rhb0js
May 17th, 2012, 12:53 AM
Hi,
I'm a bit newbie to configuring servers and I have a problem with a mail server for a company.
I followed the documentation to configure it. Features: Ubuntu 4.10.03 LTS, Postfix, Dovecot, ClamAV, SpamAssassin, Maildir and TLS with own certificates. I tested it with telnet, nc, swaks, thunderbird.
My ISP has provided me a public IP (with domain reverse) and a panel to configure the domain (it has a place to put the MX record and I put my FQDN on it mail.fiegp.com.ar) and I have to use their DNS servers to use email.
My main.cf is the following:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/postfix/tls/mail.fiegp.com.ar.key
smtpd_tls_cert_file = /etc/postfix/tls/mail.fiegp.com.ar.cert
smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
disable_vrfy_command = yes
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.fiegp.com.ar
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.fiegp.com.ar, mercurio.example.org, localhost.example.org, localhost
relayhost =
mailbox_command =
home_mailbox = Maildir/
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
debug_peer_list = fiegp.com.ar
mynetworks = 127.0.0.0/8 190.189.88.0/24
First, I've tried making an own DNS caching server, then an authoritative server but I've no idea if the configuration is necessary to send email, apparently it is.
My /etc/bind/named.conf.local (disabled)
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "fiegp.com.ar" {
type master;
file "/etc/bind/db.fiegp.com.ar";
};
zone "88.189.190.in-addr.arpa" {
type master;
file "/etc/bind/db.190";
};
My /etc/bind/named.conf.options (disabled)
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
24.232.0.17;
24.232.0.18;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
My /etc/hosts (if necessary)
127.0.0.1 localhost
190.189.88.168 mercurio mail.fiegp.com.ar
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
I made many tests and frankly I can not find where is the error. /var/log/mail.log show me the following caution:
warning: no MX host for fiegp.com.ar has a valid address record
0D8646C03F7: to=<castor@fiegp.com.ar>, relay=none, delay=0.07, delays=0.04/0/0.02/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=mail.fiegp.com.ar type=A:Host not found)
0D8646C03F7:removed
Please help!
I'm a bit newbie to configuring servers and I have a problem with a mail server for a company.
I followed the documentation to configure it. Features: Ubuntu 4.10.03 LTS, Postfix, Dovecot, ClamAV, SpamAssassin, Maildir and TLS with own certificates. I tested it with telnet, nc, swaks, thunderbird.
My ISP has provided me a public IP (with domain reverse) and a panel to configure the domain (it has a place to put the MX record and I put my FQDN on it mail.fiegp.com.ar) and I have to use their DNS servers to use email.
My main.cf is the following:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/postfix/tls/mail.fiegp.com.ar.key
smtpd_tls_cert_file = /etc/postfix/tls/mail.fiegp.com.ar.cert
smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
disable_vrfy_command = yes
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.fiegp.com.ar
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.fiegp.com.ar, mercurio.example.org, localhost.example.org, localhost
relayhost =
mailbox_command =
home_mailbox = Maildir/
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
debug_peer_list = fiegp.com.ar
mynetworks = 127.0.0.0/8 190.189.88.0/24
First, I've tried making an own DNS caching server, then an authoritative server but I've no idea if the configuration is necessary to send email, apparently it is.
My /etc/bind/named.conf.local (disabled)
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "fiegp.com.ar" {
type master;
file "/etc/bind/db.fiegp.com.ar";
};
zone "88.189.190.in-addr.arpa" {
type master;
file "/etc/bind/db.190";
};
My /etc/bind/named.conf.options (disabled)
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
24.232.0.17;
24.232.0.18;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
My /etc/hosts (if necessary)
127.0.0.1 localhost
190.189.88.168 mercurio mail.fiegp.com.ar
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
I made many tests and frankly I can not find where is the error. /var/log/mail.log show me the following caution:
warning: no MX host for fiegp.com.ar has a valid address record
0D8646C03F7: to=<castor@fiegp.com.ar>, relay=none, delay=0.07, delays=0.04/0/0.02/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=mail.fiegp.com.ar type=A:Host not found)
0D8646C03F7:removed
Please help!