SOLVED: qmail not finding any mailman lists..

[tkalfaoglu]

This is odd, but although the list files exist like /var/qmail/mailnames/domain.com/.qmail-mylist ,
, qmail responds with a "no such user" when it receives an email to [email protected]..
I checked, the file contents look good too.
Perhaps this is also related. Mail sent via localhost is also rejected.:

$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 pluto.kalfaoglu.net ESMTP
helo kalfaoglu.com
mail from: <[email protected]>
rcpt to: <[email protected]>
data
250 pluto.kalfaoglu.net
250 ok
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
503 RCPT first (#5.5.1)
quit
221 pluto.kalfaoglu.net

PS: they are all in the necessary control files. Both kalfaoglu.net, pluto.kalfaoglu.net and kalfaoglu.com..
I did run mchk, and it took an hour
I deleted and re-created the list,
I also stopped mail service on kalfaoglu.com and restarted it.

-t

 

[UFHH01]

Hi tkalfaoglu,

please see: I get the following error if I send mail to a domain on my Plesk server or when I am trying to send mail from mail client software: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) ( KB - article 168 )


If you still experience issues, please include log - files and mail - server configuration files for further investigations to this issue.

Odin / Parallels Plesk Panel for Linux services logs and configuration files ( KB - article: 111 283 )​

 

[UFHH01]

Second reply with some investigations and issues to be solved as well:

Certificate issue:

[005.967]
Certificate 1 of 3 in chain:
subject= /OU=GT32404180/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.kalfaoglu.net
issuer= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
[005.981]
Certificate 2 of 3 in chain:
subject= /OU=GT32404180/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.kalfaoglu.net
issuer= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
[005.995]
Certificate 3 of 3 in chain:
subject= /OU=GT32404180/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.kalfaoglu.net
issuer= /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
[005.995] Cert NOT VALIDATED: unable to get local issuer certificate
[005.995] this may help: What Is An Intermediate Certificate
[005.996] So email is encrypted but the domain is not verified
[005.996] Cert Hostname DOES NOT VERIFY (mail.kalfaoglu.com != *.kalfaoglu.net)
[005.996] (see RFC-2818 section 3.1 paragraph 4 for info on wildcard ("*") matching)
[005.996] So email is encrypted but the host is not verified

SPF issue because of too many DNS - lookups:

"v=spf1 mx a ptr a:ns2.kalfaoglu.net ip4:176.9.64.42 ip4:176.9.179.200/29 mx:mail.kalfaoglu.net mx:mx1.kalfaoglu.net mx:mx2.kalfaoglu.net mx:mx3.kalfaoglu.net mx:mx4.kalfaoglu.net mx:mx5.kalfaoglu.net mx:mx6.kalfaoglu.net ~all"

According to RFC 4408: https://www.ietf.org/rfc/rfc4408.txt

SPF implementations MUST limit the number of mechanisms and modifiers that do DNS Lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier

DNS - lookups of "include" - "mx" - "a" - "ptr" and "exists" count against the limit of the maximum lookups during the loopup procedure. Reduce this SPF - entry, to avoid "fail" notices, which may cause issues/problems.
​

Certficate issues kalfaoglu.net:

This server supports weak Diffie-Hellman (DH) key exchange parameters.

This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate.

Please see: https://www.ssllabs.com/ssltest/analyze.html?d=kalfaoglu.net

Certficate issues pluto.kalfaoglu.net:

This server supports weak Diffie-Hellman (DH) key exchange parameters.

This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate.

Please see: https://www.ssllabs.com/ssltest/analyze.html?d=pluto.kalfaoglu.net

Certficate issues kalfaoglu.com:

This server's certificate is not trusted.

This server supports weak Diffie-Hellman (DH) key exchange parameters.

This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate.

Please see: https://www.ssllabs.com/ssltest/analyze.html?d=kalfaoglu.com

Please see as well:

http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=KALFAOGLU.NET
http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=PLUTO.KALFAOGLU.NET
http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=KALFAOGLU.COM​

 

[tkalfaoglu]

I checked and pluto.kalfaoglu.net does have an MX, well it has only one.
I'm trying to learn qmail's routines on how it handles mail relaying.. I must be doing something wrong..
I mean outgoing mail works, provided I do not use localhost to send it. From my desktop, outgoing works.

 

[tkalfaoglu]

I did some more digging, in fact, I hacked into qmail-smtpd.c and added some logging stuff.. I found out that "relayclient" is always NULL.
This is the variable that is suppose to be passed from tcp-env I believe. Well, it is never set!

I hacked the code and put something like "if mail is from localhost, relay it.."
It works, but I have an uneasy feeing about it.

 

[UFHH01]

Hi tkalfaoglu,

just for future issues/problems, please keep in mind, that you "adjusted" the qmail code manually and therefore help, solutions and work-arounds might not fit your needs, because helpers are not aware of your "adjustments", if you don't explizit define all your inserts.
Another reason why such "adjustments" are absolute nonsens is the fact that Odin will update Plesk and its included packages and addons at any time with patches, updates and upgrades and all your "adjustments" might be gone.
Plesk and it's components are fully working on other systems, tkalfaoglu. Don't you think that there must be other reasons for your issues/failure ?

Please start solving your issues by removing and re-installing the components. In your case, please always try to switch from postfix to qmail, to see if that solves the issue and if not, then please switch back to your initial mail-server for your system. With this option used, you make sure, that you always have the working and well approved original software from Odin, without any modifications or possible wrong settings and configurations.

For further investigations, please always insert errors from your log - files and add the corresponsing configuration files. Please keep in mind to solve your other issues as well, so that you can exclude, that the issue is caused by these issues ( certificate(s) / mal configured DNS - settings ). Try to update/upgrade your operating system and its components to the latest vendor versions, to avoid failures with Plesk and it's components. Please include as well in your posts, which operating system you use and include optional/additional software/packages, installed on your server. You could as well provide informations about your used firewall and it's settings and if you use SELinux or apparmor, please consider not to use it, to be sure that these two packages and it's modifications/configurations/settings are not the reson for your issues.

Odin / Parallels Plesk Panel for Linux services logs and configuration files ( KB - article: 111 283 )​

 

[tkalfaoglu]

Dear Uffh, Thanks for your warnings, and indeed, for several days I have searched for an answer -- at this forum and elsewhere for a BETTER solution.
None was found, and "uninstall qmail, reinstall qmail" sounded like going around another PLESK bug, and was not very appealing.
What I wanted to accomplish was very simple, and qmail easily lends itself to programming..
thanks for the feedback.