Posts by cmcologne

    An unexpected error occurred:
    ConnectionError: HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f250478b2d0>: Failed to establish a new connection: [Errno -2] Name or service not known',))
    Please see the logfiles in /var/log/letsencrypt for more details.

    Leider gibts nebendrann keine Buttons. Andere Domains funktionieren. Wie kann ich die fehlerhafte, letsencrypt seitig zurücksetzen?

    Plugin 3.3
    Imscp 1.4.6

    yes I did. And at the bottom is written, that it talks to the firewall:

    • ;; Query time: 0 msec
    • ;; SERVER:
    • ;; WHEN: Thu Mar 02 11:46:17 CET 2017
    • ;; MSG SIZE rcvd: 41

    I'm now kicking out split-dns in pfsense an move to Pure NAT, because the issue should be related to the firewall, not logging the request and not answering it correct. That allows me using the public ip for internal connections.

    E-Mail routing is now working well. Thanks for your time!


    I did restart the dns service on pfsense to clear cache.
    loglevel is on the highest level configured for the dns server, running on the firewall. is the firewall and dns-server configured for the machine. is the i-mscp machine itself

    when I try to get mx records for

    1. root@hosting:~# dig mx +all; <<>> DiG 9.9.5-9+deb8u9-Debian <<>> mx +all;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15111;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:; IN MX;; ANSWER 587 IN MX 10 587 IN MX 20 587 IN MX 40 587 IN MX 50 587 IN MX 30;; Query time: 4 msec;; SERVER:;; WHEN: Thu Mar 02 11:46:07 CET 2017;; MSG SIZE rcvd: 156

    I get an answer and I get massive logging in the dns-server:

    1. Mar 2 11:49:47 unbound 29530:3 info: receive_udp on interface: 2 11:49:47 unbound 29530:3 debug: udp request from ip4 port 51850 (len 16)... resolving part very detailed, therefore cuted. ...Mar 2 11:49:47 unbound 29530:3 info: send_udp over interface:

    So the dns-server gets a request, it is resolving it, and answering back.

    when I try to resolve for the problematic customer domain. I get no answer and in the dns-server logfile there is not even a "unbound 29530:3 debug: udp request from ip4", there is nothing. It looks like, dig did never ask.

    Quote from Nuxwin

    Also: Be sure that customerdomain.tld is listed in the /etc/postfix/imscp/relay_domains table
    Also, Be sure that customerdomain.tld is not listed in the /etc/postfix/imscp/domains table

    listed in /etc/postfix/imscp/relay_domains
    not listed in /etc/postfix/imscp/domains

    Thank you @Nuxwin for your quick response.

    dig mx customerdomain.tld
    gives me no answer. But it is asking the firewall (where runs dns for splitdns) on the right ip. When i specifiy the nameserver with @ to ask google instead, I get the right mx record.

    The a record of the fqdn of the mailserver is resolving perfect, giving me the rfc1918 ip of the mailserver.

    I will now investigate in pfsense, where the problem is. After fixing the name resolution issue in the firewall, I will test again and report.

    The Cause auf a problem is everytime... the one tiny important thing, you don't check first...

    I did some research with an other Coustumer. In this case, the Mailserver ip of the customer domain, which not works, is a RFC1918 private ip, because this mailserver is in our datacenter behind an other firewall. If the ip is a public ip, it works.

    So it seems, that postfix ignores private ips in mx records.

    Where is the right position, to modify the postfix config, and don't get overwritten by i-mscp update?

    Hi guys,

    i-MSCP is on the latest version, installed on Debian Jessie 64-bit.
    i-MSCP is behind nat.
    i-MSCP ist configured as a master dns server, syncing with 3 slave dns servers working.
    i-MSCP is configured to not use it's own dns server for name resolution. The Debian dns-client is configured to use the firewall as dns-server, which provides split-dns.

    A Customer has a Domain which is configured for external mailserver. and mx record is configured in i-MSCP and synced to the other nameservers viewable from outside.
    The Customers contact e-Mailaddress is mailbox hosted on this external mailserver: cusstomername@customerdomain.tld
    the customer can communicate well with with other people.

    The problem is, that i-mscp self cannot send mail to this customer (e.g. in case of password recovery).

    Logfile in postfix:

    1. Mar 1 11:10:00 hosting postfix/qmgr[1286]: 9493621618: from=<noreply@hosting.imscpdomain.tld>, size=1033, nrcpt=1 (queue active)
    2. Mar 1 11:10:00 hosting postfix/smtp[1324]: 9493621618: to=<cusstomername@customerdomain.tld>, relay=none, delay=15, delays=15/0.04/0/0, dsn=5.4.6, status=bounced (mail for customerdomain.tld loops back to myself)
    3. Mar 1 11:10:00 hosting postfix/cleanup[1290]: 923C524F8F: message-id=<20170301101000.923C524F8F@hosting.imscpdomain.tld>
    4. Mar 1 11:10:00 hosting postfix/bounce[1325]: 9493621618: sender non-delivery notification: 923C524F8F
    5. Mar 1 11:10:00 hosting postfix/qmgr[1286]: 923C524F8F: from=<>, size=3239, nrcpt=1 (queue active)
    6. Mar 1 11:10:00 hosting postfix/qmgr[1286]: 9493621618: removed
    7. Mar 1 11:10:00 hosting postfix/local[1327]: 923C524F8F: to=<noreply@hosting.imscpdomain.tld>, relay=local, delay=0.04, delays=0.01/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: "noreply")
    8. Mar 1 11:10:00 hosting postfix/qmgr[1286]: 923C524F8F: removed
    9. Mar 1 11:10:00 hosting spamd[1020]: prefork: child states: II

    Why is postfix not delivering the mail to the external mailserver?

    Thank you for your time!

    Thank you for providing the howto for the zone synchronasation. That is not my real issue I'm fucusing on.
    I need a solution which don't need me to add 4 glue records for every domain.

    Or does anybody have a provider, which adds glue records automaticly?