my old zimbra server (8.8.15 GA_4717.FOSS) work like a charm since few years, i will migrate to carbonio ce 25.12.0, send mail work correctly, receivd mail not working. message from gmail (or other) say :
user@myserver> failed: host <a href=" removed link " target="_blank" rel="noopener noreferrer" data-saferedirecturl="https://www.google.com/url?q= http://mail.apv-electricite.be&source=gmail&ust=1768558097589000&usg=AOvVaw2VJE6H-8RuaTQ74C5Q9G4 W">myserver
(213.211.1. said: 554 5.7.1 <<a href=" removed link " target="_blank" rel="noopener noreferrer" data-saferedirecturl="https://www.google.com/url?q= http://inbound5c.ore.mailhop.org&source=gmail&ust=1768558097589000&usg=AOvVaw0lwGjYONinit1r6yx95fX M">inbound5c.ore.mailhop.org[54.186.22.84]>:
Client host rejected: Access denied (in reply to RCPT command)
i have no idea to resolve ....
@philifort
From your post, the error/bounce back report is not clear to me.
So what you mentioned is that your outgoing is working.. But incoming is not.
If your DNS records are public:
then your email route is one of the followings:
- Sending Server ---> Your CE Server
- Sending Server ---> External Relay(If Any) ---> Your MX Server(If Any) ---> Your CE Server
So to cross check, you could try following approaches:
- Check email send/receive from one user of CE to another
- If you are trying to receive email from an external user, check the log of CE also along with any bounce back at remote end.
Try to look deep.
email from/to local user work properly, cannot from external
i work with dyndns to forward trafic on local, fritbox redirect port on carbonio server ip adress
config zimbra vs carbanio looks identical
thank for your reply
Few things:
- Are you using inbound5c.ore.mailhop.org anywhere in your mailflow?
- Mailhop is relaying email to your CE server
It looks more like a policy issue. As there could be multiple hops that brings dependencies.
Try followings:
Add mailhop IP to postfix_client_access list.
- Check current restrictions
postconf smtpd_client_restrictions postconf smtpd_recipient_restrictions postconf smtpd_sender_restrictions
- Add mailhop to postfix_client_access
cat /opt/zextras/conf/postfix_client_access 54.186.22.84 OK inbound5c.ore.mailhop.org OK
- Generate the database
postmap /opt/zextras/conf/postfix_client_access
- Check the changes
postconf smtpd_client_restrictions
Note: By default Carbonio CE enforces additional policies (Compared to Zimbra) to enhance security checks.
Hi Sharif,
postconf result:
postconf smtpd_client_restrictions
smtpd_client_restrictions = reject_unauth_pipelining
postconf smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
postconf smtpd_sender_restrictions
smtpd_sender_restrictions = check_sender_access regexp:/opt/zextras/common/conf/tag_as_originating.re, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access regexp:/opt/zextras/common/conf/tag_as_foreign.re
create /opt/zextras/conf/postfix_client_access, postmap make postfix_client_access.lmdb
but postconf smtpd_client_restrictions say always : smtpd_client_restrictions = reject_unauth_pipelining
maybe i will reboot ?
thanks.
Could you please try followings:
- Create the access file with the contents
cat /opt/zextras/conf/postfix_client_access
- Create the DB file
postmap postfix_client_access
- Configure the client restriction as:
su - zextras carbonio prov ms $(zmhostname) zimbraMtaSmtpdClientRestrictions "check_client_access lmdb:/opt/zextras/conf/postfix_client_access, reject_unauth_pipelining"
- Restart service and check if the changes persist:
su - zextras -c "postconf smtpd_client_restrictions"
Note: Please make sure to keep backup of configuration files before executing changes that could affect the system or operation.
no succes ...
modify /opt/zextras/conf/postfix_client_access like this :
54.186.22.84 OK
54.191.214.3 OK
54.149.36.10 OK
inbound5c.ore.mailhop.org OK
inbound5e.ore.mailhop.org OK
inbound5f.ore.mailhop.org OK
reconfigure with carbonio prov ms ...
postconf smtpd_client_restrictions = check_client_access lmdb:/opt/zextras/conf/postfix_client_access, reject_unauth_pipelining
but server say allways : Client host rejected: Access denied (in reply to RCPT command) (from gmail)
....
Would it be possible to remove all restrictions on receiving emails for a test? (and how) ,If the block persists, the problem will not be solved by my server.
Thanks
I understand your concern. IMO, these policies are not the issue here. All the out of the box (default) policies of Carbonio CE does not conflict with receiving external emails via generic flow like:
Sender ---> Sending Server ---> DNS Resolution ---> Recipient Server ---> Recipient
I think there were some custom configuration in the Zimbra server to allow your specific flow.
You need to diagnosis what is causing this block otherwise our steps would not be effective.
You should also use some internet tools to check DNS, MX and other settings. Just search google, there are plenty tools to test your server.
Like Mail Tester, MXToolbox and many more to be found.
Since you have a working Zimbra 8.8, why not try out Maldua Zimbra, it is Foss and version 10.1 is available. It works.
One of the better tools for email testing is: https://www.learndmarc.com/
I don't care you downgraded me again. It just shows it is not worth any ones time here. Too many problems constantly reported. Answers hardly any or days, weeks of waiting time. I jumped ship and use Maldua Zimbra, also FOSS and it just works and no fussing around to get things going.
@iamout
I thought we had mutual understandings. If you have anything to help the user about any issue that the user posted, you are welcome. But you keep posting sweeping generalizing comments.
I still believe your knowledge would help any user in any situation.
Nothing is perfect, we need to put effort to make it perfect!
All the best!
Okay, it works, but...
After several installations, both automatic and manual, I finally have a working server (still not receiving emails). The server is directly exposed to the internet for testing.
I followed this tutorial to set the SMTP port to 25: https://serverok.in/carbonio
using the command: `zmprov mcf zimbraSmtpPort 25` (the default port is 20025, I don't know why, during install have port 25 conflict).
Then on this page: https://community.zextras.com/forum/carbonio-general-thread/sender-address-rejected-not-logged-in/paged/2/
and these commands:
# workaround for error Sender address rejected: not logged in
zextras@mail:~$ zmprov mcf zimbraMtaSmtpdSenderLoginMaps ""
zextras@mail:~$ zmprov mcf -zimbraMtaSmtpdSenderRestrictions reject_sender_login_mismatch
arukashi says: but it is a huge security breach, as far as I know.
But right now the server is 100% functional.
Can someone tell me how to fine-tune these settings?
Thanks everyone.