mx records, postfix

JM_Fraser · 11-28-2003, 08:12 AM

I have set up my MX records with my isp but my mail is not being delivered to my server. For smtp, do I just point my mail client to the server running postfix or do I have to put in the external smtp server name.

Also, am I correct in saying that where "relayhost" is defined in main.cf, this points also to my extenal smtp server?

david_ross · 11-28-2003, 01:47 PM

relayhost should be used it you want to use another server to relay your mail when you dont; want to deliver it yourself.

What error do you get when you send e-mail to your domain?

JM_Fraser · 11-28-2003, 03:41 PM

When I use a webmail client to send my mail back to my domain and the new server, it still sits on the ISP's server! I have set up my "class A records/zone" with them and so all stuff sent to my domain gets pushed to my server. Also, mail that I send out via my server, if I do not specify my external smtp server as relayhost, it just goes out into the Ether; unless you can advise of some Q where it will be sitting.

david_ross · 11-28-2003, 03:50 PM

What is the domain name?

chort · 11-28-2003, 08:33 PM

It sounds like either the MX record is misconfigured, or your ISP does not allow inbound connections to port 25 (other than to their own mail servers). Also, do you have a firewall running on or in front of your mail server? If so, have you opened port 25/tcp for outside connections?

Please post your domain name and I could tell you what the problem is in a few minutes.

jules_fraser · 11-29-2003, 03:01 PM

The domain name is: cybertrex.co.uk. The msg below is what I get when I send stuff externally to the server:

Message from yahoo.com.
Unable to deliver message to the following address(es).

<jules@cybertrex.co.uk>:
216.200.145.38 does not like recipient.
Remote host said: 550 <jules@cybertrex.co.uk>: Recipient address
rejected: This user does not have an account here (MTA:imta32)
Giving up on 216.200.145.38.

--- Original message follows.

Return-Path: <mitchellstudd@yahoo.com>
Message-ID: <20031129205815.94022.qmail@web41503.mail.yahoo.com>
Received: from [212.104.155.248] by web41503.mail.yahoo.com via HTTP;
Sat, 29 Nov 2003 20:58:15 GMT
Date: Sat, 29 Nov 2003 20:58:15 +0000 (GMT)
From: =?iso-8859-1?q?Mitchell?= <mitchellstudd@yahoo.com>
Subject: sat
To: jules@cybertrex.co.uk
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Any ideas?

david_ross · 11-29-2003, 03:11 PM

I'm taking a guess but I think your MX record is pointing to the wrong server - it seems to point directly to an easyspace server.

chort · 11-29-2003, 03:19 PM

Well it appears that you have multiple different problems. For starts, your MX record is not pointed at your own machine. Observe below...

Locate the authoritative DNS server:

Code:

-bash-2.05b$ dig cybertrex.co.uk ns

; <<>> DiG 9.2.3 <<>> cybertrex.co.uk ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1603
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;cybertrex.co.uk.               IN      NS

;; ANSWER SECTION:
cybertrex.co.uk.        172446  IN      NS      ns3.easypost.com.
cybertrex.co.uk.        172446  IN      NS      ns1.easypost.com.

;; ADDITIONAL SECTION:
ns3.easypost.com.       21256   IN      A       216.167.71.24

;; Query time: 2 msec
;; SERVER: 10.8.1.3#53(10.8.1.3)
;; WHEN: Sat Nov 29 13:09:03 2003
;; MSG SIZE  rcvd: 97

Now that we have authoritative DNS, ask it about cybertrex.co.uk:

Code:

-bash-2.05b$ dig @ns3.easypost.com cybertrex.co.uk any

; <<>> DiG 9.2.3 <<>> @ns3.easypost.com cybertrex.co.uk any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27718
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cybertrex.co.uk.               IN      ANY

;; ANSWER SECTION:
cybertrex.co.uk.        3600    IN      SOA     ns1.easypost.com. hostmaster.easyspace.com. 2003112979 10800 3600 3600000 3600
cybertrex.co.uk.        3600    IN      MX      5 ismtp.easyspace.everyone.net.
cybertrex.co.uk.        3600    IN      NS      ns1.easypost.com.
cybertrex.co.uk.        3600    IN      NS      ns3.easypost.com.
cybertrex.co.uk.        3600    IN      A       212.104.155.248

;; Query time: 97 msec
;; SERVER: 216.167.71.24#53(ns3.easypost.com)
;; WHEN: Sat Nov 29 13:09:15 2003
;; MSG SIZE  rcvd: 198

OK, now we see that the MX record (Mail eXchanger, i.e. where all inbound mail goes) is pointed at ismtp.easyspace.everyone.net. Sensibly enough, that server only accepts mail for accounts that it is configured to host (cybertrex.co.uk is not one of them). I assume you mean for your MX record to be pointed at your own machine, so you need to get your DNS changed to remove ismtp.easyspace.everyone.net and replace it with cybertrex.co.uk (you could also create another host in your DNS, such as mail.cybertrex.co.uk and point that host at 212.104.155.248, then set your MX to mail.cybertrex.co.uk, just to be less confusing).

After making those changes, your DNS might look something like this:

Code:

cybertrex.co.uk.        3600    IN      SOA     ns1.easypost.com. hostmaster.easyspace.com. 2003112979 10800 3600 3600000 3600
cybertrex.co.uk.        3600    IN      MX      5 mail.cybertrex.co.uk.
cybertrex.co.uk.        3600    IN      NS      ns1.easypost.com.
cybertrex.co.uk.        3600    IN      NS      ns3.easypost.com.
cybertrex.co.uk.        3600    IN      A       212.104.155.248
mail.cybertrex.co.uk.   3600    IN      A       212.104.155.248

NOTE: mail.cybertrex.co.uk would not show up in the query I did. You would need to do dig @ns3.easypost.com mail.cybertrex.co.uk in order to see it.

OK, so that is why incoming mail is not going to you. Let's see if we could actually send mail to you if your DNS was right. I tried telnet'ing to 212.104.155.248 on port 25 and I got the following banner: 220 frodo.cybertrex.co.uk ESMTP Postfix, which seems correct. However, if I tried to initiate the SMTP session with an EHLO command, the connection was closed by your server. If I tried HELO instead of EHLO, I was able to get as far as RCPT TO: when the connection was again closed by your server. Additionally, some times the connection would just hang indefinitely before displaying the SMTP banner. Do you have some kind of IPS (Intrusion Prevention System), like Port Sentry? Do you have spamd or some similar type of system running? It seems that your server is being unusually hostile to incoming SMTP connections.

jules_fraser · 11-29-2003, 04:06 PM

I don't know about any Intrusion Prevention system but I have got a firewall on my router which rejects ping requests. Perhaps I should disbale the firewall on the server for the moment until this gets sorted out.

When you say "create another host in your DNS, such as mail.cybertrex.co.uk" do you mean set up another index in my router or with my ISP? Either can be done, just that I thought the ISP was already sorted.

As so far as the ISP index is concerned, I list the following:

name: cybertrex.co.uk
type: A
priority: "not listed"
point to addr: 212.104.155.248

I thought this was correct....

Am very impressed by your thorough answer and assistance. Much appreciated.

david_ross · 11-29-2003, 04:18 PM

To receive mail you will need to create an MX record with your dns provider that points to an existing A record that resolves to the IP of your machine.

jules_fraser · 11-29-2003, 04:23 PM

OK. My adsl line/dns provider is eclipse.co.uk.but easyspace.com provided my domain name. I have already setup my MX records with easyspace, do I now have to go to eclipse.co.uk and ask them to point to the A record of easyspace?

chort · 11-29-2003, 04:35 PM

No, your DNS needs to be setup with easyspace. Right now they do have an MX record setup (please review my post above) but it's not pointed to the correct host. You do already have an A record for your domain name, you also have an A record for www.cybertrex.co.uk, and I just discovered you have a CNAME for mail.cybertrex.co.uk which again points to easyspace (similar to the MX record).

In order to receive mail to your own server, your MX record needs to point to yourself. Now, you could set it up like this (using existing hostnames):
cybertrex.co.uk. IN MX 5 cybertrex.co.uk.

Or you could create a new A record in DNS to use:
inbound.cybertrex.co.uk. IN A 212.104.155.248
cybertrex.co.uk. IN MX 5 inbound.cybertrex.co.uk.

Either way, you need to have your DNS changed with your hosting provider. By the way, your www.cybertrex.co.uk A record points to your hosting provider. I don't know if this is what you intended or not.

The short story is your DNS is not setup correctly. You may find it beneficial to do some Googling on DNS basics.

Robert0380 · 11-29-2003, 06:08 PM

just to try to put it in simple terms:

with your current setup, if i email you, it goes to a machine called:

ismtp.easyspace.everyone.net

when it needs to go to:

cybertrex.co.uk

your ISP is not in this loop right now and you shouldnt even think of them right now.
you have to fix that MX record 1st, then if your mail doesnt get to your box, either you have to config postfix correctly, or you have to see if you ISP blocks incomming on port 25.

david_ross · 11-29-2003, 06:12 PM

Quote:

Originally posted by Robert0380
your ISP is not in this loop right now and you shouldnt even think of them right now.
you have to fix that MX record 1st, then if your mail doesnt get to your box, either you have to config postfix correctly, or you have to see if you ISP blocks incomming on port 25.

Port 25 seems ok (see above) I think he just needs his MX record changed.

jules_fraser · 11-29-2003, 10:24 PM

Sure, I understand. I have already emailed my ISP to query as to why this MX record has not been setup correctly. But it may be a few days before I here anything back. Thanks for your great efforts, all of you. Will advise just as soon as I get more info. Jules