Hello, all. I have added or edited as suggested in main.cf all the settings that Robert mentions in his reply below. Right now, "postfix check" only returns ~10 warnings all equal to " /etc/postfix/master.cf: unused parameter: flags=D"
everything is working OK on the imap/dovecot side (except some minor issues I will deal with later). The only problem that remains is the one with gmail, but I have something new to report. Using example.com as domain name placeholder, the DNS record may be OK now (please confirm): a) it includes a text entry for "example.com:google-site-verification..." as Google b) there is a reverse IPv6 entry, and it has propagated. About 20 minutes ago, "host <IPv6 address of my server> did start to return exactly "example.com" BUT: I only realized now that the rejection email I get when I try to send email as ma...@example.com to my gmail address says: Reporting-MTA: dns; a.mx.example.com this in turn led me to realize that the value of myhostname in main.cf is "a.mx.example.com", NOT just "example.com" as it says in the DNS records (*). To test myself, I changed myhostname to example.com, but after restart I get messages to me bounced because ma...@example.com is "User unknown in local recipient table". So, is just "example.com" the right value for myhostname, and if yes, how to fix the user unknown error? Here is the current output of postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 disable_vrfy_command = yes html_directory = /usr/share/doc/postfix-2.4.3-documentation/html inet_interfaces = all inet_protocols = ipv6, ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost mydomain = $myhostname myhostname = example.com mynetworks = 127.0.0.0/8, my.ip.home.address myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = inet:localhost:8891 procmail_destination_recipient_limit = 1 queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme relay_domains = sample_directory = /etc/postfix sender_dependent_relayhost_maps = hash:/etc/postfix/mymaps/relayhost_maps sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_address_preference = ipv6 smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = hash:/etc/postfix/mymaps/sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_sasl_type = cyrus smtp_sender_dependent_authentication = yes smtp_tls_mandatory_ciphers = high smtp_tls_security_level = may smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_milters = inet:localhost:8891 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_helo_access hash:/etc/postfix/reject_own_helo, check_policy_service unix:postgrey/socket smtpd_sasl_auth_enable = yes smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/archive/example.com/fullchain1.pem smtpd_tls_ciphers = medium smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL smtpd_tls_key_file = /etc/letsencrypt/archive/example.com/privkey1.pem smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_use_tls = yes strict_rfc821_envelopes = yes unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map virtual_gid_maps = static:5000 virtual_mailbox_base = /var/mail/mymail_storage virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map virtual_transport = procmail virtual_uid_maps = static:1001 postconf: warning: /etc/postfix/master.cf: unused parameter: flags=D THANKS, Marco (*) please don't ask why this mismatch... it is one more of the things that I had no time to check myself because I had to migrate without advice...) Il giorno mar 11 dic 2018 alle ore 13:16 Robert Chalmers <racu...@gmail.com> ha scritto: > > > > > Hi again. > > The following settings are from my server. They may not necessarily work with > yours. > > # Smtpd means mails you receive from outside, smtp covers mails you send to > other servers. > > > The notification from Google is telling you that your Reverse DNS does not > point to your server. Are you on a Dynamic IP, or VPS network? > > 550-5.7.1 not meet IPv6 sending guidelines regarding PTR > > Have you tried setting the preferred inet to ipV4.? > > inet_protocols = ipv6, ipv4 > inet_interfaces=all > smtp_address_preference = ipv6 > > Gmail is being very picky about this stuff. You may also need to set up your > authenticated email with Google. See the address shown in your returned email. > > > > You also have an unused parameter smtp_tls_auth_only This apparently > doesn’t exist in postfix’s set of options. > > postconf: warning: /etc/postfix/main.cf: unused parameter: > > smtp_tls_auth_only=yes > > Which I think may be referring to the second line. It should be > smtpd_tls_auth_only. > > Ciphers: > 1. No shared cipher. Did you fix the error in your list of ciphers mentioned > earlier. I doubt you actually need such a big list anyway. > > > smtpd_tls_ciphers = medium > smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL > > smtp_tls_mandatory_ciphers = high > > > > Robert > > > > > On 11 Dec 2018, at 10:35, Marco Fioretti <marco.fiore...@gmail.com> wrote: > > > > hello all, > > this is the same server, same situation for which I asked for help > > yesterday. Right now, after trying to test and follow up the advice > > received, this is the status: > > > > IMAPS: not working yet because of SSL "no shared cipher". Details > > here: https://dovecot.org/pipermail/dovecot/2018-December/113862.html > > > > POSTFIX: with the current configuration (see postconf -n output below) > > it seems I can: > > > > * receive email from all the mailing lists/newsletters I am subscribed to > > > > * connect with mutt from my home computer, and send email through this > > server to any other MTA I could use for testing, with two > > "exceptions": > > > > gmail still refuses connection, see below what I got from the last > > test a few minutes ago > > > > one server does accepts and deliver my messages, but flags them as > > spam (no idea why, all I see is a "X-Spam-Flag: YES" header... > > > > NOTIFICATION BY GMAIL: > > > > <marco.fiore...@gmail.com>: host > > gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1b] said: 550-5.7.1 > > [XXXXXXXXXXXX] Our system has detected that this message does > > 550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and > > 550-5.7.1 authentication. Please review 550-5.7.1 > > https://support.google.com/mail/?p=IPv6AuthError for more information 550 > > 5.7.1 . t6si9122052wrw.74 - gsmtp (in reply to end of DATA command) > > > > Fact is, "XXXXXXXXXXXX" is the ipv6 address of the server for which I > > *did* add a reverse entry some hours ago (and I had done the same for > > the ipv4 dns record yesterday). In other words, I don't know what else > > I could / should do at this point on the DNS side. > > > > Here is the output of postconf -n: > > > > alias_database = hash:/etc/aliases > > alias_maps = hash:/etc/aliases > > command_directory = /usr/sbin > > config_directory = /etc/postfix > > daemon_directory = /usr/libexec/postfix > > debug_peer_level = 2 > > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin > > xxgdb $daemon_directory/$process_name $process_id & sleep 5 > > disable_vrfy_command = yes > > html_directory = /usr/share/doc/postfix-2.4.3-documentation/html > > inet_interfaces = all > > mail_owner = postfix > > mailq_path = /usr/bin/mailq.postfix > > manpage_directory = /usr/share/man > > mydestination = $myhostname, localhost > > mydomain = $myhostname > > myhostname = a.mx.MYDOMAIN > > mynetworks = 127.0.0.0/8, my.home.ip.address > > myorigin = $mydomain > > newaliases_path = /usr/bin/newaliases.postfix > > non_smtpd_milters = inet:localhost:8891 > > procmail_destination_recipient_limit = 1 > > queue_directory = /var/spool/postfix > > readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme > > relay_domains = > > sample_directory = /etc/postfix > > sender_dependent_relayhost_maps = hash:/etc/postfix/mymaps/relayhost_maps > > sendmail_path = /usr/sbin/sendmail.postfix > > setgid_group = postdrop > > smtp_sasl_auth_enable = yes > > smtp_sasl_mechanism_filter = > > smtp_sasl_password_maps = hash:/etc/postfix/mymaps/sasl_passwd > > smtp_sasl_security_options = noanonymous > > smtp_sasl_tls_security_options = noanonymous > > smtp_sasl_type = cyrus > > smtp_sender_dependent_authentication = yes > > smtp_tls_security_level = may > > smtpd_helo_required = yes > > smtpd_helo_restrictions = > > smtpd_milters = inet:localhost:8891 > > smtpd_recipient_restrictions = reject_invalid_hostname, > > reject_non_fqdn_hostname, reject_non_fqdn_sender, > > reject_non_fqdn_recipient, reject_unknown_sender_domain, > > reject_unknown_recipient_domain, permit_mynetworks, > > permit_sasl_authenticated, reject_unauth_destination, > > check_helo_access hash:/etc/postfix/reject_own_helo, > > check_policy_service unix:postgrey/socket > > smtpd_sasl_auth_enable = yes > > smtpd_sasl_path = /var/spool/postfix/private/auth > > smtpd_sasl_type = dovecot > > smtpd_tls_auth_only = yes > > smtpd_tls_cert_file = /etc/letsencrypt/archive/MYDOMAIN/fullchain1.pem > > smtpd_tls_key_file = /etc/letsencrypt/archive/MYDOMAIN/privkey1.pem > > smtpd_tls_loglevel = 1 > > smtpd_tls_security_level = may > > strict_rfc821_envelopes = yes > > unknown_address_reject_code = 554 > > unknown_client_reject_code = 554 > > unknown_hostname_reject_code = 554 > > unknown_local_recipient_reject_code = 550 > > virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map > > virtual_gid_maps = static:5000 > > virtual_mailbox_base = /var/mail/mymail_storage > > virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map > > virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map > > virtual_transport = procmail > > virtual_uid_maps = static:5000 > > postconf: warning: /etc/postfix/main.cf: unused parameter: > > smtp_tls_auth_only=yes > > Robert Chalmers > https://robert-chalmers.uk > aut...@robert-chalmers.uk > @R_A_Chalmers >
