We tested Scrollout by installing from the iso internally and it works. So we wanted to move it to a VPS. As we can't install from the iso with VPS, we started with a clean netinstall of Debian 9, then followed the instructions from the website to install Scrollout F1 which appears to have gone through successfully.
We proceeded to configure SOF1 the same as we did when testing internally (except for networking / Connect details). Under Route we setup the 3 domains we use (eg. company1.com, company2.com and company3.com) and pointed all 3 to the WAN IP address of the company mail server (port forwarding is working as they are receiving normal emails at the moment, ie. not going through the SOF1 server). We are not using Collector but have set the mailbox address to collector@company1.com. All security levels are at defaults.
Currently, no emails will get forwarded by the new SOF1 server. Every message results in a similar message in the log (domain names and IPs changed) :-
Apr 19 02:42:56 mailfilter01 postfix/smtpd[16156]: NOQUEUE: reject: RCPT from tools.wormly.com[96.126.113.160]: 450 4.1.1 recipient@company1.com: Recipient address rejected: unverified address: host mail.company1.com[11.22.33.44] said: 450-4.1.7 root@company1.com: Sender address rejected: unverified address: Host or domain name not found. Name service error for name=domain1.com type=MX: Host not found, try again 450 4.1.7 F; from=test@tools.wormly.com to=recipient@company1.com proto=ESMTP helo=tools.wormly.com
Can't track down where domain1.com in the entry above comes from (it actually says domain1.com - I didn't change it). Every email results in rejected.
Any guidance on where to look to fix the problem is greatly appreciated.
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Look in the CONNECT tab to see if domain1.com is specified there and while you are there also verify that all your network settings are correct... including the host name, the search domain and the DNS servers.
Also. you say that you have setup 3 domain names to ROUTE. Did you add them in addition to the default first one to make a total of 4, or do you have a total of 3 including the default one? It is important to note that when SOF1 communicates with the email server, it does so using the first default domain in ROUTE, so it has to be a domain that is hosted on your email server.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There were 3 domains in total. I have scrapped the install and started completely from scratch again. This time I selected a different domain to test with which is hosted with a different mail server. The SOF1 now only has one domain (eg. mycompany.com).
The Connect tab has (details changed) :-
Hostname : mailfilter01
Local IP : 11.22.33.44 (the public IP of the VPS)
Mask : 32
Gateway : 99.88.77.66 (gateway provided by provider)
DNS Servers : 127.0.0.1 followed by providers DNS servers
DNS Suffixes : myotherdomain.com
Internal DNS Server : is ticked
Route Tab
Name : mailfilter01
Domain : mycompany.com
Mail server : [mycompany mail server address]
Collector : collector@mycompany.com
Now sending a test mail still fails with the following :-
Apr 20 11:45:06 mailfilter01 postfix/smtpd[3705]: NOQUEUE: reject: RCPT from tools.wormly.com[96.126.113.160]: 550 5.1.1 myemail@mycompany.com: Recipient address rejected: undeliverable address: host mail.mycompany.com[100.200.0.1] said: 550-Verification failed for root@mycompany.com 550-Unrouteable address 550 Sender verify failed (in reply to RCPT TO command); from=test@myoffice.com to=myemail@mycompany.com proto=ESMTP helo=tools.wormly.com
Seems to indicate failure for root@mycompany.com which of course does not exist on the target mail server.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
From another post in the forums, we found that emails will only flow through SOF1 if we set the Connection filter to 10. Setting it to anything else results in the above failures.
Do RBLs still work if the Connection filter is set to 10 ?
What else is disabled if the filter is set to 10 ?
Better yet, is there a way around this ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The reason it works when tested on premises is because the Public IP of the on premises network is recorded in the SPF record. However, when SOF1 was installed on a VPS externally, it's IP needed to be added to the SPF record as well, without which the above errors occurs if Connection Filter is set to anything other than 10.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We tested Scrollout by installing from the iso internally and it works. So we wanted to move it to a VPS. As we can't install from the iso with VPS, we started with a clean netinstall of Debian 9, then followed the instructions from the website to install Scrollout F1 which appears to have gone through successfully.
We proceeded to configure SOF1 the same as we did when testing internally (except for networking / Connect details). Under Route we setup the 3 domains we use (eg. company1.com, company2.com and company3.com) and pointed all 3 to the WAN IP address of the company mail server (port forwarding is working as they are receiving normal emails at the moment, ie. not going through the SOF1 server). We are not using Collector but have set the mailbox address to collector@company1.com. All security levels are at defaults.
Currently, no emails will get forwarded by the new SOF1 server. Every message results in a similar message in the log (domain names and IPs changed) :-
Apr 19 02:42:56 mailfilter01 postfix/smtpd[16156]: NOQUEUE: reject: RCPT from tools.wormly.com[96.126.113.160]: 450 4.1.1 recipient@company1.com: Recipient address rejected: unverified address: host mail.company1.com[11.22.33.44] said: 450-4.1.7 root@company1.com: Sender address rejected: unverified address: Host or domain name not found. Name service error for name=domain1.com type=MX: Host not found, try again 450 4.1.7 F; from=test@tools.wormly.com to=recipient@company1.com proto=ESMTP helo=tools.wormly.com
Can't track down where domain1.com in the entry above comes from (it actually says domain1.com - I didn't change it). Every email results in rejected.
Any guidance on where to look to fix the problem is greatly appreciated.
Thanks.
Look in the CONNECT tab to see if domain1.com is specified there and while you are there also verify that all your network settings are correct... including the host name, the search domain and the DNS servers.
Also. you say that you have setup 3 domain names to ROUTE. Did you add them in addition to the default first one to make a total of 4, or do you have a total of 3 including the default one? It is important to note that when SOF1 communicates with the email server, it does so using the first default domain in ROUTE, so it has to be a domain that is hosted on your email server.
There were 3 domains in total. I have scrapped the install and started completely from scratch again. This time I selected a different domain to test with which is hosted with a different mail server. The SOF1 now only has one domain (eg. mycompany.com).
The Connect tab has (details changed) :-
Hostname : mailfilter01
Local IP : 11.22.33.44 (the public IP of the VPS)
Mask : 32
Gateway : 99.88.77.66 (gateway provided by provider)
DNS Servers : 127.0.0.1 followed by providers DNS servers
DNS Suffixes : myotherdomain.com
Internal DNS Server : is ticked
Route Tab
Name : mailfilter01
Domain : mycompany.com
Mail server : [mycompany mail server address]
Collector : collector@mycompany.com
Now sending a test mail still fails with the following :-
Apr 20 11:45:06 mailfilter01 postfix/smtpd[3705]: NOQUEUE: reject: RCPT from tools.wormly.com[96.126.113.160]: 550 5.1.1 myemail@mycompany.com: Recipient address rejected: undeliverable address: host mail.mycompany.com[100.200.0.1] said: 550-Verification failed for root@mycompany.com 550-Unrouteable address 550 Sender verify failed (in reply to RCPT TO command); from=test@myoffice.com to=myemail@mycompany.com proto=ESMTP helo=tools.wormly.com
Seems to indicate failure for root@mycompany.com which of course does not exist on the target mail server.
From another post in the forums, we found that emails will only flow through SOF1 if we set the Connection filter to 10. Setting it to anything else results in the above failures.
Do RBLs still work if the Connection filter is set to 10 ?
What else is disabled if the filter is set to 10 ?
Better yet, is there a way around this ?
OK. Worked it out.
The reason it works when tested on premises is because the Public IP of the on premises network is recorded in the SPF record. However, when SOF1 was installed on a VPS externally, it's IP needed to be added to the SPF record as well, without which the above errors occurs if Connection Filter is set to anything other than 10.