fredmosc
By:
fredmosc

I can send, but I not reciving any outside emails in my domain

August 27, 2015 2.1k views
Configuration Management Messaging Ubuntu

HI,

I instaled in my droplet the ISPConfig 3, following these steps https://www.howtoforge.com/tutorial/perfect-server-ubuntu-15.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/

I instaled too OPENDKim signature and RoundCube webmail

Well,... I have a domain with google MX records, and works well. So I have some domains with local MX, I can send emails normaly, but I still can't recive outside droplet emails.

I read a lot of material but nothing working... :(

Can anybody help me?

thanks

FM

3 Answers

Hello and welcome to Digitalocean

Could you post your /var/log/mail.log and your Postfix and Dovecot configuration

PS: I would recommend you to read this tutorial Mailserver with Postfix Dovecot and Mysql

  • Hi Eldin,

    thanks for response...

    my mail.log i shared at dropbox (https://www.dropbox.com/s/0ur8h9uhz18bn1y/mail.log?dl=0)

    my Postfix main.cf file:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = odin.fmagenciadigital.com.br
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = odin.fmagenciadigital.com.br, localhost, localhost.localdomain, mail.phoenixbrazil.com, phoenixbrazil.com
    relayhost = 
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = 
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    #content_filter = amavis:[127.0.0.1]:10024
    #receive_override_options = no_address_mappings
    
    milter_protocol = 2
    milter_default_action = accept
    
    smtpd_milters = inet:localhost:12301
    non_smtpd_milters = inet:localhost:12301
    
    
    

    my Dovecot conf file:

    listen = *,[::]
    protocols = imap pop3
    auth_mechanisms = plain login
    disable_plaintext_auth = no
    log_timestamp = "%Y-%m-%d %H:%M:%S "
    mail_privileged_group = vmail
    postmaster_address = postmaster@odin.fmagenciadigital.com.br
    ssl_cert = </etc/postfix/smtpd.cert
    ssl_key = </etc/postfix/smtpd.key
    ssl_protocols = !SSLv2 !SSLv3
    passdb {
      args = /etc/dovecot/dovecot-sql.conf
      driver = sql
    }
    userdb {
      args = /etc/dovecot/dovecot-sql.conf
      driver = sql
    }
    plugin {
      quota = dict:user::file:/var/vmail/%d/%n/.quotausage
      sieve=/var/vmail/%d/%n/.sieve
    }
    service auth {
      unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0660
        user = postfix
      }
      unix_listener auth-userdb {
        group = vmail
        mode = 0600
        user = vmail
      }
      user = root
    }
    service imap-login {
      client_limit = 1000
      process_limit = 500
    }
    protocol imap {
      mail_plugins = quota imap_quota
    }
    protocol pop3 {
      pop3_uidl_format = %08Xu%08Xv
      mail_plugins = quota
    }
    protocol lda {
      mail_plugins = sieve quota
    }
    

    I saw the tutorial, I think the ISPConfig 3 authomatized all.

    Thanks

    FM

@fredmosc I found your Problem :-) look :

smtpd[21418]: connect from host1.hdvida.com.br[192.161.241.202]
Aug 27 13:17:17 odin postfix/smtps/smtpd[21193]: SSL_accept error from hm2256-2.locaweb.com.br[187.45.217.68]: Connection timed out

The first "problem" (for me) is you have not a logical Postfix Configuration (no order).

The second real problem is you have a weak TSL configuration

Here for e.g. my configuration:

##### TLS settings ######

tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist=EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
smtpd_tls_dh1024_param_file = /etc/nginx/ssl/dhmail.pem

### outgoing connections ###
smtp_tls_security_level=may
smtp_tls_cert_file=/etc/nginx/ssl/mail.crt
smtp_tls_key_file=/etc/nginx/ssl/ssl.key
smtp_tls_ciphers=high
smtp_tls_protocols=!SSLv2,!SSLv3

### incoming connections ###
smtpd_tls_security_level=may
smtpd_tls_cert_file=/etc/nginx/ssl/mail.crt
smtpd_tls_key_file=/etc/nginx/ssl/ssl.key
smtpd_tls_ciphers=high
smtpd_tls_protocols=!SSLv2,!SSLv3

Please order and clean your configuration

Click here to see how to generate a Diffie-Hellman group

nano /etc/postfix/master.cf and uncomment (remove the hashtag) #smtps inet n - - - - smtpd

Restart Postfix sudo service restart postfix

Have another answer? Share your knowledge.