Postfix can't receive emails from external domains

Discussion in 'Server Operation' started by ansabhailte, Sep 10, 2012.

  1. ansabhailte

    ansabhailte New Member

    I'm very confused by this and need help.

    I followed this guide to the wire: http://www.howtoforge.com/virtual-u...urier-mysql-and-squirrelmail-ubuntu-12.04-lts

    Everything works fine, except that I can't receive email from any source other than localhost (gmail, etc)

    Here is my main.cf:


    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = /usr/share/doc/postfix

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname = mail.goldenoakit.com
    alias_maps = hash:/etc/aliases
    myhostname = mail.goldenoakit.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = mail.goldenoakit.com, localhost, localhost.localdomain, goldenoakit.com
    relayhost =
    mynetworks = 127.0.0.0/8
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2emai$
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps$
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings


    and here is my master.cf:


    #
    # Postfix master process configuration file. For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ==========================================================================
    587 inet n - - - - smtpd
    #smtp inet n - - - 1 postscreen
    #smtpd pass - - - - - smtpd
    #dnsblog unix - - - - 0 dnsblog
    #tlsproxy unix - - - - 0 tlsproxy
    #submission inet n - - - - smtpd
    # -o syslog_name=postfix/submission
    # -o smtpd_tls_security_level=encrypt
    # -o smtpd_sasl_auth_enable=yes
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    #smtps inet n - - - - smtpd
    # -o syslog_name=postfix/smtps
    # -o smtpd_tls_wrappermode=yes
    # -o smtpd_sasl_auth_enable=yes
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    #628 inet n - - - - qmqpd
    pickup fifo n - - 60 1 pickup
    cleanup unix n - - - 0 cleanup
    qmgr fifo n - n 300 1 qmgr
    cleanup unix n - - - 0 cleanup
    qmgr fifo n - n 300 1 qmgr
    #qmgr fifo n - n 300 1 oqmgr
    tlsmgr unix - - - 1000? 1 tlsmgr
    rewrite unix - - - - - trivial-rewrite
    bounce unix - - - - 0 bounce
    defer unix - - - - 0 bounce
    trace unix - - - - 0 bounce
    verify unix - - - - 1 verify
    flush unix n - - 1000? 0 flush
    proxymap unix - - n - - proxymap
    proxywrite unix - - n - 1 proxymap
    smtp unix - - - - - smtp
    relay unix - - - - - smtp
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n - - - - showq
    error unix - - - - - error
    retry unix - - - - - error
    discard unix - - - - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - - - - lmtp
    anvil unix - - - - 1 anvil
    scache unix - - - - 1 scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent. See the pipe(8) man page for information about ${recipient}

    # Many of the following services use the Postfix pipe(8) delivery
    # agent. See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    # mailbox_transport = lmtp:inet:localhost
    # virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus unix - n n - - pipe
    # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================

    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix - n n - - pipe
    # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp unix - n n - - pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail unix - n n - - pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix - n n - - pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix - n n - 2 pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman unix - n n - - pipe
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    ${nexthop} ${user}

    amavis unix - - - - 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes

    127.0.0.1:10025 inet n - - - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks


    my iptables are as follows:

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6277
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:24441
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2703
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5667
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12489
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25565
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
    LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
    REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

    Chain fail2ban-ssh (1 references)
    target prot opt source destination
    RETURN all -- 0.0.0.0/0 0.0.0.0/0

    and dig -t mx goldenoakit.com returns this:

    ; <<>> DiG 9.8.1-P1 <<>> -t mx goldenoakit.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23416
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 1

    ;; QUESTION SECTION:
    ;goldenoakit.com. IN MX

    ;; ANSWER SECTION:
    goldenoakit.com. 86400 IN MX 10 mail.goldenoakit.com.

    ;; AUTHORITY SECTION:
    goldenoakit.com. 86400 IN NS ns4.linode.com.
    goldenoakit.com. 86400 IN NS ns3.linode.com.
    goldenoakit.com. 86400 IN NS ns2.linode.com.
    goldenoakit.com. 86400 IN NS ns5.linode.com.
    goldenoakit.com. 86400 IN NS ns1.linode.com.

    ;; ADDITIONAL SECTION:
    mail.goldenoakit.com. 86400 IN A 173.255.254.114

    ;; Query time: 133 msec
    ;; SERVER: 74.207.242.5#53(74.207.242.5)
    ;; WHEN: Mon Sep 10 11:25:07 2012
    ;; MSG SIZE rcvd: 167



    Why can't I receive external mail??
     
  2. gscales

    gscales New Member

    Hi ansabhailte;

    Can you also 1) attempt to send an email from another domain outside your network, then 2) include the output from tail -n 25 /var/log/mail.log ?

    Also, the output from "netstat -tap" would be helpful.

    G
     
  3. ansabhailte

    ansabhailte New Member

    You mean try to send an email from Gmail to my postfix?

    josh@nigel:~$ sudo tail -f /var/log/mail.log
    Sep 10 12:11:23 nigel postfix/smtpd[28876]: disconnect from localhost[127.0.0.1]
    Sep 10 12:11:23 nigel amavis[2987]: (02987-13) Passed CLEAN, [99.115.92.105] [99.115.92.105] <[email protected]> -> <[email protected]>, mail_id: HbqWrB82bR4n, Hits: -0.859, size: 75819, queued_as: EAD8F2B2D, 1720 ms
    Sep 10 12:11:23 nigel postfix/smtp[28870]: 9CA032B2C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=1.7/0.01/0/1.7, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EAD8F2B2D)
    Sep 10 12:11:23 nigel postfix/qmgr[28855]: 9CA032B2C: removed
    Sep 10 12:11:25 nigel postfix/smtp[28878]: EAD8F2B2D: to=<[email protected]>, relay=mailin-01.mx.aol.com[205.188.159.42]:25, delay=1.5, delays=0.01/0.01/0.55/0.92, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as AF87A380001C9)
    Sep 10 12:11:25 nigel postfix/qmgr[28855]: EAD8F2B2D: removed
    Sep 10 12:11:25 nigel postfix/smtpd[28862]: disconnect from adsl-99-115-92-105.dsl.lsan03.sbcglobal.net[99.115.92.105]
    Sep 10 12:11:26 nigel imapd: Connection, ip=[::ffff:127.0.0.1]
    Sep 10 12:11:26 nigel imapd: LOGIN, user=[email protected], ip=[::ffff:127.0.0.1], port=[36137], protocol=IMAP
    Sep 10 12:11:26 nigel imapd: LOGOUT, user=[email protected], ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=87, sent=391, time=0


    ^Cjosh@nigel:~$ sudo tail -n 25 /var/log/mail.log
    Sep 10 12:10:49 nigel postfix/postfix-script[28851]: refreshing the Postfix mail system
    Sep 10 12:10:49 nigel postfix/master[3040]: reload -- version 2.9.3, configuration /etc/postfix
    Sep 10 12:10:49 nigel postfix/anvil[28815]: statistics: max connection rate 1/60s for (submission:99.115.92.105) at Sep 10 12:09:37
    Sep 10 12:10:49 nigel postfix/anvil[28815]: statistics: max connection count 1 for (submission:99.115.92.105) at Sep 10 12:09:37
    Sep 10 12:10:49 nigel postfix/anvil[28815]: statistics: max cache size 1 at Sep 10 12:09:37
    Sep 10 12:11:20 nigel postfix/smtpd[28862]: connect from adsl-99-115-92-105.dsl.lsan03.sbcglobal.net[99.115.92.105]
    Sep 10 12:11:20 nigel postfix/smtpd[28862]: 9CA032B2C: client=adsl-99-115-92-105.dsl.lsan03.sbcglobal.net[99.115.92.105], sasl_method=LOGIN, sasl_username=[email protected]
    Sep 10 12:11:20 nigel postfix/cleanup[28869]: 9CA032B2C: message-id=<>
    Sep 10 12:11:22 nigel postfix/qmgr[28855]: 9CA032B2C: from=<[email protected]>, size=75819, nrcpt=1 (queue active)
    Sep 10 12:11:23 nigel postfix/smtpd[28876]: connect from localhost[127.0.0.1]
    Sep 10 12:11:23 nigel postfix/smtpd[28876]: EAD8F2B2D: client=localhost[127.0.0.1]
    Sep 10 12:11:23 nigel postfix/cleanup[28869]: EAD8F2B2D: message-id=<[email protected]>
    Sep 10 12:11:23 nigel postfix/qmgr[28855]: EAD8F2B2D: from=<[email protected]>, size=76352, nrcpt=1 (queue active)
    Sep 10 12:11:23 nigel postfix/smtpd[28876]: disconnect from localhost[127.0.0.1]
    Sep 10 12:11:23 nigel amavis[2987]: (02987-13) Passed CLEAN, [99.115.92.105] [99.115.92.105] <[email protected]> -> <[email protected]>, mail_id: HbqWrB82bR4n, Hits: -0.859, size: 75819, queued_as: EAD8F2B2D, 1720 ms
    Sep 10 12:11:23 nigel postfix/smtp[28870]: 9CA032B2C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=1.7/0.01/0/1.7, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EAD8F2B2D)
    Sep 10 12:11:23 nigel postfix/qmgr[28855]: 9CA032B2C: removed
    Sep 10 12:11:25 nigel postfix/smtp[28878]: EAD8F2B2D: to=<[email protected]>, relay=mailin-01.mx.aol.com[205.188.159.42]:25, delay=1.5, delays=0.01/0.01/0.55/0.92, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as AF87A380001C9)
    Sep 10 12:11:25 nigel postfix/qmgr[28855]: EAD8F2B2D: removed
    Sep 10 12:11:25 nigel postfix/smtpd[28862]: disconnect from adsl-99-115-92-105.dsl.lsan03.sbcglobal.net[99.115.92.105]
    Sep 10 12:11:26 nigel imapd: Connection, ip=[::ffff:127.0.0.1]
    Sep 10 12:11:26 nigel imapd: LOGIN, user=[email protected], ip=[::ffff:127.0.0.1], port=[36137], protocol=IMAP
    Sep 10 12:11:26 nigel imapd: LOGOUT, user=[email protected], ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=87, sent=391, time=0
    Sep 10 12:12:18 nigel imapd: Connection, ip=[::ffff:99.115.92.105]
    Sep 10 12:12:18 nigel imapd: LOGIN, user=[email protected], ip=[::ffff:99.115.92.105], port=[6376], protocol=IMAP

    The weird thing is that mail.log doesnt seem to record any errors, and mail.err has nothing relevant.

    Forgot to add netstat -tap:

    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 localhost:10024 *:* LISTEN 2431/amavisd (maste
    tcp 0 0 localhost:10025 *:* LISTEN 3040/master
    tcp 0 0 localhost:mysql *:* LISTEN 2165/mysqld
    tcp 0 0 *:submission *:* LISTEN 3040/master
    tcp 0 0 *:ftp *:* LISTEN 2069/vsftpd
    tcp 0 0 *:ssh *:* LISTEN 2108/sshd
    tcp 0 0 nigel.goldenoakit:34597 adsl-99-115-92-10:12489 TIME_WAIT -
    tcp 0 0 nigel.goldenoakit:59238 adsl-99-36-141-12:12489 TIME_WAIT -
    tcp 0 0 nigel.goldenoakit:34595 adsl-99-115-92-10:12489 TIME_WAIT -
    tcp 0 192 nigel.goldenoakit.c:ssh adsl-75-28-136-56:39971 ESTABLISHED 26356/sshd: josh [p
    tcp6 0 0 [::]:imaps [::]:* LISTEN 2871/couriertcpd
    tcp6 0 0 [::]:pop3s [::]:* LISTEN 2909/couriertcpd
    tcp6 0 0 [::]:submission [::]:* LISTEN 3040/master
    tcp6 0 0 [::]:pop3 [::]:* LISTEN 2887/couriertcpd
    tcp6 0 0 [::]:imap2 [::]:* LISTEN 2849/couriertcpd
    tcp6 0 0 [::]:http [::]:* LISTEN 3194/apache2
    tcp6 0 0 [::]:ssh [::]:* LISTEN 2108/sshd
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:33669 ESTABLISHED 25775/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:53946 ESTABLISHED 26270/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:36333 ESTABLISHED 29755/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-105:7181 ESTABLISHED 29869/imapd
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-105:6496 ESTABLISHED 29038/imapd
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:52259 ESTABLISHED 25777/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:53950 ESTABLISHED 26272/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-105:7178 ESTABLISHED 29868/imapd
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:54962 ESTABLISHED 28432/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-105:1291 ESTABLISHED 25055/imapd
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:40477 ESTABLISHED 29752/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:52823 ESTABLISHED 25770/couriertls
    tcp6 0 0 nigel.goldenoakit:imaps adsl-75-28-136-56:40566 ESTABLISHED 28428/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-10:64725 ESTABLISHED 24436/imapd
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:48019 ESTABLISHED 25768/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:54964 ESTABLISHED 28435/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-10:65447 ESTABLISHED 24817/imapd
    tcp6 0 0 nigel.goldenoakit:imaps adsl-75-28-136-56:39555 ESTABLISHED 26266/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:38579 ESTABLISHED 25779/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:37680 ESTABLISHED 29758/couriertls
    tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-105:6294 ESTABLISHED 28820/imapd
     
    Last edited: Sep 10, 2012
  4. ansabhailte

    ansabhailte New Member

    Hmm

    I'm not sure if this has anything to do with it, but my hostname is nigel.goldenoakit.com and I also have mail.goldenoakit.com. I set up postfix to use mail, but do you think having that be different than the hostname would affect anything?
     
  5. gscales

    gscales New Member

    Hi ansabhailte;

    I would use my actual hostname if I were you;

    From your master.cf, above:

    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

    My maildrop line:

    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}

    See the difference? I would put a space or two before the first character on every continuation line in that file, for one thing. In your log, you see the message come in, but don't see it delivered to a mailbox. Maybe it's reading that statement wrong?

    G

    ps ... this forum program is removing the leading space on the continuation line, so never mind on that. But still your maildrop line lacks all the vmail stuff ...
     
    Last edited: Sep 10, 2012
  6. ansabhailte

    ansabhailte New Member

    Now I'm getting this

    Sep 10 13:06:08 nigel postfix/master[3040]: fatal: /etc/postfix/master.cf: line 98: bad transport type: user=vmail

    from mail.log
     
  7. ansabhailte

    ansabhailte New Member

    This

    It sounds like my problem is similar to this guys:

    Hi guys,

    after much pulling out (of grey hairs only), i finally realised this was a transport issue.
    The transport data was being held in Mysql, and was not being resolved.

    My best guess is that because i had smtp:mail.mydomain.com as the only transport it therefor wouldn't know about anything locally.

    anyhow - all sorted now, will more on to more exciting things now

    Thanks for the hand!

    Grant


    But I'm not sure how to go about fixing this.
     
  8. ansabhailte

    ansabhailte New Member

    I have been setting up email addresses like this through MySQL:

    INSERT INTO `domains` (`domain`) VALUES ('example.com');
    INSERT INTO `users` (`email`, `password`, `quota`) VALUES ('[email protected]', ENCRYPT('secret'), 10485760);

    Do I also need to add anything like this?:

    INSERT INTO `transport` (`domain`, `transport`) VALUES ('example.com', 'smtp:mail.example.com');
     
  9. ansabhailte

    ansabhailte New Member

    ok

    Disregard the last 3 replies. I didn't put white space in front of the line you gave me to replace. That's taken care of now.

    Still can't receive email. Nothing shows up in the mail log either.
     
  10. gscales

    gscales New Member

    If you type in the command "mailq", does it show a bunch of stuff trapped in the queue? To me, the log seems to indicate the incomming mail is being queued but not delivered. If you use web mail and deliver it to another mail box at the same domain, does it deliver?

    G
     
  11. ansabhailte

    ansabhailte New Member

    No, nothing in the queue.

    Of course, the logfile that I posted shows a lot of activity because all the addresses can successfully send/receive to each other, and can send mail to anybody (including gmail)


    I don't get it. Everything works except for receiving from external hosts. And mail.log never shows anything for that; not even rejected messages. And Gmail doesnt show delay/failure notices.
     
  12. ansabhailte

    ansabhailte New Member

    What should the permissions be for /var/spool/postfix/var/run/saslauthd?

    saslauthd returns this:

    drwx--x--- 2 root sasl 4096 Sep 10 19:46 saslauthd

    and the contents return this:

    -rw------- 1 root root 0 Sep 10 19:46 cache.flock
    -rw------- 1 root root 945152 Sep 10 19:46 cache.mmap
    srwxrwxrwx 1 root root 0 Sep 10 19:46 mux
    -rw------- 1 root root 0 Sep 10 19:46 mux.accept
    -rw------- 1 root root 5 Sep 10 19:46 saslauthd.pid
     
  13. ansabhailte

    ansabhailte New Member

    one more thing

    I just ran testsaslauthd:

    sudo testsaslauthd -u [email protected] -p *password* -f /var/spool/postfix/var/run/saslauthd/mux -s submission

    (I'm running smtp on 587 not 25) and it returns:

    NO "authentication failed"

    auth.log shows this:

    Sep 10 20:30:33 nigel saslauthd[5002]: pam_unix(submission:auth): check pass; user unknown
    Sep 10 20:30:33 nigel saslauthd[5002]: pam_unix(submission:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
    Sep 10 20:30:35 nigel saslauthd[5002]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
    Sep 10 20:30:35 nigel saslauthd[5002]: do_auth : auth failure: [service=submission] [realm=] [mech=pam] [reason=PAM auth error]


    Also, when I run:

    sudo testsaslauthd -u [email protected] -p *password* -s submission

    it returns:

    connect() : No such file or directory

    I'm thinking my problem lies within the SASL area... that would explain why I can receive mail from local accounts.

    edit: I'm running postfix chrooted, per Falko's guide (linked at top of thread)

    edit2: When I run testsaslauthd with -u josh -p *password* (being my UNIX username and password, not my MySQL email username and password) I get:

    OK "Success."
     
    Last edited: Sep 11, 2012
  14. ansabhailte

    ansabhailte New Member

    Ok, I've figured out the problem.

    I run testsaslauthd with mail_admin as the username (the account courier should be using) and the authentication fails.

    If I run it using root as the user it succeeds, and also if I use my local UNIX account (josh).

    But I've configured everything to use mail_admin. Any idea why mail_admin can't authenticate?

    edit: I read that Cyrus SASL doesn't support encrypted SQL passwords? Is this still true? (I read it on a forum thread from 2008) I'm not sure if it would still be true since your guide says to use encrypted passwords...
     
    Last edited: Sep 11, 2012
  15. gscales

    gscales New Member

    Just so you know ... my system is able to receive and the above looks identical on my system ...
     
  16. gscales

    gscales New Member

    What are the contents of your /etc/postfix/sasl/smtpd.conf ?
     
  17. ansabhailte

    ansabhailte New Member

    cat /etc/postfix/sasl/smtpd.conf

    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: sql
    sql_engine: mysql
    sql_hostnames: 127.0.0.1
    sql_user: mail_admin
    sql_passwd: *password*
    sql_database: mail
    sql_select: select password from users where email = '%u@%r'
     
  18. gscales

    gscales New Member

    Lemme grok your smtp.conf for a minute ... meanwhile ... the following two statements are missing from your main.cf as compared to mine:

    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop

    You are specifying maildrop in your master.cf ... did you leave those out on purpose?
     
  19. ansabhailte

    ansabhailte New Member

    No, I just followed the guide by Falko. He left them out.

    edit: I went ahead and added those lines.
     
    Last edited: Sep 11, 2012
  20. gscales

    gscales New Member

    Ok, well, let's reason for a minute.

    According to your main.cf, master.cf, and sasl/smtpd.conf, you are sending email to remote hosts requiring SASL authentication, sending that authentication via plain text (non-encrypted) on port 587 (submission) ... and that is working. If you were sending using encryption, you'd be using port 465 and have some more parameters set up. If you are able to successfully send an email, I'd say SASL is working, and getting the correct username and password out of MySQL. Agree?

    Now ... receiving. If you can log in to read your mail, you are authenticating, correct?

    I don't think there is any authentication involved in the mail transport agent (MTA) receiving mail from a remote host. I don't think there is any authentication involved either in delivering that mail to a mailbox. So, even though it may seem like authentication is involved ... to me, it doesn't seem so. Agree/disagree with my logic?
     

Share This Page