View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Can't send or receive mail with Postfix+Dovecot+MySQL
Log in to Ask a Question

Can't send or receive mail with Postfix+Dovecot+MySQL

Hi,
I was trying to build a mail server on Debian10 by following this guide.
Postfix, Dovecot and MySQL are running.
(Postfix shows "exited" though I heard it's just a bug on Debian)
Somehow I just can't send or receive any mail.
I check the mail queue, all mails are there.
Can anyone help me out?

Also I already configure SPF and DKIM by following this guide.
But the OpenDKIM isn't working…

Can anyone help me out?
Thanks a lot!

Here's some information.
Maillog

Feb  7 05:34:02 mylocalhost postfix/qmgr[25507]: fatal: scan_dir_push: open directory deferred/7: Permission denied
Feb  7 05:34:03 mylocalhost postfix/master[22985]: warning: process /usr/lib/postfix/sbin/qmgr pid 25507 exit status 1
Feb  7 05:34:03 mylocalhost postfix/master[22985]: warning: /usr/lib/postfix/sbin/qmgr: bad command startup -- throttling
Feb  7 05:34:39 mylocalhost postfix/cleanup[25515]: fatal: defer: remove 231A01ECCF log: Permission denied
Feb  7 05:34:40 mylocalhost postfix/master[22985]: warning: process /usr/lib/postfix/sbin/cleanup pid 25515 exit status 1
Feb  7 05:34:40 mylocalhost postfix/master[22985]: warning: /usr/lib/postfix/sbin/cleanup: bad command startup -- throttling
Feb  7 05:34:41 mylocalhost postfix/cleanup[25516]: fatal: defer: remove 276521ECCF log: Permission denied
Feb  7 05:34:42 mylocalhost postfix/master[22985]: warning: process /usr/lib/postfix/sbin/cleanup pid 25516 exit status 1
Feb  7 05:34:54 mylocalhost postfix/master[22985]: warning: master_wakeup_timer_event: service pickup(public/pickup): Resource temporarily unavailable
Feb  7 05:35:03 mylocalhost postfix/qmgr[25520]: fatal: scan_dir_push: open directory deferred/7: Permission denied
Feb  7 05:35:04 mylocalhost postfix/master[22985]: warning: process /usr/lib/postfix/sbin/qmgr pid 25520 exit status 1
Feb  7 05:35:04 mylocalhost postfix/master[22985]: warning: /usr/lib/postfix/sbin/qmgr: bad command startup -- throttling
Feb  7 05:35:19 mylocalhost postfix/anvil[25494]: statistics: max connection rate 1/60s for (smtp:2607:f8b0:4864:20::329) at Feb  7 05:33:31
Feb  7 05:35:19 mylocalhost postfix/anvil[25494]: statistics: max connection count 1 for (smtp:2607:f8b0:4864:20::329) at Feb  7 05:33:31
Feb  7 05:35:19 mylocalhost postfix/anvil[25494]: statistics: max cache size 1 at Feb  7 05:33:31
Feb  7 05:35:41 mylocalhost postfix/cleanup[25528]: fatal: trace: remove 3066D1ECCF log: Permission denied
Feb  7 05:35:42 mylocalhost postfix/master[22985]: warning: process /usr/lib/postfix/sbin/cleanup pid 25528 exit status 1
Feb  7 05:35:42 mylocalhost postfix/master[22985]: warning: /usr/lib/postfix/sbin/cleanup: bad command startup -- throttling
Feb  7 05:35:43 mylocalhost postfix/cleanup[25529]: fatal: trace: remove 34DCA1ECCF log: Permission denied
Feb  7 05:35:44 mylocalhost postfix/master[22985]: warning: process /usr/lib/postfix/sbin/cleanup pid 25529 exit status 1
Feb  7 05:35:54 mylocalhost postfix/master[22985]: warning: master_wakeup_timer_event: service pickup(public/pickup): Resource temporarily unavailable

/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/mydomain.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mydomain.com/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous

# Authentication
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

# Restrictions
smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unlisted_recipient,
        reject_unauth_destination
smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain
smtpd_relay_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        defer_unauth_destination

# Milter configuration
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:/opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = mydomain.com
myorigin = $mydomain
mydestination = localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp

# Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
        mysql:/etc/postfix/mysql-virtual-email2email.cf

# Even more Restrictions and MTA params
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
#smtpd_etrn_restrictions = reject
#smtpd_reject_unlisted_sender = yes
#smtpd_reject_unlisted_recipient = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes

#smtpd_hard_error_limit = 1
smtpd_timeout = 30s
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtpd_recipient_limit = 40
minimal_backoff_time = 180s
maximal_backoff_time = 3h

# Reply Rejection Codesinvalid_hostname_reject_code = 550
non_fqdn_reject_code = 550
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550

OpenDKIM status

opendkim.service - OpenDKIM DomainKeys Identified Mail (DKIM) Milter
   Loaded: loaded (/lib/systemd/system/opendkim.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2021-02-07 03:38:35 CST; 4s ago
     Docs: man:opendkim(8)
           man:opendkim.conf(5)
           man:opendkim-genkey(8)
           man:opendkim-genzone(8)
           man:opendkim-testadsp(8)
           man:opendkim-testkey
           http://www.opendkim.org/docs.html
  Process: 23469 ExecStart=/usr/sbin/opendkim -x /etc/opendkim.conf (code=exited, status=0/SUCCESS)
 Main PID: 23470 (code=exited, status=69)

Feb 07 03:38:35 myhostname systemd[1]: opendkim.service: Main process exited, code=exited, status=69/UNAVAILABLE
Feb 07 03:38:35 myhostname systemd[1]: opendkim.service: Failed with result 'exit-code'.
Feb 07 03:38:35 myhostname systemd[1]: opendkim.service: Service RestartSec=100ms expired, scheduling restart.
Feb 07 03:38:35 myhostname systemd[1]: opendkim.service: Scheduled restart job, restart counter is at 5.
Feb 07 03:38:35 myhostname systemd[1]: Stopped OpenDKIM DomainKeys Identified Mail (DKIM) Milter.
Feb 07 03:38:35 myhostname systemd[1]: opendkim.service: Start request repeated too quickly.
Feb 07 03:38:35 myhostname systemd[1]: opendkim.service: Failed with result 'exit-code'.
Feb 07 03:38:35 myhostname systemd[1]: Failed to start OpenDKIM DomainKeys Identified Mail (DKIM) Milter.

2 Replies

First of all, you have a permissions/ownership problem:

Feb  7 05:34:02 mylocalhost postfix/qmgr[25507]: fatal: scan_dir_push: open directory deferred/7: Permission denied

postfix(1) runs chroot'ed to /var/spool/postfix. You need to make sure that directory has correct ownership & permissions. You also need to make sure all the directories underneath /var/spool/postfix have correct ownership and permissions.

Second, given that, the following is just flat wrong:

smtpd_milters = local:/opendkim/opendkim.sock

Is /var/spool/postfix/opendkim/opendkim.sock what is specified in the Socket directive in /etc/opendkim.conf? I would guess that it's not. Does /var/spool/postfix/opendkim even exist? I'd guess no. If it does, does it have the right ownership/permissions? I'd probably win the "no" bet again…

Even if all that were true, that's not the way you specify a local-domain socket path to postfix(1)

Third, with respect to:

# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp

do you have dovecot(1) installed and running correctly? This is a whole other can of worms…

Lastly, you're trying to do too much at once…you're swinging your axe wildly and hoping you hit a tree (and not a person). This is an iterative process where each successive iteration builds on the foundation of the last. Start with a simple configuration; get that to work; test it; and then move ahead in manageable steps:

  1. postfix(1) with no dovecot(1) that delivers to maildirs;
  2. add dovecot(1) so that postfix(1) uses LMTP/dovecot(1) to deliver to maildirs;
  3. add IMAP to dovecot(1);
  4. add SPF verification to postfix(1) (this will involve installing a dedicated agent to do this and getting postfix(1) to use it's services);
  5. add opendkim(8) to postfix(1) with internet-domain sockets;
  6. change opendkim(8)/postfix(1) to use local-domain sockets;
  7. add TLS to postfix(1);
  8. add TLS to dovecot(1);
    etc etc etc.

Start simple; test it adequately and then gradually add more complexity. You're probably going to need another node where mail security is not such an issue to receive the unsecured messages you're going to be sending out at the beginning. Also, since you'll have to configure postfix(1)/dovecot(1) to send and receive messages, it's helpful to have another node with which to do this.

If possible, set up a private network off the cloud with a couple of scrap physical PCs to do this. I have a couple of SBCs in my living room for this (among other things) that run Armbian (Debian for ARM). These are Raspberry Pi-like devices.

Get yourself some books and educate yourself on how to do all that without asking for help here. Here are a few:

Believe me, if you follow my advice, you will end up with a lot more hair and your sanity intact. You will also end up with some very marketable skills for that next stop on the road to retirement and grandchildren.

Start small. Keep notes. Test. Enhance. Go to Step 2.

-- sw

Hi @stevewi
Thank you for all these advice and guides.
I'll definitely check and learn more!

PS, sorry for the late late reply. Been busy during CNY.
Happy CNY to you:)

Many Thanks.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct