I've found this in the defaults.inc.php of RC:

$config['password_charset'] = 'ISO-8859-1';

Shouldn't this set per default to UTF-8? Will it be safe to change it?

Yes, uwsgi and nginx is runnning
roundcube access successfully.
only iredadmin, Pro or not,
you can have a clean installation without doing anythings, and you will end up in this. as i have try many times.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Ubuntu 18.04.1 LTS 4.15.0-39-generic
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have the original domain with iRedMail that can send and receive email perfectly fine. I have added a second domain using the iRedMail admin panel and added a few users. This new domain can send but not receive emails. I have double and triple checked my DNS and verified these records with dig and nslookup. Looking at the mail log there is 0 mentions when I send email to these addresses. I'm not sure where to go from here. Any help would be greatly appreciated. Thanks.

Start by using some on-line check tools to  verify DNS settings (MX, A) and that it's possible to reach the server remotely
Example: hhttps://mxtoolbox.com/SuperTool.aspx
and test/verify MX, Blacklist Check, DNS lookup, Test Email server, Email Deliverability etc.
Then you can have an idea of whats going on.

As far as I understand, this is an error on the RECEIVING END, (Exchange server) and not the SENDER. It's not that clear in the link You posted, I must admit.
The receving mailserver is an  MS-Exchange, and the on-line guide describes how to fix the problem in MS-Exchange.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Debian 9.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

When I run with host.my.domain replaced as appropriate ...
certbot certonly --webroot --agree-tos --email postmaster@my.domain -d host.my.domain -w /var/www/html/

I get ...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for host.my.domain
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. host.my.domain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://host.my.domain/.well-known/acme- … -DoZqdd-Q: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: host.my.domain
   Type:   unauthorized
   Detail: Invalid response from
   http://host.my.domain/.well-known/acme- … -DoZqdd-Q:
   "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

I have checked and rechecked and validated that the firewall has port 80 open and is going to the right machine.

here is the contents of the log file referred to.

2018-11-15 13:38:16,847:DEBUG:certbot.main:Root logging level set at 20
2018-11-15 13:38:16,848:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-11-15 13:38:16,849:DEBUG:certbot.main:certbot version: 0.10.2
2018-11-15 13:38:16,849:DEBUG:certbot.main:Arguments: ['--webroot', '--agree-tos', '--email', 'postmaster@my.domain', '-d', 'host.my.domain', '-w', '/var/www/html/']
2018-11-15 13:38:16,850:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2018-11-15 13:38:16,850:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2018-11-15 13:38:16,851:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7ff4b024bc90>
Prep: True
2018-11-15 13:38:16,851:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7ff4b024bc90> and installer None
2018-11-15 13:38:16,856:DEBUG:certbot.main:Picked account: <Account(7ad62847678bde2e194d52fd5e1d8931)>
2018-11-15 13:38:16,857:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2018-11-15 13:38:16,862:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2018-11-15 13:38:17,162:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2018-11-15 13:38:17,163:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: J0YZiA7tad3TPrKHvdEpi1KrkUPbioKOv0SjTduEcUA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 15 Nov 2018 13:38:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Nov 2018 13:38:17 GMT
Connection: keep-alive

{
  "8rhQ8v4_eRw": "https://community.letsencrypt.org/t/add … tory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA … 5-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2018-11-15 13:38:17,164:INFO:certbot.main:Obtaining a new certificate
2018-11-15 13:38:17,164:DEBUG:root:Requesting fresh nonce
2018-11-15 13:38:17,164:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2018-11-15 13:38:17,537:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
2018-11-15 13:38:17,538:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Replay-Nonce: 1hRSI394vXW3nn09BKNLn0_3y0usCNxp1b9O4CuQPm4
Expires: Thu, 15 Nov 2018 13:38:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Nov 2018 13:38:17 GMT
Connection: keep-alive

2018-11-15 13:38:17,538:DEBUG:acme.client:Storing nonce: 1hRSI394vXW3nn09BKNLn0_3y0usCNxp1b9O4CuQPm4
2018-11-15 13:38:17,538:DEBUG:acme.client:JWS payload:
{
  "identifier": {
    "type": "dns",
    "value": "host.my.domain"
  },
  "resource": "new-authz"
}
2018-11-15 13:38:17,542:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
  "header": {
    "alg": "RS256",
    "jwk": {
      "e": "AQAB",
      "kty": "RSA",
      "n": "tbx9vBaosojBBybkaU7sTcdqgnEKfqwcvoCnaFqrOYFev9smgFfbe7dtIv_RsmbbZNTahVfFRsciV4VdZ5cC8vMyUKbJYcCLsStuh-RPM3AQctluFTuaHE7mOFVpnQn1AZzpzXUzVZnKYzut0xbe5xu9KvsqqGcJGvNIQbrYPywA9ikstCsrNDzWhKn-NY4FfPLt$
    }
  },
  "protected": "eyJub25jZSI6ICIxaFJTSTM5NHZYVzNubjA5QktOTG4wXzN5MHVzQ054cDFiOU80Q3VRUG00In0",
  "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAibWFpbDQucGNobXQubmV0IgogIH0sIAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0",
  "signature": "lwrcg7Au_c7iyPRR60OojXb4XYZH50P-C6N09iypFME96apYS58frjrxBi0ojbnG_BSWE5fZfQ718R-2WbotAQaB3GTccxgJXCZHhFOYDExW5yRlyUmOxY5QpMnI_FfInlKJ-8Wxw_t6hdzB6dzRXS7oNxMJbZ9e4hDSySeguUNHNFK9m0oKuYAjCzIiAu95$
}
2018-11-15 13:38:17,796:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 994
2018-11-15 13:38:17,797:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 994
Boulder-Requester: 45775963
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/ac … wUd3yb6Pn0
Replay-Nonce: QfodM7kMESuliTSIABTNtNmxXtUpoInnYmS9EE1ZSDQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 15 Nov 2018 13:38:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Nov 2018 13:38:17 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "host.my.domain"
  },
  "status": "pending",
  "expires": "2018-11-22T13:38:17Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/ac … 9316544547",
      "token": "FYUfDzhwar1YzHKyASwGDPsRtHnSLqE05Y2p32kCUR0"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/ac … 9316544548",
      "token": "Af7RVl6qgMhacHjgQ_v2psORRYxG3QulyUzPJPdJiv8"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/ac … 9316544549",
      "token": "8H4D1PoMeneJTPoa4Yh4itxffYsGHbmnbnHFy_LL8k4"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      1
    ],
    [
      2
    ]
  ]
}
2018-11-15 13:38:17,797:DEBUG:acme.client:Storing nonce: QfodM7kMESuliTSIABTNtNmxXtUpoInnYmS9EE1ZSDQ
2018-11-15 13:38:17,798:DEBUG:acme.challenges:tls-alpn-01 was not recognized, full message: {u'status': u'pending', u'token': u'8H4D1PoMeneJTPoa4Yh4itxffYsGHbmnbnHFy_LL8k4', u'type': u'tls-alpn-01', u'uri': u$
2018-11-15 13:38:17,798:INFO:certbot.auth_handler:Performing the following challenges:
2018-11-15 13:38:17,798:INFO:certbot.auth_handler:http-01 challenge for host.my.domain
2018-11-15 13:38:17,799:INFO:certbot.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2018-11-15 13:38:17,799:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2018-11-15 13:38:17,803:DEBUG:certbot.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/FYUfDzhwar1YzHKyASwGDPsRtHnSLqE05Y2p32kCUR0
2018-11-15 13:38:17,804:INFO:certbot.auth_handler:Waiting for verification...
2018-11-15 13:38:17,804:DEBUG:acme.client:JWS payload:
{
  "keyAuthorization": "FYUfDzhwar1YzHKyASwGDPsRtHnSLqE05Y2p32kCUR0.iZWJoB2e6S0BwOjektqnhox7oxpsVIh850IxkAdFzlw",
  "type": "http-01",
  "resource": "challenge"
}
2018-11-15 13:38:17,808:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/ac … 316544547:
{
  "header": {
    "alg": "RS256",
    "jwk": {
      "e": "AQAB",
      "kty": "RSA",
      "n": "tbx9vBaosojBBybkaU7sTcdqgnEKfqwcvoCnaFqrOYFev9smgFfbe7dtIv_RsmbbZNTahVfFRsciV4VdZ5cC8vMyUKbJYcCLsStuh-RPM3AQctluFTuaHE7mOFVpnQn1AZzpzXUzVZnKYzut0xbe5xu9KvsqqGcJGvNIQbrYPywA9ikstCsrNDzWhKn-NY4FfPLt$
    }
  },
  "protected": "eyJub25jZSI6ICJRZm9kTTdrTUVTdWxpVFNJQUJUTnRObXhYdFVwb0lublltUzlFRTFaU0RRIn0",
  "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIkZZVWZEemh3YXIxWXpIS3lBU3dHRFBzUnRIblNMcUUwNVkycDMya0NVUjAuaVpXSm9CMmU2UzBCd09qZWt0cW5ob3g3b3hwc1ZJaDg1MEl4a0FkRnpsdyIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3$
  "signature": "A2xgV7KvFFHdi2hjuKrOus0tvqizV3I2YkwgQ4PN3CVllJIYiaTdVC6c61Q6HWwm6WAI21ZKoJsl8xoBREnUep8RodLfv6L7F2DkGHIkKBgkK6911CzJtXUmsIGjsD2NFj9GFsUtvtGrg6KSObkvub3tS3hHty9-ttOVKZP15INRer2kbzQFsa2noPWpQtNS$
}
2018-11-15 13:38:18,016:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/3ttXuazGjDUlHYjBO1vTHxRv0PJaQQlHNwUd3yb6Pn0/9316544547 HTTP/1.1" 202 336
2018-11-15 13:38:18,017:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Requester: 45775963
Link: <https://acme-v01.api.letsencrypt.org/ac … wUd3yb6Pn0>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/ac … 9316544547
Replay-Nonce: MXLzs5IyIkjFg7MG2Z1wDlVsB5MeJ-j_TADCXbA0QQ4
Expires: Thu, 15 Nov 2018 13:38:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Nov 2018 13:38:18 GMT
Connection: keep-alive

{
  "type": "http-01",
  "status": "pending",
  "uri": "https://acme-v01.api.letsencrypt.org/ac … 9316544547",
  "token": "FYUfDzhwar1YzHKyASwGDPsRtHnSLqE05Y2p32kCUR0",
  "keyAuthorization": "FYUfDzhwar1YzHKyASwGDPsRtHnSLqE05Y2p32kCUR0.iZWJoB2e6S0BwOjektqnhox7oxpsVIh850IxkAdFzlw"
}
2018-11-15 13:38:18,017:DEBUG:acme.client:Storing nonce: MXLzs5IyIkjFg7MG2Z1wDlVsB5MeJ-j_TADCXbA0QQ4
2018-11-15 13:38:21,019:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/ac … Ud3yb6Pn0.
2018-11-15 13:38:21,252:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/3ttXuazGjDUlHYjBO1vTHxRv0PJaQQlHNwUd3yb6Pn0 HTTP/1.1" 200 2139
2018-11-15 13:38:21,253:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: gN42yetHuJ5EnuTWRMnFAXWrUbI4c_ymJzwV3XMZ14M
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 2139
Expires: Thu, 15 Nov 2018 13:38:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Nov 2018 13:38:21 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "host.my.domain"
  },
  "status": "invalid",
  "expires": "2018-11-22T13:38:17Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:unauthorized",
        "detail": "Invalid response from http://host.my.domain/.well-known/acme- … 2p32kCUR0: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\$
        "status": 403
      },
      "uri": "https://acme-v01.api.letsencrypt.org/ac … 9316544547",
      "token": "FYUfDzhwar1YzHKyASwGDPsRtHnSLqE05Y2p32kCUR0",
      "validationRecord": [
        {
          "url": "http://host.my.domain/.well-known/acme- … Y2p32kCUR0",
          "hostname": "host.my.domain",
          "port": "80",
          "addressesResolved": [
            "81.174.162.68"
          ],
          "addressUsed": "81.174.162.68"
        },
        {
          "url": "https://host.my.domain/.well-known/acme … Y2p32kCUR0",
          "hostname": "host.my.domain",
          "port": "443",
          "addressesResolved": [
            "81.174.162.68"
          ],
          "addressUsed": "81.174.162.68"
        }
      ]
    },
    {
      "type": "dns-01",
      "status": "invalid",
      "uri": "https://acme-v01.api.letsencrypt.org/ac … 9316544548",
      "token": "Af7RVl6qgMhacHjgQ_v2psORRYxG3QulyUzPJPdJiv8"
    },
    {
      "type": "tls-alpn-01",
      "status": "invalid",
      "uri": "https://acme-v01.api.letsencrypt.org/ac … 9316544549",
      "token": "8H4D1PoMeneJTPoa4Yh4itxffYsGHbmnbnHFy_LL8k4"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      1
    ],
    [
      2
    ]
  ]
}
2018-11-15 13:38:21,254:DEBUG:acme.challenges:tls-alpn-01 was not recognized, full message: {u'status': u'invalid', u'token': u'8H4D1PoMeneJTPoa4Yh4itxffYsGHbmnbnHFy_LL8k4', u'type': u'tls-alpn-01', u'uri': u$
2018-11-15 13:38:21,255:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: host.my.domain
Type:   unauthorized
Detail: Invalid response from http://host.my.domain/.well-known/acme- … 2p32kCUR0: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not$

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2018-11-15 13:38:21,255:INFO:certbot.auth_handler:Cleaning up challenges
2018-11-15 13:38:21,255:DEBUG:certbot.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/FYUfDzhwar1YzHKyASwGDPsRtHnSLqE05Y2p32kCUR0
2018-11-15 13:38:21,256:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /var/www/html/.well-known/acme-challenge
2018-11-15 13:38:21,257:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 849, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 626, in obtain_cert
    action, _ = _auth_from_available(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 107, in _auth_from_available
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 291, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 262, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 77, in get_authorizations
    self._respond(resp, best_effort)
  File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 134, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 198, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. host.my.domain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://host.my.domain/.well-know$

I do see a similar problem when I try to save a forwarding or an alias - it says record saved but the field is empty. When I have a look in the database, I see that an entry in the forwarding table is made but with address and forwarding being the same instead of having the forwarding email address in the forwarding field.
Is this related to the bug you already found and when will be the release date for the update that fixes this behavior?

All the best

Mike

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8 OPENLDAP edition
- Linux/BSD distribution name and version: Ubuntu 16.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,

I'm trying to block specific incoming attachments (.doc) with amavis for a particular domain. I followed this post https://forum.iredmail.org/topic3734-ir … users.html but the blocked attachment passes through amavis.

Entry in amavisd.conf

...
%banned_rules = (
  'BLOCK_ALL' =>  new_RE(
   [qr'N=.*\.(doc)$'xmi => 'BOUNCE'],
  'DEFAULT' => $banned_namepath_re,
);

1;  # insure a defined return

I've added the following Attribute to the domain in the openldap backend:

amavisBannedRuleNames: BLOCK_ALL

Am I doing something wrong ?

Like I said in the OP. The email server works fine. I can send and receive fine from the original domain. It's the new domain added to iRedMail that cannot receive email. I rechecked my DNS again and its all fine.

this user is a straight of the box user using global spam protection and nothing else, and that's what has me stumped. none of the other 18 user accounts show any signs of missing mail, just this one account.

I have no idea why email was missed. Do you remember any difference between this user and other normal mail users?

If no log in Postfix log file at all, that means other mail servers don't know the real mail server of your new mail domain name yet. It's very possible that DNS records are not flushed by DNS server (running by you or DNS vendor).

Try to send some more testing email from Gmail/Hotmail/Outlook/... for testing.

Amavisd is not configured to query LDAP anymore, you should update SQL table "amavisd.policy" (column "banned_rulenames") instead.

Sorry about this trouble.
We're preparing new iRedMail + iRedAdmin-Pro release. please be patient.

Try to create this file manually, then visit it with web browser.
it's possible that your Nginx configuraion has some improper configuration.

Dear Zhang,

  Went?

Thanks
Napoleon

Thanks. Using amavis debug I can see that the rule is being applied now but my .doc filtering does not seem to work (propably a syntax issue). Blocking all attachments as in https://forum.iredmail.org/topic3734-ir … users.html works.

Do you see a problem with this block rule ?

%banned_rules = (
  'BLOCK_DOC' =>  new_RE(
    [ qr'N=.*\.(doc)$'   => 1 ] ),
  'DEFAULT' => $banned_namepath_re,
);

Sorry Zhang, it turned out to be a NAT problem after all. I set the NAT and the associated Port Rules, but failed to enable part of the rules. Your post made me go back and look at it again more carefully. Thanks. A simple case of the obvious being missed (again no doubt).

Мы представляем очень качественные услуги прокси-серверов пакетами. Вам лично необходим стабильный личный прокси для работы в Instagram, Вконтакте,Однокласниках или Авито? Вы увлекаетесь букмекерскими ставками или покером? SEO,SMM, по настоящему безопасный серфинг либо другие цели? Тогда вы по нужному адресу.

Мы можем предложить анонимные, элитные, прокси-сервера с качественной круглосуточной поддержкой. Наши прокси могут применяться для самых разных программ,сервисов, социальных сетей, онлайн игр и не только. Авторизация по логин - паролю или IP адресу.

Быстрые прокси ipv4 и ipv6 (до 100 мбит/с) обеспечат стабильную работу. Надобны разные подсети, у нас их много. Так же вы сможете выбрать тип протокола HTTP/SOCKS.

<a href=https://proxywhite.com/>ipv4 proxy</a>

the only true difference is that this email account receives a hundred plus emails a day with some coming in all at one time, i have not looked to see if this issue is happening during one of the spurts of emails or not. could a mass of emails all coming in around the same time cause a bottleneck so to speak and create an issue like this?