mm580486
By:
mm580486

Mail Server Can't Receive Email But Can Send Email - Postfix, Dovecot , debian 8

August 31, 2017 310 views
Email Deployment Development DNS Linux Basics Debian

I have server where I want to set up a mail server to let me receive and send email from my domain. I'm currently having a problem where while I am authorized to send email from the server, but according to the logs, am not authorized to receive email from any provider other than my own network.

i can send email but i cant receive any email

My main.cf:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual_aliases

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/mailcert.pem
smtpd_tls_key_file=/etc/ssl/private/mail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = may
smtp_tls_security_level = may


#smtpd_sasl_auth_only = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth



smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.pinsood.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.pinsood.com, pinsood.com, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

#mydomain = pinsood.com
#myhostname = mx.$mydomain
#myorigin = $mydomain
#mydestination = localhost



and logs



tail -f /var/log/mail.err /var/log/mail.log /var/log/dovecot.log
==> /var/log/mail.err <==
Aug 31 08:38:02 pinsood postfix/smtpd[24160]: fatal: no SASL authentication mechanisms
Aug 31 08:47:35 pinsood postfix/smtpd[24476]: fatal: no SASL authentication mechanisms
Aug 31 12:30:51 pinsood postfix/smtpd[31348]: fatal: no SASL authentication mechanisms
Aug 31 12:45:11 pinsood postfix/postfix-script[31792]: fatal: the Postfix mail system is already running
Aug 31 12:45:49 pinsood postfix/postfix-script[31816]: fatal: the Postfix mail system is already running
Aug 31 13:15:54 pinsood postfix[32682]: fatal: usage: postfix [-c config_dir] [-Dv] command
Aug 31 13:20:26 pinsood dovecot: imap-login: Fatal: Can't load private ssl_key: Key is for a different cert than ssl_cert
Aug 31 13:20:26 pinsood dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs
Aug 31 13:20:37 pinsood dovecot: imap-login: Fatal: Can't load private ssl_key: Key is for a different cert than ssl_cert
Aug 31 13:20:37 pinsood dovecot: master: Error: service(imap-login): command startup failed, throttling for 4 secs

==> /var/log/mail.log <==
Aug 31 13:20:26 pinsood dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs
Aug 31 13:20:37 pinsood dovecot: imap-login: Fatal: Can't load private ssl_key: Key is for a different cert than ssl_cert
Aug 31 13:20:37 pinsood dovecot: master: Error: service(imap-login): command startup failed, throttling for 4 secs
Aug 31 13:27:33 pinsood postfix/cleanup[742]: warning: database /etc/postfix/virtual_aliases.db is older than source file /etc/postfix/virtual_aliases
Aug 31 13:27:33 pinsood postfix/pickup[431]: 0E5553F78D: uid=0 from=<root@pinsood.com>
Aug 31 13:27:33 pinsood postfix/trivial-rewrite[743]: warning: database /etc/postfix/virtual_aliases.db is older than source file /etc/postfix/virtual_aliases
Aug 31 13:27:33 pinsood postfix/cleanup[742]: 0E5553F78D: message-id=<20170831102733.0E5553F78D@mail.pinsood.com>
Aug 31 13:27:33 pinsood postfix/qmgr[432]: 0E5553F78D: from=<root@pinsood.com>, size=341, nrcpt=1 (queue active)
Aug 31 13:27:36 pinsood postfix/smtp[744]: 0E5553F78D: to=<mm580486@icloud.com>, relay=mx2.mail.icloud.com[17.142.163.14]:25, delay=3.3, delays=0.02/0.01/1.6/1.7, dsn=2.5.0, status=sent (250 2.5.0 Ok)
Aug 31 13:27:36 pinsood postfix/qmgr[432]: 0E5553F78D: removed
tail: cannot open ‘/var/log/dovecot.log’ for reading: No such file or directory
2 Answers

Aug 31 13:20:26 pinsood dovecot: imap-login: Fatal: Can't load private sslkey: Key is for a different cert than sslcert
Please read logs next time, they will always have the solution.

  • should i regenerate a cert files ? ( you told me my cert file not match , true ?)

    • Well make sure you're making the certs for the right domain, and yes the cert file doesn't match (The log clearly tells you that)

      • i fixed private key and certificate this files is match , but now i cant receive email and i for test send email to my server with gmail , and gmail after 30 min return me dns error !! DNS Error: 4715827 DNS type 'mx' lookup of pinsood.com responded with code NOERROR 4715827 DNS type 'aaaa' lookup of mail.pinsood.com. responded with code NXDOMAIN 4715827 DNS type 'a' lookup of mail.pinsood.com. responded with code NXDOMAIN

        i add mx record on dnsExit.com

        • I looked at your dns records and you defined a mx record but no A record to define mail.pinsood.com.
          Basically what has happened is it's trying to find the ip from the mx record but you haven't defined it so it can't do anything.

I suggest you sort out problems from here
https://intodns.com/pinsood.com

  • Also I suggest you run your mail server on another droplet so it can have its own PTR record.

    • I run my webserver and email on the same droplet. I don't see why you need a second one.

        1. Mail servers are resource hoggers and they should be given enough resources to operate optimally especially if you start using CLAMAV and other packages to add on to your setup. I suggest you check http://aplawrence.com/Blog/B961.html it might help you out
        • Spamassassin seems to be the bigger hog.

          You get the reverse DNS automatically from Digital Ocean, so I still don't understand the problem. (I'm not being argumentative here, rather I really don't see the problem.) I have no issues with my mail being rejected presently, and the reverse DNS wasn't the issue. One RBL blocked a chunk of Digital Ocean IP space that used to belong to Liquid Audio (or something like that). I couldn't get Digital Ocean to defend the IP space, basically telling the RBL that they now own the IP space. However I managed to convince the RBL that Liquid Audio no longer owned the block and I got the entire IP released. The other block was due to I suspect AT&T farming out their email since I was never blocked before. That was solved eventually.

  • hi @Aprexer
    i checked log file and i saw my private email loged but i check inbox directory and mail command, i cant see my emails in inbox

Have another answer? Share your knowledge.