Re: Need help with mail server configuration
I received it (even in Thunderbird)! May I ask how did you do that? I tried so many ways today but none worked... I clicked "New Message" in Thunderbird, entered your email and hit send. :-) Have you tried sending from your nogafam.eu address? telnet mail.ivanroth.fr 25 times out, same for nc -4 mail.ivanroth.fr 25 mail command sends no error but no message is received. To little information to help. Don't know what you entered, nor what the corresponding service logs were. What I would do at this stage is, I would run smtpd in the foreground with verbose output, to see it live reacting to inputs. "smtpd -dvvv" I changed the smtpd.conf to listen to 465: -listen on 0.0.0.0 tls pki mail.ivanroth.fr filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } -listen on 0.0.0.0 port submission tls-require pki mail.ivanroth.fr auth filter rspamd +listen on 0.0.0.0 port 25 tls pki mail.ivanroth.fr filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } +listen on 0.0.0.0 port 465 smtps pki mail.ivanroth.fr auth filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } +listen on 0.0.0.0 port submission tls-require pki mail.ivanroth.fr auth filter rspamd does this looks good to you? You have two different filter sets for 465 and 587. Both ports a for you/your users to send mail. (Aka with Thunderbird) So I wouldn't use check_dyndns/etc. for 465. All public mail will be over 25. Also, you aren't forcing the right hostname. Did you change the computers hostname instead? When restarting the opensmtpd service, I noticed the following warnings: warn: invalid envelope e84235315f00364e: unknown dispatcher warn: invalid envelope b6797a98aad69976: unknown dispatcher what do they mean? You have two mails in the queue that can't be send/delivered. Happens when you have unfinished config and testing around. "smtpctl show queue" "smtpctl remove e84235315f00364e" "smtpctl remove b6797a98aad69976"
Re: Need help with mail server configuration
Hi, Thank you for your reply. I spent a couple of hours on this today with not much luck. Please find my replies below. Than check what is blocking port 25. Is it your Debian firewall or your VPS provider. There is no VPS provider firewall. The one I can use is disabled. I asked support if there were any firewall beyond mine and their answer is no. I should get full access to any port I may need. On the VPS, iptables is set to ACCEPT in every way, INPUT, OUTPUT and FORWARD. I added explicit ACCEPT rules for testing but did not get better results. But everything looks good now, all ports are publicly reachable. I did send you a test mail and your sever accepted it. (In plaintext but still.) I also gave http://www.antispam-ufrj.pads.ufrj.br/test-relay.html a shot. It reached your server. It couldn't do it the last time. Still, I can reach port 587 in addition do 143 but no 25 nor 465 and 993. I can reach all, except for 465. But that is ok because according to your smtpd.conf the server isn't listening on it. Here is my smtpd.conf: pki mail.ivanroth.fr cert "/etc/letsencrypt/live/mail.ivanroth.fr/fullchain.pem" pki mail.ivanroth.fr key "/etc/letsencrypt/live/mail.ivanroth.fr/privkey.pem" filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } junk filter check_rdns phase connect match !rdns junk filter check_fcrdns phase connect match !fcrdns junk filter senderscore proc-exec "filter-senderscore -junkBelow 70 -slowFactor 5000" filter rspamd proc-exec "filter-rspamd" table aliases file:/etc/aliases listen on 0.0.0.0 tls pki mail.ivanroth.fr \ filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } listen on 0.0.0.0 port submission tls-require pki mail.ivanroth.fr auth filter rspamd Your sever greets the world with 220 ivanroth.fr ESMTP OpenSMTPD which is the wrong hostname, which leads to "opportunistic TLS failed, downgrading to plain". Try forcing the right hostname: listen on 0.0.0.0 hostname mail.ivanroth.fr tls pki mail.ivanroth.fr \ filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } listen on 0.0.0.0 port submission tls-require \ hostname mail.ivanroth.fr pki mail.ivanroth.fr auth \ filter rspamd #listen on ens3 tls pki mail.ivanroth.fr filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd } #listen on ens3 port submission tls-require pki mail.ivanroth.fr auth filter rspamd action "local_mail" maildir junk alias action "outbound" relay helo mail.ivanroth.fr match from any for domain "ivanroth.fr" action "local_mail" match for local action "local_mail" match from any auth for any action "outbound" match for any action "outbound" If I'm not mistaken, the last line is redundant. (Without a "from", "from local" is implied, which intern implies "auth". Which is covered by the line "from any auth" before it.) $ nmap localhost Starting Nmap 7.93 ( https://nmap.org ) at 2023-11-10 21:58 CET Nmap scan report for localhost (127.0.0.1) Host is up (0.00028s latency). Other addresses for localhost (not scanned): ::1 Not shown: 993 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 143/tcp open imap 443/tcp open https 587/tcp open submission 993/tcp open imaps Every port is reachable from the public now. (For me at least.) Only you can tell if you went overboard with opening up everything.
Re: Need help with mail server configuration
Hello, I am running a Debian 12 server hosted at OVH. It's a fresh VPS, and the domain I'm using for that test is ivanroth.fr, with the subdomain mail.ivanroth.fr as advised in the article. DNS and rDNS seems fine, host and dig reply what they are supposed to. On the server, I created an account with my first name (ivan) and I am using i...@ivanroth.fr as the test mail address. * I cannot send a mail to myself (i...@ivanroth.fr) using mutt from the server * I cannot send from the outside to that address * I cannot send from that address using Thunderbird When looking at systemctl status opensmtpd, I see some errors I don't understand like : debian opensmtpd smtp-out: No valid route for [connector:[]->[relay:ivanroth.fr,smtp],0x0] Your smtp server can't be reached by others. $ nc -4 mail.ivanroth.fr 25 Closes immediately: Server isn't running or firewall answers with REJECT. It could be a iptables firewall on your VPS as well as one from OVH. (I don't know OVH but I do know that some VPS providers have a extra firewall you need to configure separately.) $ nc -6 mail.ivanroth.fr 25 Eventually times out: IPv6 not working or a firewall is configured to just DROP incoming packages. (I can't even ping your IPv6 address, while IPv4 works.) From all the ports(25, 465, 587, 143, 993) I have tested only IPv4 IMAP(143) is reachable. (Which is consistent with you saying Thunderbird reading works.) $ nc -4 mail.ivanroth.fr 143 * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED] Dovecot (Debian) ready. ^C I don't really know where to start digging. If someone could point me to some direction, it would be nice. I would first suggest to get IPv4 working and therefore temporarily removing the record from mail.ivanroth.fr. Than check what is blocking port 25. Is it your Debian firewall or your VPS provider. You than most likely want to unblock port 465 or 587 for mail submission with Thunderbird. If after that you still have problems post your entire smptd.conf please. Last step. Fix IPv6.