mail server down after a 2-3 week period

aaP_labinotberisha96

Every server using aapanel is going down after a week or so, and wont send more emails, just doesnt show email successfully sent, and when i reinstall it works fine. can u find me a solution for this.

aaPanel_Kern

Hello, what is the version of the mail server you are using? What is the panel version?
Is there any other error message? This prompt will not affect the use

aaP_labinotberisha96

One server has Mail Server 6.6.3
one is with Mail Server 6.2

and both are having same issue

and here is the mail server log:

i have used the fix/repair function but the problems keeps coming and happening

aaPanel_Kern

Hello, please check if the email user exists? No records of your domain are found in the log
What is the version of the panel?

aaP_labinotberisha96

aaPanel_Kern

Hello, can you check the postfix configuration file of the mail server?

aaP_labinotberisha96

aaP_alin_rzv

The error message you're encountering indicates that the email delivery has failed due to the recipient's server rejecting the sender's email address. Specifically, the recipient at john@label2co.com is rejecting the sender because of an "Access Denied" issue. This could happen due to various reasons, such as:

Blacklist or Spam Filters: The sender's domain or email address might be blacklisted, or the email might be flagged as spam by the recipient's mail server.
Sender Verification Issues: The recipient's server may require SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), or DMARC (Domain-based Message Authentication, Reporting & Conformance) verification, which the sender's server may not be configured for.
SMTP Server Issues: The SMTP server you are using might have been blocked or is not authorized to send emails on behalf of your domain.
To resolve this:

Verify that the sender's domain is not blacklisted.
### Check the SPF, DKIM, and DMARC records for the sender’s domain.
Contact the recipient's mail server administrator to see if they can provide more details or whitelist the sender.
Check with your email provider to ensure there are no restrictions or issues with your SMTP server.

aaP_labinotberisha96

See /usr/share/postfix/main.cf.dist for a commented, more complete version

Debian specific: Specifying a file name will cause the first

line of that file to be used as the name. The Debian default

is /etc/mailname.

#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

appending .domain is the MUA's job.

append_dot_mydomain = no

Uncomment the next line to generate "delayed mail" warnings

#delay_warning_time = 4h

readme_directory = no

See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on

fresh installs.

compatibility_level = 2

TLS parameters

#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = vmi2240443.contaboserver.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_mailbox_domains = sqlite:/etc/postfix/sqlite_virtual_domains_maps.cf
virtual_alias_maps = sqlite:/etc/postfix/sqlite_virtual_alias_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_maps = sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_mailbox_maps.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_use_tls = yes
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
milter_default_action = accept
message_size_limit = 102400000

smtpd_tls_chain_files = /etc/ssl/private/ssl-cert-snakeoil.key,/etc/ssl/certs/ssl-cert-snakeoil.pem
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_black

aaP_labinotberisha96

I fixed it using deepseek it updated the configuration file of postfix

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2

TLS parameters

smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_chain_files = /etc/ssl/private/ssl-cert-snakeoil.key,/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = vmi2240455.contaboserver.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

Virtual domains and mailboxes

virtual_mailbox_domains = sqlite:/etc/postfix/sqlite_virtual_domains_maps.cf
virtual_alias_maps = sqlite:/etc/postfix/sqlite_virtual_alias_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_maps = sqlite:/etc/postfix/sqlite_virtual_mailbox_maps.cf, sqlite:/etc/postfix/sqlite_virtual_alias_domain_mailbox_maps.cf

SASL authentication

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_use_tls = yes

LMTP for virtual transport

virtual_transport = lmtp:unix:private/dovecot-lmtp

Milter configuration

smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
milter_default_action = accept

Message size limit

message_size_limit = 102400000

and now it is perfectly working.

Recommended Fixes

Resolve SSL Certificate Issues
Generate a Self-Signed Certificate:
If you don't have a valid SSL certificate, generate a self-signed one:

bash
Copy
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem
Set Correct Permissions:
Ensure the key file has the correct permissions:

bash
Copy
sudo chmod 600 /etc/ssl/private/ssl-cert-snakeoil.key
sudo chmod 644 /etc/ssl/certs/ssl-cert-snakeoil.pem
Verify Configuration:
Ensure the following lines are present in main.cf:

bash
Copy
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_chain_files = /etc/ssl/private/ssl-cert-snakeoil.key,/etc/ssl/certs/ssl-cert-snakeoil.pem

Fix SASL Authentication
Install SASL Packages:
Ensure the required SASL packages are installed:

bash
Copy
sudo apt update
sudo apt install sasl2-bin libsasl2-modules
Configure Dovecot for SASL:
If you're using Dovecot, ensure it is properly configured. Edit /etc/dovecot/conf.d/10-master.conf and add:

bash
Copy
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
Restart Dovecot and Postfix:
After making changes, restart the services:

bash
Copy
sudo systemctl restart dovecot
sudo systemctl restart postfix

Configure mydestination
Add the domains for which Postfix should accept mail. For example:

bash
Copy
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

Verify SQLite Configuration
Ensure the SQLite files specified in the configuration exist and are properly configured. For example:

/etc/postfix/sqlite_virtual_domains_maps.cf

/etc/postfix/sqlite_virtual_alias_maps.cf

/etc/postfix/sqlite_virtual_mailbox_maps.cf

These files should contain valid SQL queries to retrieve domain, alias, and mailbox information.

Test the Configuration
After making changes, test the Postfix configuration:

bash
Copy
sudo postfix check
sudo postfix reload
Monitor the logs for errors:

bash
Copy
sudo tail -f /var/log/mail.log
Updated Configuration Example
Here’s an example of how your main.cf might look after applying the fixes:

bash
Copy
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2

TLS parameters

Virtual domains and mailboxes

SASL authentication

LMTP for virtual transport

virtual_transport = lmtp:unix:private/dovecot-lmtp

Milter configuration

Message size limit

message_size_limit = 102400000

aaPanel_Kern

Hello, is it normal to delete this configuration file and restart postfix?
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_black

aaP_labinotberisha96

it did work and again crashed, won't sent, probably somethign to do with postfix,

i tried to delete and hit repari or restart, nothing works.

aaP_labinotberisha96

after deletion of mailserver and reinstallation, it is working perfectly fine. but couldn't figure out what is the issue