Postfix - can't send/recieve mails to/from outside world Hello everyone: I followed the Perfect Setup Ubuntu 7.04 to install my server. Almost everything works ok, but Postfix throws some errors. These are the cases: NOTE: I've changed the servers' real names...I use myserver.com (my linux server) and recipient.com (external mail server) 1. If I try to send messages from Webmin mail interface (to addresses different to gmail.com and local - this does works ok) Postfix says it can't deliver the mails, here is part of my /var/log/mail.log Code: Nov 16 18:38:23 myserver postfix/smtp[12426]: certificate verification failed for recipient.com: num=18:self signed certificate Nov 16 18:38:24 myserver postfix/smtp[12426]: 2D2F397C3E2: to=<[email protected]>, relay=recipient[72.71.70.69]:25, delay=3.3, delays=0.02/0.$ Nov 16 18:38:24 myserver postfix/cleanup[12424]: 7C57597C3E3: message-id=<[email protected]> Nov 16 18:38:24 myserver postfix/bounce[12428]: 2D2F397C3E2: sender non-delivery notification: 7C57597C3E3 Nov 16 18:38:24 myserver postfix/qmgr[29547]: 7C57597C3E3: from=<>, size=2485, nrcpt=1 (queue active) Nov 16 18:38:24 myserver postfix/qmgr[29547]: 2D2F397C3E2: removed Nov 16 18:38:24 myserver postfix/local[12429]: 7C57597C3E3: to=<[email protected]>, relay=local, delay=0.02, delays=0.01/0/0/0, dsn=2.0.0, status=sent (delivered $ Nov 16 18:38:24 myserver postfix/qmgr[29547]: 7C57597C3E3: removed 2. I can't neither send nor receive messages with my email clients (thunderbird and evolution). I checked the "server requires authentication" option, using every possible combination (TLS, SSL, No security, etc) but it time outs the connection. 3. I can send messages to gmail.com and yahoo.com (with some troubles, I use the "force queued" webmin feature ), but not to hotmail.com This is my main.cf Code: smtpd_banner = $myhostname ESMTP $mail_name (Linux) biff = no append_dot_mydomain = no # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache myhostname = myserver.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = relayhost = mynetworks = 127.0.0.0/8 mailbox_command = mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom virtual_maps = hash:/etc/postfix/virtusertable home_mailbox = Maildir/ My master.cf is: Code: smtp inet n - - - - smtpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o fallback_relay= showq unix n - - - - showq error unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} My /etc/postfix/local-host-names is: Code: # ISPConfig local-host-names Configuration File localhost myserver.com localhost.myserver.com localhost.com localhost.localdomain I'm not using ISPConfig, but I'd installed it. I did do the next step: Code: "If you do not want to use ISPConfig, configure Postfix to deliver emails to a user's Maildir*: postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command =' /etc/init.d/postfix restart" I did it because I don't use it. I did "telnet localhost 25" and this is the result: Code: [email protected]:~$ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 myserver.com ESMTP Postfix (Linux) ehlo localhost 250-myserver.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host. _________FOLLOW IN THE NEXT POST DUE TO SIZE RESTRICTION__________
Postfix - can't send/recieve mails to/from outside world (part 2) My netstat -tap shows thw following: Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:afs3-update *:* LISTEN 12178/nxagent tcp 0 0 localhost:2208 *:* LISTEN 8820/hpiod tcp 0 0 *:mysql *:* LISTEN 31881/mysqld tcp 0 0 *:netbios-ssn *:* LISTEN 4567/smbd tcp 0 0 *:webmin *:* LISTEN 21962/perl tcp 0 0 *:www *:* LISTEN 1678/apache2 tcp 0 0 *:81 *:* LISTEN 4776/ispconfig_http tcp 0 0 *:ftp *:* LISTEN 23734/proftpd: (acc tcp 0 0 myserver.local:domain *:* LISTEN 4963/named tcp 0 0 localhost:domain *:* LISTEN 4963/named tcp 0 0 localhost:ipp *:* LISTEN 3240/cupsd tcp 0 0 *:smtp *:* LISTEN 29542/master tcp 0 0 localhost:953 *:* LISTEN 4963/named tcp 0 0 localhost:6010 *:* LISTEN 12890/sshd: [email protected] tcp 0 0 *:https *:* LISTEN 1678/apache2 tcp 0 0 *:microsoft-ds *:* LISTEN 4567/smbd tcp 0 0 localhost:2207 *:* LISTEN 8823/python tcp 0 0 localhost:35912 localhost:5008 ESTABLISHED12925/nxssh tcp 0 0 localhost:5008 localhost:35912 ESTABLISHED12178/nxagent tcp 0 0 localhost:41708 localhost:ssh TIME_WAIT - tcp 0 0 localhost:41706 localhost:ssh TIME_WAIT - tcp 0 0 localhost:41707 localhost:ssh TIME_WAIT - tcp 0 0 localhost:41086 localhost:ssh ESTABLISHED12159/nxssh tcp6 0 0 *:afs3-update *:* LISTEN 12178/nxagent tcp6 0 0 *:imaps *:* LISTEN 4432/couriertcpd tcp6 0 0 *:pop3s *:* LISTEN 4476/couriertcpd tcp6 0 0 *:pop3 *:* LISTEN 4445/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 4412/couriertcpd tcp6 0 0 *:domain *:* LISTEN 4963/named tcp6 0 0 *:ssh *:* LISTEN 4601/sshd tcp6 0 0 *:smtp *:* LISTEN 29542/master tcp6 0 0 ip6-localhost:953 *:* LISTEN 4963/named tcp6 0 0 ip6-localhost:6010 *:* LISTEN 12890/sshd: [email protected] tcp6 0 0 localhost:ssh localhost:41086 ESTABLISHED12160/sshd: myuser [pr tcp6 0 0 ::ffff:10.20.14.76%:ssh dsl-189-164-188-2:55574 ESTABLISHED11999/sshd: myuser [pr tcp6 0 2592 ::ffff:10.20.14.76%:ssh dsl-189-164-188-2:59810 ESTABLISHED12888/sshd: nx [pri I don't know why, but I found the following in my /var/log/mail.err Code: Nov 15 18:19:24 imep postfix/sendmail[23609]: fatal: usage: sendmail [options] Nov 15 18:19:34 imep postfix/sendmail[23614]: fatal: usage: sendmail [options] The returned messages shows: Code: This is the mail system at host myserver.com I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <[email protected]>: host recipient.com[72.29.90.31] said: 550-Verification failed for <[email protected]> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command) and Code: Reason for failure 550-Verification failed for <[email protected]> 550-No I know the user exists in recipient.com because that account is mine. 4. If I try to send messages from gmail.com to [email protected] gmail returns the following: Code: Delivery to the following recipient failed permanently: [email protected] Technical details of permanent failure: PERM_FAILURE: SMTP Error (state 13): 554 <[email protected]>: Relay access denied Please, Heeelp! I losing my mind due to this trouble! Sorry, but I don't speak english, I hope you can understand. Thanks in advance.
mydestination should read Code: mydestination = /etc/postfix/local-host-names in /etc/postfix/main.cf. Also make sure that your server isn't blacklisted ( http://www.mxtoolbox.com/blacklists.aspx ) and that your ISP doesn't block port 25.
Not blacklisted first, thanks a lot for your answer... second: 1. My server isn't blocked. 2. now, mydestination = /etc/postfix/local-host-names, but postfix throws the same errors as shown at my first and second posts. 3. I don't know if my ISP is blocking the port 25, how can I know that? Supposing that my ISP is blocking the port 25, isn't it supposed that this port is to send mails and not for receive mails? and, isn't it supposed that blocking the port doesn't allow the incoming mails and outgoing mail should be received by recipients? Why I can't send mail from gmail to my server? isn't supposed that the mail is received through POP3 or IMAP port? it could be because the ports IMAP/993 and POP3/995 could be blocked? I understand that, if I want to send mails through myserver.com with Evolution and the port 25 is blocked in my server, Evolution will not be able to send them. And that sending mails from my server's web-based mail client to servers that requires server authentication will no be possible due to the fact that I can't select the "server requires authentication" option in a web-based mail client. But, is there a web-based mail client which have such option? Thanks in advance...
smtp, pop, imap Does this means that port 25 is open? Code: tcp 0 0 *:smtp *:* LISTEN 29542/master tcp6 0 0 *:imaps *:* LISTEN 4432/couriertcpd tcp6 0 0 *:pop3s *:* LISTEN 4476/couriertcpd tcp6 0 0 *:pop3 *:* LISTEN 4445/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 4412/couriertcpd tcp6 0 0 *:smtp *:* LISTEN 29542/master
Ask your ISP. The whole SMTP communication happens on port 25. Your mailserver sends out mails on port 25, and the receiving server gets it on port 25 (and the other way round). Port 110 (POP3) is used only when your mail client (Outlook, Thunderbird, etc.) connets to your mail server to fetch mails. You don't need this in a webmail client because most mail servers allow connections from localhost without authentication, and a webmail client aƶmost always connects to a mailserver on localhost.
port is not blocked Again, thanks for your answer... My ISP says that my port 25 isn't blocked in any way, and I don't have any iptables rules or any other type of firewall; nmap shows that port is open, but shows the port as "open|filtered", shows my SSH port "open|filtered" too and I can connect to my server with no problems through port 22. what could be wrong? thanks in advance
One step beyond Well, I edited the encryption settings in Evolution Mail and Thunderbird and now I can send messages to servers not requiring server authentication as gmail, yahoo (not hotmail). I was using SSL to send messages instead of TSL or No Encryption (with this last options I can send messages through Evo and Thunderbird), I can't do it with SSL selected. Although I can send mails to some servers thtough Evo, I can't fetch the mails from myserver.com to Evo. Please help! If I send a mail (through Evo) to a server that requires server authentication, my mail.log shows the following: Code: Nov 19 18:10:23 myserver postfix/pickup[1859]: D07C1B24001: uid=0 from=<[email protected]> Nov 19 18:10:23 myserver postfix/cleanup[2884]: D07C1B24001: message-id=<[email protected]> Nov 19 18:10:23 myserver postfix/qmgr[21868]: D07C1B24001: from=<[email protected]>, size=13884, nrcpt=2 (queue active) Nov 19 18:10:26 myserver postfix/smtp[2886]: certificate verification failed for recipient.com: num=18:self signed certificate Nov 19 18:10:26 myserver postfix/smtp[2887]: D07C1B24001: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[209.85.147.27]:25, delay=2.9, delays=0.02/$ Nov 19 18:10:27 myserver postfix/smtp[2886]: D07C1B24001: to=<[email protected]>, relay=recipient.com[55.29.80.31]:25, delay=3.4, delays=0.02/0.0$ Nov 19 18:10:27 myserver postfix/cleanup[2884]: 488A197C3DD: message-id=<[email protected]> Nov 19 18:10:27 myserver postfix/bounce[2888]: D07C1B24001: sender non-delivery notification: 488A197C3DD Nov 19 18:10:27 myserver postfix/qmgr[21868]: 488A197C3DD: from=<>, size=15798, nrcpt=1 (queue active) Nov 19 18:10:27 myserver postfix/qmgr[21868]: D07C1B24001: removed Nov 19 18:10:27 myserver postfix/local[2889]: 488A197C3DD: to=<[email protected]>, relay=local, delay=0.02, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered t$ Nov 19 18:10:27 myserver postfix/qmgr[21868]: 488A197C3DD: removed If I send a mail (through Evo) to hotmail, my mail.log shows the following: Code: Nov 19 18:19:21 imep postfix/smtpd[3003]: warning: 189.164.188.21: hostname dsl-189-164-188-21.prod.com verification failed: Name or service no$ Nov 19 18:19:21 imep postfix/smtpd[3003]: connect from unknown[189.164.188.21] Nov 19 18:19:22 imep postfix/smtpd[3003]: 20EAB97C3D9: client=unknown[189.40.188.21], sasl_method=PLAIN, sasl_username=myuser Nov 19 18:19:22 imep postfix/cleanup[3007]: 20EAB97C3D9: message-id=<[email protected]> Nov 19 18:19:22 imep postfix/qmgr[21868]: 20EAB97C3D9: from=<[email protected]>, size=567, nrcpt=2 (queue active) Nov 19 18:19:22 imep postfix/smtpd[3003]: disconnect from unknown[189.164.188.21] Nov 19 18:19:23 imep postfix/smtp[3008]: 20EAB97C3D9: to=<[email protected]>, relay=mx3.hotmail.com[65.54.244.200]:25, delay=1, delays=0.36/0.01/0.41$ Nov 19 18:19:23 imep postfix/smtp[3008]: 20EAB97C3D9: to=<[email protected]>, relay=mx3.hotmail.com[65.54.244.200]:25, delay=1, delays=0.36/0.01/0.41/0.2$ Nov 19 18:19:23 imep postfix/qmgr[21868]: 20EAB97C3D9: removed I appreciate your help. Thanks in advance.
two steps beyond Well, I edited the encryption settings in POP3 Evolution Mail and Thunderbird (now is SSL) and and now I can receive messages from my server. I think this could be very difficult to the final users to configure theirs outlook/thunderbird with POP3 SSL and SMPT TSL. Is there a way in which I don't need to put SSL to POP3? I still can't send mails through Evo and gmail (etc webmails )to my server...
Are you sure you followed the tutorial as close as possible? Because you don't need SSL to connect to the server.
tutorial Yes, but I see something weird in the SSL certificate, Thunderbird says something like: "you're trying to connect to myserver.com but the SSL certificate owns to localhost"
Here again Hi, I've followed again the Perfect setup 7.04 tutorial, after uninstall what I'd installed the first time. Same errors occurred, please, what can I do?
reconfigure Ok, but now I have my postfix configured to work with TLS and SSL, how can I reconfigure it to work without TLS and SSL and to work with the normal ports?
switch ports When you say: "try to use normal POP3 (port 110) and SMTP (port 25)", do you mean I need to change a configuration in some place? where I need to switch the ports? Thanks again and sorry, I'm a newbie as you can see
Testing Well, I don't know if this is what you asked for, but: These are the cases using Thunderbird: INCOMING MAIL 1. I can't receive mails if one of the Code: "TLS, if available" (Port 110), "TLS" (Port 110), or "Never" (Port 110) options is selected, Thunderbird returns Code: Connection to server myserver.com timed out 2. I cant' receive mails if "use secure authentication" option is selected, it doesn't matter which option of point 1 is selected. Thunderbird returns: Code: "Mail server does not support secure authentication" 3. I can fetch mails only if I select the "SSL(Port 995) option in "Use secure connection" and if I don't select "use secure authentication". OUTGOING MAIL 1. In "Security and Authentication" I select "Use name and password", User name: myuser. If I select "Use secure connection->No" (Port 25) I can send messages to gmail and yahoo, but hotmail (no errors are returned, simply the mail doesn't appear in hotmail inbox). I can send messages to some domains different to gmail and yahoo (those domains aren't public webmail services) , but I can send mails to 2 domains in different shared hostings. Code: <[email protected]_hosting_domain.com>: host shared_hosting_domain.com[73.69.10.37] said: 550-Verification failed for <[email protected] > 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command) 2. If I select "Use secure connection->TLS" (Port 25) Thunderbird throws the following in an alert window: Code: Unable to verify the identity of MYSITE as a trusted site. Posible reasons for this error: -Your browser does not recognize the Certificate Authority that issued the site's certificate. -The site's certificate is incomplete due to a server misconfiguration. -You are connected to a site pretending to be MYSITE, posible to obtain your confidential information. Please notify the site's webmaster about this problem. Before accepting this certificate, you should examine this site's certificate carefully. Are you willing to accept this certificate for the purpose of identifying the Web Site MYSITE Button -> Examine Certificate... [ ] Accept this certificate permanently [x] Accept this certificate temporarily for this session [ ] Do not accept... If a click in the "Examine Certificate" button shows: Code: Could not verify this certificate for unknown reasons. Sometimes shows: Code: Issued To: Common Name (CN) MYSITE bla bla bla other times shows: Code: Issued To: Common Name (CN) localhost bla bla bla After accepting the certificate, the mails are either sent or rejected the same way I wrote in point 1 of INCOMING MAIL 3. If I select "Use secure connection->SSL" (Port 465) Thunderbird throws the following after a few seconds: Code: Sending of message failed. The message could not be sent because connecting to SMTP server myserver.comfailed. The server may be unavailable or is refusing SMTP connections. As an interesting fact, port 465 is closed. Well, these are the cases
Netstat and iptables netstat -tap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:2208 *:* LISTEN 8820/hpiod tcp 0 0 *:7010 *:* LISTEN 16527/nxagent tcp 0 0 *:mysql *:* LISTEN 31881/mysqld tcp 0 0 *:netbios-ssn *:* LISTEN 4567/smbd tcp 0 0 *:www *:* LISTEN 6086/apache2 tcp 0 0 *:webmin *:* LISTEN 21962/perl tcp 0 0 *:81 *:* LISTEN 4776/ispconfig_http tcp 0 0 *:ftp *:* LISTEN 23734/proftpd: (acc tcp 0 0 myserver.local:domain *:* LISTEN 4963/named tcp 0 0 localhost:domain *:* LISTEN 4963/named tcp 0 0 localhost:ipp *:* LISTEN 29168/cupsd tcp 0 0 *:smtp *:* LISTEN 23194/master tcp 0 0 localhost:953 *:* LISTEN 4963/named tcp 0 0 *:https *:* LISTEN 6086/apache2 tcp 0 0 *:microsoft-ds *:* LISTEN 4567/smbd tcp 0 0 localhost:2207 *:* LISTEN 8823/python tcp 0 0 localhost:57756 localhost:ssh ESTABLISHED16508/nxssh tcp6 0 0 *:imaps *:* LISTEN 18748/couriertcpd tcp6 0 0 *:7010 *:* LISTEN 16527/nxagent tcp6 0 0 *:pop3s *:* LISTEN 18653/couriertcpd tcp6 0 0 *:pop3 *:* LISTEN 18593/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 18698/couriertcpd tcp6 0 0 *:domain *:* LISTEN 4963/named tcp6 0 0 *:ssh *:* LISTEN 4601/sshd tcp6 0 0 *:smtp *:* LISTEN 23194/master tcp6 0 0 ip6-localhost:953 *:* LISTEN 4963/named tcp6 0 3268 ::ffff:10.20.14.76%:ssh dsl-189-164-12-234:1882 ESTABLISHED31832/sshd: myuser [pr tcp6 0 0 localhost:ssh localhost:57756 ESTABLISHED16509/sshd: myuser [pr iptables -L (with sudo) Code: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination iptables -L (without sudo, I mean with myuser) Code: iptables v1.3.6: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. Thanks again!!
Mail Problems Falko, I am having the same problem. I get the 'Bounce' message (see attached file 'bounce.txt') when I send messages to hotmail. Mydestination reads : - Code: /etc/postfix/main.cf. I have checked & my IP is on the 'Black-List' (see attached file 'blacklist.txt' - some of the sites are in a foreign language and I can't even read the reason for being placed on there). How do I remove it/get it removed? How did it get there? One suggestion is because I have a Dynamic IP address. I am a subscriber to DynDNS.com as a result of having a dynamic IP address. Can I use this facility to prevent being blocked? My ISP does not block port 25. How do I fix the problem?? Please help.