Postfix + Microsoft Outlook [Connects to incoming server, but not outgoing]

I followed this tutorial to install Postfix to prepare myself to be able to once again use Microsoft Outlook to check emails.

I think most of it is set up correctly. Through adding a new account in Outlook, I am able to successfully connect to the incoming mail server. However, I am unable to connect to the outgoing (SMTP) mail server. Both servers are listed as “”, with ports 993 for incoming and 25 for outgoing (both using SSL). I also have SSL setup through LetsEncrypt, which is where the certs point to in the file below (this file is a bit of a mess from trying to pull from different sources to make this work).

# See /usr/share/postfix/ for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
myorigin =

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_auth_only = yes

smtpd_tls_loglevel = 1

# Disable SSLv2/3 as they are vulnerable
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
# Insist on stronger ciphers
smtpd_tls_ciphers = high
smtp_tls_ciphers = high
broken_sasl_auth_clients = yes
smtp_tls_cert_file = /etc/letsencrypt/live/
smtp_tls_key_file = /etc/letsencrypt/live/

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = Mmaengineer
alias_maps = hash:/etc/aliases proxy:pgsql:/etc/postfix/
local_recipient_maps = proxy:pgsql:/etc/postfix/ $alias_maps
alias_database = hash:/etc/aliases
mydestination = Mmaengineer, localhost.localdomain, , localhost
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

mailbox_transport = lmtp:unix:private/dovecot-lmtp
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = mysql:/etc/postfix/
virtual_mailbox_maps = mysql:/etc/postfix/
virtual_alias_maps = mysql:/etc/postfix/


This is the new content of mail.log when mma@ was added to the database.

I think that postgres ended up in there as a result of one of my other tutorial attempts at getting this set up correctly, and I must have changed those values. Using

The content of mail.log are now as follows. I also show you the content of the email’s header which was sent to my GMail spam inbox.

@tylerdd91d55f77 - Are you using mysql or postgres for the database? The error message in your logs indicate postfix is setup for using pgsql instead of mysql. Step through the tutorial again to verify your postfix configuration settings are correct. These two lines seem to be the problem in your postfix

alias_maps = hash:/etc/aliases proxy:pgsql:/etc/postfix/
local_recipient_maps = proxy:pgsql:/etc/postfix/ $alias_maps

The email stored is tyler@, not mma@. Do I need an mma@ as well? Looking at the log, it does seem to be trying to send mail from mma@ when using the postfix mail. But I’m wondering how this would affect the ability to send mail via SMTP.

@tylerdd91d55f77 - There’s something in the logs about a bounced email. If you’re using mysql to store your email users (following the tutorial file names), then try something like the following command to make sure your target email is recognized:

postmap -q mysql:/etc/postfix/

It should return 1 printed on output.

@tylerdd91d55f77 - For now, set your outgoing port to 587. I’m still looking over your logs.

@gndo It won’t let me post the full contents here.

The only output to mail.log when I attempt to verify the account on Microsoft Outlook is as follows:

Jul 19 21:33:26 Mmaengineer dovecot: imap-login: Login: user=<>, method=PLAIN, rip=, lip=, mpid=3693, TLS, session=<zyIhMAc46gAYItlR>
Jul 19 21:33:27 Mmaengineer dovecot: imap( Disconnected: Disconnected in IDLE in=11 out=366

The logon method via IMAP works, but sending a test e-mail fails without sending any data to the log. Microsoft Outlook gives the general error:

Send test e-mail message: Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.

I have the firewall enabled and port 587, 25, 993, and 465 allowed.

root@Mmaengineer:/var/log# lsof -i tcp:587
master  2969 root   17u  IPv4  21716      0t0  TCP *:submission (LISTEN)
master  2969 root   18u  IPv6  21717      0t0  TCP *:submission (LISTEN)

This comment has been deleted

@tylerdd91d55f77 - Forgot to ask. Do you have port 587 open, and is there a process listening there:

lsof -i tcp:587

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

@tylerdd91d55f77 - Now that your config settings work, you need to set up your SPF, DKIM, and DMARC records for gmail to not mark your mail as spam. Look in the bottom of this page with the “Related Questions” section to get details of how to create those DNS records, or use the search bar on the upper part of this page. Good luck.

This comment has been deleted

This comment has been deleted

This comment has been deleted