Hello all, It is my first time configuring postfix and I've learned a lot the past couple of days from the community, thank you.
My problem is in receiving mail, it doesn't have a problem sending out test mails from the Linux command prompt (using: echo "test" | mail -s testsubject testem...@hotmailorwhereever.com) or from a client like zimbra/ms outlook. It is sending through port 465 as a defense against abuse: Aug 20 12:46:25 myserver postfix/smtpd[10086]: connect from ipxx-xxx-xxx-xxx.dc.dc.cox.net[xx.xxx.xxx.xxx] Aug 20 12:46:25 myserver postfix/smtpd[10086]: setting up TLS connection from ipxx-xxx-xxx-xxx.dc.dc.cox.net[xx.xxx.xxx.xxx] Aug 20 12:46:25 myserver postfix/smtpd[10086]: Anonymous TLS connection established from ipxx-xxx-xxx-xxx.dc.dc.cox.net[xx.xxx.xxx.xxx]: TLSv1 with cipher RC4-MD5 (128/128 bits) Aug 20 12:46:26 myserver postfix/smtpd[10086]: 85A921E50E: client=ipxx-xxx-xxx-xxx.dc.dc.cox.net[xx.xxx.xxx.xxx], sasl_method=LOGIN, sasl_username=me Aug 20 12:46:26 myserver postfix/cleanup[10092]: 85A921E50E: message-id=<xxxxxxxx.1201250768782000.javamail.mehp-...@mehp-pc> Aug 20 12:46:26 myserver postfix/qmgr[10077]: 85A921E50E: from=<m...@mydomainnamehere.org>, size=609, nrcpt=1 (queue active) Aug 20 12:46:26 myserver postfix/smtpd[10086]: disconnect from ipxx-xxx-xxx-xxx.dc.dc.cox.net[xx.xxx.xxx.xxx] Aug 20 12:46:27 myserver dovecot: pop3-login: Login: user=<me>, method=PLAIN, rip=xx.xxx.xxx.xxx, lip=xx.xxx.xx.xxx, TLS Aug 20 12:46:28 myserver dovecot: POP3(me): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Aug 20 12:46:28 myserver postfix/smtp[10093]: 85A921E50E: to=<test...@gmail.com>, relay=gmail-smtp-in.l.google.com[209.85.217.5]:25, delay=1.8, delays=0.27/0.01/0.56/0.95, dsn=2.0.0, status=sent (250 2.$ Aug 20 12:46:28 myserver postfix/qmgr[10077]: 85A921E50E: removed Aug 20 12:49:46 myserver postfix/anvil[10089]: statistics: max connection rate 1/60s for (smtps:68.227.203.231) at Aug 20 12:46:25 Aug 20 12:49:46 myserver postfix/anvil[10089]: statistics: max connection count 1 for (smtps:68.227.203.231) at Aug 20 12:46:25 Aug 20 12:49:46 myserver postfix/anvil[10089]: statistics: max cache size 1 at Aug 20 12:46:25 Aug 20 13:00:31 myserver postfix/postfix-script[10162]: warning: /var/spool/postfix/etc/hosts and /etc/hosts differ Aug 20 13:00:43 myserver postfix/postfix-script[10304]: warning: /var/spool/postfix/etc/hosts and /etc/hosts differ So far, the ports are open, except for 25 (verified with tools online): nmap mail.mydomainnamehere.org Starting Nmap 4.62 ( http://nmap.org ) at 2009-08-20 12:13 BST Interesting ports on mydomainnamehere.org (68.xxx.xx.xxx): Not shown: 1709 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 465/tcp open smtps 993/tcp open imaps 995/tcp open pop3s Nmap done: 1 IP address (1 host up) scanned in 0.145 seconds My original understanding was that postfix would send out mail from the server only, but then I discovered that it also receives mail as well to deliver to my server box ...hence the conceptual grouping with the term, "mail transfer agent" (MTA). The major problems in the setup include (1 through 2): #1>> Accepting emails from external sources, such as from my gmail account to myserver, as /var/log/mail.log indicates. Aug 20 11:33:50 myserver postfix/smtpd[9888]: connect from unknown[67.52.59.170] Aug 20 11:33:50 myserver postfix/smtpd[9888]: setting up TLS connection from unknown[67.52.59.170] Aug 20 11:34:16 myserver postfix/smtpd[9870]: SSL_accept error from mail-yw0-f193.google.com[209.85.211.193]: -1 Aug 20 11:34:16 myserver postfix/smtpd[9870]: lost connection after CONNECT from mail-yw0-f193.google.com[209.85.211.193] Aug 20 11:34:16 myserver postfix/smtpd[9870]: disconnect from mail-yw0-f193.google.com[209.85.211.193] Here is my /etc/postfix/master.cf file: # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== #smtp inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_sender=yes # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o broken_sasl_auth_clients=yes #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_tls_wrappermode=yes # -o broken_sasl_auth_clients=yes # -o smtpd_reject_unlisted_sender=yes # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o broken_sasl_auth_clients=yes -o smtpd_reject_unlisted_sender=yes # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} #2>> I would like to rebuild or access my inbox. I lost access to reading email. I would like to make sure pop3s/imaps can get the postfix mail. /etc/dovecot/dovecot.conf is set to: ## ## Maildir-specific settings ## ...section is all commented out except for: default_mail_env = maildir:~/Maildir:mbox:~/mail/ (at the bottom of the entire file) ...while postfix is set to home_mailbox = Maildir/ ...within /etc/posfix/main.cf (full info below): # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.mydomainnamehere.org alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = mydomainnamehere mydestination = mail.mydomainnamehere.org, mydomainnamehere.org, localhost.mydomainnamehere.org, localhost, localhost.localdomain mailbox_command = mailbox_size_limit = 0 recipient_delimiter = + inet_protocols = all relay_domains = mydomainnamehere.org smtpd_sasl_local_domain = mydomainnamehere.org smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth local_recipient_maps = smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom relayhost = home_mailbox = Maildir/ mynetworks = 127.0.0.0/8 inet_interfaces = all smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes My thanks for taking the time to assist the community. Regards, Paul
