I can send, but I not reciving any outside emails in my domain

August 27, 2015 3.4k views
Configuration Management Messaging Ubuntu
fredmosc
By:
fredmosc

HI,

I instaled in my droplet the ISPConfig 3, following these steps https://www.howtoforge.com/tutorial/perfect-server-ubuntu-15.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/

I instaled too OPENDKim signature and RoundCube webmail

Well,... I have a domain with google MX records, and works well. So I have some domains with local MX, I can send emails normaly, but I still can't recive outside droplet emails.

I read a lot of material but nothing working... :(

Can anybody help me?

thanks

FM

Log In to Comment
3 Answers
eldin August 27, 2015

Hello and welcome to Digitalocean

Could you post your /var/log/mail.log and your Postfix and Dovecot configuration

PS: I would recommend you to read this tutorial Mailserver with Postfix Dovecot and Mysql

Reply
  • fredmosc August 27, 2015

    Hi Eldin,

    thanks for response...

    my mail.log i shared at dropbox (https://www.dropbox.com/s/0ur8h9uhz18bn1y/mail.log?dl=0)

    my Postfix main.cf file: 

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = odin.fmagenciadigital.com.br
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = odin.fmagenciadigital.com.br, localhost, localhost.localdomain, mail.phoenixbrazil.com, phoenixbrazil.com
relayhost = 
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = 
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
smtpd_tls_security_level = may
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
#content_filter = amavis:[127.0.0.1]:10024
#receive_override_options = no_address_mappings

milter_protocol = 2
milter_default_action = accept

smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

    my Dovecot conf file:

    listen = *,[::]
protocols = imap pop3
auth_mechanisms = plain login
disable_plaintext_auth = no
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_privileged_group = vmail
postmaster_address = postmaster@odin.fmagenciadigital.com.br
ssl_cert = </etc/postfix/smtpd.cert
ssl_key = </etc/postfix/smtpd.key
ssl_protocols = !SSLv2 !SSLv3
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  quota = dict:user::file:/var/vmail/%d/%n/.quotausage
  sieve=/var/vmail/%d/%n/.sieve
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0600
    user = vmail
  }
  user = root
}
service imap-login {
  client_limit = 1000
  process_limit = 500
}
protocol imap {
  mail_plugins = quota imap_quota
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
  mail_plugins = quota
}
protocol lda {
  mail_plugins = sieve quota
}

    I saw the tutorial, I think the ISPConfig 3 authomatized all.

    Thanks

    FM

fredmosc August 27, 2015
[deleted]
Reply
eldin August 28, 2015

@fredmosc I found your Problem :-) look :

smtpd[21418]: connect from host1.hdvida.com.br[192.161.241.202]
Aug 27 13:17:17 odin postfix/smtps/smtpd[21193]: SSL_accept error from hm2256-2.locaweb.com.br[187.45.217.68]: Connection timed out

The first "problem" (for me) is you have not a logical Postfix Configuration (no order).

The second real problem is you have a weak TSL configuration

Here for e.g. my configuration:

##### TLS settings ######

tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist=EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
smtpd_tls_dh1024_param_file = /etc/nginx/ssl/dhmail.pem

### outgoing connections ###
smtp_tls_security_level=may
smtp_tls_cert_file=/etc/nginx/ssl/mail.crt
smtp_tls_key_file=/etc/nginx/ssl/ssl.key
smtp_tls_ciphers=high
smtp_tls_protocols=!SSLv2,!SSLv3

### incoming connections ###
smtpd_tls_security_level=may
smtpd_tls_cert_file=/etc/nginx/ssl/mail.crt
smtpd_tls_key_file=/etc/nginx/ssl/ssl.key
smtpd_tls_ciphers=high
smtpd_tls_protocols=!SSLv2,!SSLv3

Please order and clean your configuration

Click here to see how to generate a Diffie-Hellman group

nano /etc/postfix/master.cf and uncomment (remove the hashtag) #smtps inet n - - - - smtpd

Restart Postfix sudo service restart postfix

Reply
Have another answer? Share your knowledge.

Related Questions