Topic: Unable to receive email (mx record set correctly)

[rwolff]

Hi all,

although I set up the SME Server 7.0 as Server+Gateway properly I'm unable to receive email from the outer world.

I searched the forum and encountered lots of similar problems and posts and most of them helped me for diagnosis, but I didn't manage it to get working.

The mailserver works fine inside the LAN - sending and receiving emails between SME Server users with the webmailer horde and other email clients does work.

Sending emails to the outer world (GMX, web, etc) works too, only receiving mails fails.

Here are my settings:

---

The domain is: studio-mitte.de

The SME Server Hostname is: vater

The network setup is: Internet > D-Link VPN-Router > SME Server 7.0

I'm working with a subnetted network 192.168.1.0/26, D-Link VPN Router WAN IP Adress is 217.91.127.51 (static IP provided by ISP), its LAN IP is 192.168.1.1

The WAN IP of SME Server is 192.168.1.65, the LAN IP 192.168.1.66

The static routing table of the D-Link Router routes to 192.168.1.65 as the SME Server routes to 192.168.1.1

The DMZ of the D-Link Router is 192.168.1.1 forwarding ports 1~65535 to 192.168.1.65 (SME Server WAN IP) and ports 1~5000 to 192.168.1.66 (SME Server LAN IP).

A portscan from the outer world says:
25 (SMTP) open
53 (DNS Cache) not visible (set open in SME Server)
110 (POP3) open
465 (SMTPS) open
993 (IMAPS) filtered

the command "dig studio-mitte.de MX" returns the following:

[from outside network:]
; <<>> DiG 9.2.2 <<>> studio-mitte.de MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30210
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;studio-mitte.de.               IN      MX

;; ANSWER SECTION:
studio-mitte.de.        3600    IN      MX      100 mail.studio-mitte.de.

;; Query time: 94 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)

[from SME Server, set to internet DNS resolution:]
; <<>> DiG 9.2.4 <<>> studio-mitte.de MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2562
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;studio-mitte.de.               IN      MX

;; ANSWER SECTION:
studio-mitte.de.        3178    IN      MX      100 mail.studio-mitte.de.

;; Query time: 3 msec
;; SERVER: 192.168.1.66#53(192.168.1.66)

[from SME Server with local DNS resolution, which should be default:]
; <<>> DiG 9.2.4 <<>> studio-mitte.de MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47297
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;studio-mitte.de.               IN      MX

;; ANSWER SECTION:
studio-mitte.de.        86400   IN      MX      0 vater.studio-mitte.de.

;; Query time: 4 msec
;; SERVER: 192.168.1.66#53(192.168.1.66)

The command "dig 217.91.127.51 MX" returns no answer.

When sending an email to the server, the GMX MAILER DAEMON sais:

"<testmail@studio-mitte.de>:
Sorry,_I_couldn't_find_a_mail_exchanger_or_IP_address._(#5.4.4)/

--- Below this line is a copy of the message.

Return-Path: <remoteaccount@gmx.de>
Received: (qmail 22865 invoked by uid 0); 23 Aug 2006 08:26:41 -0000
Received: from 217.91.127.51 by www020.gmx.net with HTTP;"

The SME Server log "qsmtpd/current" has only entries about sent mail, not about received or rejected mails.

The SME Server firewall settings say: SMTP set to public.

Telnet 25 from outside world works.
---

That's it. I'm quite helpless, because it should be working. The only thing that confuses me is that a remote MX query returns "mail.studio-mitte.de" (which is correct) - but an internal MX query does return "vater.studio-mitte.de"

Could that be the clue? And if it is, where do I change the MX Setting of the SME Server??? I didn't find anything in the documentation.

Has anyone a suggestion?

Greetings,
Robert Wolff

[jonic]

There seems to be a problem with your dns records. You can check at http://www.dnsreport.com. You don't have an A record for you mail server (mail.studio-mitte.de cannot be resolved to an ip address).
I think adding an A record for your mail server, should solve the problem

[barryf]

You also appear to have your server/gateway with its internal and external interfaces on the same subnet.  This is probably going to confuse it.  Our internal IP address is 192.168.0.  while the external range, which links to the router is 192.168.100.   Changing one of them and forwarding port 25 to the external address should fix it


Barry

[rwolff]

Thanks a lot for the quick replies!

In fact I'm kind of a network noob, the subnetting/routing issues make my brain ache.

I changed the external IP of the Server to .62 (which is the last IP of Subnet 1) and set a route from .66 (LAN IP of SME Server) to .62

Is it that what you meant? The D-Link Device now points to .62, DMZ is .62, too.

Changing the network settings didn't get the email thing working, it might really be the A-record-missing-thing for mail.studio-mitte.de ...

[jonic]

If your sme server is the gateway for your network (your computers are connectecting to a switch to which you also connected the local network of the  SME Server) - then you should use a different ip class for the local network - let's say 192.168.2.0/255.255.255.0. Set your local ip for the SME Server 192.168.2.1, and your computers should get ip's in the same class through the sme server's dhcp (192.168.2.x/255.255.255.0)

If you connected the local computers directly to the router, and they get their ips from the router, as does the SME server - then you should set SME to operate only in server mode (the gateway is now your d-link router).

Anyway this won't help you with the mail problems, this will only get your local network organized properly.

[rwolff]

Thanks for the advise.

I'm using two subnets to restrict internet access of our workstations (we are an audio post-production company) and to prevent fileserver access from customers connecting their notebooks to our WLAN.

The Setup is

192.168.1.0/26 for public access and
192.168.1.64/26 for SME Server, fileserver and workstations

We can't use DHCP because we use the SME Server as Primary Domain Controller and our audio production software (Steinberg Nuendo) needs static IP adresses to work properly within a network.

So that's why our SME Server is Server+Gateway (it's the router for the second subnet).

But you are right: it doesn't fix the email problem

[jonic]

Thanks for the advise.
The Setup is

192.168.1.0/26 for public access and
192.168.1.64/26 for SME Server, fileserver and workstations

A more simpler setup would be:
192.168.1.0/24 for public access and
192.168.2.0/24 for SME Server, fileserver and workstations

But yours will work just as fine.

As I see your dns server is not the SME server, but ns.namespace4you.de. You should be able to access it through a web interface of some sort, and add an  A record for the mail server, linking mail.studio-mitte.de to 217.91.127.51.

[rwolff]

This is exactly what I'm going to do. Thanks to your help again - I didn't know that an A record for the mail server has to be set - next time some deeper studies about networking/dns will prevent further mishaps.

But adding this record may take a while - the former server administrator who created the dns entry two years ago is unreachable for us. And only he has the password for the customer login at domainfactory.de (they host our dns entries). I keep on trying to track him in Germany...

But I'm quite confident that adding the record will fix the problem...

[JonB]

Actually you have 2 possibilities

Add the A record for mail.studio-mitte.de

or

change the MX record to studio-mitte.de

I can telnet into your mail server on studio-mitte.de so your port forwarding is correct. Once you get the DNS sorted you will be able to receive email.

Jon

[rwolff]

The A record was reset and now it works!

Thanks to you guys!

Time to go home

[CharlieBrady]

Actually you have 2 possibilities

Add the A record for mail.studio-mitte.de

or

change the MX record to studio-mitte.de

You could also just delete the MX record. MX records are optional. Mail clients should use an A record if no MX record is found.

[JonB]

Charlie,

I agree that based on the RFC MX records are not necessary, however it is becoming more and more of a necessity as some SPAM filtering software used by ISP's will block email coming from a domain that does not have a valid MX record. While not strictly legit it does block zombie PC's from sending spam.

These days anyone running a mail server on a dynamic IP or without a MX record is asking for trouble.

Jon