What is the cause of "private/rewrite: Connection refused" in Postfix?

Hello everybody,

Excuse me but I recently build a mail server with Postfix & Dovecot.
I followed the post of Linode here https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql/

The problem is I can connect to the mail server but when starting to send a mail, it through errors repeatedly.
Connecting command like below.

250-mail.mydomain.jp
250-PIPELINING
250-SIZE 20971520
250-ETRN
250-AUTH PLAIN LOGIN CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
auth plain
334
bWFzdGVyQGhlbGxvamFwYW4uanAAbWFzdGVyQGhlbGxvamFwYW4uanAAMTIzNDU=
235 2.7.0 Authentication successful
mail from:master@mydomain.jp
read:errno=0

And here are logs from mail server.

Dec 12 11:50:53 localhost postfix/smtpd[18938]: Anonymous TLS connection established from mail.mydomain.jp[172.104.68.156]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Dec 12 11:51:30 localhost postfix/smtpd[18938]: warning: connect #1 to subsystem private/rewrite: Connection refused
Dec 12 11:51:40 localhost postfix/smtpd[18938]: warning: connect #2 to subsystem private/rewrite: Connection refused
Dec 12 11:51:50 localhost postfix/smtpd[18938]: warning: connect #3 to subsystem private/rewrite: Connection refused
Dec 12 11:52:00 localhost postfix/smtpd[18938]: warning: connect #4 to subsystem private/rewrite: Connection refused

Moreover, it is the same with sending from gmail to mail server. Authentication is ok but connection refused is still there.

Thank you for your time,
John

8 Replies

Here is my config in /etc/postfix/main.cf

postconf: warning: /etc/postfix/main.cf, line 109: overriding earlier entry: inet_protocols=all
alias_database =
alias_maps =
append_dot_mydomain = no
biff = no
compatibility_level = 2
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = ipv4
invalid_hostname_reject_code = 550
local_recipient_maps = unix:passwd.byname $alias_maps
mailbox_size_limit = 0
maximal_backoff_time = 3h
message_size_limit = 20971520
minimal_backoff_time = 180s
mydestination = localhost,$myhostname,$mydomain
mydomain = mydomain.jp
myhostname = mail.mydomain.jp
mynetworks = 172.104.68.156 192.168.152.239/17 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = $mydomain
non_fqdn_reject_code = 550
readme_directory = no
recipient_delimiter = +
relayhost =
sendmail_path = /usr/sbin/postfix
smtp_always_send_ehlo = yes
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_limit = 40
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_timeout = 30s
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mydomain.jp/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mydomain.jp/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-virtual-email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_minimum_uid = 100
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:5000

Hi, John! I'm sorry to hear that you are having some trouble setting this up, but I will try my best to point you in the right troubleshooting direction!

When looking at the Postfix main.cf contents you've shared. I see there is an warning message in the first line. It states that there is a conflict between what is on line 109, and what is shown in the bit you've pasted below.

postconf: warning: /etc/postfix/main.cf, line 109: overriding earlier entry: inet_protocols=all

Line 109 seems to be conflicting with this bit of the configuration.
inet_protocols = ipv4

This article on Postfix's website may help you understand how this should be set up. That should help the Postfix service connect to your network connection. If this doesn't fix the problem, I recommend reviewing some of the below steps- a few of which are outlined in our Postfix and Dovecot troubleshooting guide.

  1. You'll want to check that the necessary ports are open as it could be a firewall issue. According to the Check Port Availability section of our troubleshooting guide, the below ports will need to be open in order for the services- Dovecot and Postfix- to communicate with each other.

25, 465, or 587 with TLS encryption for outgoing mail (SMTP)
993 with SSL encryption for incoming IMAP
995 with SSL encryption for incoming POP3

Check Firewall rules by running iptables -L to list any current rules you may have set up. If you can't pinpoint the issue, you may need to flush your rules and start again.

sudo iptables-save > /tmp/iptables.txt 
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -F
sudo iptables -X
  1. You can check to see if these ports have services listening by running the below command from your Linode. Replace 12.34.56.78 with the IP address of your mail server. Make sure to check each port mentioned above.

telnet 12.34.56.78 25

  1. Make sure to also check the status of each service by using the service command.

For example:
service postfix status

I hope this helps!

Hi @rdaniels

Thank you for your answer.
I did fix the error on line 109.
And check the iptables firewall. But nothing strange here. Every port for mail is accepting. Like below.

target prot opt source destination
ACCEPT tcp -- anywhere anywhere multiport dports http,https /* 'dapp_Apache%20Full' /
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:25
ACCEPT tcp -- anywhere anywhere tcp dpt:submissions
ACCEPT udp -- anywhere anywhere udp dpt:465
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT udp -- anywhere anywhere udp dpt:587
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT udp -- anywhere anywhere udp dpt:110
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT udp -- anywhere anywhere udp dpt:995
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT udp -- anywhere anywhere udp dpt:993
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp /
'dapp_Postfix' */

ACCEPT tcp -- anywhere anywhere tcp dpt:imap2

ACCEPT udp -- anywhere anywhere udp dpt:143

Also, I can telnet for all mail ports.
But it seems no luck. Still can not sending or receiving mail.

Hi @rdaniels,

I recently give up installing in Ubuntu 19+.
I did drawback to Ubuntu 18+, and it is working smoothly now.

Thank you for your support.
John

@johntarov I'm glad that things are working for you now. That's great to hear!

This error has nothing to do with your internet connection. rewrite is a postfix(1) process that handles address rewriting. See:

http://www.postfix.org/ADDRESS_REWRITING_README.html

Most likely, you are getting this error because the process's socket is missing or has the wrong permissions or ownership (I'm betting on wrong permissions).

Here's what mine looks like:

srw-rw-rw- 1 postfix postfix 0 Dec 2 07:31 rewrite

It's located in /var/spool/postfix/private (postfix typically runs chroot(1)'d to /var/spool/postfix).

-- sw

The directory where the rewrite socket lives (typically /var/spool/postfix/private) must be writable by the owner (typically postfix) as well.

-- sw

@stevewi

Thank you for your pointing.
I will check it. It was really headache with the Postfix.
:(

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct