vpn access for thunderbird to postfix. also have dovecot. user can receive but not send email

I have a user who installed vpn/ip masking software for web browsing. It appears to also affect thunderbird. He can’t send email. I’m running Ubuntu 16, postfix, and dovecot. I’d prefer to keep postfix locked down so it can’t be used by random people as a relay. How can I allow the user to send email when his ip address is changing randomly?

No one else is affected.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

This comment has been deleted


e See /usr/share/postfix/ for a commented, more complete version

20120805 set relayhost to to get aroun arin

20121011 undo above change

20160825 RS add greylisting using postgrey (check_policy

20180603 RS temp tuen off mailman

Debian specific: Specifying a file name will cause the first

line of that file to be used as the name. The Debian default

is /etc/mailname.

#myorigin = /etc/mailname

#Moved the queue! queue_directory = /usr/local/postfix smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no

default_destination_recipient_limit = 80 default_destination_concurrency_limit = 60 local_destination_concurrency_limit = 10 smtp_mx_session_limit=75 smtp_destination_concurrency_limit = 75

Some queue things - RAD

#maximal_queue_lifetime =5d #minimal_backoff_time = 1000 #maximal_backoff_time = 4000 bounce_queue_lifetime = 12h maximal_queue_lifetime =1d minimal_backoff_time = 300s maximal_backoff_time = 1000s qmgr_message_active_limit = 50000 qmgr_message_recipient_limit = 50000 disable_dns_lookups = no

This is for Mailman things

owner_request_special = no local_recipient_maps = proxy:unix:passwd.byname $alias_maps smtpd_helo_required = yes disable_vrfy_command = yes strict_rfc821_envelopes = yes

2016-02-13 RS duplicate entry unknown_local_recipient_reject_code = 550

relay_domains_reject_code = 554 unknown_address_reject_code = 550 unknown_client_reject_code = 554 unknown_hostname_reject_code = 550 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 non_fqdn_reject_code = 554 invalid_hostname_reject_code = 554 multi_recipient_bounce_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_sender_reject_code = 554

Deliver Qmail style

home_mailbox = Maildir/

Max size of any message with envelope - extra big for mailing those logs

Probably shouldn’t be mailing them. Rachel 1/12/08

increased 3^?20121230 by RS

message_size_limit = 30960000

Size of a mailbox or mailfile - must be smaller than above number

mailbox_size_limit = 40960000

Adjusted to fight dos 1/27/13

smtpd_client_connection_rate_limit = 100 smtpd_client_connection_count_limit = 50 #smtpd_client_connection_rate_limit = 30 #smtpd_client_connection_count_limit = 10 smtpd_client_connection_limit_exceptions = $mynetworks,,localhost #default_process_limit = 50 default_process_limit = 150

appending .domain is the MUA’s job.

append_dot_mydomain = no

Uncomment the next line to generate “delayed mail” warnings

#delay_warning_time = 12h

Slow down bad sites

smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 smtpd_error_sleep_time = 1s

TLS parameters

#smtpd_tls_cert_file=/etc/postfix/certs/postfix_public_cert.pem #smtpd_tls_key_file=/etc/postfix/certs/postfix_private_key.pem smtpd_tls_cert_file=/usr/lib/ssl/certs/dovecot.pem smtpd_tls_key_file=/usr/lib/ssl/private/dovecot.pem smtpd_use_tls=yes smtpd_tls_auth_only=no smtpd_tls_session_cache_database = btree:$queue_directory/smtpd_tls_cache smtp_tls_session_cache_database = btree:$queue_directory/smtp_scache

See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

information on enabling SSL in the smtp client.

myhostname = alias_maps = hash:/etc/aliases


alias_database = hash:/etc/aliases #,hash:/usr/local/mailman/data/aliases

#virt domain stuff here - spg virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps

myorigin = /etc/mailname mydomain = #mydestination = mydestination =, $mydomain, localhost.$mydomain localhost relayhost = #20161024 RS mynetworks =,,, mynetworks =,,,, rmarczak

See above mailbox limit

#mailbox_size_limit = 0 recipient_delimiter = +_ inet_interfaces = all

#smtpd_sender_restrictions=check_sender_access hash:/etc/postfix/access

Sender restrictions:

smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit

#2016-02-15 RS the following line should allow relay until smtp auth implimented smtpd_relay_restrictions =

smtpd_client_restrictions =

2015-11-14 RS add header checks via pcre (Perl regular expressions)

2018-06-03 RS remove temporarily

header_checks = pcre:/etc/postfix/header_checks.pcre

smtpd_recipient_restrictions = #permit_mynetworks, #reject_non_fqdn_recipient, reject_invalid_hostname, reject_unauth_pipelining, check_client_access hash:/var/lib/pop-before-smtp/hosts, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, check_client_access hash:/etc/postfix/internal_networks, check_sender_access hash:/etc/postfix/not_our_domain_as_sender, reject_unauth_destination, check_recipient_access hash:/etc/postfix/roleaccount_exceptions, check_helo_access hash:/etc/postfix/helo_checks, #reject_non_fqdn_hostname, reject_invalid_hostname, check_sender_mx_access cidr:/etc/postfix/bogus_mx, #reject_rbl_client, reject_rhsbl_sender, reject_rbl_client, reject_rbl_client, #reject_rbl_client, reject_rbl_client, #reject_rbl_client, reject_rbl_client, reject_rbl_client, reject_rbl_client, # The following checks the greylist check_policy_service inet:, #reject_unverified_sender, permit

#2012/07/07 RS added mailman stuff for fultonweather #2016/05/22 RS NOTE: mailman now in /usr/local/mailman #2016/05/22 RS removed fultonweather an marchreport,,

relay_recipient_maps =hash:/var/lib/mailman/data/virtual-mailman

transport_maps = hash:/etc/postfix/transport

mailman_destination_recipient_limit = 1

smtpd_restriction_classes = has_our_domain_as_sender

has_our_domain_as_sender = check_sender_access hash:/etc/postfix/our_domain_as_sender reject

smtpd_tls_exclude_ciphers = EXPORT

Maybe the problem is with dovecot not recording the pop-before-smtp stuff. Might be lost when I changed to DO.


Can you please describe the issue that the user is experiencing with more details? Is he receiving any error messages when trying to use Thunderbird or the messages? Also when you say that postfix is locked down, do you mean that you need to whitelist IPs in order for someone to connect and send their emails?

Looking forward to your reply.