How to avoid the "mail loops back to myself" problem ?

  • Hi,


    I using i-MSCP 1.1.14, but I generaly don't use mail service.
    Example :
    - the domain.com is hosted by the server which running i-MSCP
    - the mails like [email protected] are hosted by another server


    From ssh on the i-MSCP server, the command :

    Code
    1. echo "test message" | mail -s "test message" [email protected]


    ... make an error :

    Code
    1. postfix/smtp[15528]: BD32117406: to=<[email protected]>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.6, status=bounced (mail for domain.com loops back to myself)


    I read than i-MSCP 1.1.14 have an option to set external mx server, but I didn't find the way to use it correctly to solve my problem.
    I don't understand what I should indicate as "External email server host"


    For information, my external mail provider is Gandi.net

  • Hello ;


    Teamviewer?

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Nuxwin : I sent you an email :)


    I read this : Seperated Web and Mail Server - Cant send mails


    In my case, the external mail server is Gandi.net
    The point is Gandi.net's SMTP server need authentification.
    I tried to put "mail.gandi.net" on the "External email server host" field but now, I have this :

    Code
    1. Sep 28 21:07:32 servername postfix/pickup[17393]: F11A517407: uid=0 from=<root>
    2. Sep 28 21:07:32 servername postfix/cleanup[17428]: F11A517407: message-id=<[email protected]>
    3. Sep 28 21:07:32 servername postfix/qmgr[16663]: F11A517407: from=<[email protected]>, size=463, nrcpt=1 (queue active)
    4. Sep 28 21:07:33 servername postfix/smtp[17430]: F11A517407: to=<[email protected]>, relay=agent.mail.gandi.net[217.70.182.5]:25, delay=0.04, delays=0.01/0/0/0.03, dsn=5.7.1, status=bounced (host agent.mail.gandi.net[217.70.182.5] said: 554 5.7.1 <myserver.com[92.24.123.7]>: Client host rejected: Access denied (in reply to RCPT TO command))
    5. Sep 28 21:07:33 servername postfix/cleanup[17428]: 0772E17408: message-id=<[email protected]>
    6. Sep 28 21:07:33 servername postfix/bounce[17431]: F11A517407: sender non-delivery notification: 0772E17408
    7. Sep 28 21:07:33 servername postfix/qmgr[16663]: 0772E17408: from=<>, size=2471, nrcpt=1 (queue active)
    8. Sep 28 21:07:33 servername postfix/qmgr[16663]: F11A517407: removed
    9. Sep 28 21:07:33 servername postfix/local[17432]: 0772E17408: to=<[email protected]>, relay=local, delay=0.03, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")
    10. Sep 28 21:07:33 servername postfix/qmgr[16663]: 0772E17408: removed
  • Re;


    As I understand, you need to authenticate to the mail.gandi.net mail server using a specific SASL account. You want configure a smarthost, isn't it? eg any mail sent from your i-MSCP server must be relayed through gandi mail server?

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Quote

    You want configure a smarthost, isn't it?


    I'm not sure to understand what you mean by "smarthost"


    Quote

    eg any mail sent from your i-MSCP server must be relayed through gandi mail server?


    I thing that's it :)

  • Re;

    • What is the value for the DNS MX resource record in your DNS zone?
    • I see that you want use the gandi mail server as relay and that this last require an SASL authentication. In this case, the mail server (i-MSCP) should act as smarthost with authenticate using SASL.
    • Does the mails for your domain should be delivered to the i-MSCP mail server or the gandi mail server?


    Thanks

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Because it's a long time problem with VHCS, and later iscpCP Omega and finaly i-MSCP, I will try to explain very clearly my purpose.


    On my i-MSCP server, I generaly don't use local mail server.
    Instead, I'm using an external webserver.
    In my experience, it's very boring to manage problem on a mail server (or migrate mailbox), so I prefer externalize this service to a trust compagny :)


    The problem, with i-MSCP, is when the server has to sent a mail to a domain hosted by itself (for example, after a form validation or when you ask a password reset).


    You can easily reproduce the problem by sending manually an email from ssh console :


    Code
    1. echo "Test message" | mail -s "Test message" [email protected]


    ... where mydomain.com is hosted by i-MSCP, but the mailbox [email protected] doesn't exist on this server, but elsewhere, at an external provider.


    On the log, you will have :

    Code
    1. Sep 29 14:14:43 myserver postfix/smtp[13583]: A8B8EA7BED: to=<[email protected]>, relay=none, delay=0.04, delays=0.04/0/0/0, dsn=5.4.6, status=bounced (mail for mydomain.com loops back to myself)


    I dream (from long time ago) of a fonctionnality to set an option like this to a domain : "Don't use local MX for this domain. Send the mails outside, to the Internet"


    I try to use the option "external mail server" without success because my external smtp server need an authentification (Nuxwin said he will help me to test this option with a hook ;) )
    But in my opinion, it could be more simple to just say "lest go the mail outside with local smtp server, and trust the internet to find the good MX".


    I really need a solution to do this king of stuff.
    For now, I have found a durty roundabout : if I need to send a mail to [email protected] from the server (where mydomain.com is hosted by i-MSCP), I create a mail redirection elsewhere from [email protected] to [email protected] (where otherdomain.com IS NOT on the i-MSCP server)
    But is not easy to ask your customer to use this durty tip :)

  • @Phinous


    Hello ;


    What you need is a per sender transport map (with SASL authentication). This is currently not supported by i-MSCP. I'll see if I can implement that ASAP.


    When you say:


    Quote from Phinous


    I dream (from long time ago) of a functionality to set an option like this to a domain : "Don't use local MX for this domain. Send the mails outside, to the Internet"


    This can stay only a dream because i-MSCP must know at least the relay (server which is responsible to send mails for the domain). Nothing is magic ;)
    Saying "send the mails outside, to the internet"means nothing. Even worse, by allowing such thing, that could result in forged mails. Those mails would be rejected by any server which implement SPF.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Quote

    This can stay only a dream because i-MSCP must know at least the relay
    (server which is responsible to send mails for the domain). Nothing is
    magic


    OK. I can understand.


    Nevertheless, I remember on my old ispCP, I used a tip like this :

    Quote

    1/ edit /etc/postfix/ispcp/domains
    2/ comment domain (to have the behavior described here on it)
    3/ cp /etc/postfix/ispcp/domains /etc/ispcp/postfix/working
    4/ cd /etc/postfix/ispcp
    5/ postmap domains


    Until my migration to i-MSCP, I use this tip as roundabout with success.


    Quote

    What you need is a per sender transport map (with SASL authentication). This is currently not supported by i-MSCP. I'll see if I can implement that ASAP.


    OK thanks, because it's not very confortable for now :o/
    I'll stay connected :)

  • If I understand, if I install the Postfix Smarthost hook, all my users will used my external mail provider (with SASL authentification) and it won't be possible to use it "per user/domain".
    Which is problematic in my case because my external mail provider is setting limits to avoid spam.
    Am I right ?