Quantcast
Channel: iRedMail — iRedMail Support
Viewing all 12101 articles
Browse latest View live

Change default Maildir and home with AD integrated

February 1, 2018, 6:40 am
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7 OPENLDAP edition
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,
I have the problem that I can't figure out where to change the settings that all old and new AD users get a specific home and Maildir.
I'm running the iRedMail Mailserver, the Samba Active Diretory Server and a Fileserver all on Ubuntu 16.04, all servers have a NFS share from the Fileserver mapped on /home/domainname_without_toplevel/profiles/. I installed iRedMail normally on an AD joined server and later configured AD connect with the official guide.
I want that the default homedir=/home/domainname_without_toplevel/profiles/username_without_domain and the maildir=/home/domainname_without_toplevel/profiles/username_without_domain/Maildir.
I tried many different settings in postfix(main.cf, ad***.cf) and dovecot(dovecot.conf, settings.py,default_settings.py, iredutils.py)  but still the home and maildir are set to /var/vmail/vmail1/...
I'm using vmail as AD connect user with Domain Admin permissions and full rights on the mapped NFS share.
Best would be to extract the home/maildir from the AD account itself but I doubt it is possible?

Extract of the dovecot.log from first login of a new AD user:

Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Module loaded: /usr/lib/dovecot/modules/lib20_mailbox_alias_plugin.so
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Added userdb setting: mail=maildir:/var/vmail/vmail1/domain.tld/mail2/Maildir/
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Effective uid=2000, gid=2000, home=/var/vmail/vmail1/domain.tld/mail2/Maildir/
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Home dir not found: /var/vmail/vmail1/domain.tld/mail2/Maildir/
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Quota root: name=user backend=dict args=:proxy::quotadict
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Quota rule: root=user mailbox=* bytes=1073741824 messages=0
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Quota warning: bytes=1073741824 (100%) messages=0 reverse=no command=quota-warning 100 mail2@domain.tld
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Quota warning: bytes=1020054732 (95%) messages=0 reverse=no command=quota-warning 95 mail2@domain.tld
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Quota warning: bytes=966367641 (90%) messages=0 reverse=no command=quota-warning 90 mail2@domain.tld
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Quota warning: bytes=912680550 (85%) messages=0 reverse=no command=quota-warning 85 mail2@domain.tld
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Quota grace: root=user bytes=107374182 (10%)
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: dict quota: user=mail2@domain.tld, uri=proxy::quotadict, noenforcing=0
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Namespace : type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/var/vmail/vmail1/domain.tld/mail2/Maildir/
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: maildir++: root=/var/vmail/vmail1/domain.tld/mail2/Maildir, index=, indexpvt=, control=, inbox=/var/vmail/vmail1/domain.tld/mail2/Maildir, alt=
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Namespace : /var/vmail/vmail1/domain.tld/mail2/Maildir doesn't exist yet, using default permissions
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Namespace : Using permissions from /var/vmail/vmail1/domain.tld/mail2/Maildir: mode=0700 gid=default
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: acl: initializing backend with data: vfile
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: acl: acl username = mail2@domain.tld
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: acl: owner = 1
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: acl vfile: Global ACLs disabled
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: Namespace : type=shared, prefix=Shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=maildir:/home/domain/profiles/mail2@domain.tld/Maildir/:INDEX=/home/domain/profiles/mail2@domain.tld/Maildir/Shared/%Ld/%Ln
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: acl: initializing backend with data: vfile
Feb  1 15:04:00 mailserver dovecot: imap(mail2@domain.tld): Debug: acl: acl username = mail2@domain.tld

Output of :~# doveadm user -u mail2@domain.tld
userdb: mail2@domain.tld
  user      : mail2@domain.tld
  home      : /var/vmail/vmail1/domain.tld/mail2/Maildir/
  mail      : maildir:/var/vmail/vmail1/domain.tld/mail2/Maildir/

I hope someone can help me in this,
Thanks in advance!
Alu

Search

Most popular

February 1, 2018, 1:39 pm
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

What’s the most popular OS and backend?

Ubuntu and MySQL? CentOS and Postgres?

Deleting duplicate messages by Message ID

February 1, 2018, 10:18 pm
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Ubuntu 14.04 LTS
- Store mail accounts in which backend: Mysql
- Web server: nginx
- Manage mail accounts with iRedAdmin-Pro? No

We have our phone system setup to forward all voicemails as wav file attachment’s to 6 or so mailboxes, Once our employees return the voicemails they are really of no use to us and just occupy space on our server.

Does anyone know of a quick way to purge duplicate messages other than connecting to each mailbox via a mail client and deleting them manually or relying on the end users to do it? Since the messages all share the same ESMTP id is there a command that can purge all these duplicate messages by referencing the ESMTP id?

Thanks,
Tim

no logs that my postfix has rejected mail because of size

February 2, 2018, 3:43 am
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 096
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have no logs that my postfix has rejected mail because of size

I just see

Feb  2 12:23:52 mxbck postfix/smtpd[20528]: connect from smtpo.poczta.interia.com[217.74.65.158]
Feb  2 12:23:53 mxbck postfix/smtpd[20528]: lost connection after EHLO from smtpo.poczta.interia.com[217.74.65.158]
Feb  2 12:23:53 mxbck postfix/smtpd[20528]: disconnect from smtpo.poczta.interia.com[217.74.65.158]

there is no info that it was mail too big ... can I change it to see that?

Problems with authentication

February 2, 2018, 5:52 am
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7 MARIADB edition.
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello, after changing the password through the IredAdmin panel, users can not configure the email in Outlook. Always keeps showing that the password is incorrect. I can enter through the webmail and send and receive emails.

mbox support

February 2, 2018, 11:47 am
$
0
0

does iRedMail support mbox? or it only supports maildir?

SMTP Login Refused

February 2, 2018, 4:17 pm
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release):  0.9.7
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
====

I'm using AWS as the host, so I'm unsure of whether some errors are coming from that end or not. However, I have ports 143, 465, 993, 995, 587, and 25 open. In addition, the subdomain mail points to the ELB, not the IP. I did not touch the IPTables settings. I'm trying to connect via IMAP/SMTP through port 143 and 587 utilizing TLS.

A couple errors I've received:

Feb  2 23:56:33 mail postfix/submission/smtpd[2975]: connect from unknown[198.199.98.246]
Feb  2 23:56:33 mail postfix/submission/smtpd[2975]: lost connection after CONNECT from unknown[198.199.98.246]
Feb  2 23:56:33 mail postfix/submission/smtpd[2975]: disconnect from unknown[198.199.98.246] commands=0/0
Feb  2 23:59:54 mail postfix/anvil[2978]: statistics: max connection rate 1/60s for (submission:198.199.98.246) at Feb  2 23:56:33
Feb  2 23:59:54 mail postfix/anvil[2978]: statistics: max connection count 1 for (submission:198.199.98.246) at Feb  2 23:56:33
Feb  2 23:59:54 mail postfix/anvil[2978]: statistics: max cache size 1 at Feb  2 23:56:33
Feb  2 23:56:37 mail dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=198.199.98.246, lip=10.0.0.238, session=<242AdkNkOtHGx2L2>

amavisd error message

February 3, 2018, 12:19 am
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

In the daily logwatch report, I see this error message in the Amavisd-new section :

<code>
**Unmatched Entries**
        1   message repeated 3 times: [ (03255-04) (!)WARN save_info_final: sql exec: err=1366, HY000, DBD::mysql::st execute failed: Incorrect string value: '\\xF0\\x9F\\x91\\x80' for column 'subject' at row 1 at (eval 99) line 172.]
</code>

On other days this message can be repeated.

How do I diagnose this ?  I am not sure what file it is referring to.

Thank you

Search

Training the spam filter

February 4, 2018, 9:26 am
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Ubuntu
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hallo,

In the last weeks I receive more SPAM mails about sexual enhancers and bitcoins. Is it possible to configure or train the spam filter so that users are no longer annoyed by these mails?

Many thanks in advance!

iredapd throttle_tracking

February 4, 2018, 11:07 am
$
0
0

======== Required information ====
- iRedMail version 0.9.7
- Linux/BSD distribution name and version: Debian 8.10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello, just wondering what is cur_quota number in that table? I have set 500 msgs per day globally on all users and I have tested it on my account. I have sent one email and cur_quota is 400. After second email that number is 800. After one more is 1200...

Tested sending with second account, after first sent record in table is shown and cur_quota is 405. After second email sent number is 804.

Mail rejected & white list fails

February 1, 2018, 12:34 pm
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release):   0.9.7
- Linux/BSD distribution name and version:    CentOS 6.9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):   MySQL
- Web server (Apache or Nginx):  Nginx
- Manage mail accounts with iRedAdmin-Pro?  yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
/var/log/maillog
====


Mail rejected -- white list fails in Admin-Pro

Mail rejected with multiple entries of following in logs.  Appear bad DNS on their system but white listing the IP in our control panel did not open up for acceptance.   

Jan 30 11:53:27 mail02 postfix/smtpd[461]: NOQUEUE: reject: RCPT from mail2.navyfederal.org[199.204.166.208]: 450 4.7.1 <wch-ironmail-ce.navyfederal.org>: Helo command rejected: Host not found; from=<some_user@navyfederal.org> to=<local_user@hosted_iredmail_system> proto=ESMTP helo=<wch-ironmail-ce.navyfederal.org>

Jan 30 12:22:42 mail02 postfix/smtpd[1874]: NOQUEUE: reject: RCPT from anchor.navyfederal.org[199.204.164.208]: 450 4.7.1 <gunwale.navyfederal.org>: Helo command rejected: Host not found; from=<some_user@navyfederal.org> to=<local_user@hosted_iredmail_system> proto=ESMTP helo=<gunwale.navyfederal.org>

spf check on hotmail

February 5, 2018, 4:47 am
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Linux/BSD distribution name and version: Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi i dont know why only in hotmail im getting this error in headers:

Authentication-Results: spf=temperror (sender IP is 78.46.46.53)
smtp.mailfrom=e-innove.com; hotmail.com; dkim=pass (signature was verified)
header.d=e-innove.com;hotmail.com; dmarc=temperror action=none
header.from=e-innove.com;
Received-SPF: TempError (protection.outlook.com: error in processing during
lookup of e-innove.com: DNS Timeout)

With gmail all pass good. And other test are saying spf and dmarc are ok.

Internal Server error after updates pakages

February 5, 2018, 1:55 pm
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: freebsd 11.1-Release amd 64
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):apache
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi All.

After update all pakages with portupgrade i receive "internal server error" on login page.

Follows log from apache:

[Mon Feb 05 19:48:43.761204 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007] Traceback (most recent call last):
[Mon Feb 05 19:48:43.761294 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]   File "/usr/local/lib/python2.7/site-packages/web/application.py", line 239, in process
[Mon Feb 05 19:48:43.761313 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]     return self.handle()
[Mon Feb 05 19:48:43.761327 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]   File "/usr/local/lib/python2.7/site-packages/web/application.py", line 230, in handle
[Mon Feb 05 19:48:43.761342 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]     return self._delegate(fn, self.fvars, args)
[Mon Feb 05 19:48:43.761356 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]   File "/usr/local/lib/python2.7/site-packages/web/application.py", line 458, in _delegate
[Mon Feb 05 19:48:43.761420 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]     mod = __import__(mod, None, None, [''])
[Mon Feb 05 19:48:43.761428 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]   File "/usr/local/www/iredadmin/controllers/ldap/basic.py", line 13, in <module>
[Mon Feb 05 19:48:43.761434 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]     from libs.ldaplib import auth, decorators, ldaputils, attrs
[Mon Feb 05 19:48:43.761440 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]   File "/usr/local/www/iredadmin/libs/ldaplib/decorators.py", line 7, in <module>
[Mon Feb 05 19:48:43.761445 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]     from libs.ldaplib.general import is_domain_admin
[Mon Feb 05 19:48:43.761451 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]   File "/usr/local/www/iredadmin/libs/ldaplib/general.py", line 11, in <module>
[Mon Feb 05 19:48:43.761472 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]     from libs.ldaplib import ldaputils, attrs, deltree
[Mon Feb 05 19:48:43.761480 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]   File "/usr/local/www/iredadmin/libs/ldaplib/deltree.py", line 5, in <module>
[Mon Feb 05 19:48:43.761497 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]     class DeleteLeafs(ldap.async.AsyncSearchHandler):
[Mon Feb 05 19:48:43.761525 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]   File "/usr/local/www/iredadmin/libs/ldaplib/deltree.py", line 9, in DeleteLeafs
[Mon Feb 05 19:48:43.761550 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007]     _entryResultTypes = ldap.async._entryResultTypes
[Mon Feb 05 19:48:43.761577 2018] [wsgi:error] [pid 39324] [remote 187.26.216.70:42007] AttributeError: 'module' object has no attribute '_entryResultTypes'

Which version of services (postfix, dovecot...) are installed

February 5, 2018, 4:15 pm
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Does iredmail provide a file telling me about the versions of services it has installed?

Sogo Contacts error

February 6, 2018, 6:17 am
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Pro
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I've noticed recent errors with Sogo contacts. From sogo.log

Feb 06 17:07:32 sogod [28632]: <0x0x7f7d2d080060[GCSFolder]> ERROR(-[GCSFolder writeContent:fromComponent:container:toName:baseVersion:]): cannot insert content : <MySQL4Exception: 0x7f7d2cf5e030> NAME:ExecutionFailed REASON:Unknown column 'c_hascertificate' in 'field list'
Feb 06 17:07:32 sogod [28632]: [ERROR] <0x7f7d2d024880[SOGoContactGCSEntry]:6FD4-5A79B680-1-50C19780.vcf> write failed: <MySQL4Exception: 0x7f7d2cf5e030> NAME:ExecutionFailed REASON:Unknown column 'c_hascertificate' in 'field list'

It is not possible to add new contacts.

Search

502 Bad Gateway

February 6, 2018, 7:23 am
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7 OPENLDAP edition
- Linux/BSD distribution name and version: Debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Best I can tell after a recent set of updates I am getting this message when accessing the mail folder from Roundcube.  Going to the admin page in roundcube works fine.
Mail is working and can access it through a mail client app.

Server suddenly refusing connection

February 6, 2018, 7:34 am
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Debian Jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):MySQL
- Web server (Apache or Nginx):Apache
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,
since few days, I have strange behaviour of my IredMail server: the server suddenly started refusing connections to port

25 from our spam provider. After I reboot the server our provider is able to deliver queued mails for aproximatly 10

minutes. After this time connections to the same port are refused again.
I couldn't find anything in mail.log, a trace with tcpdump shows that IredMail server sends back an ICMP message with

"port smtp unreachable". Are there any settings I missed?

16:12:24.781025 IP (tos 0xc0, ttl 64, id 56967, offset 0, flags [none], proto ICMP (1), length 88)
    [iredmailserver] > [provider]: ICMP [iredmailserver] tcp port smtp unreachable, length 68
        IP (tos 0x0, ttl 59, id 28331, offset 0, flags [DF], proto TCP (6), length 60)
    [provider].50012 > [iredmailserver].smtp: Flags [S], cksum 0xca29 (correct), seq 2866150684, win 14600, options [mss

1460,sackOK,TS val 3399790348 ecr 0,nop,wscale 2], length 0
16:12:24.801142 IP (tos 0x0, ttl 59, id 4675, offset 0, flags [DF], proto TCP (6), length 60)
    [provider].50070 > [iredmailserver].smtp: Flags [S], cksum 0x26aa (correct), seq 2443819386, win 14600, options [mss

1460,sackOK,TS val 3399790368 ecr 0,nop,wscale 2], length 0
16:12:26.801159 IP (tos 0x0, ttl 59, id 4676, offset 0, flags [DF], proto TCP (6), length 60)
    [provider].50070 > [iredmailserver].smtp: Flags [S], cksum 0x1eda (correct), seq 2443819386, win 14600, options [mss

1460,sackOK,TS val 3399792368 ecr 0,nop,wscale 2], length 0
16:12:26.801212 IP (tos 0xc0, ttl 64, id 56968, offset 0, flags [none], proto ICMP (1), length 88)
    [iredmailserver] > [provider]: ICMP [iredmailserver] tcp port smtp unreachable, length 68
        IP (tos 0x0, ttl 59, id 4676, offset 0, flags [DF], proto TCP (6), length 60)
    [provider].50070 > [iredmailserver].smtp: Flags [S], cksum 0x1eda (correct), seq 2443819386, win 14600, options [mss

1460,sackOK,TS val 3399792368 ecr 0,nop,wscale 2], length 0


Thanks in advance

Sender address rejected, please authenticate (in reply to RCPT TO com)

February 6, 2018, 2:23 pm
$
0
0 
==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.

I add second domain to my iredmail instance, configure DNS, check settings via mail-tester.com and I've got score close to 10/10.

For this issue let assume two domains:
domain1.com
domain2.com

When I send email from postmaster@domain1.com via gmail, the email is send correctly.
When I send email from some.account@domain2.com via gmail, the email is sent (and delivered), but I've got a reply from Mail Delivery System:

This is the mail system at host mail.mvpdoers.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<marcin@external-mail-server.com>: host external-mail-server.com[188.XX.XX.XX] said: 550
    5.1.8 Sender address rejected, please authenticate (in reply to RCPT TO
    command)

Logs Case 1 - mail delivered successful from postmaster@domain1.com

Log from /var/log/iredapd/iredapd.log

2018-02-06 22:59:44 DEBUG Connect from 127.0.0.1, port 52716.
2018-02-06 22:59:44 DEBUG smtp session: request=smtpd_access_policy
2018-02-06 22:59:44 DEBUG smtp session: protocol_state=RCPT
2018-02-06 22:59:44 DEBUG smtp session: protocol_name=ESMTP
2018-02-06 22:59:44 DEBUG smtp session: client_address=74.125.82.51
2018-02-06 22:59:44 DEBUG smtp session: client_name=mail-wm0-f51.google.com
2018-02-06 22:59:44 DEBUG smtp session: client_port=50350
2018-02-06 22:59:44 DEBUG smtp session: reverse_client_name=mail-wm0-f51.google.com
2018-02-06 22:59:44 DEBUG smtp session: helo_name=mail-wm0-f51.google.com
2018-02-06 22:59:44 DEBUG smtp session: sender=postmaster@domain1.com
2018-02-06 22:59:44 DEBUG smtp session: recipient=marcin@external-mail-server.com
2018-02-06 22:59:44 DEBUG smtp session: recipient_count=0
2018-02-06 22:59:44 DEBUG smtp session: queue_id=
2018-02-06 22:59:44 DEBUG smtp session: instance=2508.5a7a2550.94298.0
2018-02-06 22:59:44 DEBUG smtp session: size=1260
2018-02-06 22:59:44 DEBUG smtp session: etrn_domain=
2018-02-06 22:59:44 DEBUG smtp session: stress=
2018-02-06 22:59:44 DEBUG smtp session: sasl_method=PLAIN
2018-02-06 22:59:44 DEBUG smtp session: sasl_username=postmaster@domain1.com
2018-02-06 22:59:44 DEBUG smtp session: sasl_sender=
2018-02-06 22:59:44 DEBUG smtp session: ccert_subject=
2018-02-06 22:59:44 DEBUG smtp session: ccert_issuer=
2018-02-06 22:59:44 DEBUG smtp session: ccert_fingerprint=
2018-02-06 22:59:44 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-06 22:59:44 DEBUG smtp session: encryption_protocol=TLSv1.2
2018-02-06 22:59:44 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES128-GCM-SHA256
2018-02-06 22:59:44 DEBUG smtp session: encryption_keysize=128
2018-02-06 22:59:44 DEBUG smtp session: policy_context=
2018-02-06 22:59:44 DEBUG --> Apply plugin: reject_null_sender
2018-02-06 22:59:44 DEBUG <-- Result: DUNNO
2018-02-06 22:59:44 DEBUG --> Apply plugin: wblist_rdns
2018-02-06 22:59:44 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-02-06 22:59:44 DEBUG <-- Result: DUNNO
2018-02-06 22:59:44 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-02-06 22:59:44 DEBUG Sender: postmaster@domain1.com, SASL username: postmaster@domain1.com
2018-02-06 22:59:44 DEBUG SKIP: sender == sasl username.
2018-02-06 22:59:44 DEBUG <-- Result: DUNNO
2018-02-06 22:59:44 DEBUG --> Apply plugin: throttle
2018-02-06 22:59:44 DEBUG Check sender throttling.
2018-02-06 22:59:44 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='outbound' AND account IN ('74.125.82.51', '@ip', 'postmaster@domain1.com', '@domain1.com', '@.', '@.domain1.com', '@.com', '74.125.82.*', '74.125.*.51')
         ORDER BY priority DESC

2018-02-06 22:59:44 DEBUG [SQL] Query result:
[]
2018-02-06 22:59:44 DEBUG No sender throttle setting.
2018-02-06 22:59:44 DEBUG Bypass recipient throttling (found sasl_username).
2018-02-06 22:59:44 DEBUG <-- Result: DUNNO
2018-02-06 22:59:44 DEBUG --> Apply plugin: sql_alias_access_policy
2018-02-06 22:59:44 DEBUG [SQL] query access policy:
SELECT accesspolicy
               FROM alias
              WHERE address='marcin@external-mail-server.com'
              LIMIT 1
2018-02-06 22:59:44 DEBUG SQL query result: None
2018-02-06 22:59:44 DEBUG [SQL] Check whether recipient domain is an alias domain:
SELECT target_domain
                   FROM alias_domain
                  WHERE alias_domain = 'external-mail-server.com'
                  LIMIT 1

2018-02-06 22:59:44 DEBUG [SQL] Query result: None
2018-02-06 22:59:44 DEBUG Recipient domain is not an alias domain.
2018-02-06 22:59:44 DEBUG <-- Result: DUNNO Recipient is not a mail alias account or no access policy
2018-02-06 22:59:44 DEBUG --> Apply plugin: amavisd_wblist
2018-02-06 22:59:44 DEBUG Possible policy senders: ['postmaster@domain1.com', '@domain1.com', '@.', '@.domain1.com', '@.com', '74.125.82.51', '74.125.82.*', '74.125.*.51']
2018-02-06 22:59:44 DEBUG Possible policy recipients: ['marcin@external-mail-server.com', '@external-mail-server.com', '@.', '@.external-mail-server.com', '@.pl']
2018-02-06 22:59:44 DEBUG Apply wblist for outbound message.
2018-02-06 22:59:44 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('postmaster@domain1.com', '@domain1.com', '@.', '@.domain1.com', '@.com', '74.125.82.51', '74.125.82.*', '74.125.*.51')
           ORDER BY priority DESC
2018-02-06 22:59:44 DEBUG Local addresses (in `users`): [(1, '@.')]
2018-02-06 22:59:44 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('marcin@external-mail-server.com', '@external-mail-server.com', '@.', '@.external-mail-server.com', '@.pl')
           ORDER BY priority DESC
2018-02-06 22:59:44 DEBUG No record found in SQL database.
2018-02-06 22:59:44 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '74.%%'
           ORDER BY priority DESC
2018-02-06 22:59:44 DEBUG No valid sender id or recipient id.
2018-02-06 22:59:44 DEBUG [SQL] query local domain (external-mail-server.com):
SELECT domain
                   FROM domain
                  WHERE domain='external-mail-server.com'
                  LIMIT 1
2018-02-06 22:59:44 DEBUG SQL query result: None
2018-02-06 22:59:44 DEBUG [SQL] query alias domains (external-mail-server.com):
SELECT alias_domain
                   FROM alias_domain
                  WHERE alias_domain='external-mail-server.com' OR target_domain='external-mail-server.com'
                  LIMIT 1
2018-02-06 22:59:44 DEBUG SQL query result: None
2018-02-06 22:59:44 DEBUG <-- Result: DUNNO
2018-02-06 22:59:44 DEBUG Session ended.
2018-02-06 22:59:44 INFO [74.125.82.51] RCPT, postmaster@domain1.com => marcin@external-mail-server.com, DUNNO [0.0072s]
2018-02-06 22:59:44 DEBUG smtp session: request=smtpd_access_policy
2018-02-06 22:59:44 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-02-06 22:59:44 DEBUG smtp session: protocol_name=ESMTP
2018-02-06 22:59:44 DEBUG smtp session: client_address=74.125.82.51
2018-02-06 22:59:44 DEBUG smtp session: client_name=mail-wm0-f51.google.com
2018-02-06 22:59:44 DEBUG smtp session: client_port=50350
2018-02-06 22:59:44 DEBUG smtp session: reverse_client_name=mail-wm0-f51.google.com
2018-02-06 22:59:44 DEBUG smtp session: helo_name=mail-wm0-f51.google.com
2018-02-06 22:59:44 DEBUG smtp session: sender=postmaster@domain1.com
2018-02-06 22:59:44 DEBUG smtp session: recipient=marcin@external-mail-server.com
2018-02-06 22:59:44 DEBUG smtp session: recipient_count=1
2018-02-06 22:59:44 DEBUG smtp session: queue_id=9F2501C0B11
2018-02-06 22:59:44 DEBUG smtp session: instance=2508.5a7a2550.94298.0
2018-02-06 22:59:44 DEBUG smtp session: size=1260
2018-02-06 22:59:44 DEBUG smtp session: etrn_domain=
2018-02-06 22:59:44 DEBUG smtp session: stress=
2018-02-06 22:59:44 DEBUG smtp session: sasl_method=PLAIN
2018-02-06 22:59:44 DEBUG smtp session: sasl_username=postmaster@domain1.com
2018-02-06 22:59:44 DEBUG smtp session: sasl_sender=
2018-02-06 22:59:44 DEBUG smtp session: ccert_subject=
2018-02-06 22:59:44 DEBUG smtp session: ccert_issuer=
2018-02-06 22:59:44 DEBUG smtp session: ccert_fingerprint=
2018-02-06 22:59:44 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-06 22:59:44 DEBUG smtp session: encryption_protocol=TLSv1.2
2018-02-06 22:59:44 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES128-GCM-SHA256
2018-02-06 22:59:44 DEBUG smtp session: encryption_keysize=128
2018-02-06 22:59:44 DEBUG smtp session: policy_context=
2018-02-06 22:59:44 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-02-06 22:59:44 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-02-06 22:59:44 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-02-06 22:59:44 DEBUG --> Apply plugin: throttle
2018-02-06 22:59:44 DEBUG Check sender throttling.
2018-02-06 22:59:44 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='outbound' AND account IN ('74.125.82.51', '@ip', 'postmaster@domain1.com', '@domain1.com', '@.', '@.domain1.com', '@.com', '74.125.82.*', '74.125.*.51')
         ORDER BY priority DESC

2018-02-06 22:59:44 DEBUG [SQL] Query result:
[]
2018-02-06 22:59:44 DEBUG No sender throttle setting.
2018-02-06 22:59:44 DEBUG Bypass recipient throttling (found sasl_username).
2018-02-06 22:59:44 DEBUG <-- Result: DUNNO
2018-02-06 22:59:44 DEBUG Skip plugin: sql_alias_access_policy (protocol_state != END-OF-MESSAGE)
2018-02-06 22:59:44 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-02-06 22:59:44 DEBUG Session ended.
2018-02-06 22:59:44 INFO [74.125.82.51] END-OF-MESSAGE, postmaster@domain1.com => marcin@external-mail-server.com, DUNNO [0.0019s]

Log from /var/log/postfix

Feb  6 22:59:44 mail postfix/submission/smtpd[9480]: connect from mail-wm0-f51.google.com[74.125.82.51]
Feb  6 22:59:44 mail postfix/submission/smtpd[9480]: Anonymous TLS connection established from mail-wm0-f51.google.com[74.125.82.51]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Feb  6 22:59:44 mail postfix/submission/smtpd[9480]: 9F2501C0B11: client=mail-wm0-f51.google.com[74.125.82.51], sasl_method=PLAIN, sasl_username=postmaster@domain1.com
Feb  6 22:59:44 mail postfix/cleanup[9489]: 9F2501C0B11: message-id=<CAGbp93tM+uB=QknDwV=TR-_YL3LWj+qFnPOBz1ZnZsT2PXKhJg@mail.gmail.com>
Feb  6 22:59:44 mail postfix/qmgr[5093]: 9F2501C0B11: from=<postmaster@domain1.com>, size=1473, nrcpt=1 (queue active)
Feb  6 22:59:44 mail postfix/submission/smtpd[9480]: disconnect from mail-wm0-f51.google.com[74.125.82.51] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
Feb  6 22:59:45 mail postfix/10025/smtpd[9499]: connect from localhost[127.0.0.1]
Feb  6 22:59:45 mail postfix/10025/smtpd[9499]: A11241C0B1F: client=localhost[127.0.0.1]
Feb  6 22:59:45 mail postfix/cleanup[9489]: A11241C0B1F: message-id=<CAGbp93tM+uB=QknDwV=TR-_YL3LWj+qFnPOBz1ZnZsT2PXKhJg@mail.gmail.com>
Feb  6 22:59:45 mail postfix/qmgr[5093]: A11241C0B1F: from=<postmaster@domain1.com>, size=2535, nrcpt=1 (queue active)
Feb  6 22:59:45 mail amavis[2102]: (02102-04) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [74.125.82.51]:50350 [74.125.82.51] <postmaster@domain1.com> -> <marcin@external-mail-server.com>, Queue-ID: 9F2501C0B11, Message-ID: <CAGbp93tM+uB=QknDwV=TR-_YL3LWj+qFnPOBz1ZnZsT2PXKhJg@mail.gmail.com>, mail_id: 73HOrY8VnkgU, Hits: -0.999, size: 1473, queued_as: A11241C0B1F, dkim_new=dkim:domain1.com, 1007 ms, Tests: [ALL_TRUSTED=-1,HTML_MESSAGE=0.001]
Feb  6 22:59:45 mail postfix/10025/smtpd[9499]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Feb  6 22:59:45 mail postfix/amavis/smtp[9494]: 9F2501C0B11: to=<marcin@external-mail-server.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.1, delays=0.09/0.01/0/1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as A11241C0B1F)
Feb  6 22:59:45 mail postfix/qmgr[5093]: 9F2501C0B11: removed
Feb  6 22:59:46 mail postfix/smtp[9500]: Untrusted TLS connection established to external-mail-server.com[188.XX.XX.XX]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb  6 22:59:46 mail postfix/smtp[9500]: A11241C0B1F: to=<marcin@external-mail-server.com>, relay=external-mail-server.com[188.XX.XX.XX]:25, delay=0.48, delays=0.05/0.01/0.32/0.1, dsn=2.0.0, status=sent (250 2.0.0 Message accepted.)
Feb  6 22:59:46 mail postfix/qmgr[5093]: A11241C0B1F: removed

Logs Case 2 - mail delivered, but notice from Mail Delivery System some.account@domain2.com

Log from /var/log/iredapd/iredapd.log

2018-02-06 23:13:48 DEBUG Connect from 127.0.0.1, port 54766.
2018-02-06 23:13:48 DEBUG smtp session: request=smtpd_access_policy
2018-02-06 23:13:48 DEBUG smtp session: protocol_state=RCPT
2018-02-06 23:13:48 DEBUG smtp session: protocol_name=ESMTP
2018-02-06 23:13:48 DEBUG smtp session: client_address=74.125.82.43
2018-02-06 23:13:48 DEBUG smtp session: client_name=mail-wm0-f43.google.com
2018-02-06 23:13:48 DEBUG smtp session: client_port=39026
2018-02-06 23:13:48 DEBUG smtp session: reverse_client_name=mail-wm0-f43.google.com
2018-02-06 23:13:48 DEBUG smtp session: helo_name=mail-wm0-f43.google.com
2018-02-06 23:13:48 DEBUG smtp session: sender=some.account@domain2.com
2018-02-06 23:13:48 DEBUG smtp session: recipient=marcin@external-mail-server.com
2018-02-06 23:13:48 DEBUG smtp session: recipient_count=0
2018-02-06 23:13:48 DEBUG smtp session: queue_id=
2018-02-06 23:13:48 DEBUG smtp session: instance=2e8c.5a7a289c.b16a3.0
2018-02-06 23:13:48 DEBUG smtp session: size=3057
2018-02-06 23:13:48 DEBUG smtp session: etrn_domain=
2018-02-06 23:13:48 DEBUG smtp session: stress=
2018-02-06 23:13:48 DEBUG smtp session: sasl_method=PLAIN
2018-02-06 23:13:48 DEBUG smtp session: sasl_username=some.account@domain2.com
2018-02-06 23:13:48 DEBUG smtp session: sasl_sender=
2018-02-06 23:13:48 DEBUG smtp session: ccert_subject=
2018-02-06 23:13:48 DEBUG smtp session: ccert_issuer=
2018-02-06 23:13:48 DEBUG smtp session: ccert_fingerprint=
2018-02-06 23:13:48 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-06 23:13:48 DEBUG smtp session: encryption_protocol=TLSv1.2
2018-02-06 23:13:48 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES128-GCM-SHA256
2018-02-06 23:13:48 DEBUG smtp session: encryption_keysize=128
2018-02-06 23:13:48 DEBUG smtp session: policy_context=
2018-02-06 23:13:48 DEBUG --> Apply plugin: reject_null_sender
2018-02-06 23:13:48 DEBUG <-- Result: DUNNO
2018-02-06 23:13:48 DEBUG --> Apply plugin: wblist_rdns
2018-02-06 23:13:48 DEBUG Found SASL username, bypass rDNS check for outbound.
2018-02-06 23:13:48 DEBUG <-- Result: DUNNO
2018-02-06 23:13:48 DEBUG --> Apply plugin: reject_sender_login_mismatch
2018-02-06 23:13:48 DEBUG Sender: some.account@domain2.com, SASL username: some.account@domain2.com
2018-02-06 23:13:48 DEBUG SKIP: sender == sasl username.
2018-02-06 23:13:48 DEBUG <-- Result: DUNNO
2018-02-06 23:13:48 DEBUG --> Apply plugin: throttle
2018-02-06 23:13:48 DEBUG Check sender throttling.
2018-02-06 23:13:48 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='outbound' AND account IN ('74.125.82.43', '@ip', 'some.account@domain2.com', '@domain2.com', '@.', '@.domain2.com', '@.com', '74.125.82.*', '74.125.*.43')
         ORDER BY priority DESC

2018-02-06 23:13:48 DEBUG [SQL] Query result:
[]
2018-02-06 23:13:48 DEBUG No sender throttle setting.
2018-02-06 23:13:48 DEBUG Bypass recipient throttling (found sasl_username).
2018-02-06 23:13:48 DEBUG <-- Result: DUNNO
2018-02-06 23:13:48 DEBUG --> Apply plugin: sql_alias_access_policy
2018-02-06 23:13:48 DEBUG [SQL] query access policy:
SELECT accesspolicy
               FROM alias
              WHERE address='marcin@external-mail-server.com'
              LIMIT 1
2018-02-06 23:13:48 DEBUG SQL query result: None
2018-02-06 23:13:48 DEBUG [SQL] Check whether recipient domain is an alias domain:
SELECT target_domain
                   FROM alias_domain
                  WHERE alias_domain = 'external-mail-server.com'
                  LIMIT 1

2018-02-06 23:13:48 DEBUG [SQL] Query result: None
2018-02-06 23:13:48 DEBUG Recipient domain is not an alias domain.
2018-02-06 23:13:48 DEBUG <-- Result: DUNNO Recipient is not a mail alias account or no access policy
2018-02-06 23:13:48 DEBUG --> Apply plugin: amavisd_wblist
2018-02-06 23:13:48 DEBUG Possible policy senders: ['some.account@domain2.com', '@domain2.com', '@.', '@.domain2.com', '@.com', '74.125.82.43', '74.125.82.*', '74.125.*.43']
2018-02-06 23:13:48 DEBUG Possible policy recipients: ['marcin@external-mail-server.com', '@external-mail-server.com', '@.', '@.external-mail-server.com', '@.pl']
2018-02-06 23:13:48 DEBUG Apply wblist for outbound message.
2018-02-06 23:13:48 DEBUG [SQL] Query local addresses:
SELECT id, email
               FROM users
              WHERE email IN ('some.account@domain2.com', '@domain2.com', '@.', '@.domain2.com', '@.com', '74.125.82.43', '74.125.82.*', '74.125.*.43')
           ORDER BY priority DESC
2018-02-06 23:13:48 DEBUG Local addresses (in `users`): [(1, '@.')]
2018-02-06 23:13:48 DEBUG [SQL] Query external addresses:
SELECT id, email
               FROM mailaddr
              WHERE email IN ('marcin@external-mail-server.com', '@external-mail-server.com', '@.', '@.external-mail-server.com', '@.pl')
           ORDER BY priority DESC
2018-02-06 23:13:48 DEBUG No record found in SQL database.
2018-02-06 23:13:48 DEBUG [SQL] Query CIDR network:
SELECT id, email
               FROM mailaddr
              WHERE email LIKE '74.%%'
           ORDER BY priority DESC
2018-02-06 23:13:48 DEBUG No valid sender id or recipient id.
2018-02-06 23:13:48 DEBUG [SQL] query local domain (external-mail-server.com):
SELECT domain
                   FROM domain
                  WHERE domain='external-mail-server.com'
                  LIMIT 1
2018-02-06 23:13:48 DEBUG SQL query result: None
2018-02-06 23:13:48 DEBUG [SQL] query alias domains (external-mail-server.com):
SELECT alias_domain
                   FROM alias_domain
                  WHERE alias_domain='external-mail-server.com' OR target_domain='external-mail-server.com'
                  LIMIT 1
2018-02-06 23:13:48 DEBUG SQL query result: None
2018-02-06 23:13:48 DEBUG <-- Result: DUNNO
2018-02-06 23:13:48 DEBUG Session ended.
2018-02-06 23:13:48 INFO [74.125.82.43] RCPT, some.account@domain2.com => marcin@external-mail-server.com, DUNNO [0.0093s]
2018-02-06 23:13:48 DEBUG smtp session: request=smtpd_access_policy
2018-02-06 23:13:48 DEBUG smtp session: protocol_state=END-OF-MESSAGE
2018-02-06 23:13:48 DEBUG smtp session: protocol_name=ESMTP
2018-02-06 23:13:48 DEBUG smtp session: client_address=74.125.82.43
2018-02-06 23:13:48 DEBUG smtp session: client_name=mail-wm0-f43.google.com
2018-02-06 23:13:48 DEBUG smtp session: client_port=39026
2018-02-06 23:13:48 DEBUG smtp session: reverse_client_name=mail-wm0-f43.google.com
2018-02-06 23:13:48 DEBUG smtp session: helo_name=mail-wm0-f43.google.com
2018-02-06 23:13:48 DEBUG smtp session: sender=some.account@domain2.com
2018-02-06 23:13:48 DEBUG smtp session: recipient=marcin@external-mail-server.com
2018-02-06 23:13:48 DEBUG smtp session: recipient_count=1
2018-02-06 23:13:48 DEBUG smtp session: queue_id=B5FDF1C0B1C
2018-02-06 23:13:48 DEBUG smtp session: instance=2e8c.5a7a289c.b16a3.0
2018-02-06 23:13:48 DEBUG smtp session: size=3057
2018-02-06 23:13:48 DEBUG smtp session: etrn_domain=
2018-02-06 23:13:48 DEBUG smtp session: stress=
2018-02-06 23:13:48 DEBUG smtp session: sasl_method=PLAIN
2018-02-06 23:13:48 DEBUG smtp session: sasl_username=some.account@domain2.com
2018-02-06 23:13:48 DEBUG smtp session: sasl_sender=
2018-02-06 23:13:48 DEBUG smtp session: ccert_subject=
2018-02-06 23:13:48 DEBUG smtp session: ccert_issuer=
2018-02-06 23:13:48 DEBUG smtp session: ccert_fingerprint=
2018-02-06 23:13:48 DEBUG smtp session: ccert_pubkey_fingerprint=
2018-02-06 23:13:48 DEBUG smtp session: encryption_protocol=TLSv1.2
2018-02-06 23:13:48 DEBUG smtp session: encryption_cipher=ECDHE-RSA-AES128-GCM-SHA256
2018-02-06 23:13:48 DEBUG smtp session: encryption_keysize=128
2018-02-06 23:13:48 DEBUG smtp session: policy_context=
2018-02-06 23:13:48 DEBUG Skip plugin: reject_null_sender (protocol_state != END-OF-MESSAGE)
2018-02-06 23:13:48 DEBUG Skip plugin: wblist_rdns (protocol_state != END-OF-MESSAGE)
2018-02-06 23:13:48 DEBUG Skip plugin: reject_sender_login_mismatch (protocol_state != END-OF-MESSAGE)
2018-02-06 23:13:48 DEBUG --> Apply plugin: throttle
2018-02-06 23:13:48 DEBUG Check sender throttling.
2018-02-06 23:13:48 DEBUG [SQL] Query throttle setting:

        SELECT id, account, priority, period, max_msgs, max_quota, msg_size
          FROM throttle
         WHERE kind='outbound' AND account IN ('74.125.82.43', '@ip', 'some.account@domain2.com', '@domain2.com', '@.', '@.domain2.com', '@.com', '74.125.82.*', '74.125.*.43')
         ORDER BY priority DESC

2018-02-06 23:13:48 DEBUG [SQL] Query result:
[]
2018-02-06 23:13:48 DEBUG No sender throttle setting.
2018-02-06 23:13:48 DEBUG Bypass recipient throttling (found sasl_username).
2018-02-06 23:13:48 DEBUG <-- Result: DUNNO
2018-02-06 23:13:48 DEBUG Skip plugin: sql_alias_access_policy (protocol_state != END-OF-MESSAGE)
2018-02-06 23:13:48 DEBUG Skip plugin: amavisd_wblist (protocol_state != END-OF-MESSAGE)
2018-02-06 23:13:48 DEBUG Session ended.
2018-02-06 23:13:48 INFO [74.125.82.43] END-OF-MESSAGE, some.account@domain2.com => marcin@external-mail-server.com, DUNNO [0.0028s]

Log from /var/log/postfix

Feb  6 23:13:48 mail postfix/submission/smtpd[11916]: connect from mail-wm0-f43.google.com[74.125.82.43]
Feb  6 23:13:48 mail postfix/submission/smtpd[11916]: Anonymous TLS connection established from mail-wm0-f43.google.com[74.125.82.43]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Feb  6 23:13:48 mail postfix/submission/smtpd[11916]: B5FDF1C0B1C: client=mail-wm0-f43.google.com[74.125.82.43], sasl_method=PLAIN, sasl_username=some.account@domain2.com
Feb  6 23:13:48 mail postfix/cleanup[11924]: B5FDF1C0B1C: message-id=<CAGbp93uLfpBPCtNLGNKV4+BgfUyG2WHcrQo-wM6FvYpTN2pNYA@mail.gmail.com>
Feb  6 23:13:48 mail postfix/qmgr[5093]: B5FDF1C0B1C: from=<some.account@domain2.com>, size=3270, nrcpt=1 (queue active)
Feb  6 23:13:48 mail postfix/submission/smtpd[11916]: disconnect from mail-wm0-f43.google.com[74.125.82.43] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
Feb  6 23:13:49 mail postfix/10025/smtpd[11934]: connect from localhost[127.0.0.1]
Feb  6 23:13:49 mail postfix/10025/smtpd[11934]: 938071C0B1F: client=localhost[127.0.0.1]
Feb  6 23:13:49 mail postfix/cleanup[11924]: 938071C0B1F: message-id=<CAGbp93uLfpBPCtNLGNKV4+BgfUyG2WHcrQo-wM6FvYpTN2pNYA@mail.gmail.com>
Feb  6 23:13:49 mail postfix/qmgr[5093]: 938071C0B1F: from=<some.account@domain2.com>, size=4332, nrcpt=1 (queue active)
Feb  6 23:13:49 mail amavis[2098]: (02098-03) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [74.125.82.43]:39026 [74.125.82.43] <some.account@domain2.com> -> <marcin@external-mail-server.com>, Queue-ID: B5FDF1C0B1C, Message-ID: <CAGbp93uLfpBPCtNLGNKV4+BgfUyG2WHcrQo-wM6FvYpTN2pNYA@mail.gmail.com>, mail_id: 54Gps_NM1BGs, Hits: 0.318, size: 3270, queued_as: 938071C0B1F, dkim_new=dkim:cutmypage.com, 828 ms, Tests: [ALL_TRUSTED=-1,HTML_IMAGE_ONLY_16=1.048,HTML_MESSAGE=0.001,HTML_SHORT_LINK_IMG_2=0.259,T_REMOTE_IMAGE=0.01]
Feb  6 23:13:49 mail postfix/10025/smtpd[11934]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Feb  6 23:13:49 mail postfix/amavis/smtp[11929]: B5FDF1C0B1C: to=<marcin@external-mail-server.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.97, delays=0.09/0.01/0/0.87, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 938071C0B1F)
Feb  6 23:13:49 mail postfix/qmgr[5093]: B5FDF1C0B1C: removed
Feb  6 23:13:49 mail postfix/smtp[11935]: Untrusted TLS connection established to external-mail-server.com[188.XX.XX.XX]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb  6 23:13:49 mail postfix/smtp[11935]: 938071C0B1F: to=<marcin@external-mail-server.com>, relay=external-mail-server.com[188.XX.XX.XX]:25, delay=0.33, delays=0.05/0.01/0.2/0.07, dsn=5.1.8, status=bounced (host external-mail-server.com[188.XX.XX.XX] said: 550 5.1.8 Sender address rejected, please authenticate (in reply to RCPT TO command))
Feb  6 23:13:49 mail postfix/cleanup[11924]: EAAF51C0B20: message-id=<20180206221349.EAAF51C0B20@mail.domain2.com>
Feb  6 23:13:50 mail postfix/qmgr[5093]: EAAF51C0B20: from=<>, size=6477, nrcpt=1 (queue active)
Feb  6 23:13:50 mail postfix/bounce[11936]: 938071C0B1F: sender non-delivery notification: EAAF51C0B20
Feb  6 23:13:50 mail postfix/qmgr[5093]: 938071C0B1F: removed
Feb  6 23:13:50 mail postfix/pickup[5092]: 0A63C1C0B1F: uid=2000 from=<MAILER-DAEMON>
Feb  6 23:13:50 mail postfix/cleanup[11924]: 0A63C1C0B1F: message-id=<20180206221349.EAAF51C0B20@mail.domain2.com>
Feb  6 23:13:50 mail postfix/pipe[11937]: EAAF51C0B20: to=<some.account@domain2.com>, relay=dovecot, delay=0.09, delays=0.04/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb  6 23:13:50 mail postfix/qmgr[5093]: EAAF51C0B20: removed
Feb  6 23:13:50 mail postfix/qmgr[5093]: 0A63C1C0B1F: from=<>, size=6742, nrcpt=1 (queue active)
Feb  6 23:13:50 mail postfix/10025/smtpd[11934]: connect from localhost[127.0.0.1]
Feb  6 23:13:50 mail postfix/10025/smtpd[11934]: A7A291C0B1C: client=localhost[127.0.0.1]
Feb  6 23:13:50 mail postfix/cleanup[11924]: A7A291C0B1C: message-id=<20180206221349.EAAF51C0B20@mail.domain2.com>
Feb  6 23:13:50 mail postfix/qmgr[5093]: A7A291C0B1C: from=<>, size=7204, nrcpt=1 (queue active)
Feb  6 23:13:50 mail postfix/10025/smtpd[11934]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Feb  6 23:13:50 mail amavis[2100]: (02100-04) Passed CLEAN {RelayedInbound}, [127.0.0.1] <> -> <my-gmail-account@gmail.com>, Message-ID: <20180206221349.EAAF51C0B20@mail.domain2.com>, mail_id: m63tVFnrkJA4, Hits: 1.307, size: 6742, queued_as: A7A291C0B1C, 659 ms, Tests: [HTML_IMAGE_ONLY_16=1.048,HTML_MESSAGE=0.001,HTML_SHORT_LINK_IMG_2=0.259,NO_RELAYS=-0.001]
Feb  6 23:13:50 mail postfix/amavis/smtp[11929]: 0A63C1C0B1F: to=<my-gmail-account@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.77, delays=0.07/0/0/0.7, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as A7A291C0B1C)
Feb  6 23:13:50 mail postfix/qmgr[5093]: 0A63C1C0B1F: removed
Feb  6 23:13:50 mail postfix/smtp[11935]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[2a00:1450:400c:c07::1b]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Feb  6 23:13:51 mail postfix/smtp[11935]: A7A291C0B1C: to=<my-gmail-account@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c07::1b]:25, delay=0.45, delays=0.05/0/0.21/0.18, dsn=2.0.0, status=sent (250 2.0.0 OK 1517955231 v5si264916wmg.171 - gsmtp)
Feb  6 23:13:51 mail postfix/qmgr[5093]: A7A291C0B1C: removed

Postfix config
# --------------------
# INSTALL-TIME CONFIGURATION INFORMATION
#
# location of the Postfix queue. Default is /var/spool/postfix.
queue_directory = /var/spool/postfix

# location of all postXXX commands. Default is /usr/sbin.
command_directory = /usr/sbin

# location of all Postfix daemon programs (i.e. programs listed in the
# master.cf file). This directory must be owned by root.
# Default is /usr/libexec/postfix
daemon_directory = /usr/lib/postfix/sbin

# location of Postfix-writable data files (caches, random numbers).
# This directory must be owned by the mail_owner account (see below).
# Default is /var/lib/postfix.
data_directory = /var/lib/postfix

# owner of the Postfix queue and of most Postfix daemon processes.
# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
# Default is postfix.
mail_owner = postfix

# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail

# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases

# full pathname of the Postfix mailq command.  This is the Sendmail-compatible
# mail queue listing command.
mailq_path = /usr/bin/mailq

# group for mail submission and queue management commands.
# This must be a group name with a numerical group ID that is not shared with
# other accounts, not even with the Postfix account.
setgid_group = postdrop

# external command that is executed when a Postfix daemon program is run with
# the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5

debug_peer_level = 2

# --------------------
# CUSTOM SETTINGS
#

# SMTP server response code when recipient or domain not found.
unknown_local_recipient_reject_code = 550

# Do not notify local user.
biff = no

# Disable the rewriting of "site!user" into "user@site".
swap_bangpath = no

# Disable the rewriting of the form "user%domain" to "user@domain".
allow_percent_hack = no

# Allow recipient address start with '-'.
allow_min_user = no

# Disable the SMTP VRFY command. This stops some techniques used to
# harvest email addresses.
disable_vrfy_command = yes

# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
inet_protocols = all

# Enable all network interfaces.
inet_interfaces = all

#
# TLS settings.
#
# SSL key, certificate, CA
#
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt

#
# Disable SSLv2, SSLv3
#
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3

#
# Fix 'The Logjam Attack'.
#
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem

tls_random_source = dev:/dev/urandom

# Log only a summary message on TLS handshake completion — no logging of client
# certificate trust-chain verification errors if client certificate
# verification is not required. With Postfix 2.8 and earlier, log the summary
# message, peer certificate summary information and unconditionally log
# trust-chain verification errors.
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1

# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
# not require that clients use TLS encryption.
smtpd_tls_security_level = may

# Produce `Received:` message headers that include information about the
# protocol and cipher used, as well as the remote SMTP client CommonName and
# client certificate issuer CommonName.
# This is disabled by default, as the information may be modified in transit
# through other mail servers. Only information that was recorded by the final
# destination can be trusted.
#smtpd_tls_received_header = yes

# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext.
# References:
#   - http://www.postfix.org/TLS_README.html#client_tls_may
#   - http://www.postfix.org/postconf.5.html#smtp_tls_security_level
smtp_tls_security_level = may

# Use the same CA file as smtpd.
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_note_starttls_offer = yes

# Enable long, non-repeating, queue IDs (queue file names).
# The benefit of non-repeating names is simpler logfile analysis and easier
# queue migration (there is no need to run "postsuper" to change queue file
# names that don't match their message file inode number).
#enable_long_queue_ids = yes

# Reject unlisted sender and recipient
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes

# Header and body checks with PCRE table
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks.pcre

# A mechanism to transform commands from remote SMTP clients.
# This is a last-resort tool to work around client commands that break
# interoperability with the Postfix SMTP server. Other uses involve fault
# injection to test Postfix's handling of invalid commands.
# Requires Postfix-2.7+.
#smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre

# HELO restriction
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    check_helo_access pcre:/etc/postfix/helo_access.pcre
    reject_non_fqdn_helo_hostname
    reject_unknown_helo_hostname

# Sender restrictions
smtpd_sender_restrictions =
    reject_unknown_sender_domain
    reject_non_fqdn_sender
    reject_unlisted_sender
    permit_mynetworks
    permit_sasl_authenticated
    check_sender_access pcre:/etc/postfix/sender_access.pcre

# Recipient restrictions
smtpd_recipient_restrictions =
    reject_unknown_recipient_domain
    reject_non_fqdn_recipient
    reject_unlisted_recipient
    check_policy_service inet:127.0.0.1:7777
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination

# END-OF-MESSAGE restrictions
smtpd_end_of_data_restrictions =
    check_policy_service inet:127.0.0.1:7777

# Data restrictions
smtpd_data_restrictions = reject_unauth_pipelining

proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps

# Avoid duplicate recipient messages. Default is 'yes'.
enable_original_recipient = no

# Virtual support.
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_mailbox_base = /storage/vmail

# Do not set virtual_alias_domains.
virtual_alias_domains =

#
# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
#          be forced to submit email through port 587 instead.
#
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes

# hostname
myhostname = mail.domain1.com
myorigin = mail.domain1.com
mydomain = mail.domain1.com

# trusted SMTP clients which are allowed to relay mail through Postfix.
#
# Note: additional IP addresses/networks listed in mynetworks should be listed
#       in iRedAPD setting 'MYNETWORKS' (in `/opt/iredapd/settings.py`) too.
#       for example:
#
#       MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]
#
mynetworks = SERVER_PUBLIC_IP 127.0.0.0/8 [::1]

# Accepted local emails
mydestination = $myhostname, localhost, localhost.localdomain

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

# Default message_size_limit.
message_size_limit = 15728640

# The set of characters that can separate a user name from its extension
# (example: user+foo), or a .forward file name from its extension (example:
# .forward+foo).
# Postfix 2.11 and later supports multiple characters.
recipient_delimiter = +

# The time after which the sender receives a copy of the message headers of
# mail that is still queued. Default setting is disabled (0h) by Postfix.
#delay_warning_time = 1h
compatibility_level = 2
#
# Lookup virtual mail accounts
#
transport_maps =
    proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
    proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf

sender_dependent_relayhost_maps =
    proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf

# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
smtpd_sender_login_maps =
    proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf

virtual_mailbox_domains =
    proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf

relay_domains =
    $mydestination
    proxy:mysql:/etc/postfix/mysql/relay_domains.cf

virtual_mailbox_maps =
    proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

virtual_alias_maps =
    proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
    proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
    proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
    proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf

sender_bcc_maps =
    proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
    proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf

recipient_bcc_maps =
    proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
    proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf

#
# Postscreen
#
postscreen_greet_action = enforce
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites =
    zen.spamhaus.org=127.0.0.[2..11]*3
    b.barracudacentral.org=127.0.0.[2..11]*2

postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr

# Require Postfix-2.11+
postscreen_dnsbl_whitelist_threshold = -2
#
# Dovecot SASL support.
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

#
# Amavisd + SpamAssassin + ClamAV
#
content_filter = smtp-amavis:[127.0.0.1]:10024

# Concurrency per recipient limit.
smtp-amavis_destination_recipient_limit = 1

Do you have any idea why from one account I got this error?

Legitimate email from Sendgrid blocked

February 7, 2018, 4:07 pm
$
0
0

======== Required information ====
- iRedMail version (check /etc/iredmail-release): Current (see text, the regex is taken from the current source on Bitbucket)
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?: Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have been getting complaints from users that expected emails from Sendgrid are not arriving. I looked into this and they are indeed being blocked:

Feb  2 19:27:42 nc027 postfix/smtpd[29988]: NOQUEUE: reject: RCPT from unknown[168.245.3.156]: 554 5.7.1 <o168-245-3-156.outbound-mail.sendgrid.net>: Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery. (dynamic); from=<bounces+2353149-2cc0-REDACTED@sendgrid.net> to=<REDACTED> proto=ESMTP helo=<o168-245-3-156.outbound-mail.sendgrid.net>

So this helo (o168-245-3-156.outbound-mail.sendgrid.net) is matching this regex in "hello_access.pcre":

/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

I see this regex block a lot of spam, so I am loath to delete it, but it's blocking legitimate email. For this I don't blame iRedMail, I blame Sendgrid.

The question is, are Sendgrid breaking some widely-accepted rule or RFC here in identifying their mail servers with this kind of "helo" (and where can I read this rule), or is this perfectly legitimate and I should modify the regex to exclude Sendgrid?

Thanks.


Craig

Can not send to Google and Yahoo domains.

February 7, 2018, 5:43 pm
$
0
0

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7 OPENLDAP edition
- Linux/BSD distribution name and version: Ubuntu 16.04.3 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

mailq:
985551961326     2431 Thu Feb  8 01:33:16  user@domain.com.ph
(connect to alt4.gmail-smtp-in.l.google.com[209.85.201.26]:25: Connection timed out)
                                         user@gmail.com

/var/log/mail/log:
Feb  8 09:37:17 mail postfix/smtp[16225]: connect to mta5.am0.yahoodns.net[98.136.102.55]:25: Connection timed out
Feb  8 09:37:47 mail postfix/smtp[16225]: connect to mta7.am0.yahoodns.net[98.137.159.26]:25: Connection timed out
Feb  8 09:38:15 mail postfix/smtpd[16239]: connect from unknown[198.199.98.246]
Feb  8 09:38:15 mail postfix/smtpd[16239]: lost connection after CONNECT from unknown[198.199.98.246]
Feb  8 09:38:15 mail postfix/smtpd[16239]: disconnect from unknown[198.199.98.246] commands=0/0
Feb  8 09:38:17 mail postfix/smtp[16225]: connect to mta6.am0.yahoodns.net[98.137.159.25]:25: Connection timed out
Feb  8 09:38:17 mail postfix/smtp[16225]: C04EF19613BC: to=<freeda_suing@yahoo.com>, relay=none, delay=150, delays=0.04/0.01/150/0, dsn=4.4.1, status=deferred (connect to mta6.am0.yahoodns.net[98.137.159.25]:25: Connection timed out)
Feb  8 09:39:58 mail postfix/smtpd[16293]: connect from keeper1.mxtoolbox.com[64.20.227.137]
Feb  8 09:40:00 mail postfix/smtpd[16293]: NOQUEUE: reject: RCPT from keeper1.mxtoolbox.com[64.20.227.137]: 454 4.7.1 <test@example.com>: Relay access denied; from=<supertool@mxtoolbox.com> to=<test@example.com> proto=ESMTP helo=<KEEPER1.mxtoolbox.com>
Feb  8 09:40:01 mail postfix/smtpd[16293]: disconnect from keeper1.mxtoolbox.com[64.20.227.137] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4

Viewing all 12101 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>