Hello everyone! I recently set up a Dockerized Mailcow server on my Ubuntu 20.04 server. When I go to send emails from my Mailcow SoGo account, they are never received by the person I try to send them to. I just get an email saying, “Your message could not be delivered for more than 4 hours.” I can’t receive emails either. However, if I send it to another email within the Mailcow account I set up, then it works. I’ve attached my DNS below. If anyone could help, it’d be greatly appreciated!
EnglishCannot Send nor Receive Emails
Your SPF record is invalid, there’s a missing space between the IP and -all:
$ dig journevia.com TXT +short
"v=spf1 ip4:68.81.62.164-all"Your DKIM seems to be fine:
$ dig dkim._domainkey.journevia.com TXT +short
"v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw17F3/90Gb0utqE3m2KTu4fbuWkuzh1sjQjBl7/KbFu5kE2QYcvcbdo6XpdIxn8jEB+72V02h2m3UPwekxuwJ/EM1M8mhH17JCgMEM/OaCKdl8aPW6wIPhkkD1iDS6TGwBKLEP7BeFQlwPz/U7m+1rgEScBimxTgNunF6PC8PZdjkPLmlXpBsNm" "tHd10re9uCUpMYWeeOZ8kWb2lFibhuxjXpN2EA2iY7bajL7u6LIfG+7eOsP4JCUdAHlYRQcOMvbsZciu6ug2TkiDanLrgBLsGdOO6Gf15GSJqTphmw6hDf2mN4IhtSbQIUTEmj6ZuLqpA/IdIIhhHUPPv6lGJAQIDAQAB"Also, you currently have two mailservers configured:
$ dig journevia.com MX +short
0 mail.journevia.com.
30 mx.journevia.com.However both mailservers point to the same server anyways?
$ dig mail.journevia.com A +short
68.81.62.164
$ dig mx.journevia.com A +short
68.81.62.164And additionally something blocks external traffic on port 25:
$ nc -vz mail.journevia.com 25 -w 3
nc: connect to mail.journevia.com port 25 (tcp) timed out: Operation now in progress
nc: connect to mail.journevia.com port 25 (tcp) failed: Connection refusedSo there’re indeed couple of things very wrong. Basically:
- Clean up your DNS zone and only configure one MX entry when you only have one mailserver.
- Also you have 2 A-records for
mx.journevia.compointing, I guess, to the same IP? Why? - Fix your broken SPF record
- Use the correct FQDN your mailserver has been configured for.
- Check your network / firewall settings to allow external connections
Also wondering, why do you redact the values but show your real domain?
Have something to say?
Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!
pkernstock I’ve now fixed the issues you’ve pointed out. However, I can’t seem to be able to fix the fifth issue about the firewall. The firewall on my Ubuntu server is disabled.
$ sudo ufw status
Status: inactiveHow do you think I could fix this issue? Should I set up a port forward on my router to forward port 25 to my server? Also, thank you so much for your help with those DNS issues.
pkernstock Also, it says that Docker does have access to port 25 when I run sudo lsof -i -P -n.
docker-pr 595709 root 4u IPv4 2883658 0t0 TCP *:25 (LISTEN)docker-pr 595722 root 4u IPv6 2878130 0t0 TCP *:25 (LISTEN)- Edited
~: nmap mail.journevia.com -p 25
Starting Nmap 7.80 ( https://nmap.org ) at 2022-04-28 09:04 CEST
Nmap scan report for mail.journevia.com (68.81.62.164)
Host is up (0.25s latency).
rDNS record for 68.81.62.164: c-68-81-62-164.hsd1.pa.comcast.netPORT STATE SERVICE
25/tcp filtered smtpNmap done: 1 IP address (1 host up) scanned in 3.39 seconds
There must be a reason for this.
I have:
PORT STATE SERVICE
25/tcp open smtp
Maybe a “grep” in “syslog” after port 25 shows the error?
Next step might be to check if there is an external firewall? (Is the server self-hosted at home?)
Should I set up a port forward on my router to forward port 25 to my server?
Port 25 must be reachable from the internet – so yes, if your router does not forward port 25, this is something you must change.
It sounds like you are running mailcow on a server at home. Be aware that many (or most) ISPs block port 25 for home users, so this could also be your problem.
accolon I’ve setup a port forward on my router for port 25. Now, nc -vz mail.journevia.com 25 -w 3 outputs Connection to mail.journevia.com 25 port [tcp/smtp] succeeded! However, I still can’t send or receive emails. When I go to dmarcanalyzer.com and enter my domain, I get the following error: You are missing out on the aggregated DMARC data. What does this error message mean? If you could help, it’d be greatly appreciated!
- Edited
When I go to dmarcanalyzer.com and enter my domain, I get the following error: You are missing out on the aggregated DMARC data. What does this error message mean?
Running dig txt _dmarc.journevia.com:
;; ANSWER SECTION:
_dmarc.journevia.com. 1800 IN TXT "v=DMARC1;p=quarantine;"Your DMARC record is missing a rua or ruf tag containing a mail address where DMARC reports can be sent to. Since these tags are optional, the error message is just a reminder that you won’t receive these reports. I don’t think it has anything to do with your original problem.
However, I still get this:
~ % nmap mail.journevia.com -p 25
Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-29 18:07 CEST
Nmap scan report for mail.journevia.com (68.81.62.164)
Host is up (0.12s latency).
rDNS record for 68.81.62.164: c-68-81-62-164.hsd1.pa.comcast.net
PORT STATE SERVICE
25/tcp filtered smtpAre you sure Comcast is not filtering connections to port 25 from the internet?
Just to note: Testing TCP/25 from the internal network won’t necessarily mean it’s accessible from outside, as we saw comparing the output.
I also agree with @accolon that a mailserver at home is a terrible idea. Especially as usually ISPs not always allow modifying the rDNS/PTR, often block TCP/25 incoming as well as outgoing and the receiving mailservers usually negatively rate IP ranges for home internet connections and makes reliable email delivery a lottery.
And it’s a NAT. (compare 
Mail with FROM and TO not managed by server (en/de) #openrelay) mailcow community
but there are already virtual servers starting at $5
No one is typing