Question

I can send, but I not reciving any outside emails in my domain

Posted August 27, 2015 4.1k views
UbuntuConfiguration ManagementMessaging

HI,

I instaled in my droplet the ISPConfig 3, following these steps https://www.howtoforge.com/tutorial/perfect-server-ubuntu-15.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/

I instaled too OPENDKim signature and RoundCube webmail

Well,… I have a domain with google MX records, and works well. So I have some domains with local MX, I can send emails normaly, but I still can’t recive outside droplet emails.

I read a lot of material but nothing working… :(

Can anybody help me?

thanks

FM

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hello and welcome to Digitalocean

Could you post your /var/log/mail.log and your Postfix and Dovecot configuration

PS: I would recommend you to read this tutorial Mailserver with Postfix Dovecot and Mysql

  • Hi Eldin,

    thanks for response…

    my mail.log i shared at dropbox (https://www.dropbox.com/s/0ur8h9uhz18bn1y/mail.log?dl=0)

    my Postfix main.cf file:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = odin.fmagenciadigital.com.br
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = odin.fmagenciadigital.com.br, localhost, localhost.localdomain, mail.phoenixbrazil.com, phoenixbrazil.com
    relayhost = 
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = 
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    #content_filter = amavis:[127.0.0.1]:10024
    #receive_override_options = no_address_mappings
    
    milter_protocol = 2
    milter_default_action = accept
    
    smtpd_milters = inet:localhost:12301
    non_smtpd_milters = inet:localhost:12301
    
    
    

    my Dovecot conf file:

    listen = *,[::]
    protocols = imap pop3
    auth_mechanisms = plain login
    disable_plaintext_auth = no
    log_timestamp = "%Y-%m-%d %H:%M:%S "
    mail_privileged_group = vmail
    postmaster_address = postmaster@odin.fmagenciadigital.com.br
    ssl_cert = </etc/postfix/smtpd.cert
    ssl_key = </etc/postfix/smtpd.key
    ssl_protocols = !SSLv2 !SSLv3
    passdb {
      args = /etc/dovecot/dovecot-sql.conf
      driver = sql
    }
    userdb {
      args = /etc/dovecot/dovecot-sql.conf
      driver = sql
    }
    plugin {
      quota = dict:user::file:/var/vmail/%d/%n/.quotausage
      sieve=/var/vmail/%d/%n/.sieve
    }
    service auth {
      unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0660
        user = postfix
      }
      unix_listener auth-userdb {
        group = vmail
        mode = 0600
        user = vmail
      }
      user = root
    }
    service imap-login {
      client_limit = 1000
      process_limit = 500
    }
    protocol imap {
      mail_plugins = quota imap_quota
    }
    protocol pop3 {
      pop3_uidl_format = %08Xu%08Xv
      mail_plugins = quota
    }
    protocol lda {
      mail_plugins = sieve quota
    }
    

    I saw the tutorial, I think the ISPConfig 3 authomatized all.

    Thanks

    FM

@fredmosc I found your Problem :-) look :

smtpd[21418]: connect from host1.hdvida.com.br[192.161.241.202]
Aug 27 13:17:17 odin postfix/smtps/smtpd[21193]: SSL_accept error from hm2256-2.locaweb.com.br[187.45.217.68]: Connection timed out

The first “problem” (for me) is you have not a logical Postfix Configuration (no order).

The second real problem is you have a weak TSL configuration

Here for e.g. my configuration:

##### TLS settings ######

tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist=EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
smtpd_tls_dh1024_param_file = /etc/nginx/ssl/dhmail.pem

### outgoing connections ###
smtp_tls_security_level=may
smtp_tls_cert_file=/etc/nginx/ssl/mail.crt
smtp_tls_key_file=/etc/nginx/ssl/ssl.key
smtp_tls_ciphers=high
smtp_tls_protocols=!SSLv2,!SSLv3

### incoming connections ###
smtpd_tls_security_level=may
smtpd_tls_cert_file=/etc/nginx/ssl/mail.crt
smtpd_tls_key_file=/etc/nginx/ssl/ssl.key
smtpd_tls_ciphers=high
smtpd_tls_protocols=!SSLv2,!SSLv3

Please order and clean your configuration

Click here to see how to generate a Diffie-Hellman group

nano /etc/postfix/master.cf and uncomment (remove the hashtag) #smtps inet n - - - - smtpd

Restart Postfix sudo service restart postfix

Submit an Answer