Here’s the updated version with the replacements you requested:

Hi everyone,

I’ve recently encountered an issue and I’m hoping to get some advice here.

I run a Mailcow mail server, and a friend uses my server as a relay for his Exchange Server, which unfortunately only has a dynamic IP. To handle this, I have a script that regularly checks the DynDNS of the Exchange Server and updates the address in Postfix’s extra.cf file:

extra.cf:
myhostname = mail.mydomain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 185.xx.xx.227/32

This setup has worked flawlessly until yesterday. In rspamd, I used to get logs like this:

HFILTER_HOSTNAME_UNKNOWN (8.5)
IP_REPUTATION_SPAM (5.553349) [asn: 9063(0.40), country: DE(-0.01), ip: 185.xx.xx.227(1.00)]
BAYES_HAM (-5.5) [99.99%]
MIME_BASE64_TEXT (0.1)
MIME_GOOD (-0.1) [multipart/mixed,multipart/alternative,text/plain]
MX_GOOD (-0.01) []
FROM_EQ_ENVFROM (0)
MAILCOW_DOMAIN_HEADER_FROM (0) [friendsdomain.com]

Emails were delivered without any issues.

However, starting today, I’m getting errors like these:

SPOOFED_UNAUTH (50)
HFILTER_HOSTNAME_UNKNOWN (8.5)
R_SPF_FAIL (8) [-all]
DMARC_POLICY_QUARANTINE (8) [friendsdomain.com : No valid SPF, No valid DKIM,quarantine]
IP_REPUTATION_SPAM (5.55427) [asn: 9063(0.40), country: DE(-0.01), ip: 185.xx.xx.227(1.00)]
BAYES_HAM (-5.5) [99.99%]

I haven’t changed anything in the setup, including the SPF/DKIM settings, and my friend also hasn’t made any changes on the Exchange Server.

Additionally, here’s the relevant part of the Postfix log:

17.09.2024, 15:57:52	info	disconnect from unknown[185.xx.xx.227] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1 commands=6/7
17.09.2024, 15:57:52	info	8688B32006A: milter-reject: END-OF-MESSAGE from unknown[185.xx.xx.227]: 5.7.1 This message does not meet our delivery requirements; from=<hofmann@friendsdomain.com> to=<jonathan@mydomain.de> proto=ESMTP helo=<mail.mydomain.de>
17.09.2024, 15:57:51	info	8688B32006A: message-id=<86f54384578249db88248043c7391ea6@friendsdomain.com>
17.09.2024, 15:57:51	info	8688B32006A: client=unknown[185.xx.xx.227]
17.09.2024, 15:57:51	info	Anonymous TLS connection established from unknown[185.xx.xx.227]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
17.09.2024, 15:57:48	info	connect from unknown[185.xx.xx.227]
17.09.2024, 15:57:48	warning	warning: hostname 227-xxx-xxx-185.ip-addr.ewr.de does not resolve to address 185.xx.xx.227: Name or service not known
17.09.2024, 15:57:48	info	ALLOWLISTED [185.xx.xx.227]:14729
17.09.2024, 15:57:48	info	CONNECT from [185.xx.xx.227]:14729 to [172.22.1.253]:25

Does anyone have an idea what could be causing this or what I should check?

Thanks in advance for your help!

  • esackbauer
    With the help of an older Github ticket mailcow/mailcow-dockerized5826
    I was able to solve it. When we set this up, there was a part in the documentation with
    “Edit data/conf/rspamd/local.d/options.inc aswell:”
    not yet. I have extended my script to include this. That works. What surprises me is that it worked from one day to the next.

    Thank you very much for your support

    I have a similar setup, and I can only recommend that you run a VPN tunnel between you two.
    You can then configure your mailcow LAN IP in your friends exchange.
    Bonus: you could add a transport map to send to your friends mail domain directly via VPN tunnel to his exchange server.

      Have something to say?

      Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

      esackbauer

      Unfortunately, this did not work with VPN behind the firewall. I am particularly irritated that it stopped working overnight. After all, it has been working for months now.

      I just got it working by adding the ddns domain to “Forwarding Hosts”. But I also tested it once. If the IP behind the domain changes, it is not taken over until now

      Do you have any tips on how to update the entry? Gladly also via the console, then I can script it

      P.s. It is foreseeable that the friend will get a static IP and I no longer have to be the relay 🙂

        esackbauer
        With the help of an older Github ticket mailcow/mailcow-dockerized5826
        I was able to solve it. When we set this up, there was a part in the documentation with
        “Edit data/conf/rspamd/local.d/options.inc aswell:”
        not yet. I have extended my script to include this. That works. What surprises me is that it worked from one day to the next.

        Thank you very much for your support

          No one is typing