Topic: Cannot receive mail from outside -- solved
==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Ubuntu 16.04.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL 5.6
- Web server (Apache or Nginx): Apache 2.4
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
This is more a comment rather than a question as it has been solved successfully after considerable efforts.
This is a great program. It requires diligent attention to detail. It is not easy.
I was fully able to email to all accounts on the server. But was not receiving outside emails. It appears that port 25 was not open. I do not use port 25. But apparently it is vital to the success of the program. I use more secure ports.
The question that may not be fully stated is the difference between the server configuration and subsequent website/email DNS configurations.
Almost all of the documentation refers to the DNS settings for the server itself. But in my case, I wanted to have the server separate from each of the associated websites. Amazon web services does not acknowledge the necessity for POP email. Only recently establishing the ability to receive IMAP email. I wanted POP email for Outlook.
The simple answer was multiple MX entries for each server. The underlying CNAME name and A NAME DNS parameters only apply to the underlying website. The MX servers can be multiple IP addresses. That was the key. Multiple MX entries while leaving the individual website IP addresses unchanged. I use Cloudflare CDN for all applications. It is the best. It is also possible that the SPF text files additionally include your server IP address. The SPF text files may include multiple IP addresses.
So in the end it appeared the simple answer for me was opening port 25 and enabling the MX entry for my server set to 0 priority. Each of you will have your own individual answers.
Additionally, I followed the very detailed network ports documentation. Make certain that you publicly open all the specific ports including 25, 587, 110, 995, 143, 993, 4190, 80, and 443.
Additionally I privately opened ports 3306, 5432, 389, 636, was 10024, 10026, 9998, 7777. These ports are not opened to the public. They are only open to my specific IP address. Only Zhang can tell you whether this is a critical step.
Five star kudos for this program. It is highly complex. But having your own private email server is essential in today's world. No one should be using Gmail or Hotmail. They are spying on all of you.
Good luck. Hope this helps. In the end, I have always found the final solution to all networking problems is a simple answer. It does not mean that this is not a complex program. It is. But the final steps and hangups are usually answered with very simple but highly targeted answers. Not general suggestions. But very specific instructions. "iptables -L -n" was one example of an invaluable CLI instruction set.