Linode Forum
https://forum.linode.com/

Can't receive email with citadel
https://forum.linode.com/viewtopic.php?f=11&t=11703
Page 1 of 2

Author:  Whale [ Mon Mar 30, 2015 9:51 am ]
Post subject:  Can't receive email with citadel

Hi,
i have installed citadel using the Linode guide in a subdomain (posta.mydomain.com), and set the MX records as follows:

Code:
posta.mydomain.com   10      Default
smtp.secureserver.net   20      Default
mailstore1.secureserver.net   30      Default
mydomain.com   0   posta   Default


so i have add posta.mydomain.com and mydomain.com with the subdomain posta.mydomain.com, instead smtp.secureserver.net and mailstore1.secureserver.net was already there as default (i have the domain with GoDaddy).

In the citadel settings I have insert this:

Code:
Fully qualified domain name: mydomain.com
Local host aliases and Directory domains:  mydomain.com and posta.mydomain.com


I have created a new user on Citadel, piero@mydomain.com and I can send email, but i can't receive it, and the error that Google give me when i'm trying to send an email from my personal google account in response to piero@mydomain.com:

Code:
Delivery to the following recipient failed permanently:

    piero@mydomain.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain mydomain.com by smtp.secureserver.net. [68.178.213.37].

The error that the other server returned was:
550 5.1.1 <piero@mydomain.com> Recipient not found.  <http://x.co/irbounce>


what can i do to fix the problem, i have maybe misconfigured citadel or mx record?

Author:  obs [ Mon Mar 30, 2015 11:33 am ]
Post subject:  Re: Can't receive email with citadel

What's your real domain we can't check the MX records without it.

Author:  Whale [ Mon Mar 30, 2015 11:50 am ]
Post subject:  Re: Can't receive email with citadel

sorry it's whaletrue.com

Author:  sweh [ Mon Mar 30, 2015 12:31 pm ]
Post subject:  Re: Can't receive email with citadel

% telnet posta.whaletrue.com 25
Trying 109.74.198.44...

And it hangs there.

So it looks like you haven't opened any firewall rule to allow incoming port 25. Eventually the sending server will time out and move onto the next server, which is the secureserver.net machine, which is rejecting mail.

So you need to allow incoming port 25 mail. You should probably also remove the secureserver stuff if they're not accepting mail for you.

Author:  obs [ Mon Mar 30, 2015 1:00 pm ]
Post subject:  Re: Can't receive email with citadel

OK your MX records for whaletrue.com look like this
Code:
whaletrue.com.      600   IN   MX   20 smtp.secureserver.net.
whaletrue.com.      600   IN   MX   30 mailstore1.secureserver.net.
whaletrue.com.      600   IN   MX   10 posta.whaletrue.com.

Now from what you said your server is posta.whaletrue.com so you don't need the first two.

posta.whaletrue.com points to 109.74.198.44 which is a Linode IP however I can't connect to port 25 on that IP so either it's firewalled off, the smtp server isn't running or it's the wrong IP.

If 109.74.198.44 is the correct IP ensure that a smtp server is running and check your firewall.

You can check what's listening using
Code:
sudo netstat -lpnt
and you can check the firewall using
Code:
sudo iptables -L -n -v

Author:  Whale [ Mon Mar 30, 2015 1:18 pm ]
Post subject:  Re: Can't receive email with citadel

sweh wrote:
% telnet posta.whaletrue.com 25
Trying 109.74.198.44...

And it hangs there.

So it looks like you haven't opened any firewall rule to allow incoming port 25. Eventually the sending server will time out and move onto the next server, which is the secureserver.net machine, which is rejecting mail.

So you need to allow incoming port 25 mail. You should probably also remove the secureserver stuff if they're not accepting mail for you.


Thanks for your answer, to open the port 25 i have do this:

Code:
sudo nano /etc/iptables.firewall.rules


i have add this rule:

Code:
# Allows SMTP access
-A INPUT -p tcp --dport 25 -j ACCEPT

# Allows pop and pops connections
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT

# Allows imap and imaps connections
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT


i have apply the new rules using the following command:

Code:
sudo iptables-restore < /etc/iptables.firewall.rules


then this command
Code:
sudo iptables -L
give me this:

Code:
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps


then i have do this:

Code:
iptables-save > /etc/iptables.firewall.rules


so i can't understand why is not reachable, i don't know if it's useful but i have checked this file:

Code:
sudo tail /var/log/mail.err


and this is the log:

Code:
Mar 30 19:00:54 whaletrue citserver[8883]: No external notifiers configured on system/user
Mar 30 19:01:16 whaletrue citserver[8883]: SSL_accept failed: retval=-1, errval=5, err=error:00000005:lib(0):func(0):DH lib
Mar 30 19:01:16 whaletrue citserver[8883]: SSL_accept failed: retval=-1, errval=5, err=error:00000005:lib(0):func(0):DH lib
Mar 30 19:01:16 whaletrue citserver[8883]: client_write(32 bytes) failed: Broken pipe (32)
Mar 30 19:01:16 whaletrue citserver[8883]: client_write(137 bytes) failed: Broken pipe (32)
Mar 30 19:01:16 whaletrue citserver[8883]: IMAPCC[32] client disconnected: ending session.
Mar 30 19:01:16 whaletrue citserver[8883]: POP3 client disconnected: ending session.
Mar 30 19:01:16 whaletrue citserver[8883]: SMTP: client disconnected: ending session.
Mar 30 19:01:16 whaletrue citserver[8883]: SMTP: client disconnected: ending session.
Mar 30 19:01:16 whaletrue citserver[8883]: SSL_accept failed: retval=-1, errval=5, err=error:00000005:lib(0):func(0):DH lib
Mar 30 19:01:16 whaletrue citserver[8883]: client_write(47 bytes) failed: Broken pipe (32)
Mar 30 19:01:16 whaletrue citserver[8883]: client_read_blob() failed: Connection reset by peer
Mar 30 19:01:16 whaletrue citserver[8883]: XMPP: client disconnected: ending session.
Mar 30 19:01:16 whaletrue citserver[8883]: managesieve: client disconnected: ending session.
Mar 30 19:01:55 whaletrue citserver[8883]: No external notifiers configured on system/user
Mar 30 19:02:56 whaletrue citserver[8883]: No external notifiers configured on system/user
Mar 30 19:03:57 whaletrue citserver[8883]: No external notifiers configured on system/user
Mar 30 19:04:58 whaletrue citserver[8883]: No external notifiers configured on system/user
Mar 30 19:05:18 whaletrue citserver[8883]: SSL_accept failed: retval=-1, errval=5, err=error:00000005:lib(0):func(0):DH lib
Mar 30 19:05:18 whaletrue citserver[8883]: client_write(32 bytes) failed: Broken pipe (32)
Mar 30 19:05:18 whaletrue citserver[8883]: SSL_accept failed: retval=-1, errval=5, err=error:00000005:lib(0):func(0):DH lib
Mar 30 19:05:18 whaletrue citserver[8883]: client_write(137 bytes) failed: Broken pipe (32)
Mar 30 19:05:18 whaletrue citserver[8883]: IMAPCC[39] client disconnected: ending session.
Mar 30 19:05:18 whaletrue citserver[8883]: SMTP: client disconnected: ending session.
Mar 30 19:05:18 whaletrue citserver[8883]: POP3 client disconnected: ending session.
Mar 30 19:05:18 whaletrue citserver[8883]: SMTP: client disconnected: ending session.
Mar 30 19:05:18 whaletrue citserver[8883]: managesieve: client disconnected: ending session.
Mar 30 19:05:18 whaletrue citserver[8883]: SSL_accept failed: retval=-1, errval=5, err=error:00000005:lib(0):func(0):DH lib
Mar 30 19:05:18 whaletrue citserver[8883]: client_write(47 bytes) failed: Broken pipe (32)
Mar 30 19:05:18 whaletrue citserver[8883]: client_read_blob() failed: Connection reset by peer
Mar 30 19:05:18 whaletrue citserver[8883]: XMPP: client disconnected: ending session.
Mar 30 19:05:59 whaletrue citserver[8883]: No external notifiers configured on system/user
Mar 30 19:07:00 whaletrue citserver[8883]: No external notifiers configured on system/user
Mar 30 19:08:01 whaletrue citserver[8883]: No external notifiers configured on system/user
Mar 30 19:09:02 whaletrue citserver[8883]: No external notifiers configured on system/user
Mar 30 19:10:43 whaletrue citserver[2008]: Failed to adjust ownership of: /etc/citadel/netconfigs/7 [No such file or directory]
Mar 30 19:10:43 whaletrue citserver[2008]: Failed to adjust ownership of: /etc/citadel/netconfigs/7 [No such file or directory]
Mar 30 19:10:44 whaletrue citserver[2008]: No external notifiers configured on system/user
Mar 30 19:11:45 whaletrue citserver[2008]: No external notifiers configured on system/user
Mar 30 19:12:46 whaletrue citserver[2008]: No external notifiers configured on system/user
Mar 30 19:13:47 whaletrue citserver[2008]: No external notifiers configured on system/user
Mar 30 19:14:48 whaletrue citserver[2008]: No external notifiers configured on system/user
Mar 30 19:15:49 whaletrue citserver[2008]: No external notifiers configured on system/user

Author:  sweh [ Mon Mar 30, 2015 11:27 pm ]
Post subject:  Re: Can't receive email with citadel

Whale wrote:
then this command
Code:
sudo iptables -L
give me this:

Code:
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps


That is not the complete output of the command. Other stuff is missing. I still can not access that SMTP port on 109.74.198.44 (nor any of the other ports). Your firewall config is not correct. But because you're not showing the complete output we can not diagnose the problem.

Author:  Whale [ Tue Mar 31, 2015 9:05 am ]
Post subject:  Re: Can't receive email with citadel

thanks for all your answers, before i hadn't mention that i have two server with one domain, the first server has my website in which i have whaletrue.com domain and reverse DNS, inside the second server (109.74.198.44) i have installed citadel connected with posta.whaletrue.com, so in my DNS Manager i have created an A record that point posta.whaletrue.com to 109.74.198.44, i don't think that this is the problem but I still wanted to write it for clarity.
Now if i use the command
Code:
sudo netstat -lpnt
on 109.74.198.44 this is the complete result:

Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1797/sshd       
tcp        0      0 0.0.0.0:504             0.0.0.0:*               LISTEN      2582/citserver 
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2582/citserver 
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2024/webcit     
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      2582/citserver 
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      2582/citserver 
tcp        0      0 0.0.0.0:2020            0.0.0.0:*               LISTEN      2582/citserver 
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      2582/citserver 
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      1890/amavisd-new (m
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1854/mysqld     
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      2582/citserver 
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      2582/citserver 
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      2582/citserver 
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      1906/spamd.pid 
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2020/webcit     
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      2582/citserver 
tcp6       0      0 :::22                   :::*                    LISTEN      1797/sshd       
tcp6       0      0 ::1:783                 :::*                    LISTEN      1906/spamd.pid 


and the command
Code:
sudo iptables -L -n -v
give me this:

Code:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 7142  756K fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
 6220  679K fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
 1495  108K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      *       0.0.0.0/0            127.0.0.0/8          reject-with icmp-port-unreachable
 8745  972K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
   97  5260 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
  127  7480 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
  284 16316 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
    5   188 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
  777 52587 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
  839 56275 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993
    0     0 ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
11146 2578K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-ssh (2 references)
 pkts bytes target     prot opt in     out     source               destination         
12412 1354K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination


i hope this help to solve my problem, thanks.

Author:  sweh [ Tue Mar 31, 2015 9:27 am ]
Post subject:  Re: Can't receive email with citadel

This line
839 56275 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

It's there before the "allow SMTP, allow POP3" rules and so it's blocking all the traffic to those ports.

Order of rules is important in iptables. Make sure your "allow" rules are before this "drop" rule.

Author:  Whale [ Tue Mar 31, 2015 9:42 am ]
Post subject:  Re: Can't receive email with citadel

You save my day! Thank you soo much, i have a couple more question:

1) If my mail server where i have installed citadel i down, what happen at the messages?
2) Releated to the question above, if the messages are lost, there is a way to recover it, or to avoid this problem (i don't know maybe install citadel also on my first server)

Author:  sweh [ Tue Mar 31, 2015 10:04 am ]
Post subject:  Re: Can't receive email with citadel

With your original configuration of 2nd an 3rd MX, when people can't reach your first server then the sender will try the second. That would reject your message and so the person who sent the mail would get an error. So make sure your MX records are accurate and remove the bad ones.

If you only have 1 server and your server is down then the sender will _normally_ queue the message and retry over a period of time. Eventually the sender will give up and send an error back to the person who sent the mail. What that timeout is depends on the sending server; it's typically over a day but really busy servers could bring that value down to hours.

Author:  Whale [ Tue Mar 31, 2015 10:14 am ]
Post subject:  Re: Can't receive email with citadel

Ok, thank you i will remove them soon, if i need a backup mail server (to avoid the problem of the timeout, if the server goes down for more than one day) there is a way to send this email to the backup mail server (that will be my first server with waletrue.com domain) and retrieve them when main mail server return on?

Author:  sweh [ Tue Mar 31, 2015 12:08 pm ]
Post subject:  Re: Can't receive email with citadel

You have a second server with a really long queue time. So if the primary goes away it will all queue up on the second server. THen when the primary comes back the secondary will forward on the mail in its queue.

Author:  Whale [ Wed Apr 01, 2015 9:11 am ]
Post subject:  Re: Can't receive email with citadel

sweh wrote:
You have a second server with a really long queue time. So if the primary goes away it will all queue up on the second server. THen when the primary comes back the secondary will forward on the mail in its queue.


Thanks for the answer, i haven't installed any backup mail server yet on whaletrue.com, if i install it, how i can set a long queue time and the forward to the new server?
You know maybe a tutorial?

Thanks

Author:  sweh [ Wed Apr 01, 2015 9:27 am ]
Post subject:  Re: Can't receive email with citadel

I have no idea how you would do this with Citadel. I don't use it.

Page 1 of 2 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/