mailcow instance behind a duocircle/mailhop inbound email gateway timesout

ConanMan

OK I have just migrated to mailcow, the system went live today and it’s all gone to pot. Mailcow refuses to accept inbound mails. They TIMEOUT (see image)

SO I read their docs and they said to whitelist a tonne of stuff

so I did:

nano /opt/mailcow-dockerized/data/conf/postfix/extra.cf

myhostname = mail.[*******]
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 104.232.45.0/24 204.27.244.0/24 54.191.214.3/32 54.149.210.130/32 54.191.214.36/32 54.191.151.194/32 54.148.219.64/32 [very long list that matches theirs]

then I restarted the container

docker compose restart postfix-mailcow

and now my postfix logs show this:

docker-compose logs -f --tail=200 postfix-mailcow

mailcowdockerized-postfix-mailcow-1 | Jun 9 16:35:38 c95772950b0a postfix/smtpd[372]: connect from inbound3a.ore.mailhop.org[54.186.60.165]
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:35:38 c95772950b0a postfix/smtpd[372]: C383533C26F7: client=inbound3a.ore.mailhop.org[54.186.60.165]
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:30 c95772950b0a postfix/postscreen[351]: CONNECT from [80.94.95.167]:50993 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:30 c95772950b0a whitelist_forwardinghosts: Look up 80.94.95.167 on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:31 c95772950b0a postfix/dnsblog[450]: addr 80.94.95.167 listed by domain bl.mailspike.net as 127.0.0.2
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:32 c95772950b0a postfix/dnsblog[448]: warning: dnsblog_query: lookup error for DNS query 167.95.94.80.bl.spamcop.net: Host or domain name not found. Name service error for name=167.95.94.80.bl.spamcop.net type=A: Host not found, try again
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:33 c95772950b0a postfix/postscreen[351]: PASS NEW [80.94.95.167]:50993
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:34 c95772950b0a postfix/dnsblog[453]: addr 80.94.95.167 listed by domain zen.spamhaus.org as 127.0.0.9
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:34 c95772950b0a postfix/dnsblog[453]: addr 80.94.95.167 listed by domain zen.spamhaus.org as 127.0.0.4
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:34 c95772950b0a postfix/dnsblog[453]: addr 80.94.95.167 listed by domain zen.spamhaus.org as 127.0.0.2
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:38 c95772950b0a postfix/dnsblog[447]: warning: dnsblog_query: lookup error for DNS query 167.95.94.80.b.barracudacentral.org: Host or domain name not found. Name service error for name=167.95.94.80.b.barracudacentral.org type=A: Host not found, try again
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:40 c95772950b0a postfix/smtpd[399]: timeout after DATA (0 bytes) from inbound4b.ore.mailhop.org[54.149.154.28]
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:40 c95772950b0a postfix/smtpd[399]: disconnect from inbound4b.ore.mailhop.org[54.149.154.28] ehlo=1 mail=1 rcpt=1 data=0/1 commands=¾
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:41 c95772950b0a postfix/smtpd[460]: connect from unknown[80.94.95.167]
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:59 c95772950b0a postfix/smtpd[460]: improper command pipelining after EHLO from unknown[80.94.95.167]: QUIT\r\n
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:36:59 c95772950b0a postfix/smtpd[460]: disconnect from unknown[80.94.95.167] ehlo=1 quit=1 commands=2
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:37:12 c95772950b0a postfix/postscreen[351]: CONNECT from [84.54.50.215]:57995 to [172.22.1.253]:25
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:37:12 c95772950b0a whitelist_forwardinghosts: Look up 84.54.50.215 on whitelist, result 200 DUNNO
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:37:12 c95772950b0a postfix/dnsblog[457]: warning: dnsblog_query: lookup error for DNS query 215.50.54.84.bl.spamcop.net: Host or domain name not found. Name service error for name=215.50.54.84.bl.spamcop.net type=A: Host not found, try again
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:37:12 c95772950b0a postfix/dnsblog[456]: addr 84.54.50.215 listed by domain hostkarma.junkemailfilter.com as 127.0.0.2
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:37:12 c95772950b0a postfix/dnsblog[456]: addr 84.54.50.215 listed by domain hostkarma.junkemailfilter.com as 127.0.1.1
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:37:13 c95772950b0a postfix/dnsblog[454]: addr 84.54.50.215 listed by domain bl.mailspike.net as 127.0.0.2
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:37:13 c95772950b0a postfix/dnsblog[451]: addr 84.54.50.215 listed by domain zen.spamhaus.org as 127.0.0.3
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:37:13 c95772950b0a postfix/dnsblog[451]: addr 84.54.50.215 listed by domain zen.spamhaus.org as 127.0.0.4
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:37:13 c95772950b0a postfix/dnsblog[451]: addr 84.54.50.215 listed by domain zen.spamhaus.org as 127.0.0.2
mailcowdockerized-postfix-mailcow-1 | Jun 9 16:37:13 c95772950b0a postfix/dnsblog[451]: addr 84.54.50.215 listed by domain zen.spamhaus.org as 127.0.0.9

which as far as I can see says that it has the source whitelisted. But the mailhop people are adamant that they re being denied and timing out

Now.

I have configured mailhop to deliver to mail.****.domain:2525 which was NOT on the list of inbound ports https://docs.mailcow.email/client/client-manual/ I did this because 587 and 465 did not work but I noticed: 2525 responds in telnet: but is this a mistake on my part?

I forgot to add I also added all the ip’s to forward hosts

![
](https://)

ConanMan

I have just commented out the #mynetworks line for a try and I see this now in the postfix logs

NOQUEUE: reject: RCPT from inbound4b.ore.mailhop.org[54.149.154.28]: 554 5.7.1 <inbound4b.ore.mailhop.org[54.149.154.28]>: Client host rejected: Access denied; from=<some.email@gmail.com> to=<test@***.domaink> proto=ESMTP helo=<inbound4b.ore.mailhop.org>
mailcowdockerized-postfix-mailcow-1  | Jun  9 17:00:30 c95772950b0a postfix/submission/smtpd[380]: disconnect from inbound4b.ore.mailhop.org[54.149.154.28] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
mailcowdockerized-postfix-mailcow-1  | Jun  9 17:00:31 c95772950b0a postfix/smtpd[382]: connect from unknown[147.78.103.242]
mailcowdockerized-postfix-mailcow-1  | Jun  9 17:00:31 c95772950b0a postfix/smtpd[382]: disconnect from unknown[147.78.103.242] ehlo=1 auth=0/1 quit=1 commands=2/3

surely this shouldn’t happen if I have set the forwarding host?

Forwarding Hosts
Incoming messages are unconditionally accepted from any hosts listed here. These hosts are then not checked against DNSBLs or subjected to greylisting. Spam received from them is never rejected, but optionally it can be filed into the Junk folder. The most common use for this is to specify mail servers on which you have set up a rule that forwards incoming emails to your mailcow server.

esackbauer

Why did you use to deliver to 2525? Please stick to 25.
I use a Sophos Firewall as incoming gateway. All I had to do is define its IP address as forwarding host (System-Configuration then Options-Forwarding Hosts) and disable Spam checks altogether on that host, as Sophos does all that.