Hello,

I broke my server and had to reinstall everything. I created a user and an alias for my domain account, me@example.com on my box, box.example.com

I get an error message when trying to send a message:

SMTP Error (553): Failed to add recipient “recipient@example_1.com”
(5.7.1 me@example.com: Sender address rejected: not
owned by user me@example.com).

Does anyone know what this error means and how to fix it?

Cheers,

also:

Wildcard Certificates Coming January 2018
Jul 6, 2017 • Josh Aas, ISRG Executive Director

Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS… If you’re excited about wildcard availability and our mission to get to a 100% encrypted Web, we ask that you contribute to our summer fundraising campaign.

You are attempting to relay email through this server and have not authenticated Most likely you are seeing this message because you have not authenticated. To use this server as a relay (to send email to an outside address using your domain name), you must authenticate first.

You can do this in one of two ways: SMTP Authentication - SMTP AUTH is a method for
verifying a user’s login and password before allowing mail to be sent to other mail servers on the Internet. Your email client is required to log in before sending mail. This method allows you to simply enter your username and password (the same ones you use for POP or IMAP) in the SMTP settings in your email program.

If my domain runs on a different server, why should I install a certificate for my domain on my miab server?

Also, I tried to run Let’s Encrypt on my linode server.
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

and got errors that will not update:
Reading package lists… Done
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-min
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-min
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python-cffi-backend-api-min
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-max
W: Ignoring Provides line with DepCompareOp for package python3-cffi-backend-api-min
W: You may want to run apt-get update to correct these problems

But running apt-get again returns the same errors. I saw this suggestion:

nano /etc/apt/sources.list
and comment the repos you don’t need

and this:

According to the launchpad bug this issue is actually harmless. But if you really want to fix this you have to update your apt version.

https://bugs.launchpad.net/openstack-manuals/+bug/1511462

sudo apt-get install nginx
sudo nano /etc/nginx/sites-available/default
inside the server block add:
server {
. . .

    location ~ /.well-known {
            allow all;
    }

    . . .

}

Find the miab root directive. Perhaps it is nano /etc/nginx/conf.d/local.conf? The nginx default root directive is /usr/share/nginx/html)

sudo nginx -t
sudo service nginx restart
certbot certonly --webroot --webroot-path=/usr/share/nginx/html -d example.com -d www.example.com
sudo ls -l /etc/letsencrypt/live/your_domain_name
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

If you’re receiving the “553 Sorry that domain isn’t allowed to be relayed through this host” error, then that means that SMTP authentication has not been enabled in your email program. You’ll need to enable SMTP authentication in order to be able to send emails."

Per MIAB, "If your machine is behind a hardware firewall (or virtual equivalent, such as an AWS security group), ensure that the following ports are open:

• 22 (SSH),
• 25 (SMTP),
• 53 (DNS; must be open for both tcp & udp),
• 80 (HTTP),
• 443 (HTTPS),
• 587 (SMTP submission),
• 993 (IMAP),
• 995 (POP) and
• 4190 (Sieve)."

So, I entered
ufw status

To Action From

22 ALLOW Anywhere
53 ALLOW Anywhere
25/tcp ALLOW Anywhere
587 ALLOW Anywhere
993 ALLOW Anywhere
995 ALLOW Anywhere
4190/tcp ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere

So, although port 25 was open, it was only open for tcp and not smtp.

so I entered
sudo ufw allow 25

ufw status now shows 25 available

*Note: It is common for SMTP servers to use port 587 for outbound mail.

Allow All Incoming IMAP: To allow your server to respond to IMAP connections, port 143, run this command:
sudo ufw allow 143

Allow All Incoming IMAPS: To allow your server to respond to IMAPS connections, port 993, run this command:
sudo ufw allow 993

According to the manual smtpd_sender_login_maps need to be set.

Setting it to the same value as virtual_mailbox_maps worked for me.

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
Also, if your maps live in a database, keep in mind you need to actually select a field, not just “1” like some howtos are suggesting.

good

query = SELECT email FROM postfix_mailbox_maps where email = ‘%s’;

bad

query = SELECT 1 FROM postfix_mailbox_maps where email = ‘%s’;

“you need an entry in the forwarding table where source and destination contain the same email address.”

How would I try this suggestion?

Add an alias in the admin panel… but I am going to guess that you have broken this install by trying to add certbot … LE functionality is already built in.

I decided to try yunohost since I couldn’t fix it. But, thanks kindly for your input.

I tried yunohost but couldn’t load my subdomain web pages so I have to try to fix miab.

Is it ok to have a user and an alias? I thought that was incorrect?

You should not have an alias and a user for the same address.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.