Hi
I've been running eFa 3.0.2.6 for absolutely ages.
i decided to build a brand new relay server, using the latest v5 build that i downloaded last week.
I built a new CentOS 9 VM, with the same IP address, netmask and default gateway
i downloaded the latest v5 build of eFa using the instructions found here
This built OK and i configured the exact same same settings in the v5 as appears in the v3 eFa.
no smarthost configured and outbound relay set to my internal email server (Exchange) and transport settings configured to forward incoming emails for my domain, to my internal email server. the new eFa server is identical to my old eFa
Ran MX tools test email server(https://mxtoolbox.com/SuperTool.aspx) and this worked fine - responded with EHLO but also relay denied (as expected). Everything appears to be working.
The only issue i've got is that i cannot send email to it from my external emails. if I send email to my domain from say gmail or outlook, nothing appears in the recent Messages tab of the web console, nor in quarantine.
is there anywhere i can look to see why the mail isn't being accepted?
Thanks
Ken
New eFa v5 not accepting incoming email even though it's identical to old eFa server
Re: New eFa v5 not accepting incoming email even though it's identical to old eFa server
I think that is not a bug, there is something on your configuration.
There might be some info from gmail bounce error message, a reason why delivery error appears, but be patient it takes time from gmail to give an error message.
Check your firewall, disable first and try again
Then check your /var/log/maillog, there must be postfix/smptd record if gmail is successfully entered your mx.
Make sure that your MX record (Authoritative DNS) has already been correct (check that from another DNS check online website)
BR
There might be some info from gmail bounce error message, a reason why delivery error appears, but be patient it takes time from gmail to give an error message.
Check your firewall, disable first and try again
Then check your /var/log/maillog, there must be postfix/smptd record if gmail is successfully entered your mx.
Make sure that your MX record (Authoritative DNS) has already been correct (check that from another DNS check online website)
BR
Re: New eFa v5 not accepting incoming email even though it's identical to old eFa server
Hi AryFir
thank you making the effort to reply
thanks for the log suggestion. I'll take a look in /var/log/maillog for any errors.
Because I couldn't get the new eFa relay working,, i shut it down and brought up the old one, and that received the email almost immediately, so their would be no failed email as far as Gmail is concerned.
Checking my firewall is not necessary as MX tools' 'Test email server' tool successfully connects to port 25 when the new eFa server is up, so everything from that point of view is working.
MX record is fine, because when the eFa v3 is up and running, it relays mail fine. NOTE I have a physical firewall between my network and the internet, and the external IP address that the MX record points to doesn't change. the eFa Server is in my internal network.
the only difference i can see is that when I run the Test Mail Server in MX Tools, the Session Transcript shows the following two additional lines on the v3 eFa Server, which aren't there on the v5 server. Below is the session transcript (edited to remove identifiable data) of both the v3 server (1st) and the v5 server (2nd)
v3 server
Connecting to x.x.x.x
220 mail.XXXXXXX.org.uk ESMTP Postfix [198 ms]
EHLO keeper-us-east-1d.mxtoolbox.com
250-mail.XXXXXXXX.org.uk
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 PLAIN
250-AUTH=CRAM-MD5 LOGIN DIGEST-MD5 PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [209 ms]
MAIL FROM:<supertool@mxtoolboxsmtpdiag.com>
250 2.1.0 Ok [221 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
454 4.7.1 <test@mxtoolboxsmtpdiag.com>: Relay access denied [228 ms]
LookupServer 2353ms
the new v5 server is nearly identical. shown here
Connecting to x.x.x.x
220 mail.XXXXXXX.org.uk ESMTP Postfix [205 ms]
EHLO keeper-us-east-1d.mxtoolbox.com
250-mail.XXXXXXX.org.uk
250-PIPELINING
250-SIZE 133169152
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8 [214 ms]
MAIL FROM:<supertool@mxtoolboxsmtpdiag.com>
250 2.1.0 Ok [219 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
554 5.7.1 <test@mxtoolboxsmtpdiag.com>: Relay access denied [190 ms]
LookupServer 2405ms
the new server is missing two lines starting "250-AUTH..." and has an additional line "250-SMTPUTF8 [214 ms]"
the only other thing that might be affected is my domain has two TXT records... "google-site-verification=...." and "v=spf1 a:mail.XXXXXXXX.org.uk ip4:X.X.X.X -all"
Is the google-site-verification= string dependent on anything stored inside the "old" eFa v3 server? and if it is, that shouldn't affect Office365 or outlook.com sending emails to the new v5 server?
regards
Ken
thank you making the effort to reply
thanks for the log suggestion. I'll take a look in /var/log/maillog for any errors.
Because I couldn't get the new eFa relay working,, i shut it down and brought up the old one, and that received the email almost immediately, so their would be no failed email as far as Gmail is concerned.
Checking my firewall is not necessary as MX tools' 'Test email server' tool successfully connects to port 25 when the new eFa server is up, so everything from that point of view is working.
MX record is fine, because when the eFa v3 is up and running, it relays mail fine. NOTE I have a physical firewall between my network and the internet, and the external IP address that the MX record points to doesn't change. the eFa Server is in my internal network.
the only difference i can see is that when I run the Test Mail Server in MX Tools, the Session Transcript shows the following two additional lines on the v3 eFa Server, which aren't there on the v5 server. Below is the session transcript (edited to remove identifiable data) of both the v3 server (1st) and the v5 server (2nd)
v3 server
Connecting to x.x.x.x
220 mail.XXXXXXX.org.uk ESMTP Postfix [198 ms]
EHLO keeper-us-east-1d.mxtoolbox.com
250-mail.XXXXXXXX.org.uk
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 PLAIN
250-AUTH=CRAM-MD5 LOGIN DIGEST-MD5 PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [209 ms]
MAIL FROM:<supertool@mxtoolboxsmtpdiag.com>
250 2.1.0 Ok [221 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
454 4.7.1 <test@mxtoolboxsmtpdiag.com>: Relay access denied [228 ms]
LookupServer 2353ms
the new v5 server is nearly identical. shown here
Connecting to x.x.x.x
220 mail.XXXXXXX.org.uk ESMTP Postfix [205 ms]
EHLO keeper-us-east-1d.mxtoolbox.com
250-mail.XXXXXXX.org.uk
250-PIPELINING
250-SIZE 133169152
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8 [214 ms]
MAIL FROM:<supertool@mxtoolboxsmtpdiag.com>
250 2.1.0 Ok [219 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
554 5.7.1 <test@mxtoolboxsmtpdiag.com>: Relay access denied [190 ms]
LookupServer 2405ms
the new server is missing two lines starting "250-AUTH..." and has an additional line "250-SMTPUTF8 [214 ms]"
the only other thing that might be affected is my domain has two TXT records... "google-site-verification=...." and "v=spf1 a:mail.XXXXXXXX.org.uk ip4:X.X.X.X -all"
Is the google-site-verification= string dependent on anything stored inside the "old" eFa v3 server? and if it is, that shouldn't affect Office365 or outlook.com sending emails to the new v5 server?
regards
Ken
Re: New eFa v5 not accepting incoming email even though it's identical to old eFa server
hi,
found out what the difference was...
logging into the console as admin, selecting option 4 (IP settings), DNS Recursion was set to DISABLED. setting it to ENABLED allowed everything to work. DNS Recursion setting is not an option in v3. This allowed inbound and outbound to work,
but...
all emails to Gmail were going to the Gmail spam folder, rather than the inbox. This is normally an indicator of missing SPF and DKIM/DMARC records in my DNS. I had a valid SPF record for yeas in my DNS, and the v3 eFa was successfully sending emails to the inbox of users in Gmail, so i assumed that Gmail determined that a newer relay was sending emails and wanted DKIM/DMARC configuring (which i hadn't done as it was working fine with just an SPF record with v3).
i followed the instructions in https://www.server-world.info/en/note?o ... =mail&f=11 to configure postfix and created two TXT records in my DNS admin portal. finally, i used MX Toolbox again to test DMARC and DKIM records and both came back green, verifying valid records. ("DKIM Records Published" and "DKIM Syntax Check" and and DKIM Public Key Check" all ticked green. Same with DARC).
Finally, everything was working, and sending and receiving email was working. So i thought i'd check mail flow via the "Recent Messages" tab in the MailWatch Console. None of the messages are now being shown in Recent Messages. Is this a consequence of using DKIM?
Arhhh....
found out what the difference was...
logging into the console as admin, selecting option 4 (IP settings), DNS Recursion was set to DISABLED. setting it to ENABLED allowed everything to work. DNS Recursion setting is not an option in v3. This allowed inbound and outbound to work,
but...
all emails to Gmail were going to the Gmail spam folder, rather than the inbox. This is normally an indicator of missing SPF and DKIM/DMARC records in my DNS. I had a valid SPF record for yeas in my DNS, and the v3 eFa was successfully sending emails to the inbox of users in Gmail, so i assumed that Gmail determined that a newer relay was sending emails and wanted DKIM/DMARC configuring (which i hadn't done as it was working fine with just an SPF record with v3).
i followed the instructions in https://www.server-world.info/en/note?o ... =mail&f=11 to configure postfix and created two TXT records in my DNS admin portal. finally, i used MX Toolbox again to test DMARC and DKIM records and both came back green, verifying valid records. ("DKIM Records Published" and "DKIM Syntax Check" and and DKIM Public Key Check" all ticked green. Same with DARC).
Finally, everything was working, and sending and receiving email was working. So i thought i'd check mail flow via the "Recent Messages" tab in the MailWatch Console. None of the messages are now being shown in Recent Messages. Is this a consequence of using DKIM?
Arhhh....
Re: New eFa v5 not accepting incoming email even though it's identical to old eFa server
so my next question is, what would stop emails appearing in "Recent Messages" even though eFa is successfully relaying messages through the system?
Re: New eFa v5 not accepting incoming email even though it's identical to old eFa server
Glad that you solve the problem.
Shawn Iverson have posted about this, it's worth to try...
viewtopic.php?t=5360
Please, full backup before doing that.
BR
Shawn Iverson have posted about this, it's worth to try...
viewtopic.php?t=5360
Please, full backup before doing that.
BR
Re: New eFa v5 not accepting incoming email even though it's identical to old eFa server
hi everyone
i've now gotten to the bottom of why no more "recent messages" are being displayed - opendkim sees to break it.
I've rebuilt the EFA relay server again, and tested it at each stage.
As soon as I installed and configured Opendkim the messages stopped appearing in the mailwatch "recent messages"
unfortunately Gmail needs DKIM/Dmarc enabling to stop it putting all emails into the Spam folder for users unless they explicitly trust that email address.
Anyone else have the same issue?
how do i report this as a bug?
regards
Ken
i've now gotten to the bottom of why no more "recent messages" are being displayed - opendkim sees to break it.
I've rebuilt the EFA relay server again, and tested it at each stage.
As soon as I installed and configured Opendkim the messages stopped appearing in the mailwatch "recent messages"
unfortunately Gmail needs DKIM/Dmarc enabling to stop it putting all emails into the Spam folder for users unless they explicitly trust that email address.
Anyone else have the same issue?
how do i report this as a bug?
regards
Ken