep 14 13:36:24 mail postfix/qmgr[2684]: 053E44027: removed
Sep 14 13:36:24 mail dovecot: lmtp([email protected])<4965><QAg2CajrQGFlEwAAb5hK8w>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
Sep 14 13:36:24 mail postfix/lmtp[4963]: 07BB3402E: to=<[email protected]>, relay=mail.facl.xyz[private/dovecot-lmtp], delay=0.18, delays=0.11/0.02/0/0.05, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> QAg2CajrQGFlEwAAb5hK8w Saved)
Sep 14 13:36:24 mail postfix/qmgr[2684]: 07BB3402E: removed
Sep 14 13:36:24 mail postfix/10025/smtpd[4955]: 3F77020F8: client=mail.facl.xyz[127.0.0.1]
Sep 14 13:36:24 mail postfix/cleanup[4960]: 3F77020F8: message-id=<[email protected]>
Sep 14 13:36:24 mail postfix/qmgr[2684]: 3F77020F8: from=<[email protected]>, size=1870, nrcpt=1 (queue active)
Sep 14 13:36:24 mail postfix/10025/smtpd[4953]: 4C8444026: client=mail.facl.xyz[127.0.0.1]
Sep 14 13:36:24 mail amavis[2562]: (02562-02-2) Passed CLEAN {RelayedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: 6vB0tlRVpDv6, Hits: -, size: 1408, queued_as: 3F77020F8, 163 ms
Sep 14 13:36:24 mail postfix/cleanup[4959]: 4C8444026: message-id=<[email protected]>
Sep 14 13:36:24 mail postfix/amavis/smtp[2688]: 806CB4C95: to=<[email protected]>, orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=2, delay=105832, delays=105758/73/0.01/0.17, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3F77020F8)
Sep 14 13:36:24 mail postfix/qmgr[2684]: 806CB4C95: removed
Sep 14 13:36:24 mail dovecot: lmtp(4973): Connect from local
Sep 14 13:36:24 mail dovecot: auth: Debug: master in: USER#0111#[email protected]#011service=lmtp
Sep 14 13:36:24 mail dovecot: auth: Debug: sql([email protected]): Performing userdb lookup
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<14>: Handling USER request
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): Performing userdb lookup
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '[email protected]' AND active='1'
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): Finished userdb lookup
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<14>: Finished
Sep 14 13:36:24 mail dovecot: auth: Debug: sql([email protected]): Finished userdb lookup
Sep 14 13:36:24 mail dovecot: auth: Debug: userdb out: USER#0111#[email protected]#011maildir=facl.xyz/admin007/#011uid=2000#011gid=2000
Sep 14 13:36:24 mail postfix/qmgr[2684]: 4C8444026: from=<[email protected]>, size=13795, nrcpt=1 (queue active)
Sep 14 13:36:24 mail amavis[2565]: (02565-02-2) Passed CLEAN {RelayedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: CRD-XEovCGIc, Hits: -, size: 13304, queued_as: 4C8444026, 189 ms
Sep 14 13:36:24 mail postfix/amavis/smtp[2691]: 8C0C720F9: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=2, delay=34583, delays=34509/73/0.01/0.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4C8444026)
Sep 14 13:36:24 mail postfix/qmgr[2684]: 8C0C720F9: removed
Sep 14 13:36:24 mail dovecot: lmtp(4974): Connect from local
Sep 14 13:36:24 mail dovecot: auth: Debug: master in: USER#0111#[email protected]#011service=lmtp
Sep 14 13:36:24 mail dovecot: auth: Debug: sql([email protected]): Performing userdb lookup
Sep 14 13:36:24 mail postfix/lmtp[4961]: 3F77020F8: to=<[email protected]>, relay=mail.facl.xyz[private/dovecot-lmtp], delay=0.13, delays=0.04/0/0.04/0.05, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> V2g0FKjrQGFtEwAAb5hK8w Saved)
Sep 14 13:36:24 mail postfix/qmgr[2684]: 3F77020F8: removed
Sep 14 13:36:24 mail dovecot: auth: Debug: sql([email protected]): Finished userdb lookup
Sep 14 13:36:24 mail dovecot: auth: Debug: userdb out: USER#0111#[email protected]#011maildir=facl.xyz/admin007/#011uid=2000#011gid=2000
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<15>: Handling USER request
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): Performing userdb lookup
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '[email protected]' AND active='1'
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: sql([email protected]): Finished userdb lookup
Sep 14 13:36:24 mail dovecot: auth-worker(4870): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<15>: Finished
Sep 14 13:36:24 mail dovecot: lmtp([email protected])<4973><V2g0FKjrQGFtEwAAb5hK8w>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
Sep 14 13:36:24 mail dovecot: lmtp(4973): Disconnect from local: Client has quit the connection (state=READY)
Sep 14 13:36:24 mail dovecot: lmtp([email protected])<4974><BEEIF6jrQGFuEwAAb5hK8w>: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
Sep 14 13:36:24 mail postfix/lmtp[4963]: 4C8444026: to=<[email protected]>, relay=mail.facl.xyz[private/dovecot-lmtp], delay=0.13, delays=0.03/0/0.04/0.05, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> BEEIF6jrQGFuEwAAb5hK8w Saved)
Sep 14 13:36:24 mail postfix/qmgr[2684]: 4C8444026: removed
Sep 14 13:36:24 mail dovecot: lmtp(4974): Disconnect from local: Client has quit the connection (state=READY)
Sep 14 13:36:26 mail dovecot: lmtp(4964): Disconnect from local: Remote closed connection (state=READY)
Sep 14 13:36:26 mail dovecot: lmtp(4965): Disconnect from local: Remote closed connection (state=READY)
Sep 14 13:37:12 mail dovecot: auth-worker(4871): Debug: conn unix:auth-worker (pid=4864,uid=113): Disconnected: Connection closed (fd=-1)
Sep 14 13:37:13 mail dovecot: auth-worker(4874): Debug: conn unix:auth-worker (pid=4864,uid=113): Disconnected: Connection closed (fd=-1)
Sep 14 13:37:13 mail dovecot: auth-worker(4882): Debug: conn unix:auth-worker (pid=4864,uid=113): Disconnected: Connection closed (fd=-1)
Sep 14 13:37:14 mail dovecot: auth-worker(4890): Debug: conn unix:auth-worker (pid=4864,uid=113): Disconnected: Connection closed (fd=-1)
Sep 14 13:37:14 mail dovecot: auth-worker(4893): Debug: conn unix:auth-worker (pid=4864,uid=113): Disconnected: Connection closed (fd=-1)
Sep 14 13:37:22 mail postfix/smtpd[5667]: connect from unknown[10.10.9.1]
Sep 14 13:37:22 mail postfix/smtpd[5667]: warning: connect to Milter service local:opendmarc/opendmarc.sock: No such file or directory
Sep 14 13:37:22 mail postfix/smtpd[5667]: Anonymous TLS connection established from unknown[10.10.9.1]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Sep 14 13:37:22 mail spamass-milter[2094]: Could not retrieve sendmail macro "i"!.  Please add it to confMILTER_MACROS_ENVFROM for better spamassassin results
Sep 14 13:37:22 mail postfix/smtpd[5667]: NOQUEUE: reject: RCPT from unknown[10.10.9.1]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [10.10.9.1]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-ot1-f41.google.com>
Sep 14 13:37:23 mail postfix/smtpd[5667]: disconnect from unknown[10.10.9.1] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7
Sep 14 13:37:24 mail dovecot: auth-worker(4870): Debug: conn unix:auth-worker (pid=4864,uid=113): Disconnected: Connection closed (fd=-1)
Sep 14 13:37:39 mail dovecot: auth: Debug: auth client connected (pid=5689)
Sep 14 13:37:39 mail dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured=tls#011session=o3ta4PjLPvHAqB4i#011lip=192.168.1.2#011rip=192.168.1.4#011lport=993#011rport=61758#011local_name=mail.facl.xyz#011ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384#011ssl_cipher_bits=256#011ssl_pfs=KxECDHE#011ssl_protocol=TLSv1.2#011resp=YWRtaW4wMDdAZmFjbC54eXoAYWRtaW4wMDdAZmFjbC54eXoASC0hQ2hlTjdCaTYzMiRATGFyTSFxYkk5MHh4YzM/ (previous base64 data may contain sensitive data)
Sep 14 13:37:39 mail dovecot: auth: Debug: sql([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): Performing passdb lookup
Sep 14 13:37:39 mail dovecot: auth-worker(5690): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Sep 14 13:37:39 mail dovecot: auth-worker(5690): Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Sep 14 13:37:39 mail dovecot: auth-worker(5690): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Sep 14 13:37:39 mail dovecot: auth-worker(5690): Debug: conn unix:auth-worker (pid=4864,uid=113): Server accepted connection (fd=14)
Sep 14 13:37:39 mail dovecot: auth-worker(5690): Debug: conn unix:auth-worker (pid=4864,uid=113): Sending version handshake
Sep 14 13:37:39 mail dovecot: auth-worker(5690): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<1>: Handling PASSV request
Sep 14 13:37:39 mail dovecot: auth-worker(5690): Debug: sql([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): Performing passdb lookup
Sep 14 13:37:39 mail dovecot: auth-worker(5690): Debug: sql([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): query: SELECT username AS user,password FROM mailbox WHERE username = '[email protected]' AND active='1'
Sep 14 13:37:40 mail dovecot: auth-worker(5690): Debug: sql([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): Finished passdb lookup
Sep 14 13:37:40 mail dovecot: auth-worker(5690): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<1>: Finished
Sep 14 13:37:40 mail dovecot: auth: Debug: sql([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): Finished passdb lookup
Sep 14 13:37:40 mail dovecot: auth: Debug: auth([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): Auth request finished
Sep 14 13:37:40 mail dovecot: auth: Debug: client passdb out: OK#0111#[email protected]#011
Sep 14 13:37:40 mail dovecot: auth: Debug: master in: REQUEST#0113217686529#0115689#0111#011a6ce92532d29efcf382c2888ba11f52d#011session_pid=5692#011request_auth_token
Sep 14 13:37:40 mail dovecot: auth: Debug: sql([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): Performing userdb lookup
Sep 14 13:37:40 mail dovecot: auth-worker(5690): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<2>: Handling USER request
Sep 14 13:37:40 mail dovecot: auth-worker(5690): Debug: sql([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): Performing userdb lookup
Sep 14 13:37:40 mail dovecot: auth-worker(5690): Debug: sql([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '[email protected]' AND active='1'
Sep 14 13:37:40 mail dovecot: auth-worker(5690): Debug: sql([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): Finished userdb lookup
Sep 14 13:37:40 mail dovecot: auth-worker(5690): Debug: conn unix:auth-worker (pid=4864,uid=113): auth-worker<2>: Finished
Sep 14 13:37:40 mail dovecot: auth: Debug: sql([email protected],192.168.1.4,<o3ta4PjLPvHAqB4i>): Finished userdb lookup
Sep 14 13:37:40 mail dovecot: auth: Debug: master userdb out: USER#0113217686529#[email protected]#011maildir=facl.xyz/admin007/#011uid=2000#011gid=2000#011auth_token=ddaafd60d2281ab6598738c974623dc783cbf2bf
Sep 14 13:37:40 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=192.168.1.4, lip=192.168.1.2, mpid=5692, TLS, session=<o3ta4PjLPvHAqB4i>
Sep 14 13:38:40 mail dovecot: auth-worker(5690): Debug: conn unix:auth-worker (pid=4864,uid=113): Disconnected: Connection closed (fd=-1)
Sep 14 13:39:35 mail postfix/smtpd[5887]: connect from unknown[10.10.9.1]
Sep 14 13:39:35 mail postfix/smtpd[5887]: warning: connect to Milter service local:opendmarc/opendmarc.sock: No such file or directory
Sep 14 13:39:35 mail postfix/smtpd[5887]: Anonymous TLS connection established from unknown[10.10.9.1]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Sep 14 13:39:35 mail postfix/smtpd[5887]: NOQUEUE: reject: RCPT from unknown[10.10.9.1]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [10.10.9.1]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-oo1-f48.google.com>
Sep 14 13:39:35 mail postfix/smtpd[5887]: disconnect from unknown[10.10.9.1] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7
Sep 14 13:39:44 mail postfix/scache[4962]: statistics: start interval Sep 14 13:36:23
Sep 14 13:39:44 mail postfix/scache[4962]: statistics: domain lookup hits=2 miss=4 success=33%
Sep 14 13:39:44 mail postfix/scache[4962]: statistics: address lookup hits=0 miss=2 success=0%
Sep 14 13:39:44 mail postfix/scache[4962]: statistics: max simultaneous domains=2 addresses=2 connection=4
Sep 14 13:41:03 mail postfix/smtps/smtpd[5992]: connect from unknown[192.168.1.4]
Sep 14 13:41:03 mail postfix/smtps/smtpd[5992]: Anonymous TLS connection established from unknown[192.168.1.4]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Sep 14 13:41:03 mail dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Sep 14 13:41:03 mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Sep 14 13:41:03 mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Sep 14 13:41:03 mail dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Sep 14 13:41:03 mail dovecot: auth: Debug: auth client connected (pid=0)
Sep 14 13:41:03 mail postfix/smtps/smtpd[5992]: warning: connect to Milter service local:opendmarc/opendmarc.sock: No such file or directory
Sep 14 13:41:03 mail dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=192.168.1.2#011rip=192.168.1.4#011secured#011resp=YWRtaW4wMDdAZmFjbC54eXoAYWRtaW4wMDdAZmFjbC54eXoASC0hQ2hlTjdCaTYzMiRATGFyTSFxYkk5MHh4YzM/ (previous base64 data may contain sensitive data)
Sep 14 13:41:03 mail dovecot: auth: Debug: sql([email protected],192.168.1.4): Performing passdb lookup
Sep 14 13:41:03 mail dovecot: auth-worker(5994): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Sep 14 13:41:03 mail dovecot: auth-worker(5994): Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Sep 14 13:41:03 mail dovecot: auth-worker(5994): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Sep 14 13:41:03 mail dovecot: auth-worker(5994): Debug: conn unix:auth-worker (pid=5993,uid=113): Server accepted connection (fd=14)
Sep 14 13:41:03 mail dovecot: auth-worker(5994): Debug: conn unix:auth-worker (pid=5993,uid=113): Sending version handshake
Sep 14 13:41:03 mail dovecot: auth-worker(5994): Debug: conn unix:auth-worker (pid=5993,uid=113): auth-worker<1>: Handling PASSV request
Sep 14 13:41:03 mail dovecot: auth-worker(5994): Debug: sql([email protected],192.168.1.4): Performing passdb lookup
Sep 14 13:41:03 mail dovecot: auth-worker(5994): Debug: sql([email protected],192.168.1.4): query: SELECT username AS user,password FROM mailbox WHERE username = '[email protected]' AND active='1'
Sep 14 13:41:04 mail dovecot: auth-worker(5994): Debug: sql([email protected],192.168.1.4): Finished passdb lookup
Sep 14 13:41:04 mail dovecot: auth-worker(5994): Debug: conn unix:auth-worker (pid=5993,uid=113): auth-worker<1>: Finished
Sep 14 13:41:04 mail dovecot: auth: Debug: sql([email protected],192.168.1.4): Finished passdb lookup
Sep 14 13:41:04 mail dovecot: auth: Debug: auth([email protected],192.168.1.4): Auth request finished
Sep 14 13:41:04 mail dovecot: auth: Debug: client passdb out: OK#0111#[email protected]#011
Sep 14 13:41:04 mail postfix/smtps/smtpd[5992]: 1088D1D5: client=unknown[192.168.1.4], sasl_method=PLAIN, [email protected]
Sep 14 13:41:04 mail postfix/cleanup[5996]: 1088D1D5: message-id=<[email protected]>
Sep 14 13:41:04 mail spamd[4180]: spamd: connection from 127.0.0.1 [127.0.0.1]:48844 to port 783, fd 5
Sep 14 13:41:04 mail spamd[4180]: spamd: using default config for [email protected]: /var/vmail/gmail.com/randa.dan/spamassassin/user_prefs
Sep 14 13:41:04 mail spamd[4180]: spamd: processing message <[email protected]> for [email protected]:2000
Sep 14 13:41:05 mail spamd[5999]: util: setuid: ruid=2000 euid=2000 rgid=2000 2000 2000 egid=2000 2000 2000
Sep 14 13:41:05 mail spamd[4180]: internal error, python traceback seen in response
Sep 14 13:41:07 mail spamd[4180]: spamd: clean message (-0.9/5.0) for [email protected]:2000 in 3.8 seconds, 2827 bytes.
Sep 14 13:41:07 mail spamd[4180]: spamd: result: . 0 - DKIM_INVALID,DKIM_SIGNED,FROM_SUSPICIOUS_NTLD,FROM_SUSPICIOUS_NTLD_FP,GOOD_EMAIL,HTML_MESSAGE,PDS_OTHER_BAD_TLD,UNPARSEABLE_RELAY,URIBL_BLOCKED scantime=3.8,size=2827,[email protected],uid=2000,required_score=5.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=48844,mid=<[email protected]>,autolearn=ham autolearn_force=no
Sep 14 13:41:07 mail postfix/qmgr[2684]: 1088D1D5: from=<[email protected]>, size=2237, nrcpt=1 (queue active)
Sep 14 13:41:08 mail spamd[3875]: prefork: child states: II
Sep 14 13:41:08 mail postfix/10025/smtpd[4953]: 1C36412D9: client=mail.facl.xyz[127.0.0.1]
Sep 14 13:41:08 mail postfix/cleanup[5996]: 1C36412D9: message-id=<[email protected]>
Sep 14 13:41:08 mail postfix/qmgr[2684]: 1C36412D9: from=<[email protected]>, size=3211, nrcpt=1 (queue active)
Sep 14 13:41:08 mail postfix/10025/smtpd[4953]: disconnect from mail.facl.xyz[127.0.0.1] ehlo=1 mail=4 rcpt=4 data=4 noop=1 quit=1 commands=15
Sep 14 13:41:08 mail amavis[2565]: (02565-03) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [192.168.1.4]:62380 <[email protected]> -> <[email protected]>, Queue-ID: 1088D1D5, Message-ID: <[email protected]>, mail_id: VBSPe6m3Zj-C, Hits: -, size: 2743, queued_as: 1C36412D9, 207 ms
Sep 14 13:41:08 mail postfix/amavis/smtp[6002]: 1088D1D5: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=4.2, delays=3.9/0.02/0.01/0.21, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1C36412D9)
Sep 14 13:41:08 mail postfix/qmgr[2684]: 1088D1D5: removed
Sep 14 13:41:08 mail dovecot: imap([email protected])<5692><o3ta4PjLPvHAqB4i>: Logged out in=12311 out=6169 deleted=3 expunged=3 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Sep 14 13:41:08 mail postfix/smtp[6006]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[209.85.147.26]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
Sep 14 13:41:08 mail postfix/smtp[6006]: 1C36412D9: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[209.85.147.26]:25, delay=0.87, delays=0.05/0.03/0.43/0.36, dsn=2.0.0, status=sent (250 2.0.0 OK  1631644868 l19si9629891ilc.102 - gsmtp)
Sep 14 13:41:08 mail postfix/qmgr[2684]: 1C36412D9: removed
Sep 14 13:41:24 mail postfix/10025/smtpd[4955]: timeout after END-OF-MESSAGE from mail.facl.xyz[127.0.0.1]
Sep 14 13:41:24 mail postfix/10025/smtpd[4955]: disconnect from mail.facl.xyz[127.0.0.1] ehlo=1 mail=3 rcpt=3 data=3 commands=10
Sep 14 13:42:03 mail dovecot: auth-worker(5994): Debug: conn unix:auth-worker (pid=5993,uid=113): Disconnected: Connection closed (fd=-1)
Sep 14 13:42:08 mail postfix/smtps/smtpd[5992]: disconnect from unknown[192.168.1.4] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Sep 14 13:45:28 mail postfix/anvil[5669]: statistics: max connection rate 1/60s for (smtp:10.10.9.1) at Sep 14 13:37:22
Sep 14 13:45:28 mail postfix/anvil[5669]: statistics: max connection count 1 for (smtp:10.10.9.1) at Sep 14 13:37:22
Sep 14 13:45:28 mail postfix/anvil[5669]: statistics: max cache size 1 at Sep 14 13:37:22
Sep 14 13:47:37 mail postfix/smtpd[6479]: connect from unknown[10.10.9.1]
Sep 14 13:47:37 mail postfix/smtpd[6479]: warning: connect to Milter service local:opendmarc/opendmarc.sock: No such file or directory
Sep 14 13:47:37 mail postfix/smtpd[6479]: Anonymous TLS connection established from unknown[10.10.9.1]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Sep 14 13:47:37 mail postfix/smtpd[6479]: NOQUEUE: reject: RCPT from unknown[10.10.9.1]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [10.10.9.1]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-ot1-f50.google.com>
Sep 14 13:47:37 mail postfix/smtpd[6479]: disconnect from unknown[10.10.9.1] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7
Sep 14 13:50:58 mail postfix/anvil[6481]: statistics: max connection rate 1/60s for (smtp:10.10.9.1) at Sep 14 13:47:37
Sep 14 13:50:58 mail postfix/anvil[6481]: statistics: max connection count 1 for (smtp:10.10.9.1) at Sep 14 13:47:37
Sep 14 13:50:58 mail postfix/anvil[6481]: statistics: max cache size 1 at Sep 14 13:47:37
#12

If you haven’t configured OpenDMARC, then you should remove local:opendmarc/opendmarc.sock, from smtpd_milters in the /etc/postfix/main.cf file.

Or you can set up OpenDMARC now.

#13

I have followed your advice and installed and configured OpenDMARC.
Now, outgoing emails from the server to gmail are working, however, incoming emails from gmail to the server ARE NOT working.

The reoccurring log that really bugs me here (maybe to my lack of an understanding) is:
Sep 15 09:37:13 mail postfix/smtpd[4323]: connect from unknown[10.10.9.1]
Sep 15 09:37:14 mail postfix/smtpd[4323]: Anonymous TLS connection established from unknown[10.10.9.1]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Sep 15 09:37:14 mail postfix/smtpd[4323]: NOQUEUE: reject: RCPT from unknown[10.10.9.1]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [10.10.9.1]; from=<danran @ gmail.com> to=<admin007 @ facl.xyz> proto=ESMTP helo=<mail-io1-f54.google.com>
Sep 15 09:37:14 mail postfix/smtpd[4323]: disconnect from unknown[10.10.9.1] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7

If I am reading the logs correctly, it is saying:
A connection was established from your email client using the address 10.10.9.1, but connection has been rejected because the email I sent from my gmail account, does not have a reverse hostname. It looks like the reasoning for this is that it thinks the ip address of my gmail is 10.10.9.1, therefore it is looking for a reverse hostname from 10.10.9.1, which is a private LAN (or in this case, VPN tunnel) address. Why does it seem like my mac client computer is using the VPN tunnel when I only have my email server setup to use the vpn tunnel? Could this be where the problem lays, and if so, is this a sign that I am comprimised? If my understanding is not correct, I hope there is someone out there who could correct me and help me properly understand the logs.

#14

If I understand correctly, you are using a VPS as a proxy for your real mail server and they are connected via VPN tunnel. However, the VPS doesn’t forward the IP address of gmail to the mail server. So your mail server can only see the IP address of the VPS (10.10.9.1).

You can follow the tutorial below to set up SMTP and IMAP proxy. Make sure the VPS can forward the IP address to the mail server.

#18

Hey @LinuxBabe , I just wanted to thank you for your tutorials again, and let you know that I finally figured out how to do this. I ended up skipping the HAProxy tutorial, and just read your guide on UFW, which discusses implementing router port forwarding with ufw rules. I then implemented that into your guide on setting up a wireguard client/server configuration, and whalla, all is working fine!

I do have a question though. What is the purpose of using HAProxy if one can instead just do exactly what I did and port forward the UFW rules in the cloud VPN server instance, to forward all traffic to the email server etc. ? I believe following your tutorials, that this is all set up properly, because everything is working perfectly. However, I lack understanding of the benefits of HAProxy over port forwarding. Could you explain when you have some time?

#19

The drawback of port forwarding is that since the common ports are forwarded to your mail server, you can’t use these ports on the VPS itself.

If you use HAProxy, you can still run a web server on the VPS, but if your forwarded port 80 and 443 to your mail server, the VPS can’t run a web server on port 80 and 443.

#20

Thank you so much for this explanation! This helps my understanding greatly! Since I don’t use my VPS for anything but being a VPN Server, I will just stick with port forwarding then. But if any thing changes in the future, this answer is extremely helpful!

1 Like
#21

awesome that’s it way i am choosing this forum