Hi @Ange7,
I need confirm: are you running iRedMail-0.9.6? was it upgraded from an old iRedMail release?
root! josephine:/home/ange7# cat /etc/iredmail-release
> 0.9.6Yes, i started with iRedMail 0.9.1 
since i upgrad my iredmail server each time with new release
Hi! Have the almost similar problem.
Logwatch and backup mail arrive to postmaster while there are default settings in main.cf
myhostname = mx.example.com
myorigin = mx.example.com
mydomain = mx.example.com
mydestination = $myhostname, localhost, localhost.localdomain
and postfix sends mail to root@mx.example.com .
In fact i use domain example.com and after i change this settings to listed below
myhostname = mx.example.com
myorigin = $mydomain
mydomain = example.com
mydestination = $myhostname, localhost, localhost.localdomain
postfix begins to send post to root@example.com and i see
"status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 97541123407)"
but the next line is
"status=bounced (user unknown)"
I tied to change "mydestination", adding $mydomain but nothing happens.
If i add $mydomain, i see
" warning: do not list domain example.com in BOTH mydestination and virtual_mailbox_domains"
The same time i can send mail from real user to real user. What should i do to normalize sending mail from local virtual users like root?
Yes, i started with iRedMail 0.9.1
since i upgrad my iredmail server each time with new release
It sounds like you didn't fully apply the upgrade tutorial, and missed some steps.
*) Which dovecot version are you running?
Dovecot 2.0.13. I forgot to tell.
*)
*) What's the error message of your issuue?
My errors are in the first post.
==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6 OPENLDAP edition.
- Linux/BSD distribution name and version: Linux 2.6.32-042stab120.18 Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
Apr 12 20:06:37 se2 postfix/master[27197]: terminating on signal 15
Apr 12 20:06:37 se2 postfix/master[27502]: daemon started -- version 2.11.3, configuration /etc/postfix
Apr 12 20:07:04 se2 postfix/pickup[27503]: 8B34D123411: uid=0 from=<root>
Apr 12 20:07:04 se2 postfix/cleanup[27521]: 8B34D123411: message-id=<20170412170704.8B34D123411@se2.example.com>
Apr 12 20:07:04 se2 postfix/qmgr[27504]: 8B34D123411: from=<root@example.com>, size=301, nrcpt=1 (queue active)
Apr 12 20:07:04 se2 postfix/10025/smtpd[27528]: connect from localhost.localdomain[127.0.0.1]
Apr 12 20:07:04 se2 postfix/10025/smtpd[27528]: EC2F7123414: client=localhost.localdomain[127.0.0.1]
Apr 12 20:07:04 se2 postfix/cleanup[27521]: EC2F7123414: message-id=<20170412170704.8B34D123411@se2.example.com>
Apr 12 20:07:04 se2 postfix/qmgr[27504]: EC2F7123414: from=<root@example.com>, size=754, nrcpt=1 (queue active)
Apr 12 20:07:04 se2 postfix/10025/smtpd[27528]: disconnect from localhost.localdomain[127.0.0.1]
Apr 12 20:07:04 se2 amavis[27051]: (27051-01) Passed CLEAN {RelayedInbound}, [127.0.0.1] <root@example.com> -> <root@example.com>, Message-ID: <20170412170704.8B34D123411@se2.example.com>, mail_id: tTvyDMbQzH2m, Hits: -0.001, size: 301, queued_as: EC2F7123414, 373 ms, Tests: [NO_RELAYS=-0.001]
Apr 12 20:07:04 se2 postfix/smtp-amavis/smtp[27523]: 8B34D123411: to=<root@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.43, delays=0.02/0.01/0.05/0.34, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as EC2F7123414)
Apr 12 20:07:04 se2 postfix/qmgr[27504]: 8B34D123411: removed
Apr 12 20:07:05 se2 postfix/pipe[27529]: EC2F7123414: to=<root@example.com>, relay=dovecot, delay=0.05, delays=0/0.01/0/0.03, dsn=5.1.1, status=bounced (user unknown)
Apr 12 20:07:05 se2 postfix/cleanup[27521]: 04C2D12341B: message-id=<20170412170705.04C2D12341B@se2.example.com>
Apr 12 20:07:05 se2 postfix/qmgr[27504]: 04C2D12341B: from=<>, size=2529, nrcpt=1 (queue active)
Apr 12 20:07:05 se2 postfix/bounce[27531]: EC2F7123414: sender non-delivery notification: 04C2D12341B
Apr 12 20:07:05 se2 postfix/qmgr[27504]: EC2F7123414: removed
Apr 12 20:07:05 se2 postfix/pipe[27529]: 04C2D12341B: to=<root@example.com>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=5.1.1, status=bounced (user unknown)
Apr 12 20:07:05 se2 postfix/qmgr[27504]: 04C2D12341B: removed
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mail_owner = postfix
mailq_path = /usr/bin/mailq
message_size_limit = 31457280
mydestination = $myhostname, localhost, localhost.localdomain
mydomain = example.com
myhostname = se2.example.com
mynetworks = 127.0.0.1
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.[2..11]*2
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_whitelist_threshold = -2
postscreen_greet_action = enforce
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
queue_directory = /var/spool/postfix
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination proxy:ldap:/etc/postfix/ldap/relay_domains.cf
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf
sender_dependent_relayhost_maps = proxy:ldap:/etc/postfix/ldap/sender_dependent_relayhost_maps_user.cf proxy:ldap:/etc/postfix/ldap/sender_dependent_relayhost_maps_domain.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_unknown_helo_hostname check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unlisted_recipient check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf
smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre
smtpd_tls_CAfile = /etc/ssl/certs/example.com.bundle.crt
smtpd_tls_cert_file = /etc/ssl/certs/example.com.crt
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/example.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf proxy:ldap:/etc/postfix/ldap/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf proxy:ldap:/etc/postfix/ldap/virtual_group_maps.cf proxy:ldap:/etc/postfix/ldap/virtual_group_members_maps.cf proxy:ldap:/etc/postfix/ldap/catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000
====
Hello!
Logwatch and backup mail arrive to postmaster while there are default settings in main.cf
myhostname = se2.example.com
myorigin = se2.example.com
mydomain = se2.example.com
mydestination = $myhostname, localhost, localhost.localdomain
and postfix sends mail to root@se2.example.com .
In fact i use domain example.com and after i change this settings to listed below
myhostname = se2.example.com
myorigin = $mydomain
mydomain = example.com
mydestination = $myhostname, localhost, localhost.localdomain
postfix begins to send post to root@example.com and i see
"status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 97541123407)"
but the next line is
"status=bounced (user unknown)"
I tied to change "mydestination", adding $mydomain but nothing happens.
If i add $mydomain, i see
" warning: do not list domain example.com in BOTH mydestination and virtual_mailbox_domains"
The same time i can send mail from real user to real user. What should i do to normalize sending mail from local virtual users like root?
ane20397 wrote:I want to reach the "Edit account profile" logs on CentOS server
You mean logging via syslog?
iRedAdmin doesn't use syslog, instead, you can get the log in SQL db ('iredadmin.log').
Hello Zhang,
Leet me try to clear the case a bit:
I can see some logs from roundcube interface. (https://10.10.10.10/iredadmin) There can be seen the logs under System --> Admin Log --> Events. But there are no logs under System --> Admin --> Edit account profile although I edited the profiles of some users. i.e. I changed some users from normal users to Global admins and I changed some users from global admins to normal users.
Well let's come to my problem: My iRedMail is installed into a CentOS server. I want to see the logs mentioned above in that server too. The logs are stored in /var/log/ directory in that server. If I change the privilege of a user I can see it in /var/log/messages like the log line below:
Apr 12 14:14:23 abcxyz uwsgi[684]: 192.168.10.205 [pid: 718|app: 1|req: 244/281] 172.25.11.111 () {56 vars in 1136 bytes} [Wed Apr 12 14:14:22 2017] GET /iredadmin/profile/user/general/user1@mail.abcxyz.com?msg=UPDATED => generated 13478 bytes in 881 msecs (HTTP/1.1 200) 2 headers in 136 bytes (2 switches on core 0)
There I can see only "UPDATED" word in the log line if I change the profile of a user. How can I see in the logs if I change a user from normal user to global admin. i.e. Let's assume I made "user1" global admin. I want to catch that log line. But if I change a user profile I can only see the word "UPDATED".
Hopefully the details are more clear.
Thanks...
I've got same problem and I had to let on firewall
# Dovecot SASL AUTH service for HAProxy
-A INPUT -p tcp --dport 12346 -j ACCEPT
Is it a right way?
If it works for you, then it’s fine.
In iRedMail cluster design, we don't configure Dovecot to create local socket file for SASL auth, just inet network ports. This way if Dovecot on one server is down, haproxy will dispatch the SASL auth request (from Postfix) to other Dovecot servers.
Hello!
I have configured a new server,i want to export user password to new server.
==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====
To solve thos problem, here's what I done :
I created a file /etc/amavis/whitelist containing the incriminated mail address.
In /etc/amavis/50-user.conf, nearly the line 87, I added :
read_hash(\%whitelist_sender, '/etc/amavis/whitelist');
@whitelist_sender_maps = (\%whitelist_sender);
$interface_policy{'10026'} = 'VIRUSONLY';
$policy_bank{'VIRUSONLY'} = { # mail from the pickup daemon
bypass_spam_checks_maps => ['@whitelist_sender_maps'], # don't spam-check this mail
bypass_banned_checks_maps => ['@whitelist_sender_maps'], # don't banned-check this mail
bypass_header_checks_maps => ['@whitelist_sender_maps'], # don't header-check this mail
};With this solution, only email address contained in /etc/amavis/whitelist is able to do a bypass. It resolved my problem.
Thanks
Nicolas
Although it works for you, but bypass the file type might be better solution.
And finally, what is the right hostname in my case?
1. Should i set server hostname from se2.example.com to example.com and change all iredmail settings to example.com?
2. Should i just change MX, PTR and add A record to se2.example.com? How will it affect DKIM and certificates?
3. Or i can make some changes to just accept local mail from root@se2.example.com to root@example.com? As i requested in my original post?
Hi Zhang,
thanks for the fast reply. I want to achieve something like the following:
As you can see, everythings works as expected, except the signing of the message, if it originates from my onsite mx.
If I send the mail locally through RC, the mails gets signed properly.
So how can I make amavis signing the mails coming from my onsite mx?
thanks for you reply,
please note that i have the following error
ldap_add: Already exists (68)
i think your haproxy + postfix configuration is not right.
Incoming smtp traffic -> HAProxy (port 25) -> Postfix (port 25, postscreen service)
No extra port required at all. But you must configure HAProxy to send the real client IP address, also, whitelist your haproxy server (private) IP in postfix for postscreen service. It works perfect for us.
The problem is when i use this option in the main.cf:
postscreen_upstream_proxy_protocol = haproxy
im not able anymore to send messages from the web mail.
and im not able to communicate with postfix in 127.0.0.1
==== Required information ====
- iRedMail version 0.9.6 MARIADB edition:
- Linux/BSD Debian Jessie:
- Store mail accounts in which backend (MySQL):
- Web server (Nginx):
- Manage mail accounts with iRedAdmin?
- Related log if you're reporting an issue:
====
After I've updated SoGo today cronjob fot cleaning is sending mail to postmaster every minute. Can I do something that was before?
Cronjob:
* * * * * /usr/sbin/sogo-tool expire-sessions 30 2 >/dev/null; /usr/sbin/sogo-ealarms-notify
Mail:
<0x0xa62230[SOGoProductLoader]> SOGo products loaded from '/usr/lib/GNUstep/SOGo':
<0x0xa62230[SOGoProductLoader]> AdministrationUI.SOGo, ActiveSync.SOGo, MailPartViewers.SOGo, MailerUI.SOGo, ContactsUI.SOGo, Appointments.SOGo, CommonUI.SOGo, SchedulerUI.SOGo, Contacts.SOGo, PreferencesUI.SOGo, Mailer.SOGo, MainUI.SOGo
Of course I've removed
/usr/sbin/sogo-ealarms-notify
but not absolutely sure it can be like that :-)
We tried to run a Shell Script containing "echo 'msg'".
After running the following SQL command we were not able to send e-mails anymore and no results were displayed :
UPDATE mailbox SET transport='external-pipe' WHERE username='user@domain.ltd';
Then, What's wrong ? What should we include in our Shell script to make it work perfectly ?
iRedMail doesn't have 000-default-le-ssl.conf, it's added by letsencrypt. You should compare 000-default-le-ssl.conf with default-ssl.conf, and '/iredadmin' entries were removed from 000-default-le-ssl.conf.
New version of iredmail came out so I decided to scrap the whole vps and reinstall it, now everything works, except the root redirects to sogo, even though I double checked /etc/apache2/sites-enabled and /var/www/html for any reference to it.
I don't need sogo and I don't recall installing it