- iRedMail version (check /etc/iredmail-release): 0.9.9 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer.
- Linux/BSD distribution name and version: Debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No

Hi, I have setup an iRedMail server in AWS, and outgoing mail isn't working. I'm trying to send a test email to two different addresses, one is another iRedMail server, the other is gmail. Both fail. Seems like the server can receive mail just fine. Here are the errors:

Error 1 from the other iRedMail server:

<wayne@theworkmans.us>: host mail.theworkmans.us[97.85.140.184] said: 550 5.1.0
    <wworkman@momil32.com>: Sender address rejected: User unknown in virtual
    mailbox table (in reply to RCPT TO command)

Error 2 from gmail:

<wayne.workman2012@gmail.com>: host gmail-smtp-in.l.google.com[173.194.74.27]
    said: 550-5.7.1 This message does not have authentication information or
    fails to pass 550-5.7.1 authentication checks. To best protect our users
    from spam, the 550-5.7.1 message has been blocked. Please visit 550-5.7.1
    https://support.google.com/mail/answer/ … entication for more 550
    5.7.1 information. a6si9227385iog.92 - gsmtp (in reply to end of DATA
    command)

Of note: The domain name momil32.com is hosted by hostgator - I have cpanel access to manage the DNS there, but they don't have a "SPF" type record. I've created a TXT record with an SPF entry in it like so:

mail.momil32.com  TXT      "v=spf1 ip4:18.223.39.255 -all"

The SPF record is the only difference I can identify from other iRedMail server installations I've done. Most I've done, I have the DNS hosted in AWS Route53 and they have an actual SPF record type. HostGator and cPanel don't have SPF record types available. I'm wondering if this is the issue, and if so what could I do about that?

I've setup DKIM and DMARC. The iRedMail server in question that cannot send email is hosted in AWS, I've submitted the proper form for them to lift all restrictions for outgoing mail on this server and to setup a PTR record, this is complete and the IP resolves correctly to the domain name.

I have these firewall rules set on the server (terraform syntax):

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 110
    to_port     = 110
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 993
    to_port     = 993
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 25
    to_port     = 25
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 143
    to_port     = 143
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 465
    to_port     = 465
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 587
    to_port     = 587
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
}