==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Deployed with iRedMail Easy or the downloadable installer? Installer
- Linux/BSD distribution name and version: Ubuntu 16.04.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): n/a
- Web server (Apache or Nginx): n/a
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue. None seen.
====

I have recently changed one of my ISPs and am looking to point one of the new IP addresses to my existing mailserver. Trouble is, I have missed something because it is not working. I would be grateful if someone could help me spot what I have overlooked.

For the sake of this explanation, I am going to use the following

old public IP address: 1.2.3.4
planned new IP address: 5.6.7.8

My domain: mydomain.net
Mailserver FQDN: mail.mydomain.net
mail.mydomain.net resides on a 172.16.x.x local network with inbound traffic NAT'd to it. This address is unchanged.

Currently, my DNS has the following entries with all set to a 300 sec TTL to facilitate rapid propogation for change-over
mydomain.net - A - 1.2.3.4
mail.mydomain.net - A - 1.2.3.4
mail.mydomain.net - MX - mail.mydomain.net
dkim._domainkey.mydomain.net - TXT - "domain key string"
mydomain.net - TXT - "spf string changed to include both 1.2.3.4 and 5.6.7.8 addresses"
_dmarc.mydomain.net - TXT - "DMARC string"

This works fine and has done for approaching two years.

The mailserver is behind a firewall and NAT'd with ports 25, 143, 587 and 443 opened. Port 80 is set up in the NAT but disabled and only opened for SSL cert updates.

I then did the following ...
1) amended the DNS settings as follows
mydomain.net - A - 1.2.3.4 (NOT changed)
mail.mydomain.net - A - 5.6.7.8 (changed)
mail.mydomain.net - MX - mail.mydomain.net (NOT changed)
dkim._domainkey.mydomain.net - TXT - "domain key string" (NOT changed)
mydomain.net - TXT - "spf string changed to include both 1.2.3.4 and 5.6.7.8 addresses" (NOT changed)
_dmarc.mydomain.net - TXT - "DMARC string" (NOT changed)

2) set the new rDNS for 5.6.7.8 at my new ISP

3) Added the NAT settings for 5.6.7.8 to point to the mailserver both inbound and outbound. The old 1.2.3.4 settings were left in place, but the interface shutdown.

I then checked the connectivity with mxtoolbox and confirmed the SMTP and rDNS were working getting all greens on their test.

I sent an email from myself@mydomain.net to a gmail account set to forward all received emails to myself@mydomain.net (effectively reflecting it back to myself). The outbound email from myself@mydomain.net reached the gmail account fine and was reflected back to the myself@mydomain.net account by gmail but never arrived in the inbox.

I then used the wormly SMTP test site to send myself a test email which reported that the SMTP was actively refusing connection.

When I changed the mail.mydomain.net setting back to 1.2.3.4 (at both NAT and DNS) and restarted the shutdown interface, the wormly test email was sent perfectly.

What have I missed?

Any suggestions much appreciated. Its clearly something simple - I just can't figure out what?

Thank you in advance.