Question

Postfix receives but don't send mails

As I was following the tutorial (https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-18-04)

I established postfix mail server. By the way unfortunately a can’t send e-mails anywhere outside my droplet. According to logs I receive status: status=bounced (host healthqode.me[127.0.1.1] said: 554

Here is the last log data:

sudo tail -f /var/log/mail.log Apr 25 11:15:26 healthqode postfix/submission/smtpd[26048]: connect from localhost.localdomain[127.0.0.1] Apr 25 11:15:26 healthqode postfix/submission/smtpd[26048]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 554 5.7.1 myrealmail@mail.com: Recipient address rejected: Access denied; from=mymail@healthqode.me to=myrealmail@mail.com proto=ESMTP helo=<healthqode.me> Apr 25 11:15:26 healthqode postfix/smtp[26046]: 93683428F4: to=myrealmail@mail.com, relay=healthqode.me[127.0.1.1]:587, delay=0.13, delays=0.02/0.02/0.09/0.01, dsn=5.7.1, status=bounced (host healthqode.me[127.0.1.1] said: 554 5.7.1 myrealmail@mail.com: Recipient address rejected: Access denied (in reply to RCPT TO command)) Apr 25 11:15:26 healthqode postfix/submission/smtpd[26048]: disconnect from localhost.localdomain[127.0.0.1] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8 Apr 25 11:15:26 healthqode postfix/cleanup[26044]: B27B2428F6: message-id=20220425111526.B27B2428F6@healthqode.me Apr 25 11:15:26 healthqode postfix/qmgr[26037]: B27B2428F6: from=<>, size=2424, nrcpt=1 (queue active) Apr 25 11:15:26 healthqode postfix/bounce[26050]: 93683428F4: sender non-delivery notification: B27B2428F6 Apr 25 11:15:26 healthqode postfix/qmgr[26037]: 93683428F4: removed Apr 25 11:15:26 healthqode postfix/local[26052]: B27B2428F6: to=myrootuser@healthqode.me, orig_to=mymail@healthqode.me, relay=local, delay=0.02, delays=0/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir) Apr 25 11:15:26 healthqode postfix/qmgr[26037]: B27B2428F6: removed

What I have tried:

  1. I have added ports 587, 465 and 25 in ufw firewall allows,

  2. Added SPF and MX records. Here is my DNS-settings:

CNAME mail.healthqode.me healthqode.me TXT healthqode.me v=spf1 include:healthqode.me ~all MX healthqode.me healthqode.me 10 A www.healthqode.me 164.92.243.79 A healthqode.me 164.92.243.79 NS healthqode.me ns1.digitalocean.com NS healthqode.me ns2.digitalocean.com NS healthqode.me ns3.digitalocean.com

  1. dig -x 164.92.243.79

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> -x 164.92.243.79 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39319 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;79.243.92.164.in-addr.arpa. IN PTR

;; ANSWER SECTION: 79.243.92.164.in-addr.arpa. 1800 IN PTR healthqode.me.

;; Query time: 24 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Apr 25 11:52:22 UTC 2022 ;; MSG SIZE rcvd: 82

By the way when I try to dig a domain it return the further:

dig -x healthqode.me

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> -x healthqode.me ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8643 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;me.healthqode.in-addr.arpa. IN PTR

;; Query time: 25 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Apr 25 11:52:49 UTC 2022 ;; MSG SIZE rcvd: 55

  1. I checked e-mail in blacklists. Everything is ok. By the way mxtoolbox returns everything ok except one line: Reverse DNS is not a valid Hostname

5.Here is my main.cf file content:

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = healthqode.me alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $myhostname, healthqode.me, mail.healthqode.me, localhost.healthqode.me, localhost #relayhost = [mail.healthqode.me]:587 #relayhost = smtp.healthqode.me:submission #relayhost = [healthqode.me]:587 (I tried different varies of this record, nothing changed) relayhost = healthqode.me:submission mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all #inet_protocols = all (I changed this record to ipv4) inet_protocols = ipv4 home_mailbox = Maildir/ virtual_alias_maps = hash:/etc/postfix/virtual

smtp_tls_security_level=encrypt (Added this line)

  1. Here is my master.cf

submission inet n - y - - smtpd (uncommented this line) -o syslog_name=postfix/submission (uncommented this line) -o smtpd_tls_security_level=encrypt (uncommented this line) -o smtpd_sasl_auth_enable=yes (uncommented this line) -o smtpd_tls_auth_only=yes (uncommented this line)

-o smtpd_reject_unlisted_recipient=no

-o smtpd_client_restrictions=$mua_client_restrictions

-o smtpd_helo_restrictions=$mua_helo_restrictions

-o smtpd_sender_restrictions=$mua_sender_restrictions

-o smtpd_recipient_restrictions=

-o smtpd_relay_restrictions=permit_sasl_authenticated,reject (uncommented this line) -o milter_macro_daemon_name=ORIGINATING (uncommented this line)

  1. I added SSL by sertbot to domains: healthqode.me, www.healthqode.me, mail.healthqode.me

  2. I tried to change my hostfile settings so I turned them to the standard settings:

127.0.1.1 healthqode.me 127.0.0.1 localhost.localdomain localhost

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters

Nothing :((((

PS Sometimes trying different settings, I receive said 530. So I tried different ways to solve my problem, but don’t know what to try anymore. I have read a lot of issues on Stack and DO, and nothing that could help me.

PPS the domain name register is GoDaddy, The DNS records there are: NS healthqode.me ns1.digitalocean.com NS healthqode.me ns2.digitalocean.com NS healthqode.me ns3.digitalocean.com


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hello,

It is possible that port 25 is closed for new accounts. This is something we have been doing to reduce spam on our network. Please do not think that we are accusing you of sending spam, it is more that we simply cannot accurately determine who is going to send it.

For more information on why port 25 is closed, you could check out the docs here:

https://docs.digitalocean.com/support/why-is-smtp-blocked/

I could suggest using ports 587 or 465 instead.

You can also use a third party mail provider like SendGrid in order to avoid issues like this one. I’ll also recommend checking this article:

https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server

Best,

Bobby

Hello there,

It is possible that port 25 is closed. This is something DigitalOcean has been doing to reduce spam on their network. Please do not think that they are accusing you of sending spam, it is more that they simply cannot accurately determine who is going to send it.

Stopping spam is a constant fight, so DigitalOcean has implemented some restrictions on newer accounts. To qualify for the ability to send out emails, DigitalOcean requires accounts to wait 60 days before they can look into removing the restriction. Once your account has reached 60 days of stable use, please do reach back out to the DigitalOcean support team so they can look into this for you.

In the meantime, you could use port 587 instead.