Mailcow-dockerized: Mails not sending

@IchUseKomplexe Going to need more info for anyone to really help here.

Did you IP address change when the host moved data centers? Did you get new DNS servers and not update them on the host?

Host or domain name not found. Name service error for name=gmail.com type=MX: Host not found, try again)

This looks like a DNS error when your mailcow tried to sent out a message. Can you connect to the box and see if you can resolve addresses correctly?

This is where I'd start:

Check to see if all services are running correctly.
Make sure your VPS can actually resolve domains. If it can't then you need to fix that first.
If it can, then unbound docker might not be able to based on the errors you are getting during the send and receive process.

Start there and then update us so we can give you more suggestions.

So first I will send you my DNS settings. The old ip was 212.114.60.151 which I changed to 212.114.59.58
The other ip is for my website.

The services are all green in the Debug menu. That's m ACME log:

acme-client: /var/lib/acme/acme/private/account.key: account key exists (not creating) acme-client: /var/lib/acme/acme/private/privkey.pem: domain key exists (not creating) acme-client: adding SAN: autoconfig.mail.syncgaming.org acme-client: adding SAN: autoconfig.syncgaming.org acme-client: adding SAN: autodiscover.mail.syncgaming.org acme-client: adding SAN: autodiscover.syncgaming.org acme-client: https://acme-v01.api.letsencrypt.org/directory: directories acme-client: https://acme-v01.api.letsencrypt.org/directory: bad comm acme-client: bad exit: netproc(654): 1

@IchUseKomplexe

That was not the DNS I was asking about, however I did check and I am getting the correct IP address for your domain. Did check this on MXToolbox, so you can ignore anything to do with your domain name being the any issue. (Your TTL is very low, but that is not going to cause any problem)

You need to log into the VPS to check to see if the system can resolve a DNS name, so like ping google.com. If it can, then we need to check the unbound docker to make sure it is running and it can resolve DNS names. I use putty to do this, but any SSH client would be acceptable to test this with.

Next sets:

1. Connect to the VPS using a SSH client and then check to see if the VPS can resolve IPs by trying to ping a domain name.
2. Reboot the VPS.
3. Try step 1 again and then report back what you get.

ping google.com
PING google.com (172.217.21.238) 56(84) bytes of data.
64 bytes from fra16s13-in-f238.1e100.net (172.217.21.238): icmp_seq=1 ttl=56 time=0.286 ms
64 bytes from fra16s13-in-f238.1e100.net (172.217.21.238): icmp_seq=2 ttl=56 time=0.286 ms
64 bytes from fra16s13-in-f238.1e100.net (172.217.21.238): icmp_seq=3 ttl=56 time=0.268 ms
64 bytes from fra16s13-in-f238.1e100.net (172.217.21.238): icmp_seq=4 ttl=56 time=0.260 ms
64 bytes from fra16s13-in-f238.1e100.net (172.217.21.238): icmp_seq=5 ttl=56 time=0.288 ms
64 bytes from fra16s13-in-f238.1e100.net (172.217.21.238): icmp_seq=6 ttl=56 time=0.280 ms
64 bytes from fra16s13-in-f238.1e100.net (172.217.21.238): icmp_seq=7 ttl=56 time=0.287 ms
64 bytes from fra16s13-in-f238.1e100.net (172.217.21.238): icmp_seq=8 ttl=56 time=0.331 ms
64 bytes from fra16s13-in-f238.1e100.net (172.217.21.238): icmp_seq=9 ttl=56 time=0.263 ms
^C
--- google.com ping statistics ---
9 packets transmitted, 9 received, 0% packet loss, time 8148ms

rtt min/avg/max/mdev = 0.260/0.283/0.331/0.022 ms

After reboot:

PING google.com (216.58.205.238) 56(84) bytes of data.
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=1 ttl=56 time=0.523 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=2 ttl=56 time=1.11 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=3 ttl=56 time=0.546 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=4 ttl=56 time=0.550 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=5 ttl=56 time=0.575 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=6 ttl=56 time=0.549 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=7 ttl=56 time=0.579 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=8 ttl=56 time=0.578 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=9 ttl=56 time=0.562 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=10 ttl=56 time=0.671 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=11 ttl=56 time=0.609 ms
64 bytes from fra15s24-in-f14.1e100.net (216.58.205.238): icmp_seq=12 ttl=56 time=0.581 ms
^C
--- google.com ping statistics ---
12 packets transmitted, 12 received, 0% packet loss, time 11226ms
rtt min/avg/max/mdev = 0.523/0.619/1.111/0.154 ms

Btw. everytime I reboot my system, I have to kill the task running on port 25 to restart postfix.

Btw. everytime I reboot my system, I have to kill the task running on port 25 to restart postfix.

That means you have another service running on that port that starts with the host. I'd track that down and remove it. Depending on what OS you are running I can give you direction on that. I suspect that you have postfix or another MTA running on that port that we should get rid of.

Ok, so the host is resolving IPs just fine. Log into the Mailcow UI and under debug check to see if all containers are running. Any that are not running, restart them. Check the postfix log for more DNS errors. From here I'm suspecting an issue with the unbound docker.

What is a unbound docker and what do I have to do?

@chessw

From your screen shot unbound is running.

unbound is DNS service that mailcow uses to resolve DNS entries. Postfix uses this service to resolve domain names, so that it can find what IP address a domain name is for. And for checking mail for spam, by trying to resolve it's PTR records, etc.

Have a look at this post. https://github.com/mailcow/mailcow-dockerized/issues/850

Just a guess, but maybe a firewall is blocking port 53 (DNS).

I suspect we will need unbound's logs to see what is going on here.

Attaching to mailcowdockerized_unbound-mailcow_1
unbound-mailcow_1 | Receiving anchor key...
unbound-mailcow_1 | Receiving root hints...
unbound-mailcow_1 | #=#=# ######################################################################## 100.0%
unbound-mailcow_1 | [1541341007] unbound[1:0] error: Could not open logfile / dev/stdout: Permission denied
unbound-mailcow_1 | [1541341007] unbound[1:0] notice: init module 0: validato r
unbound-mailcow_1 | [1541341007] unbound[1:0] notice: init module 1: iterator
unbound-mailcow_1 | [1541341012] unbound[1:0] info: start of service (unbound 1.6.2).
unbound-mailcow_1 | [1541432616] unbound[1:0] info: service stopped (unbound 1.6.2).
unbound-mailcow_1 | [1541432616] unbound[1:0] info: server stats for thread 0 : 19774 queries, 5820 answers from cache, 13954 recursions, 0 prefetch, 0 reject ed by ip ratelimiting
unbound-mailcow_1 | [1541432616] unbound[1:0] info: server stats for thread 0 : requestlist max 96 avg 15.6368 exceeded 0 jostled 0
unbound-mailcow_1 | [1541432616] unbound[1:0] info: average recursion process ing time 355.263620 sec
unbound-mailcow_1 | [1541432616] unbound[1:0] info: histogram of recursion pr ocessing times
unbound-mailcow_1 | [1541432616] unbound[1:0] info: [25%]=0.0806411 median[50 %]=96.4822 [75%]=645.083
unbound-mailcow_1 | [1541432616] unbound[1:0] info: lower(secs) upper(secs) r ecursions
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.000512 0.001024 1 9
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.001024 0.002048 1 81
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.002048 0.004096 1 57
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.004096 0.008192 3 72
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.008192 0.016384 2 16
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.016384 0.032768 1 692
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.032768 0.065536 7 39
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.065536 0.131072 4 74
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.131072 0.262144 1 31
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.262144 0.524288 7 5
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 0.524288 1.000000 8 94
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 1.000000 2.000000 3 44
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 2.000000 4.000000 1 70
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 4.000000 8.000000 6 6
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 8.000000 16.000000 1 96
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 16.000000 32.000000 2 32
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 32.000000 64.000000 6 42
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 64.000000 128.000000 7 30
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 128.000000 256.000000 7 38
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 256.000000 512.000000 1 563
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 512.000000 1024.000000 3 173
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 1024.000000 2048.000000 1 079
unbound-mailcow_1 | [1541432616] unbound[1:0] info: 2048.000000 4096.000000 5 8
unbound-mailcow_1 | Receiving anchor key...
unbound-mailcow_1 | Receiving root hints...
unbound-mailcow_1 | #=#=# ######################################################################## 100.0%
unbound-mailcow_1 | [1541432638] unbound[1:0] error: Could not open logfile / dev/stdout: Permission denied
unbound-mailcow_1 | [1541432638] unbound[1:0] notice: init module 0: validato r
unbound-mailcow_1 | [1541432638] unbound[1:0] notice: init module 1: iterator
unbound-mailcow_1 | [1541432639] unbound[1:0] info: start of service (unbound 1.6.2).
unbound-mailcow_1 | [1541432779] unbound[1:0] info: service stopped (unbound 1.6.2).
unbound-mailcow_1 | [1541432779] unbound[1:0] info: server stats for thread 0 : 188 queries, 4 answers from cache, 184 recursions, 0 prefetch, 0 rejected by i p ratelimiting
unbound-mailcow_1 | [1541432779] unbound[1:0] info: server stats for thread 0 : requestlist max 97 avg 55.9891 exceeded 0 jostled 0
unbound-mailcow_1 | [1541432779] unbound[1:0] info: average recursion process ing time 29.102514 sec
unbound-mailcow_1 | [1541432779] unbound[1:0] info: histogram of recursion pr ocessing times
unbound-mailcow_1 | [1541432779] unbound[1:0] info: [25%]=10.6667 median[50%] =16 [75%]=48
unbound-mailcow_1 | [1541432779] unbound[1:0] info: lower(secs) upper(secs) r ecursions
unbound-mailcow_1 | [1541432779] unbound[1:0] info: 0.000512 0.001024 1
unbound-mailcow_1 | [1541432779] unbound[1:0] info: 8.000000 16.000000 3
unbound-mailcow_1 | [1541432779] unbound[1:0] info: 32.000000 64.000000 4
unbound-mailcow_1 | Receiving anchor key...
unbound-mailcow_1 | Receiving root hints...
unbound-mailcow_1 | #=#=# ######################################################################## 100.0%
unbound-mailcow_1 | [1541432794] unbound[1:0] error: Could not open logfile / dev/stdout: Permission denied
unbound-mailcow_1 | [1541432794] unbound[1:0] notice: init module 0: validato r
unbound-mailcow_1 | [1541432794] unbound[1:0] notice: init module 1: iterator
unbound-mailcow_1 | [1541432795] unbound[1:0] info: start of service (unbound 1.6.2).
unbound-mailcow_1 | [1541437660] unbound[1:0] info: service stopped (unbound 1.6.2).
unbound-mailcow_1 | [1541437660] unbound[1:0] info: server stats for thread 0 : 1461 queries, 283 answers from cache, 1178 recursions, 0 prefetch, 0 rejected by ip ratelimiting
unbound-mailcow_1 | [1541437660] unbound[1:0] info: server stats for thread 0 : requestlist max 74 avg 37.528 exceeded 0 jostled 0
unbound-mailcow_1 | [1541437660] unbound[1:0] info: average recursion process ing time 232.485180 sec
unbound-mailcow_1 | [1541437660] unbound[1:0] info: histogram of recursion pr ocessing times
unbound-mailcow_1 | [1541437660] unbound[1:0] info: [25%]=0.114139 median[50% ]=63.3766 [75%]=228.329
unbound-mailcow_1 | [1541437660] unbound[1:0] info: lower(secs) upper(secs) r ecursions
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.000512 0.001024 1
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.001024 0.002048 3
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.002048 0.004096 4
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.004096 0.008192 1 7
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.008192 0.016384 1 5
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.016384 0.032768 7 6
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.032768 0.065536 4 1
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.065536 0.131072 1 79
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.131072 0.262144 2 2
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.262144 0.524288 1 2
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 0.524288 1.000000 5 0
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 1.000000 2.000000 2 4
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 2.000000 4.000000 1 2
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 4.000000 8.000000 7
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 8.000000 16.000000 1 2
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 16.000000 32.000000 2 9
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 32.000000 64.000000 7 7
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 64.000000 128.000000 1 26
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 128.000000 256.000000 2 07
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 256.000000 512.000000 1 52
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 512.000000 1024.000000 3 4
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 1024.000000 2048.000000 1 8
unbound-mailcow_1 | [1541437660] unbound[1:0] info: 2048.000000 4096.000000 4 1
unbound-mailcow_1 | Receiving anchor key...
unbound-mailcow_1 | Receiving root hints...
unbound-mailcow_1 | #=#=# ######################################################################## 100.0%
unbound-mailcow_1 | [1541437716] unbound[1:0] error: Could not open logfile / dev/stdout: Permission denied
unbound-mailcow_1 | [1541437716] unbound[1:0] notice: init module 0: validato r
unbound-mailcow_1 | [1541437716] unbound[1:0] notice: init module 1: iterator
unbound-mailcow_1 | [1541437719] unbound[1:0] info: start of service (unbound

@chessw

@IchUseKomplexe Try the following and report back:

docker-compose down
docker rm -f $(docker ps -a -q)
systemctl restart docker
docker-compose up -d

I have done this. Everything was fine but I‘m still getting the same error as before.
NOQUEUE: reject: RCPT from unknown[209.85.167.170]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [209.85.167.170]; from=alexander.*******@gmail.com to=csgo@syncgaming.org proto=ESMTP helo=

@chessw

@IchUseKomplexe

Ok from here I'll have to let someone else with more experience help.

I know what I'd do from here, but it would be a full backup, wipe of the box and then a restore, but if someone else wants to chime in first with another idea to try, maybe wait for that.

Could you tag somebody? @chessw

I'd ask your provider why you cannot use your container as DNS resolver anymore. Nothing we can help you with. The VM itself didn't change? Then they probably filter it. Which provider btw?

Also it seems that the mailserver answer with 220-syncgaming.org ESMTP Postfix when connecting via telnet on port 25 while using mail.syncgaming.org
Shouldnt it answer with 220-mail.syncgaming.org ESMTP Postfix?

So I contacted my provider and he told me that he recreated the RNS. He told me too that I should check my DNS cause It's resolving to 209.85.167.177

@MAGICCC um ehrlich zu sein habe ich keine Ahnung warum es mit Syncgaming.org antwortet. In der mailcow config ist auch Mail.syncgaming.org eingetragen. Kannst du mir auf die Sprünge helfen?
English: Tbh. I don‘t know why it‘s answering with Syncgaming.org. The the domain I entered in the mailcow config is mail.syncgaming.org. Could you help me please?

Any1 could answer?

Your provider should be able to tell you why your DNS requests are filtered. They worked before they moved the data centers, they stopped working right after they finished.

Why are there so many errors?

@andryyy

@IchUseKomplexe

These errors show you that the DNS entries for these services are not correct.

I would go back over your DNS entries with your domain provider, as they don't match with what Mailcow is expecting. However the most important one is the PTR record. That is not managed by your domain provider, but with the VPS host. Give that to your VPS host to update.

But why do I have wrong DNS entries. What did I wrong? You saw my DNS @chessw and what should my provider do?

@IchUseKomplexe

1) Tell your VPS provider to update your PTR record to syncgaming.org

You have a lot of A records, and they should be SRV records. I don't use them all, as I don't need them all, but do use some. I'm not a DNS expert, but here is mine below. I have blanked out my domain name and IP as I already get a lot of attacks on this VPS.

As you see I don't bother with the TLSA records as I don't need them in my case.

You have a problem with your DNS for sure. Look at the errors for the following:

MX, CNAME, SRV, CNAME. They all are wrong, as well as the PTR record.
MX should be mail.syncgaming.org (that is what mailcow is expecting for your MX)
I don't see any CNAMES in your DNS records. autoconfig and audiscover should be CNAMES, not A records.

SVR record for _autodiscover is missing.

@chessw do you mean the RDNS or a ptr record? Because I got a ptr record in my dns

@IchUseKomplexe

RDNS and ptr record are the same thing, but this can't be done in your DNS, but the VPS provider has to do that.

So my RDNS got changed to syncgaming.org but I'm still getting the same error. I will show you my cloudflare DNS and the Mailcow dns info.

@IchUseKomplexe

Did you ask your VPS provider to do this? This can't be done in a DNS record for the domain, but by the VPS provider.

It is still not correct.. go to https://mxtoolbox.com/SuperTool.aspx?action=mx%3asyncgaming.org&run=toolpage# and then run the SMTP test. Your hostname still does not resolve correctly.

  | SMTP Valid Hostname | Reverse DNS is not a valid Hostname
-- | -- | --

@IchUseKomplexe

Here is where I do the ptr or rdns record with my VPS provider, servercheap.net

I told my hoster to change the rDNS to syncgaming.org my mail is not [email protected]
It is [email protected]. How should the rdns be

It was mail.syncgaming.org before but It didn't work

It needs to match the host name on the VPS. So if your VPS is called mail.XXX.com then that is what it would be set to. I use mail.XXX.com because it is easy for my users and they are used to that on their old host. But it has to match what the name of the VPS is. You'd need to log in and check that using SSH to the VPS, and depending on the OS, typing in hostname should tell you.

I can connect to the server via ssh with syncgaming.org I don't get it why It's telling me that the rhostname is wrong.

what you have in DNS doe not have anything to do with the hostname. you need to confirm what the VPS thinks it is named.

on the vps type in hostname and see what it is really called.

The hostname is kvm1571. How can I rename this.

@chessw

@IchUseKomplexe In my view the VPS hostname doesn't matter. You simply need to set the Reverse-DNS to the same thing that you have set up in mailcow.conf under MAILCOW_HOSTNAME=.

I've tested resolving syncgaming.org and also resolving its IP, and it lands back on syncgaming.org, so as long as you have that set up as the MAILCOW_HOSTNAME, everything should be fine. If MXtoolbox doesn't see it yet, it is because DNS propagation can take some time. Also the syncgaming.org SMTP responds with the correct hostname now. So all of these potential problems are solved.

I read up on the entire thread now: Andryyy already responded and it looks like Unbound cannot resolve DNS queries. This has nothing to do with your DNS settings. It means there's a port filter / firewall going on in your VPS-provider's network. Ask them about it. This is most likely the cause of the problems. The port in question would be 53. There's also the possibility that your VPS itself has the firewall, but if you haven't changed any of the configuration during the transition from the old to the new datacenter, that should be unlikely.

I installed ufw but not really changed anything. I also looked at my /etc/hosts/ file and there I saw my old IP. I edited it to my new ip now. In the mailcow config everything should be okay the mailcow Hostname is syncgaming.org

@hachre

Try completely disabling ufw:

cd mailcow
docker-compose down
ufw disable
systemctl disable ufw
iptables -F
systemctl restart docker
docker-compose up -d

Done this but getting the same error. I got news. I contacted my provider and he said that the port 53 is strictly filtered for the dns packets. He told me that I should use an other port.

I’d switch the provider.

he said that the port 53 is strictly filtered

Then you can't run Mailcow on that provider. If you disabled Unbound and used the provider's DNS server instead, you would lose the ability to reliably query DNSRBLs (important anti-spam feature) and give up DNSSEC validation.

So my provider wants to help me. @hachre where is the main problem? Which request should go through? What can he do? Should I send him the unbound errors?

@andryyy

Sorry I’m out of the country or I would have replied sooner.

Then your VPS provider has to unconditionally unblock port 53. Direct him to this thread. That’s is it. If he does not unblock port 53 this VPS will never work for mailcow.

No 1blu/Evanzo with mailcow then. Could be worse.