Can't receive mail others than my own - smtp

I am currently trying to configure my first Postfix - Dovecot - PostgreSQL installation.
When I connect from Thunderbird, I can receive and send mail on my 3 domains with virtual and real mail accounts. Emails are instantaneously sent.
It works too when I use mail (mailutils). But emails need like 1 minute to be sent.
telnet 25 from the server and outside the server send mail correctly too. Emails are instantaneously sent.
However, when I try to send mail from my Gmail or Yahoo mail accounts to this domain, I receive this kind of error :
Gmail
Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at http://support.google.com/mail/bin/answer.py?answer=7720
[(10) mail.domain-1.com. [MY_IP]:25: Connection timed out]
And I don't get any message in /var/log when sending a mail from external domains
Software versions :
LinuxMint : 16 Petra (Debian Wheezy)
Postfix : 2.10.2
Dovecot : 2.1.7
PostgreSQL : 9.1.13
Here is my main.cf :
debug_peer_list = domain-1.com
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
transport_maps = pgsql:/etc/postfix/sql/transport.cf
virtual_uid_maps = pgsql:/etc/postfix/sql/uids.cf
virtual_gid_maps = pgsql:/etc/postfix/sql/gids.cf
virtual_alias_maps = pgsql:/etc/postfix/sql/virtual.cf
virtual_mailbox_maps = pgsql:/etc/postfix/sql/mailboxes.cf
virtual_mailbox_base = /var/spool/virtual_mailboxes/
virtual_mailbox_limit = 51200000
mydestination = domain-1.fr domain-2.com domain-3.org localhost.$mydomain localhost
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
queue_directory = /var/spool/postfix
Here is my master.cf :
smtp inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
There is currently no security like SSL or anti-spam. I just put an SHA512-CRYPT password.
As for my DNS configuration (it must come from here, ... but I don't see anything) :
domain-1.com. 10800 IN MX 10 mail.domain-1.com.
mail.domain-1.com. 10800 IN CNAME www.domain-1.com.
www.domain-1.com. 300 IN A SERVER_IP

I had just put a firewall only allowing mails from me.
Allowing anywhere on port 25 and 143 just made it...
...

Related

Postfix - Must issue a STARTTLS command first

I am trying to send email through gmail via postfix, but it shows me the following error:
Must issue a STARTTLS command first.
Sep 6 01:11:34 NovusTec postfix/smtp[10889]: 1284460D68: to=<cassa#gmail.co>, relay=smtp.gmail.com[64.233.190.108]:587, delay=2882, delays=2881/0.02/0.83/0.19, dsn=5.7.0, status=bounced (host smtp.gmail.com[64.233.190.108] said: 530 5.7.0 Must issue a STARTTLS command first. k65sm16819558qkf.7 - gsmtp (in reply to MAIL FROM command))
/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localdomain, localhost, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtp_use_tls=yes
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/ssl/certs
I tried several configurations informed on other sites without success = \
Can anybody help me?
Your problem is your ca certificates. exactly on line smtp_tls_CAfile = /etc/ssl/certs
to confirm that, add the following to main.cf and restart postfix service.
debug_peer_list=smtp.gmail.com
debug_peer_level=3
Now send another email and look at /var/log/mail.log.
You will see this message: cannot load Certificate Authority data: disabling TLS support.
Now change smtp_tls_CAfile = /etc/ssl/certs to smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt. This is for Debian/Ubuntu, you should find the file path for your respective distribution.
Restart postfix service and test send again. You should be up and running.
Remember to remove logging lines after the issue is fixed.
#debug_peer_list=smtp.gmail.com
#debug_peer_level=3
I kept getting that error until I added in main.cf
smtp_tls_security_level=encrypt
not sure what the default is...

my gitlab build on digital-ocean cannot send mail to new user

i tried to configure SMTP in my Gitlab-Instance (following this guideline). but dont get it working.
gitlab.rb
gitlab_rails['gitlab_email_from'] = "admin#example.com"
gitlab_rails['gitlab_support_email'] = "admin#example.com"
#nginx['redirect_http_to_https'] = false
#nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
#nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'smtp.exmail.qq.com'
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_user_name'] = 'admin#example.com'
gitlab_rails['smtp_password'] = 'has been removed'
gitlab_rails['smtp_domain'] = 'smtp.qq.com'
gitlab_rails['smtp_authentication'] = :plain
gitlab_rails['smtp_enable_starttls_auto'] = true
production.log
Sent mail to i#example.com (8017.5ms)
mail.log
May 9 09:02:14 nday postfix/smtp[27203]: B16EF12019C: to=<i#example.com>, relay=none, delay=1049, delays=1017/0.04/32/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=mxbiz2.qq.com type=AAAA: Host not found, try again)s
May 9 09:02:14 nday postfix/smtp[27202]: 40274120CA7: to=<i#example.com>, relay=none, delay=988, delays=955/0.04/32/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=mxbiz2.qq.com type=AAAA: Host not found, try again)
BTW:I have changed the DNS and refresh. mail.log haven't logged my operation. It's old log.
Is your account new on Digital Ocean?
If yes, you need to ask them to unlock sendmail functionality.
This unlock is by account, not by droplet.
You will can use sendmail in all others droplets created by you after this unlock.

SMTP authentication error: SASL authentication failure: Password verification failed

I have a VPS server which is running postfix + dovecot as mail server.
I have already created two accounts which work well. Both can send and receive email via STARTTLS and SSL.
But when I added a third account today, it can only receive email but failed to connect SMTP server. So it is not a issue of wrong password. The SMTP settings are same as the other two accounts. The settings of client should be correct.
The postfix log says:
Aug 28 12:55:32 server postfix/smtpd[1645]: warning: SASL authentication failure: Password verification failed
Aug 28 12:55:32 server postfix/smtpd[1645]: warning: unknown[203.97.197.232]: SASL PLAIN authentication failed: authentication failure
Aug 28 12:55:35 server postfix/smtpd[1645]: warning: unknown[203.97.197.232]: SASL LOGIN authentication failed: authentication failure
The sasl and tls settings in main.cf is:
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Can anyone help me out?
Thank you very much.

Ubuntu - Postfix, Courier, MySQL and SquirrelMail: "ERROR: Connection dropped by IMAP server."

I've followed this tutorial to setup a local mail server for my domain name.
Although, when finished and I try logging in, SquirrelMail gives me the error:
ERROR: Connection dropped by IMAP server.
My mail.log says the following(where webmaster#example.com is my username):
Nov 10 23:45:58 example imapd: chdir example.com/webmaster/: No such file or directory
Nov 10 23:45:58 example imapd: webmaster#example.com: No such file or directory
Here is my main.cf file:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = example.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = no
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
I'm on Ubuntu 12.04 latest.
Any help would be appreciated.
I was experiencing the same problem, what is happening is your test email is getting circled in a loop of Antivirus and spamblockers none of which are working so it wont release it to create the folder you need.
in console you need to update your virus definitions for clamav -
Freshclam will retrieve virus definitions then you need to restart your virus protection
execute the following commands, then resend your test email and you should be able to load your email on squirrelmail.
/etc/init.d/clamav-freshclam restart
/etc/init.d/clamav-daemon start
/etc/init.d/amavis restart
in case you don't remember; to do the test email type mailx leave cc blank push enter type a subject push enter type a body push enter and ctrl D.
if these steps dont work you may have a problem somewhere else open your mail.log file
cd var/log
nano mail.log
then scroll to the bottom

Google Apps with own SMTP server and local emails

Currently we're using Google's SMTP to send emails from our webserver to the registered users. Because of the restrictions (500 mails per day) that's no longer feasible. Therefore we set up a postfix on our machine and reconfigured the webapps to use this one. Now, postfix delivers emails going to our own emails addresses (*#gibbonsfive.de) locally and not to Google Apps anymore. On top, it won't deliver any email to the mailing lists configured on the Google server because it says the user / alias does not exist. Is there any way to make it work the following way:
Google Apps for all our email adresses, including Google's SMTP server (working)
Webapps are using our own SMTP (working) and emails send to a user with our own domain (*#gibbonsfive.de) are not delivered locally (does not work)
Our setup:
bind-config for the domain:
...
ns IN A 78.46.106.246
ns1.rollernet.us. IN A 208.79.240.3
ns2.rollernet.us. IN A 208.79.241.3
# IN MX 10 aspmx.l.google.com.
# IN MX 10 alt1.aspmx.l.google.com.
# IN MX 10 alt2.aspmx.l.google.com.
# IN MX 10 aspmx2.googlemail.com.
# IN A 78.46.106.246
mail IN A 78.46.106.246
...
/etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
message_size_limit = 209715200
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtp_use_tls=yes
smtpd_use_tls=yes
smtpd_tls_auth_only=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_path=smtpd
smtpd_sasl_auth_enable=yes
smtpd_sasl_security_options=noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients=yes
smtpd_sender_restrictions =
permit_sasl_authenticated
permit_mynetworks
smtpd_recipient_restrictions=
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destinatio
smtpd_helo_required=yes
smtpd_helo_restrictions=reject_invalid_helo_hostname
myhostname = romeo.gibbonsfive.de
myorigin = gibbonsfive.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost, localhost.$myorigin, $myorigin
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
Changing the 'mydestination' configuration fixed it!
mydestination = $myhostname, localhost.$mydomain, localhost