Unable to receive e-mail after new install

[colindawson]

I'm not sure if the problem is with the helm chart, or the software, so I'm starting at the beginning.

I've followed the instructions in the README.md to get the server up and running. As I'm using certmanager for my certificate I've decided to omit the -n mail parameter from the install, so that the mail server is deployed to the default namespace. This will allow the deployment to access the certificate secret, which is maintained automatically by the cluster.

I copied the values.yaml and made the follow modifications.....

1. changed certificate: to certificate: xxxxxxxx.com-tls
2. OVERRIDE_HOSTNAME: xxxxxxxx.com

Using this I've been able to then open a console in the contain and create desired e-mail accounts, I've also setup DKIM correctly. (This isn't my first mailserver, but it is the first time using the helm chart)

I'm even able to use outlook to login perform the send/receive without errors. And can send e-mails out to gmail without any problems.

However, when I try to receive an e-mail on any of the account, the mail does not get through.

here's the output that I get from the pod when I try to send an e-mail to myself, I've changed the domain name in the log, but everything else is left in the clear.

2024-08-30T20:41:06.056914+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/submissions/smtpd[8372]: connect from ColinsAlienware[192.168.70.13]
2024-08-30T20:41:06.075270+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/submissions/smtpd[8372]: Anonymous TLS connection established from colinsalienware[192.168.70.13]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
2024-08-30T20:41:06.158401+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/trivial-rewrite[8185]: warning: do not list domain xxxxxxxx.com in BOTH mydestination and virtual_mailbox_domains
2024-08-30T20:41:06.161824+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/trivial-rewrite[8185]: warning: do not list domain xxxxxxxx.com in BOTH mydestination and virtual_mailbox_domains
2024-08-30T20:41:06.193608+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/submissions/smtpd[8372]: 2E8FF32DAF: client=ColinsAlienware[192.168.70.13], sasl_method=LOGIN, sasl_username=me@xxxxxxxx.com
2024-08-30T20:41:06.203053+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/sender-cleanup/cleanup[8374]: 2E8FF32DAF: message-id=<003d01dafb1c$ef8a8660$ce9f9320$@xxxxxxxx.com>
2024-08-30T20:41:06.203123+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/sender-cleanup/cleanup[8374]: 2E8FF32DAF: replace: header MIME-Version: 1.0 from ColinsAlienware[192.168.70.13]; from=<me@xxxxxxxx.com> to=<me@xxxxxxxx.com> proto=ESMTP helo=<ColinsAlienware>: MIME-Version: 1.0
2024-08-30T20:41:06.471075+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/qmgr[3750]: 2E8FF32DAF: from=<me@xxxxxxxx.com>, size=2996, nrcpt=1 (queue active)
2024-08-30T20:41:06.471637+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/trivial-rewrite[8185]: warning: do not list domain xxxxxxxx.com in BOTH mydestination and virtual_mailbox_domains
2024-08-30T20:41:06.525676+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/local[8375]: 2E8FF32DAF: to=<me@xxxxxxxx.com>, relay=local, delay=0.37, delays=0.31/0.03/0/0.03, dsn=5.1.1, status=bounced (unknown user: "me")
2024-08-30T20:41:06.559548+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/cleanup[8377]: 8763332DC8: message-id=<20240830204106.8763332DC8@xxxxxxxx.com>
2024-08-30T20:41:06.562513+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/bounce[8376]: 2E8FF32DAF: sender non-delivery notification: 8763332DC8
2024-08-30T20:41:06.566670+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/qmgr[3750]: 8763332DC8: from=<>, size=5303, nrcpt=1 (queue active)
2024-08-30T20:41:06.567051+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/trivial-rewrite[8185]: warning: do not list domain xxxxxxxx.com in BOTH mydestination and virtual_mailbox_domains
2024-08-30T20:41:06.569751+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/qmgr[3750]: 2E8FF32DAF: removed
2024-08-30T20:41:06.577644+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/local[8375]: 8763332DC8: to=<me@xxxxxxxx.com>, relay=local, delay=0.05, delays=0.03/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: "me")
2024-08-30T20:41:06.584093+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 postfix/qmgr[3750]: 8763332DC8: removed
2024-08-30T20:41:07.581580+00:00 docker-mailserver-5f4bfbfbd8-ds9p8 dovecot: imap-login: Login: user=<me@xxxxxxxx.com>, method=PLAIN, rip=192.168.70.13, lip=10.244.1.38, mpid=8383, TLS, session=<aZxWnOwgHNLAqEYN>

What have I done wrong?

[polarathene]

What have I done wrong?

This:

warning: do not list domain xxxxxxxx.com in BOTH mydestination and virtual_mailbox_domains

You have overlapped the mail domain for these two settings.

• One is intended for internal mail only (service notifications to postmaster mostly), this is the DMS FQDN (hostname configured).
• While the other is for your hosted mail domains DMS will manage. The accounts you add.

If you configure the same mail domain on both ends, then Postfix doesn't know where to route the mail (internal doesn't go to Dovecot, but it does deliver into /var/mail in a different format (handled by Postfix directly), unless when it arrives at the local delivery agent (Postfix) it resolves an alias to virtual alias account then it goes to the virtual delivery agent (sent to Dovecot).

Our FAQ should cover that, and if you followed our troubleshooting docs they'd suggest searching issues for such log lines, where you'll find plenty at the main repo.

Likewise the docs should emphasize how you can have mail.example.com as your DMS FQDN, while using any mail domain you like besides the DMS FQDN to avoid conflict. So hello@example.com would be ok.

---

That said, LDAP presently opts-out of mydestination, preventing any such notification support (internal mail can't be delivered locally as a result, so would go missing). That was someones "fix" long ago, but I doubt many are aware of it.

You'll also find on the docs FAQ an entry about "bare domains", where if you want the DMS FQDN to still be example.com and simultaneously serve mail accounts with the same domain / FQDN, you'll be advised to match LDAP config with mydestination config change. That has no official support/endorsement by DMS as the project still carries some fragile assumptions in config from long ago, it may work well for you, but generally you're advised to stick to the pattern of not overlapping the DMS FQDN.

mail.example.com is usually better to go with as your hostname. The only reason people avoid that tends to be that they mistakenly think the mail accounts need to share this FQDN, or they're trying to use the same example.com certificate because provisioning a separate SAN/cert (or via wildcard) for DMS is awkward for them.

---

There's the why and several ways you can approach fixing it. Hope that helps.

[colindawson]

Thank you. There's alot of great information there. However, having tried playing with this all day. I've had to park this for now, as my e-mail server has already been down for two weeks. I've had to switch back to my old deployment (which still doesn't completely work, but at least I can see my existing e-mails, just can't send or receive.) Hopefully, once I get my server up and running, I'll be able to come back to this and redefine the setup as a new server which will take over from my existing one.

[polarathene]

Thank you. There's alot of great information there. However, having tried playing with this all day. I've had to park this for now, as my e-mail server has already been down for two weeks.

The TL;DR is:

• Don't mix the DMS hostname with your email accounts, give DMS a separate FQDN like mail.example.com.
• Otherwise follow the FAQ entry to unset mydestination if it's really important for you to share the same FQDN with the DMS certificate and your email addresses.