Postfix + Microsoft Outlook [Connects to incoming server, but not outgoing]

July 20, 2016 902 views
Email Apache Let's Encrypt

I followed this tutorial to install Postfix to prepare myself to be able to once again use Microsoft Outlook to check emails.

I think most of it is set up correctly. Through adding a new account in Outlook, I am able to successfully connect to the incoming mail server. However, I am unable to connect to the outgoing (SMTP) mail server. Both servers are listed as "", with ports 993 for incoming and 25 for outgoing (both using SSL). I also have SSL setup through LetsEncrypt, which is where the certs point to in the file below (this file is a bit of a mess from trying to pull from different sources to make this work).

# See /usr/share/postfix/ for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
myorigin =

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_auth_only = yes

smtpd_tls_loglevel = 1

# Disable SSLv2/3 as they are vulnerable
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
# Insist on stronger ciphers
smtpd_tls_ciphers = high
smtp_tls_ciphers = high
broken_sasl_auth_clients = yes
smtp_tls_cert_file = /etc/letsencrypt/live/
smtp_tls_key_file = /etc/letsencrypt/live/

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = Mmaengineer
alias_maps = hash:/etc/aliases proxy:pgsql:/etc/postfix/
local_recipient_maps = proxy:pgsql:/etc/postfix/ $alias_maps
alias_database = hash:/etc/aliases
mydestination = Mmaengineer, localhost.localdomain, , localhost
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

mailbox_transport = lmtp:unix:private/dovecot-lmtp
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = mysql:/etc/postfix/
virtual_mailbox_maps = mysql:/etc/postfix/
virtual_alias_maps = mysql:/etc/postfix/

  • Nothing in the configuration you've shown stands out as incorrect. Let's look at your logs. First, from the command line run the following command (change if needed to match your log locations)

    tail -f /var/log/mail.err /var/log/mail.log /var/log/dovecot.log /var/log/spamassassin/spamd.log

    Press the return key a few time on separate new log entrees that will print. Try sending mail to without a subject nor body. Cut and paste log outputs here, redacted if need be.

  • @tylerdd91d55f77 - Forgot to ask. Do you have port 587 open, and is there a process listening there:

    lsof -i tcp:587
  • The only output to mail.log when I attempt to verify the account on Microsoft Outlook is as follows:

    Jul 19 21:33:26 Mmaengineer dovecot: imap-login: Login: user=<>, method=PLAIN, rip=, lip=, mpid=3693, TLS, session=<zyIhMAc46gAYItlR>
    Jul 19 21:33:27 Mmaengineer dovecot: imap( Disconnected: Disconnected in IDLE in=11 out=366

    The logon method via IMAP works, but sending a test e-mail fails without sending any data to the log. Microsoft Outlook gives the general error:

    Send test e-mail message: Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.

    I have the firewall enabled and port 587, 25, 993, and 465 allowed.

    root@Mmaengineer:/var/log# lsof -i tcp:587
    master  2969 root   17u  IPv4  21716      0t0  TCP *:submission (LISTEN)
    master  2969 root   18u  IPv6  21717      0t0  TCP *:submission (LISTEN)
  • @gndo
    It won't let me post the full contents here.

  • @tylerdd91d55f77 - For now, set your outgoing port to 587. I'm still looking over your logs.

  • @tylerdd91d55f77 - There's something in the logs about a bounced email. If you're using mysql to store your email users (following the tutorial file names), then try something like the following command to make sure your target email is recognized:

    postmap -q mysql:/etc/postfix/

    It should return 1 printed on output.

  • The email stored is tyler@, not mma@. Do I need an mma@ as well? Looking at the log, it does seem to be trying to send mail from mma@ when using the postfix mail. But I'm wondering how this would affect the ability to send mail via SMTP.

  • This is the new content of mail.log when mma@ was added to the database.

  • @tylerdd91d55f77 - Are you using mysql or postgres for the database? The error message in your logs indicate postfix is setup for using pgsql instead of mysql. Step through the tutorial again to verify your postfix configuration settings are correct. These two lines seem to be the problem in your postfix

    alias_maps = hash:/etc/aliases proxy:pgsql:/etc/postfix/
    local_recipient_maps = proxy:pgsql:/etc/postfix/ $alias_maps
  • I think that postgres ended up in there as a result of one of my other tutorial attempts at getting this set up correctly, and I must have changed those values. Using

    The content of mail.log are now as follows. I also show you the content of the email's header which was sent to my GMail spam inbox.

4 Answers
gndo July 20, 2016
Accepted Answer

@tylerdd91d55f77 - Now that your config settings work, you need to set up your SPF, DKIM, and DMARC records for gmail to not mark your mail as spam. Look in the bottom of this page with the "Related Questions" section to get details of how to create those DNS records, or use the search bar on the upper part of this page. Good luck.

  • Thank you for all the help.

    Microsoft Outlook still didn't send the test email correctly when I tried it out this morning before work. Since the account has a random password which I do not have with me, I'll have to test this later.

  • @gndo
    So, I'm able to access my account through Outlook on my phone, and it appears to be receiving and sending mail just fine (though I will need to setup SpamAssassin and the mail records). For some reason, Outlook on my desktop is unable to connect. The account setup is a little different, but it's still having problems connecting to send an email via SMTP. But thank you for all your help.

Have another answer? Share your knowledge.