Can't send/receive emails

Discussion in 'Installation/Configuration' started by atmomin2003, May 7, 2021.

  1. atmomin2003

    atmomin2003 New Member

    I have followed perfect server setup guide for debian 10
    Not able to send receive emails. being new to linux can't figure out what's wrong. searched quite a bit.
    When I send email to the email defined in ISPconfig, I get, mail server responded, no such user error.
    When I try to send email from webmail rouncube, I was getting authentication failed (250).......error. then when I changed the port from 25 to 465, now the send times out. not able to send.

    Posting main.cf and master.cf for your reference. Any help is appreciated.
    Let me know if any other information is needed.
    Thanks in advance.
    main.cf
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
    # fresh installs.
    compatibility_level = 2
    
    
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    myhostname = webserver.domain.local
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = webserver.domain.local, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023
    smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, ,reject_unknown_helo_hostname, permit
    smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf,  check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    smtpd_reject_unlisted_sender = no
    smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining , permit
    smtpd_etrn_restrictions = permit_mynetworks, reject
    smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = lmtp:unix:private/dovecot-lmtp
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = dane
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    smtpd_tls_mandatory_ciphers = medium
    tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
    tls_preempt_cipherlist = yes
    address_verify_negative_refresh_time = 60s
    enable_original_recipient = no
    sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf
    smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd
    smtp_sender_dependent_authentication = yes
    smtp_sasl_auth_enable = yes
    smtp_sasl_security_options = noanonymous, noplaintext
    smtp_sasl_tls_security_options = noanonymous
    smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS
    address_verify_sender_ttl = 15686s
    smtp_dns_support_level = dnssec
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = lmtp:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    master.cf
    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master" or
    # on-line: http://www.postfix.org/master.5.html).
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (no)    (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    #smtp      inet  n       -       y       -       1       postscreen
    #smtpd     pass  -       -       y       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    #submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       -       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       y       -       -       qmqpd
    pickup    unix  n       -       y       60      1       pickup
    cleanup   unix  n       -       y       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       y       1000?   1       tlsmgr
    rewrite   unix  -       -       y       -       -       trivial-rewrite
    bounce    unix  -       -       y       -       0       bounce
    defer     unix  -       -       y       -       0       bounce
    trace     unix  -       -       y       -       0       bounce
    verify    unix  -       -       y       -       1       verify
    flush     unix  n       -       y       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       y       -       -       smtp
    relay     unix  -       -       y       -       -       smtp
            -o syslog_name=postfix/$service_name
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       y       -       -       showq
    error     unix  -       -       y       -       -       error
    retry     unix  -       -       y       -       -       error
    discard   unix  -       -       y       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       y       -       -       lmtp
    anvil     unix  -       -       y       -       1       anvil
    scache    unix  -       -       y       -       1       scache
    postlog   unix-dgram n  -       n       -       1       postlogd
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    #   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    #  mailbox_transport = lmtp:inet:localhost
    #  virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus     unix  -       n       n       -       -       pipe
    #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix  -       n       n       -       2       pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    dovecot   unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
                    -o smtp_bind_address=
    
    
    127.0.0.1:10025 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o smtpd_end_of_data_restrictions=
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
            -o disable_dns_lookups=yes
    
    
    127.0.0.1:10027 inet n - n - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o smtpd_end_of_data_restrictions=
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtp_send_xforward_command=yes
                -o milter_default_action=accept
            -o milter_macro_daemon_name=ORIGINATING
            -o disable_dns_lookups=yes
    
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Which guide, exactly?
    You have not modified the file as per instructions in Perfect Server Guide.
    My signature has link to e-mail server tutorial.
    You should follow https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
    If you find installing with perfect server guide too cumbersome, there is autoinstaller: https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller and https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/
     
  3. atmomin2003

    atmomin2003 New Member

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You missed removing the # in front of the submission line in master.cf. That's described in the guide you used.
     
  5. atmomin2003

    atmomin2003 New Member

    I reinstalled the whole thing by following same instructions, now it seems mail server is working, but when I send, emails bounce back saying:
    550 Relay not permitted (in reply to RCPT TO command)

    Also setting up email on email client I get certificate error, saying certificate is self-signed.

    The from email is still @server1.example.com, it should be @example.com, right? How can I fix it?

    On the domain website, example.com in the instructions, I get padlock with verified let's encrypt certificate, but looks like mail server certs is/are not issued by lets encrypt.

    Any guess how I can fix it? Also is it possible to force SSL/TLS only, allow only safe ports 993,995,587 and disable port 110/25 in the config?

    Thanks a lot again
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Then it probably is self-signed. Check the certificate, is it the one you created? Your e-mail client should offer feature to examine certificate.
    If you have made a not self-signed certificate and your e-mail server is not using that, check your setup. Like I wrote previously, my signature has link to e-mail setup tutorial.
    If you force reconfigure services and let the script use the same certificate for all services, also e-mail is using the LE certificate. So use command ispconfig_update.sh --force
    Worth checking is you have installed all packages and done the configurations exactly as instructed in the perfect server guide.
     
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You have to use authentication when sending, only localhost is allowed to send without authentication by default.
     
  8. atmomin2003

    atmomin2003 New Member

    When I ran ispconfig_update.sh --force.. I got below:
    Code:
    [email protected]:/home/username# ispconfig_update.sh --force
    
    
    --------------------------------------------------------------------------------
     _____ ___________   _____              __ _
    |_   _/  ___| ___ \ /  __ \            / _(_)
      | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _
      | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |
     _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| |
     \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, |
                                                  __/ |
                                                 |___/
    --------------------------------------------------------------------------------
    
    
    >> Update
    
    Please choose the update method. For production systems select 'stable'.
    WARNING: The update from GIT is only for development systems and may break your current setup. Do not use the GIT version on servers that host any live websites!
    Note: On Multiserver systems, enable maintenance mode and update your master server first. Then update all slave servers, and disable maintenance mode when all servers are updated.
    
    Select update method (stable,nightly,git-develop) [stable]:
    
    Downloading ISPConfig update.
    Unpacking ISPConfig update.
    
    
    --------------------------------------------------------------------------------
     _____ ___________   _____              __ _         ____
    |_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
      | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
      | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
     _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
     \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                                  __/ |
                                                 |___/
    --------------------------------------------------------------------------------
    
    
    >> Update
    
    Operating System: Debian 10.0 (Buster) or compatible
    
    This application will update ISPConfig 3 on your server.
    
    Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]:
    
    Creating backup of "/usr/local/ispconfig" directory...
    Creating backup of "/etc" directory...
    Checking ISPConfig database .. OK
    Starting incremental database update.
    Loading SQL patch file: /tmp/update_runner.sh.iaHUVsfgRN/install/sql/incremental/upd_dev_collection.sql
    Reconfigure Permissions in master database? (yes,no) [no]:
    
    Service 'mail_server' has not been detected (strongly recommended, currently enabled) do you want to disable it?  (yes,no) [yes]: no
    
    Service 'dns_server' has not been detected (strongly recommended, currently enabled) do you want to disable it?  (yes,no) [yes]: no
    
    Service 'web_server' has not been detected (strongly recommended, currently enabled) do you want to disable it?  (yes,no) [yes]: no
    
    WARNING: If ISPConfig-Interface (Webfrontend) is installed on this Server we will configure the Web Server anyways but will not enable it in ISPConfig.
    
    Service 'firewall_server' has not been detected (strongly recommended, currently enabled) do you want to disable it?  (yes,no) [yes]: no
    
    Reconfigure Services? (yes,no,selected) [yes]: no
    
    Updating ISPConfig
    Certificate exists. Not creating a new one.
    Reconfigure Crontab? (yes,no) [yes]: no
    
    Update finished.

    Not sure why it didn't detect all those services.. Anyways, it's still working, so not bothering much on this now. I think I will ignore the cert issue for now.
    Thanks for the guidance.
     
    Last edited: May 9, 2021
  9. atmomin2003

    atmomin2003 New Member

    Sorry, I am not great on linux, what do I do to enable authentication?
    Ignore above, I figured I need to setup external smtp server authentication to send emails from my server.
    Thanks
     
    Last edited: May 9, 2021
  10. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Please put such output in code tags. And like Taleman said, let the update script reconfigure services.
     
  11. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    It will be a setting in your email client.
     

Share This Page