I've hacked my server to bits and now I need help.
Everything was working, but I think these issues started when I tried to add a VPN server to this server to test some items at work. That process added fail2ban and a few other things.
When I check the mail error logs at /var/log/mail.err I see nothing at all. (the logs are blank)
/var/log/mail.log is writing, but I never see anything relevant to the emails that are being sent.
This is on all hosted domains.
I can not telnet to port 25 from outside the server, but I can telnet from the server to itself on port 25. Postfix is listening on 25.
UFW has allow rules to allow 25/tcp and to allow Postfix on both IPv4 and IPv6.
This is a VPS running Ubuntu 20.04 and is regularly updated.
What can I supply to figure out where the problem is?
Update 1:
Results of iptables-save: https://pastebin.com/REywGKsq
Update 2:
I have found that test emails work if I connect via IPv6, but fail with IPv4.
Update 3:
results of postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 51200000
milter_default_action = accept
milter_protocol = 6
mydestination = domain1.com, localdomain, localhost, localhost.localdomain, domain2.com, domain3.com, domain4.com
myhostname = box.domain1.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:8891
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_milters = inet:localhost:8891
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
virtual_alias_domains = domain5.com domain2.com domain3.com domain4.com domain1.com
virtual_alias_maps = hash:/etc/postfix/virtual
Results of netstat -rn (IP addresses masked)
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 AAA.BBB.CCC.1 0.0.0.0 UG 0 0 0 ens3
10.8.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br-5e7471c33f48
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
AAA.BBB.CCC.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3
Best Answer
You have an iptables chain
FILTERS
It allows only TCP ports 22,80 and 443 and rejects all other packets. All your ufw chains on INPUT are inactive.