Why postfix on Ubuntu 20.04 does not send email to external email accounts?

Question

I followed the article (“How To Install and Configure Postfix as a Send-Only SMTP Server” from Digital Ocean knowledge base) line by line several times and the most I got was to send email within internal users. I can’t get postfix sending email to external email accounts, hence my Magento installation won’t send out email do my customer. Any clue what could it be?

Thank you,

Cheizer

Answer 1

KFSys February 2, 2021

Hi @helenapreclikova,

Most probably your sending port, either 25, 465 or 587 is not allowed to do outgoing connections. If you are using UFW please do the following:

sudo ufw allow 25/tcp
sudo ufw allow 465/tcp
sudo ufw allow 587/tcp
sudo ufw reload

If you are using plain IPtables use:

iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT

Now to allow access to incoming connections:

Allow All Incoming SMTP
To allow your server to respond to SMTP connections, port 25, run these commands:

sudo iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT

The second command, which allows the outgoing traffic of established SMTP connections, is only necessary if the OUTPUT policy is not set to ACCEPT.

Regards,
KDSys

Reply Report

helenapreclikova February 3, 2021

Hi KFSys,

thank you for taking your time and suggesting a solution, but unfortunately it did not work. I will give you a context so that you may suggest something additional if that is the case.

I am running a droplet (Ubuntu 16.04, Apache 2.2, Php 7.2 and mySQL 5.7 - ufw is enabled) exclusively to run a Magento engine on it. I have my domain register pointing to the droplet and MX records pointing to an external server so that I would manage my email server somewhere else, however I still need the “send-only” functionality on the droplet in order for the Magento to send transactional emails. That is the reason I set up Postfix as SMTP send-only on the droplet and I have done all the suggested setup to try and make it work but I still cannot get emails out. I will leave below how my PostFix config file looks like and what is the mail.log and maybe you can suggest me any other setup that would make it work.

Many thanks in advance,

Take care.

..:: Postfix "main.cf" ::..

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/cafecapybara.cz/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/cafecapybara.cz/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = cafecapybara.cz
mydomain = cafecapybara.cz
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = 
relay_domains = $mydomain
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only


..:: Mail.log ::..

Feb  3 13:08:51 cafecapybara postfix/smtp[10894]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1a]:25: Network is unreachable
Feb  3 13:09:21 cafecapybara postfix/smtp[10894]: connect to gmail-smtp-in.l.google.com[108.177.15.26]:25: Connection timed out
Feb  3 13:09:21 cafecapybara postfix/smtp[10895]: connect to gmail-smtp-in.l.google.com[108.177.15.26]:25: Connection timed out
Feb  3 13:09:21 cafecapybara postfix/smtp[10895]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1a]:25: Network is unreachable
Feb  3 13:09:51 cafecapybara postfix/smtp[10894]: connect to alt1.gmail-smtp-in.l.google.com[142.250.4.26]:25: Connection timed out
Feb  3 13:09:51 cafecapybara postfix/smtp[10894]: connect to alt1.gmail-smtp-in.l.google.com[2404:6800:4003:c06::1b]:25: Network is unreachable
Feb  3 13:09:51 cafecapybara postfix/smtp[10895]: connect to alt1.gmail-smtp-in.l.google.com[142.250.4.26]:25: Connection timed out
Feb  3 13:09:51 cafecapybara postfix/smtp[10895]: connect to alt1.gmail-smtp-in.l.google.com[2404:6800:4003:c06::1b]:25: Network is unreachable
Feb  3 13:09:51 cafecapybara postfix/smtp[10895]: connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4008:c00::1a]:25: Network is unreachable
Feb  3 13:09:51 cafecapybara postfix/smtp[10895]: E5A4B4666E9: to=<cheizer@gmail.com>, relay=none, delay=43879, delays=43819/0.01/60/0, dsn=4.4.1, status=defer$...

edited by MattIPv4

Reply Report

Answer 2

helenapreclikova February 3, 2021

Hi KFSys,

thank you for taking your time and suggesting a solution, but unfortunately it did not work. I will give you a context so that you may suggest something additional if that is the case.

I am running a droplet (Ubuntu 16.04, Apache 2.2, Php 7.2 and mySQL 5.7 - ufw is enabled) exclusively to run a Magento engine on it. I have my domain register pointing to the droplet and MX records pointing to an external server so that I would manage my email server somewhere else, however I still need the “send-only” functionality on the droplet in order for the Magento to send transactional emails. That is the reason I set up Postfix as SMTP send-only on the droplet and I have done all the suggested setup to try and make it work but I still cannot get emails out. I will leave below how my PostFix config file looks like and what is the mail.log and maybe you can suggest me any other setup that would make it work.

Many thanks in advance,

Take care.

..:: Postfix "main.cf" ::..

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/cafecapybara.cz/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/cafecapybara.cz/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = cafecapybara.cz
mydomain = cafecapybara.cz
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = 
relay_domains = $mydomain
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only


..:: Mail.log ::..

Feb  3 13:08:51 cafecapybara postfix/smtp[10894]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1a]:25: Network is unreachable
Feb  3 13:09:21 cafecapybara postfix/smtp[10894]: connect to gmail-smtp-in.l.google.com[108.177.15.26]:25: Connection timed out
Feb  3 13:09:21 cafecapybara postfix/smtp[10895]: connect to gmail-smtp-in.l.google.com[108.177.15.26]:25: Connection timed out
Feb  3 13:09:21 cafecapybara postfix/smtp[10895]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1a]:25: Network is unreachable
Feb  3 13:09:51 cafecapybara postfix/smtp[10894]: connect to alt1.gmail-smtp-in.l.google.com[142.250.4.26]:25: Connection timed out
Feb  3 13:09:51 cafecapybara postfix/smtp[10894]: connect to alt1.gmail-smtp-in.l.google.com[2404:6800:4003:c06::1b]:25: Network is unreachable
Feb  3 13:09:51 cafecapybara postfix/smtp[10895]: connect to alt1.gmail-smtp-in.l.google.com[142.250.4.26]:25: Connection timed out
Feb  3 13:09:51 cafecapybara postfix/smtp[10895]: connect to alt1.gmail-smtp-in.l.google.com[2404:6800:4003:c06::1b]:25: Network is unreachable
Feb  3 13:09:51 cafecapybara postfix/smtp[10895]: connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4008:c00::1a]:25: Network is unreachable
Feb  3 13:09:51 cafecapybara postfix/smtp[10895]: E5A4B4666E9: to=<cheizer@gmail.com>, relay=none, delay=43879, delays=43819/0.01/60/0, dsn=4.4.1, status=defer$...

edited by MattIPv4

Reply Report

Related

Question

Why postfix on Ubuntu 20.04 does not send email to external email accounts?

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Why postfix on Ubuntu 20.04 does not send email to external email accounts?

Related

Leave a comment

Related

question

Setup Roundcube ubuntu 20.04

question

Postfix not receiving mail and not finding any error messages.

question

how to configure exim in centos 7 Cpanel/Whm ?

question

Email DNS Configuration

Looking for something else?