[SOLVED] no emails from outside
For two days now I have been trying to resolve a problem which seems simple (i'm sure it is) but is causing me a lot of confusion.
my setup is
Debian, postfix, dovecot
To summarize what I have done so far
New domain added to my linode 1 month ago which I will call "mydomain.com" and added to my linode DNS manager control panel with the default entries.
postfix main.cf is as follows
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/postfix.pem
smtpd_tls_key_file=/etc/ssl/private/postfix.key
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mydomain.com
virtual_alias_maps = hash:/etc/postfix/virtual
home_mailbox = mail/
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mydomain.com, mail.mydomain.com, localhost.mydomain.com, localhost
smtpd_tls_key_file=/etc/ssl/private/postfix.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
Note that up until a day ago the "myhostname = mydomain.com" entry was "myhostname = FQ.mydomain.com".
My reverse dns in the linode control panel is set to "mydomain.com". I also changed this from "FQ.mydomain.com" a day ago.
Now, when I send a mail from gmail to
> <
FQ.mydomain.com loops back to myself
Final-Recipient: rfc822;
me@FQ.mydomain.com Original-Recipient: rfc822;
me@mydomain.com Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail for FQ.mydomain.com loops back to myself
–-------- Forwarded message ----------
From: me <
me@gmail.com >To: me <
me@mydomain.com >Date: Sun, 27 Nov 2011 13:57:18 +0000
Subject: test
test
Here is my mail.log
Nov 27 10:53:20 server postfix/smtpd[4617]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 10:53:21 server postfix/smtpd[4617]: connect from imccf.imnicamail.com[66.154.117.212]
Nov 27 10:53:21 server postfix/trivial-rewrite[4621]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 10:53:21 server postfix/cleanup[4622]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 10:53:21 server postfix/smtpd[4617]: B119B2CB38: client=imccf.imnicamail.com[66.154.117.212]
Nov 27 10:53:21 server postfix/cleanup[4622]: B119B2CB38: message-id=<62c192f6a4c71a38f7dd4b9387b998d0@imnicamail.com>
Nov 27 10:53:21 server postfix/qmgr[4067]: B119B2CB38: from=<bounce-12579704-4267928-2530868-865004@imnicamail.com>, size=2771, nrcpt=1 (queue active)
Nov 27 10:53:22 server postfix/smtpd[4617]: disconnect from imccf.imnicamail.com[66.154.117.212]
Nov 27 10:53:22 server postfix/smtp[4623]: B119B2CB38: to=<me@fq.mydomain.com>, orig_to=<me@mydomain.com>, relay=none, delay=0.54, delays=0.32/0.01/0.21/0, dsn=5.4.6, status=bounced (mail for FQ.mydomain.com loops back to myself)
Nov 27 10:53:22 server postfix/cleanup[4622]: 1B4CE2CB49: message-id=<20111127105322.1B4CE2CB49@mydomain.com>
Nov 27 10:53:22 server postfix/bounce[4624]: B119B2CB38: sender non-delivery notification: 1B4CE2CB49
Nov 27 10:53:22 server postfix/qmgr[4067]: 1B4CE2CB49: from=<>, size=4824, nrcpt=1 (queue active)
Nov 27 10:53:22 server postfix/qmgr[4067]: B119B2CB38: removed
Nov 27 10:53:23 server postfix/smtp[4623]: 1B4CE2CB49: to=<bounce-12579704-4267928-2530868-865004@imnicamail.com>, relay=smtp.imnicamail.com[67.215.233.94]:25, delay=1.8, delays=0/0/1.4/0.47, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 8FB84635BA1AD)
Nov 27 10:53:23 server postfix/qmgr[4067]: 1B4CE2CB49: removed
Nov 27 10:56:42 server postfix/anvil[4620]: statistics: max connection rate 1/60s for (smtp:66.154.117.212) at Nov 27 10:53:21
Nov 27 10:56:42 server postfix/anvil[4620]: statistics: max connection count 1 for (smtp:66.154.117.212) at Nov 27 10:53:21
Nov 27 10:56:42 server postfix/anvil[4620]: statistics: max cache size 1 at Nov 27 10:53:21
Nov 27 12:56:38 server postfix/smtpd[4690]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 12:56:39 server postfix/smtpd[4690]: warning: 187.56.1.39: hostname 187-56-1-39.dsl.telesp.net.br verification failed: Name or service not known
Nov 27 12:56:39 server postfix/smtpd[4690]: connect from unknown[187.56.1.39]
Nov 27 12:56:40 server postfix/trivial-rewrite[4694]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 12:56:41 server postfix/smtpd[4690]: NOQUEUE: reject: RCPT from unknown[187.56.1.39]: 450 4.1.8 <tppk@ysfb.net>: Sender address rejected: Domain not found; from= <tppk@ysfb.net>to= <me@mydomain.com>proto=ESMTP helo=<187-56-1-39.dsl.telesp.net.br>
Nov 27 12:56:41 server postfix/smtpd[4690]: lost connection after RCPT from unknown[187.56.1.39]
Nov 27 12:56:41 server postfix/smtpd[4690]: disconnect from unknown[187.56.1.39]
Nov 27 13:00:02 server postfix/anvil[4693]: statistics: max connection rate 1/60s for (smtp:187.56.1.39) at Nov 27 12:56:39
Nov 27 13:00:02 server postfix/anvil[4693]: statistics: max connection count 1 for (smtp:187.56.1.39) at Nov 27 12:56:39
Nov 27 13:00:02 server postfix/anvil[4693]: statistics: max cache size 1 at Nov 27 12:56:39
Nov 27 13:57:18 server postfix/smtpd[4727]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 13:57:18 server postfix/smtpd[4727]: connect from mail-lpp01m010-f44.google.com[209.85.215.44]
Nov 27 13:57:18 server postfix/smtpd[4727]: setting up TLS connection from mail-lpp01m010-f44.google.com[209.85.215.44]
Nov 27 13:57:18 server postfix/smtpd[4727]: Anonymous TLS connection established from mail-lpp01m010-f44.google.com[209.85.215.44]: TLSv1 with cipher RC4-SHA (128/128 bits)
Nov 27 13:57:19 server postfix/trivial-rewrite[4731]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 13:57:19 server postfix/cleanup[4732]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 13:57:19 server postfix/smtpd[4727]: 1F0582CB38: client=mail-lpp01m010-f44.google.com[209.85.215.44]
Nov 27 13:57:19 server postfix/cleanup[4732]: 1F0582CB38: message-id= <cage60dk1kmvn-7lp+jdwy2k4f=zsaf5qsrthug84mgm62frjvw@mail.gmail.com>Nov 27 13:57:19 server postfix/qmgr[4067]: 1F0582CB38: from=<practicalfreedom@gmail.com>, size=1574, nrcpt=1 (queue active)
Nov 27 13:57:19 server postfix/smtp[4733]: 1F0582CB38: to=<me@fq.mydomain.com>, orig_to=<me@mydomain.com>, relay=none, delay=0.57, delays=0.19/0.01/0.37/0, dsn=5.4.6, status=bounced (mail for FQ.mydomain.com loops back to myself)
Nov 27 13:57:19 server postfix/cleanup[4732]: 9A4D72CB49: message-id=<20111127135719.9A4D72CB49@mydomain.com>
Nov 27 13:57:19 server postfix/qmgr[4067]: 9A4D72CB49: from=<>, size=3480, nrcpt=1 (queue active)
Nov 27 13:57:19 server postfix/bounce[4734]: 1F0582CB38: sender non-delivery notification: 9A4D72CB49
Nov 27 13:57:19 server postfix/qmgr[4067]: 1F0582CB38: removed
Nov 27 13:57:20 server postfix/smtp[4733]: certificate verification failed for gmail-smtp-in.l.google.com[209.85.229.27]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Nov 27 13:57:20 server postfix/smtp[4733]: 9A4D72CB49: to=<practicalfreedom@gmail.com>, relay=gmail-smtp-in.l.google.com[209.85.229.27]:25, delay=1, delays=0/0/0.48/0.56, dsn=2.0.0, status=sent (250 2.0.0 OK 1322402240 em21si5355046wbb.59)
Nov 27 13:57:20 server postfix/qmgr[4067]: 9A4D72CB49: removed
Nov 27 13:57:49 server postfix/smtpd[4727]: disconnect from mail-lpp01m010-f44.google.com[209.85.215.44]
Nov 27 13:59:28 server postfix/smtpd[4727]: connect from 85-238-120-213.broadband.tenet.odessa.ua[85.238.120.213]
Nov 27 13:59:28 server postfix/cleanup[4756]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 13:59:28 server postfix/smtpd[4727]: 4E1A82CB38: client=85-238-120-213.broadband.tenet.odessa.ua[85.238.120.213]
Nov 27 13:59:29 server postfix/cleanup[4756]: 4E1A82CB38: message-id=<201111271359.TT1ks01@dnsserver.sm.ucc.mail.yahoo.com>
Nov 27 13:59:29 server postfix/qmgr[4067]: 4E1A82CB38: from=<shzjj@yahoo.com>, size=2174, nrcpt=1 (queue active)
Nov 27 13:59:29 server postfix/smtp[4757]: 4E1A82CB38: to=<me@fq.mydomain.com>, orig_to=<me@mydomain.com>, relay=none, delay=1.2, delays=1.2/0.01/0.02/0, dsn=5.4.6, status=bounced (mail for FQ.mydomain.com loops back to myself)
Nov 27 13:59:29 server postfix/cleanup[4756]: 7846B2CB49: message-id=<20111127135929.7846B2CB49@mydomain.com>
Nov 27 13:59:29 server postfix/bounce[4758]: 4E1A82CB38: sender non-delivery notification: 7846B2CB49
Nov 27 13:59:29 server postfix/qmgr[4067]: 7846B2CB49: from=<>, size=4113, nrcpt=1 (queue active)
Nov 27 13:59:29 server postfix/qmgr[4067]: 4E1A82CB38: removed
Nov 27 13:59:29 server postfix/smtpd[4727]: lost connection after RSET from 85-238-120-213.broadband.tenet.odessa.ua[85.238.120.213]
Nov 27 13:59:29 server postfix/smtpd[4727]: disconnect from 85-238-120-213.broadband.tenet.odessa.ua[85.238.120.213]
Nov 27 13:59:30 server postfix/smtp[4757]: 7846B2CB49: to=<shzjj@yahoo.com>, relay=mta6.am0.yahoodns.net[66.94.238.147]:25, delay=1.5, delays=0/0/0.57/0.89, dsn=5.0.0, status=bounced (host mta6.am0.yahoodns.net[66.94.238.147] said: 554 delivery error: dd This user doesn't have a yahoo.com account (shzjj@yahoo.com) [0] - mta1474.mail.mud.yahoo.com (in reply to end of DATA command))
Nov 27 13:59:30 server postfix/qmgr[4067]: 7846B2CB49: removed
Nov 27 14:02:49 server postfix/anvil[4730]: statistics: max connection rate 1/60s for (smtp:209.85.215.44) at Nov 27 13:57:18
Nov 27 14:02:49 server postfix/anvil[4730]: statistics: max connection count 1 for (smtp:209.85.215.44) at Nov 27 13:57:18
Nov 27 14:02:49 server postfix/anvil[4730]: statistics: max cache size 1 at Nov 27 13:57:18
Nov 27 14:04:18 server postfix/smtpd[4767]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 14:04:18 server postfix/smtpd[4767]: connect from mail-pz0-f45.google.com[209.85.210.45]
Nov 27 14:04:19 server postfix/smtpd[4767]: setting up TLS connection from mail-pz0-f45.google.com[209.85.210.45]
Nov 27 14:04:19 server postfix/smtpd[4767]: Anonymous TLS connection established from mail-pz0-f45.google.com[209.85.210.45]: TLSv1 with cipher RC4-SHA (128/128 bits)
Nov 27 14:04:19 server postfix/trivial-rewrite[4770]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 14:04:19 server postfix/cleanup[4771]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 14:04:19 server postfix/smtpd[4767]: D76392CB38: client=mail-pz0-f45.google.com[209.85.210.45]
Nov 27 14:04:20 server postfix/cleanup[4771]: D76392CB38: message-id= <cal62f6ure86dvadj_7gn83_zu9e_41+dolujmxaltlgz3zremg@mail.gmail.com>Nov 27 14:04:20 server postfix/qmgr[4067]: D76392CB38: from=<swatchways@googlemail.com>, size=1560, nrcpt=1 (queue active)
Nov 27 14:04:20 server postfix/smtp[4772]: D76392CB38: to=<me@fq.mydomain.com>, orig_to=<me@mydomain.com>, relay=none, delay=0.5, delays=0.49/0.01/0/0, dsn=5.4.6, status=bounced (mail for FQ.mydomain.com loops back to myself)
Nov 27 14:04:20 server postfix/cleanup[4771]: 374022CB49: message-id=<20111127140420.374022CB49@mydomain.com>
Nov 27 14:04:20 server postfix/bounce[4773]: D76392CB38: sender non-delivery notification: 374022CB49
Nov 27 14:04:20 server postfix/qmgr[4067]: 374022CB49: from=<>, size=3463, nrcpt=1 (queue active)
Nov 27 14:04:20 server postfix/qmgr[4067]: D76392CB38: removed
Nov 27 14:04:20 server postfix/smtp[4772]: certificate verification failed for gmail-smtp-in.l.google.com[209.85.229.26]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Nov 27 14:04:21 server postfix/smtp[4772]: 374022CB49: to=<swatchways@googlemail.com>, relay=gmail-smtp-in.l.google.com[209.85.229.26]:25, delay=1.3, delays=0/0/0.08/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1322402661 dl3si15381528wib.55)
Nov 27 14:04:21 server postfix/qmgr[4067]: 374022CB49: removed
Nov 27 14:04:50 server postfix/smtpd[4767]: disconnect from mail-pz0-f45.google.com[209.85.210.45]
Nov 27 14:08:10 server postfix/anvil[4769]: statistics: max connection rate 1/60s for (smtp:209.85.210.45) at Nov 27 14:04:18
Nov 27 14:08:10 server postfix/anvil[4769]: statistics: max connection count 1 for (smtp:209.85.210.45) at Nov 27 14:04:18
Nov 27 14:08:10 server postfix/anvil[4769]: statistics: max cache size 1 at Nov 27 14:04:18</swatchways@googlemail.com></me@mydomain.com></me@fq.mydomain.com></swatchways@googlemail.com></cal62f6ure86dvadj_7gn83_zu9e_41+dolujmxaltlgz3zremg@mail.gmail.com></shzjj@yahoo.com></me@mydomain.com></me@fq.mydomain.com></shzjj@yahoo.com></practicalfreedom@gmail.com></me@mydomain.com></me@fq.mydomain.com></practicalfreedom@gmail.com></cage60dk1kmvn-7lp+jdwy2k4f=zsaf5qsrthug84mgm62frjvw@mail.gmail.com></me@mydomain.com></tppk@ysfb.net></tppk@ysfb.net></bounce-12579704-4267928-2530868-865004@imnicamail.com></me@mydomain.com></me@fq.mydomain.com></bounce-12579704-4267928-2530868-865004@imnicamail.com>
And, if i go to say mxtoolbox.com and run their diagnosis test on "smtp:mydomain.com" I get
> 220 mydomain.com ESMTP Postfix (Debian/GNU)
OK - my.ip.add.ress. resolves to mydomain.com
OK - Reverse DNS matches SMTP Banner
0 seconds - Good on Connection time
Not an open relay.
0.749 seconds - Good on Transaction time
Session Transcript:
HELO please-read-policy.mxtoolbox.com
250 mydomain.com [109 ms]
MAIL FROM: <
supertool@mxtoolbox.com >250 2.1.0 Ok [125 ms]
RCPT TO: <
test@example.com >554 5.7.1 <
test@example.com >: Relay access denied [125 ms]QUIT
221 2.0.0 Bye [125 ms]
So what is it that I'm missing? Is postfix main.cf configured correctly?
Any insights would be appreciated
Thanks
7 Replies
Second problem is that it sounds like you want to use /etc/postfix/virtual to handle mail to mydomain.com. If so, you will need to ensure your system's hostname, the postfix myhostname setting, and postfix's mydestination list do not contain mydomain.com. something.mydomain.com is ok, they just cannot contain mydomain.com if you are planning to use /etc/postfix/virtual for mail to that domain.
May I ask why you changed that? It sounds like it was configured correctly before, but if there's a reason for the change, there are some workarounds possible. (Nothing quite as nice as having it all in virtualaliasmaps, of course.)
> First, it sounds like you edited /etc/postfix/virtual without rebuilding its database; "postmap /etc/postfix/virtual" will fix that error.
this is true
> Second problem is that it sounds like you want to use /etc/postfix/virtual to handle mail to mydomain.com. If so, you will need to ensure your system's hostname, the postfix myhostname setting, and postfix's mydestination list do not contain mydomain.com. something.mydomain.com is ok, they just cannot contain mydomain.com if you are planning to use /etc/postfix/virtual for mail to that domain.
Ahh, so I have messed up in all 3 places. just so I understand completely,
hostname - something.mydomain.com
main.cf - myhostname = something.mydomain.com
main.cf - mydestination = something.mydomain.com
As for the rDNS setting in linode control panel, should this also be set to something.mydomain.com?
> May I ask why you changed that? It sounds like it was configured correctly before, but if there's a reason for the change, there are some workarounds possible. (Nothing quite as nice as having it all in virtualaliasmaps, of course.)
As you can probably tell, I am quite new to all this and don't as yet have a clear understanding of dns or email delivery. I changed it all because It would not work. And after reading some forum comments I thought I understood what to do.
Thanks for the quick reply.
thanks for the quick reply
@freeweaver:
Ahh, so I have messed up in all 3 places. just so I understand completely,
hostname - something.mydomain.com
main.cf - myhostname = something.mydomain.com
main.cf - mydestination = something.mydomain.com
As for the rDNS setting in linode control panel, should this also be set to something.mydomain.com?
It doesn't matter too much, as long as it's set to something. It's easiest to have them all the same, though. The hostname and the reverse DNS(*) both refer to the server, so keeping everything the same across the board for a single server is a good idea.
Like a person, a server is its own distinct entity with its own unique name (and personality, and mortality, and…). This does not directly relate to the service(s) it provides(**). So, there's no expectation that the server that handles web traffic for example.com be named
(*) Well, really, the reverse DNS refers to an IP address, but there's usually a 1:1 relationship between servers and IP addresses. When there isn't, things can get a little more abstract.
(**) Someone with the last name of "Miller" is not necessarily a diluter of horse urine, and, to the best of my knowledge, none of the children of Linode employees have the last name "Cloudier." Yet.
I made the changes suggested by hoopcat 5 days ago which were
Server
hostname = server.mydomain.com
rDNS = server.mydomain.com
postfix
myhostname= server.mydomain.com
mydestination= server.mydomain.com
So now i can receive mails from outside except, they have to be sent to me@server.mydomain.com instead of
Thanks
Believe it or not, it's a good thing that it doesn't work. It means you can now explicitly tell it where to stick your mail through the virtual alias maps.
You should still have a line in your main.cf stating:
virtual_alias_maps = hash:/etc/postfix/virtual
This will cause postfix to look for two things in /etc/postfix/virtual when it gets an e-mail for
example.com DOMAIN
you@example.com freeweaver@gmail.example
The first is the domain in the left-hand side, and something in the right-hand side. (It doesn't really matter what, but I use DOMAIN in all caps.)
The second is the e-mail address in the left-hand side, and some destination(s) in the right-hand side. (You can specify more than one by separating with commas.)
Whenever you edit /etc/postfix/virtual, always remember to "postmap /etc/postfix/virtual" to rebuild its index.
The example.com DOMAIN entry is probably the one that's missing, since it isn't an obvious need: it could just go straight to a lookup for
> The example.com DOMAIN entry is probably the one that's missing, since it isn't an obvious need: it could just go straight to a lookup for
Yep, that was it and I would not have thought to add it. All mail now sent to any domain I have on this server is redirecting to the system user I have specified in /etc/postfix/virtual.
because of your help it is now working exactly as it should and everything is a little clearer. I owe you a beer!
Many thanks hoopycat
Nick
Yay beer!