Mail system INTERN

rowihei · September 16, 2024, 1:14pm

NethServer Version: 8
Module: mailserver
Hello again,
…after migration NS7 >> NS8 we have problems with intern system mails.
ON NS7 we had 2 domains:
firma.lan > local domain - INTERN
firma.de > public domain - EXTERN (alias domain)

2 users allowed only internal mails, no external mail - user00@firma.lan and admin@firma.lan
user00@firma.lan is the source address for system mails like “Updates available”
“Backup report” “Zpool warning” …
The riddle is:

it’s posible to send test mails manually for example from NAS or proxmox, but the mails from backup jobs or so, not arrive admin@firma.lan
Where is our error in reasoning ?
Before migration NS7>> NS8 this was all OK, but after a week with testings without success we are confused …
Mails goto admin@directory.nh - how to repair this ?
We found this in mail log:

2024-09-16T10:01:25+02:00 [1:mail1:postfix/lmtp] 9D51ACE1834: to=<admin@directory.nh>, orig_to=<admin@firma.lan>, relay=msrv.firma-systeme.de[/var/lib/umail/lmtp], delay=0.1, delays=0.03/0.02/0.05/0.01, dsn=2.1.5, status=deliverable (250 2.1.5 OK)
2024-09-16T10:01:32+02:00 [1:mail1:rspamd] (normal) <7324fd>; task; rspamd_task_write_log: id: <undef>, qid: <994A1CE1834>, ip: 172.20.20.254, user: user00, from: <user00@firma.lan>, (default: F (no action): [-0.10/20.00] [MIME_GOOD(-0.10){multipart/mixed;text/plain;},ARC_NA(0.00){},BYPASS_IP(0.00){172.20.20.254;},BYPASS_SENDER_DOMAIN(0.00){firma.lan;},DKIM_SIGNED(0.00){firma.lan:s=default;},FROM_EQ_ENVFROM(0.00){},FROM_NO_DN(0.00){},MIME_TRACE(0.00){0:+;1:+;}]), len: 955, time: 4120.709ms, dns req: 3, digest: <48f7179556bab73ec450e0aadb57ae76>, rcpts: <admin@firma.lan,user09@firma.lan>, mime_rcpts: <admin@firma.lan,user09@firma.lan>, forced: no action "Matched map: BYPASS_SENDER_DOMAIN"; score=nan (set by multimap)
2024-09-16T10:01:32+02:00 [1:mail1:postfix/lmtp] 994A1CE1834: to=<admin@directory.nh>, orig_to=<admin@firma.lan>, relay=msrv.firma-systeme.de[/var/lib/umail/lmtp], delay=7.3, delays=7.2/0/0/0.08, dsn=2.0.0, status=sent (250 2.0.0 <admin@directory.nh> cJNmMdzl52aAkgEAFvmLcQ Saved)
2024-09-16T16:38:33+02:00 [1:mail1:rspamd] (normal) <a3c039>; task; rspamd_task_write_log: id: <8a-66e84300-5-3ab3cf40@244375197>, qid: <58577CE1849>, ip: 10.5.4.1, user: admin, from: <admin@firma.lan>, (default: F (no action): [-0.10/20.00] [MIME_GOOD(-0.10){multipart/alternative;text/plain;},ARC_NA(0.00){},BYPASS_SENDER_DOMAIN(0.00){firma.lan;},DKIM_SIGNED(0.00){firma.lan:s=default;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},TO_DOM_EQ_FROM_DOM(0.00){}]), len: 1358, time: 225.903ms, dns req: 6, digest: <0f1c01d46a22c05204cbd5a05aeb597d>, rcpts: <user01@firma.lan>, mime_rcpts: <user01@firma.lan>, forced: no action "Matched map: BYPASS_SENDER_DOMAIN"; score=nan (set by multimap)
2024-09-16T16:38:33+02:00 [1:mail1:postfix/qmgr] 58577CE1849: from=<admin@firma.lan>, size=1568, nrcpt=1 (queue active)
2024-09-16T16:38:33+02:00 [1:mail1:dovecot] imap(admin)<120603><F6j4hj0iJLAKBQQB>: save: box=Sent, uid=1312, msgid=<8a-66e84300-5-3ab3cf40@244375197>, from="System-Admin" <admin@firma.lan>, subject=Zahnarzt ..., flags=(\Seen)
2024-09-16T16:38:33+02:00 [1:mail1:dovecot] lmtp(user01)<120608><upNIKulC6GYg1wEAFvmLcQ>: save: box=INBOX, uid=49049, msgid=<8a-66e84300-5-3ab3cf40@244375197>, from="System-Admin" <admin@firma.lan>, subject=Zahnarzt ..., flags=()
2024-09-16T16:41:53+02:00 [1:mail1:postfix/smtpd] NOQUEUE: reject: RCPT from unknown[172.20.20.200]: 554 5.7.1 <admin@firma.lan>: Recipient address rejected: access denied; from=<root@pve.firma.lan> to=<admin@firma.lan> proto=ESMTP helo=<pve.firma.lan>
2024-09-16T16:41:53+02:00 [1:mail1:postfix/smtpd] NOQUEUE: reject: RCPT from unknown[172.20.20.200]: 554 5.7.1 <admin@firma.lan>: Recipient address rejected: access denied; from=<user00@firma.lan> to=<admin@firma.lan> proto=ESMTP helo=<pve.firma.lan>
2024-09-16T16:41:57+02:00 [1:mail1:rspamd] (normal) <b1626d>; task; rspamd_task_write_log: id: <undef>, qid: <6E98ACE182E>, ip: 172.20.20.200, user: user00, from: <user00@firma.lan>, (default: F (no action): [-0.10/20.00] [MIME_GOOD(-0.10){text/plain;},ARC_NA(0.00){},BYPASS_SENDER_DOMAIN(0.00){firma.lan;},DKIM_SIGNED(0.00){firma.lan:s=default;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MIME_TRACE(0.00){0:~;1:+;2:~;3:~;4:+;},SUBJ_BOUNCE_WORDS(0.00){},TO_DOM_EQ_FROM_DOM(0.00){}]), len: 2221, time: 4112.346ms, dns req: 10, digest: <a3bb139d8d7fa5f890ae75c1c8d19f9d>, rcpts: <admin@firma.lan>, mime_rcpts: <admin@firma.lan>, forced: no action "Matched map: BYPASS_SENDER_DOMAIN"; score=nan (set by multimap)
2024-09-16T16:41:57+02:00 [1:mail1:postfix/lmtp] 6E98ACE182E: to=<admin@directory.nh>, orig_to=<admin@firma.lan>, relay=msrv.firma-systeme.de[/var/lib/umail/lmtp], delay=4.3, delays=4.2

rowihei · September 19, 2024, 5:36pm

Is it too simple ? Noone understand the problem ?
NS8 mailsystem don’t like addreses user00@firma.lan and admin@firma.lan…
But they exist and it’s possible to login as user00 and send a mail to admin@firma.lan - and this arrive in inbox of admin ! it’s crazy. But systemmails go to nirwana …
A part of the last /var/log/mail.log

2024-09-19T19:10:54.709693+02:00 pve postfix/smtp[357243]: A9AB18DF8: to=<admin@firma.lan>, relay=msrv.firma.lan[10.2.2.11]:587, delay=0.02, delays=0.01/0/0.01/0, dsn=5.7.1, status=bounced (host msrv.firma.lan[10.2.2.11] said: 554 5.7.1 <admin@firma.lan>: Recipient address rejected: access denied (in reply to RCPT TO command))
2024-09-19T19:10:54.711831+02:00 pve postfix/cleanup[357241]: AD9B78DF9: message-id=<20240919171054.AD9B78DF9@pve.firma.lan>
2024-09-19T19:10:54.713840+02:00 pve postfix/bounce[357244]: A9AB18DF8: sender non-delivery notification: AD9B78DF9
2024-09-19T19:10:54.713935+02:00 pve postfix/qmgr[357239]: AD9B78DF9: from=<>, size=2357, nrcpt=1 (queue active)
2024-09-19T19:10:54.714344+02:00 pve postfix/qmgr[357239]: A9AB18DF8: removed
2024-09-19T19:10:54.723726+02:00 pve postfix/smtp[357243]: AD9B78DF9: to=<user00@firma.lan>, relay=msrv.firma.lan[10.2.2.11]:587, delay=0.01, delays=0/0/0.01/0, dsn=5.7.1, status=bounced (host msrv.firma.lan[10.2.2.11] said: 554 5.7.1 <user00@firma.lan>: Recipient address rejected: access denied (in reply to RCPT TO command))
2024-09-19T19:10:54.725262+02:00 pve postfix/qmgr[357239]: AD9B78DF9: removed

jaywalker · September 20, 2024, 9:21pm

Hi,

can you probably share more details of what you have actually configured in the mail system, and what exactly you want to achieve?

Thank you.

rowihei · September 21, 2024, 7:09am

Hello,
nice to hear something…
We want to get SYSTEM mails from our servers. On NS7 all was OK, but after migration to NS8, only system mails from NAS and Firewall achieve admin@eds.lan.
Mails from other servers not. The mail system of NS8 is mystery for me. There are vpn connections, a domain “directory.nh” and more other mystery.
Is there anywhere a schemata to understand this system ?
We tried the same configuration like on the NAS on the proxmox servers, but as you can see in logs
… Recipient address rejected: access denied …

The configuration on NAS:
20240918-Mail_config_NAS

rowihei · September 23, 2024, 2:33pm

… we found a way to change the configuration for system mails: App MAIL >> Mail-Relay
There is it possible to say which mail senders and which mail recipients are allowed.
We will try every night one configuration and then we will seen …