Issues with email server

Hello all.
I am having an issue with the email server on my CyberPanel VPS.

1. I am unable to connect via TLS/STARTTLS, with a mail client, even though I’ve installed the certificates.
2. I cannot receive emails. Logs show "Nov 17 05:25:26 ATL01 postfix/smtpd[337886]: 40491603DD: reject: DATA from outsidemailserver.tld[xx.xx.xxx.xxx]: 451 4.3.5 **Server configuration problem**; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qt1-f182.google.com>
3. When trying to send email via SMTP, the mail client (thunderbird in this case) just reports a vague error and says there is a server configuration problem.

Any ideas where to begin, and what to look for?

Welcome @ScrapMTL Happy you are here

The error clearly says the SMTP configuration is wrong

1. Kindly post more email logs.
2. Have you checked your DNS configurations
3. Did you change any configurations in postfix transport agent

Yes, I can see the log clearly states Server configuration problem
But that is a super vague error message that provides little to no information.
Where do I get more logs, with details that could point me in the right direction?
DNS is setup and fine. MX, mail. A records, Domain A, TXT for SPF, etc.
Everything was fine until I added a new website, to the server, and activated it for email services.
But now mail is down for all my domains, on the server, not just the one I added.

Little bit of an update.
I finally managed to get it going well enough to get thunderbird to download existing emails.
I still cannot send emails to the server, from outside sources, nor send emails via SMTP from the server

Nov 17 21:09:57 ATL01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=73.122.136.155, lip=45.61.51.16, mpid=19267, TLS, session=<whvmArHt/9dJeoib>
Nov 17 21:11:41 ATL01 postfix/anvil[19139]: statistics: max connection rate 1/60s for (smtp:209.85.160.175) at Nov 17 21:07:43
Nov 17 21:11:41 ATL01 postfix/anvil[19139]: statistics: max connection count 1 for (smtp:209.85.160.175) at Nov 17 21:07:43
Nov 17 21:11:41 ATL01 postfix/anvil[19139]: statistics: max cache size 2 at Nov 17 21:07:49
Nov 17 21:13:41 ATL01 postfix/smtpd[19420]: connect from mail-qt1-f179.google.com[209.85.160.179]
Nov 17 21:13:41 ATL01 postfix/smtpd[19420]: 74E02603DD: client=mail-qt1-f179.google.com[209.85.160.179]
Nov 17 21:13:41 ATL01 postfix/smtpd[19420]: warning: connect to /var/log/policyServerSocket: No such file or directory
Nov 17 21:13:42 ATL01 postfix/smtpd[19420]: warning: connect to /var/log/policyServerSocket: No such file or directory
Nov 17 21:13:42 ATL01 postfix/smtpd[19420]: warning: problem talking to server /var/log/policyServerSocket: No such file or directory
Nov 17 21:13:42 ATL01 postfix/smtpd[19420]: 74E02603DD: reject: DATA from mail-qt1-f179.google.com[209.85.160.179]: 451 4.3.5 Server configuration problem; from=<[email protected]> to=<[email protected]> proto=ESMTP h$
Nov 17 21:14:14 ATL01 postfix/smtpd[19420]: disconnect from mail-qt1-f179.google.com[209.85.160.179]

I still can’t find any logs that define what the Server configuration problem could be.

Dovecot configuration

protocols = imap pop3
log_timestamp = "%Y-%m-%d %H:%M:%S "
#mail_location = maildir:/home/vmail/%d/%n/Maildir
#mail_location = mdbox:/home/vmail/%d/%n/Mdbox

ssl_cert = <cert.pem
ssl_key = <key.pem

mail_plugins = zlib

mdbox_rotate_size = 2M

namespace {
    type = private
    separator = .
    prefix = INBOX.
    inbox = yes
}

service auth {
    unix_listener auth-master {
        mode = 0600
        user = vmail
    }

    unix_listener /var/spool/postfix/private/auth {
        mode = 0666
        user = postfix
        group = postfix
    }

user = root
}

service auth-worker {
    user = root
}

protocol lda {
    log_path = /home/vmail/dovecot-deliver.log
    auth_socket_path = /var/run/dovecot/auth-master
    postmaster_address = [email protected]

    mail_plugins = zlib
}

protocol pop3 {
    pop3_uidl_format = %08Xu%08Xv
    mail_plugins = $mail_plugins zlib
}

protocol imap {
    mail_plugins = $mail_plugins zlib imap_zlib
}

passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf.ext
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf.ext
}

userdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf.ext
}

plugin {

  zlib_save = gz
  zlib_save_level = 6

}

service stats {
    unix_listener stats-reader {
        user = vmail
        group = vmail
        mode = 0660
    }
    unix_listener stats-writer {
        user = vmail
        group = vmail
        mode = 0660
    }
}
local_name mail.siterack.org {
        ssl_cert = </etc/letsencrypt/live/mail.siterack.org/fullchain.pem
        ssl_key = </etc/letsencrypt/live/mail.siterack.org/privkey.pem
}

local_name mail.vinciwatches.com {
        ssl_cert = </etc/letsencrypt/live/mail.vinciwatches.com/fullchain.pem
        ssl_key = </etc/letsencrypt/live/mail.vinciwatches.com/privkey.pem
}

local_name mail.simliga.com {
        ssl_cert = </etc/letsencrypt/live/mail.simliga.com/fullchain.pem
        ssl_key = </etc/letsencrypt/live/mail.simliga.com/privkey.pem
}

local_name mail.cncnautique.com {
        ssl_cert = </etc/letsencrypt/live/mail.cncnautique.com/fullchain.pem
        ssl_key = </etc/letsencrypt/live/mail.cncnautique.com/privkey.pem
}

Postifx config

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_protocols = all
mydestination = localhost, localhost.localdomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES


myhostname = vinciwatches.com
mynetworks = 127.0.0.0/8
message_size_limit = 30720000
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_cano$
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
inet_interfaces = all
smtp_tls_security_level = may

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
smtpd_data_restrictions = check_policy_service unix:/var/log/policyServerSocket
smtpd_policy_service_default_action = DUNNO

I am also getting the following errors when restarting the mail services.

[root@atl01 ~]# systemctl restart postfix

** (pkttyagent:6071): WARNING **: 04:06:09.065: Unable to register authenticatio                                                                                                           n agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine u                                                                                                           ser of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.E                                                                                                           rror.Failed: Cannot determine user of subject (polkit-error-quark, 0)

CybePanel has the following in your /etc/fstab:

proc    /proc        proc        defaults,hidepid=2    0 0

CyberPanel hides the proc filesystem (/proc/sys) from the shell that uses polkit (component for controlling system-wide privileges).

Solution: You need to create a group for polkitd user (polkitd provides the org.freedesktop.PolicyKit1 D-Bus service on the system message bus where admins or sudousers should not need to start this daemon cause it should be start by systemd)

Assign that group to access proc filesystem.

$ groupadd nohideproc
# change user primary group
$ usermod -a -G nohideproc polkitd
$ mount -o remount,rw,hidepid=2,gid=nohideproc /proc
$ systemctl restart polkit
$ reboot

Once done, edit the fstab:

$ nano /etc/fstab

comment the following line :

# proc /proc proc defaults,hidepid=2 0 0

add the following line:

proc /proc proc defaults,hidepid=2,gid=nohidproc 0 0

has No DMARC Record found

No DMARC Record found and DNS Record not found

No DMARC Record found

No DMARC Record found

https://community.cyberpanel.net/t/how-to-manually-set-up-spf-dkim-and-dmarc-inside-cyberpanel/30666

Dmarc wouldn’t have anything to do with the issues I was having. That’s just for spam. I went ahead and paid for the plugin, and ran the mail server debugger. I gave up. All is working now.
Of course that was before I saw your fstab edits which may have fixed it.
I still don’t why adding a new domain broke everything.

There’s no customers on this server. Just me.
I haven’t ever set up DMARC, just SPF records, and haven’t had any going to junk issues, even with Yahoo who tends to be stricter than Google.

I never said its the issue.

I pointed an easy issue that needs fixing and i was in the process of trying to figure out the reasons your postfix fails to work as expected.

If your issue has been fixed kindly share the fix or reason why it failed for the community and finally close this question.

Went back and added more to my reply. Bumped the send on my cell before I was done

All is working now, and I was even able to setup my spam scanners.
That’s a beautiful header right there

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: by server.example.com (Postfix, from userid 5004)
	id A5A60A12E6; Fri, 18 Nov 2022 08:53:57 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	atl01.cncnautique.com.localdomain
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	HTML_MESSAGE,NO_DNS_FOR_FROM autolearn=no autolearn_force=no version=3.4.0
Received: from mail-qt1-f178.google.com (mail-qt1-f178.google.com [209.85.160.178])
	by server.example.com (Postfix) with ESMTPS id D95CBA12E1
	for <[email protected]>; Fri, 18 Nov 2022 08:53:55 +0000 (UTC)
Received: by mail-qt1-f178.google.com with SMTP id w4so2769307qts.0
        for <[email protected]>; Fri, 18 Nov 2022 00:53:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=siterack-net.20210112.gappssmtp.com; s=20210112;
        h=in-reply-to:from:to:content-language:subject:references:user-agent
         :mime-version:date:message-id:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Frri/13Nok+JF7tV4uRlItgIVTXtD8mW8VtImS6Kw2g=;
        b=DwW1aHdMvuRsCVZvTeJeQZFC2LsJ6lpJjzx5ABSVuMbXoKDyj+agxNNqEIdfT1IZwn
         0+pI4bktUeKZAQKFD4LEQvfePwALAxDMcLv8NbAujI3TfBcm6hEnnvIfK5udFraww3dp
         l1OiCIrTQX3P6h9t9S9dJO232Vx0kx6dAPSe1q/zi+/BTFFUUqBwDicgC7S0lx3FZt7K
         qz59U7LFg6J1aTRK8/SapQl3iSCyuOCLA2VlEKonj9W/stpgnFJlGFvjpU6XlBpTTrRG
         QGvih8FRn+dmql4TZm4TEZ4XcBsImzVtMgstwW76/Kc2RqOR0gtSRvRHiNMc/49axXeu
         b1Lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=in-reply-to:from:to:content-language:subject:references:user-agent
         :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject
         :date:message-id:reply-to;
        bh=Frri/13Nok+JF7tV4uRlItgIVTXtD8mW8VtImS6Kw2g=;
        b=pS5xL0+XVtavHnR0gRQUrlpIBpVqybYH4t80DkvOIDb6sAwLgOollU7CV14FxSe2Nd
         R5LNsSlldidYzOoSAGUiiD1h/VXSfxdd3Xlx+rBBvLJUMjrFTqvV+b8EtrxRYHX0xrwO
         fb3GQZcJnP/h3OkA3kqTLLNDKAT8O5IxxeB1fX4KIATlojDn+3Zb1v4URigyz/qO097H
         IezfT1pZ/jskx8qpANu2c54/juv4v8Tf1uDr4vQtnrqx0Q/91hvBlcMN2zJb0AZ/6+MV
         wqbaYAOvga454f24VGJJJTm1ZtmGB2i9hmEJ2RF9GTK3xtBvyTVpGtkgbrOGfXjMR5zf
         7Abg==
X-Gm-Message-State: ANoB5pny9U7fYthZ3HdoeOvjYvaZmclAkF8WVadgxuVZsePeFao6r1Mz
	wIEs4W4Qj/EoLUkZigV/HN0W+4QoU6uy3NnM
X-Google-Smtp-Source: AA0mqf7KNVmgC17dHyAv1TJAgJVIYaQYCD5x2F1RVKWlCCh4kVPXZxtmMLJox/cb3Jthv3YP2+ckzQ==
X-Received: by 2002:ac8:5355:0:b0:3a5:4074:4753 with SMTP id d21-20020ac85355000000b003a540744753mr5630438qto.605.1668761635104;
        Fri, 18 Nov 2022 00:53:55 -0800 (PST)
Received: from [192.168.0.211] (c-73-122-136-155.hsd1.ga.comcast.net. [73.122.136.155])
        by smtp.gmail.com with ESMTPSA id z15-20020a05622a124f00b003a51e6b6c95sm1731076qtx.14.2022.11.18.00.53.54
        for <[email protected]>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 18 Nov 2022 00:53:54 -0800 (PST)
Content-Type: multipart/alternative;
 boundary="------------sKUupUM0x0pP0L5qUrJx6Vjr"
Message-ID: <[email protected]>
Date: Fri, 18 Nov 2022 03:53:54 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.5.0
References: <[email protected]>
Subject: Fwd: SSL Cert
Content-Language: en-US
To: [email protected]
From: xxxxxxxx <[email protected]>
In-Reply-To: <[email protected]>
X-Forwarded-Message-Id: <[email protected]>
X-Rspamd-Queue-Id: D95CBA12E1
X-Rspamd-Server: atl01.cncnautique.com.localdomain
X-Spamd-Result: default: False [-5.90 / 15.00];
	DWL_DNSWL_HI(-3.50)[gappssmtp.com:dkim];
	RCVD_IN_DNSWL_HI(-1.00)[209.85.160.178:from,73.122.136.155:received];
	RCVD_DKIM_ARC_DNSWL_HI(-1.00)[];
	R_DKIM_ALLOW(-0.20)[siterack-net.20210112.gappssmtp.com:s=20210112];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	RWL_MAILSPIKE_GOOD(-0.10)[209.85.160.178:from];
	DKIM_TRACE(0.00)[siterack-net.20210112.gappssmtp.com:+];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	RCVD_TLS_LAST(0.00)[];
	DMARC_NA(0.00)[siterack.net];
	ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US];
	RCVD_COUNT_THREE(0.00)[3];
	R_SPF_SOFTFAIL(0.00)[~all];
	MID_RHS_MATCH_FROM(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[[email protected]];
	TO_DN_NONE(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[]
X-Rspamd-Action: no action

This is a multi-part message in MIME format.
--------------sKUupUM0x0pP0L5qUrJx6Vjr
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

What was the issue?

How did you fix it?

I have no idea.
I went ahead and paid for the RSPAMD plugin, which included mail debugger.
I ran the mail debugger, and it stripped out and reinstalled the mailserver, and set the configs back up.
I did try manually reinstalling dovecot and postfix, beforehand, but manually didn’t work either.
But whatever, I didn’t feel like wasting anymore time, so paid the $7 to end a headache.

I was nearly ready to just wipe and reload the server, until I found they had this plugin.
Glad I didn’t have to go that route, as I spent a lot of time hardening it.
One thing is for sure. Cyberpanel is very different from cPanel, under the GUI

@ScrapMTL

Where and how did you install RSPAMD and get, i seem to be having the same issues,
MY SSL cert didnt renew i manually renewed and now i cant send or receive emails,
cant access Rainloop just comes up with a server error

Use port 143 (STARTTLS) or 110 (Non-secure)

Dear, i use both port also but same error seen
I am stuck with this this Please help & again thanks for reply.

Kindly open your own topic