System status check

1

I’m wondering why my mail in a box status page says,

Public DNS (nsd4) is not running (port 53).
:heavy_multiplication_x:

Incoming Mail (SMTP/postfix) is running but is not publicly accessible at 123.231.14.105:25.
:heavy_multiplication_x:

Outgoing Mail (SMTP 465/postfix) is running but is not publicly accessible at 123.231.14.105:465.
:heavy_multiplication_x:

Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at 123.231.14.105:587.
:heavy_multiplication_x:

IMAPS (dovecot) is running but is not publicly accessible at 123.231.14.105:993.
:heavy_multiplication_x:

Mail Filters (Sieve/dovecot) is running but is not publicly accessible at 123.231.14.105:4190.
:heavy_multiplication_x:

HTTP Web (nginx) is running but is not publicly accessible at 123.231.14.105:80.
show more
:heavy_multiplication_x:

HTTPS Web (nginx) is running but is not publicly accessible at 123.231.14.105:443.

Reverse DNS is also set to mail2.lanka4us.com

I have checked these ports using dnschecker.org port scanner. it shows them as OPEN, but mail in a box says they cannot be publicly accessible.

I am able to send and receive mails from internet.

Could someone help me to identify the issue.

2

Can you provide more information?

  • Was this all ok before?
  • How is Mailinabox deployed? On a VPS? With which provider?
  • Is there a firewall involved somewhere?
3

Hi, thanks for replying. Background is as follows.

  1. This runs in a virtual machine on my own.
  2. Only the isp’s router with the firewall.
  3. Runs on Ubuntu 22.04 server with a fresh install. No other services runs.
  4. This is first install on this isp network.All ports are open/directed to this machine.
  5. Very recently installed and from the very beginning it shows errors.
  6. Tried formating and reinstalling several times.but errors same.

Thanks

4

These checks try to access the mentioned services on the public ip address. Apparently something in your setup causes the system to not be able to reach itself through its public ip address. I guess something network related.
Since these services are actually publically reachable, so I don’t think there’s an actual problem. The Mailinabox code that does the checks just isn’t build for your current situation, which is a bit different than expected.

You might want to look into the firewall/router and/or virtual machine and see how it handles access to your own ip address.

5

If MIAB in the private network need to reach it’s own services via public IP address, then “hairpin nat” is required in the router.
https://en.wikipedia.org/wiki/Network_address_translation#NAT_hairpinning

6

And then, after you’ve got it working, make sure your router’s external address and internal address are on these config lines. The config is built by the install process, but it doesn’t know about hairpin routing and doesn’t add network internal addresses.

This one is needed so fail2ban doesn’t block legitimate traffic from within your network (eg you ssh’ing into the server).

/etc/fail2ban/jail.d/mailinabox.conf
ignoreip = 127.0.0.1/8 …

And add this one if you are sending mail (eg status reports) from within your network to your MIAB server.

/etc/postfix/main.cf
mynetworks = 127.0.0.0/8 …

7

Appreciate the support extended to me. I have reached to ISP for hairpining support on my router configuration.

When they confirmed I’ll follow everyone’s suggestions and will update here accordingly, So it will help others who faced such scenarios.

8

Dear All,

Thank you all for your valuable comments, Which I have followed. Some help me to understand lot.

As far as, I know this is an issue arising from the ISP end. Even I reached to them, there is no response from them.

So, I change the ISP, installed the system. Now all are working as expected.
Thank you all for your kindness to help others. Really appreciate it.

1 Like