[SOLVED] Local POSTFIX cannot send to Gmail

banderas20 · 04-11-2024, 06:39 AM

Hi.

I have set up a POSTFIX server in an AWS EC2 instance. If I try to send emails between local users using Sendmail, it works.

However, if I try with an external account (gmail for example), it doesn't work.

Command:

Code:

echo "test email" | sendmail account@gmail.com

POSTFIX Log:

Code:

postfix/smtp[2108]: CD4FE4652F: to=<account@gmail.com>, relay=none, delay=150, delays=0.02/0.02/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[142.250.153.26]:25: Connection timed out)

from=<ubuntu@srv.ec2.internal

Telnet output:

Code:

telnet gmail-smtp-in.l.google.com 25
Trying 172.253.63.27...

Finally, here is my main.cf file:

Code:

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = abdsrvr.ec2.internal
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, srvr, localhost.localdomain, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#inet_protocols = all
inet_protocols = ipv4

I have port 25 open in the AWS SG.

My guess is that it has something to do with the domain, since my machine is bound to a local domain (ec2.internal), without any DNS record. Maybe GMAIL and other public SMTP servers reject this kind of connections. Anyway, I'd appreciate some help on this.

Thanks!

TenTenths · 04-12-2024, 05:17 AM

AWS by default only allows a handful of direct outbound e-mails per day from an ec2 instance. You need to send through their SES service - https://aws.amazon.com/ses/

Edit: From memory I think you used to be able to request unlimited outbound, but that may have been a while ago.

You may find this useful: https://docs.aws.amazon.com/AWSEC2/l...rt-25-throttle

banderas20 · 04-16-2024, 04:09 AM

Quote:

Originally Posted by TenTenths

AWS by default only allows a handful of direct outbound e-mails per day from an ec2 instance. You need to send through their SES service - https://aws.amazon.com/ses/

Edit: From memory I think you used to be able to request unlimited outbound, but that may have been a while ago.

You may find this useful: https://docs.aws.amazon.com/AWSEC2/l...rt-25-throttle

Hi mate.

I'll give it a try. Thanks for the advice!

Skaperen · 04-20-2024, 06:28 PM

this is definitely an AWS issue. if the documentation there does not resolve the issue, talk with AWS support. they may want to be sure your mail server never relays email. what have you done toe sure of that?

banderas20 · 04-23-2024, 01:47 AM

Hi.

I have tried the same in a VirtualBox VM:

Command

Code:

echo "Test Mail" | sendmail account@gmail.com

POSTFIX log:

Code:

abr 23 08:34:10 MASTER postfix/pickup[1782]: 07AF3121F3A: uid=1000 from=<itb>
abr 23 08:34:10 MASTER postfix/cleanup[2959]: 07AF3121F3A: message-id=<20240423063410.07AF3121F3A@MASTER.domain.here>
abr 23 08:34:10 MASTER postfix/qmgr[1783]: 07AF3121F3A: from=<account@MASTER.domain.here>, size=282, nrcpt=1 (queue active)
abr 23 08:39:10 MASTER postfix/smtp[2961]: 07AF3121F3A: conversation with gmail-smtp-in.l.google.com[173.194.76.27] timed out while receiving the initial server greeting
abr 23 08:39:10 MASTER postfix/smtp[2961]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c00::1a]:25: Network is unreachable
abr 23 08:44:10 MASTER postfix/smtp[2961]: 07AF3121F3A: conversation with alt1.gmail-smtp-in.l.google.com[142.250.153.26] timed out while receiving the initial server greeting
abr 23 08:44:10 MASTER postfix/smtp[2961]: connect to alt1.gmail-smtp-in.l.google.com[2a00:1450:4013:c16::1b]:25: Network is unreachable

dig -t MX gmail.com

Code:

gmail.com.		2181	IN	MX	40 alt4.gmail-smtp-in.l.google.com.
gmail.com.		2181	IN	MX	20 alt2.gmail-smtp-in.l.google.com.
gmail.com.		2181	IN	MX	30 alt3.gmail-smtp-in.l.google.com.
gmail.com.		2181	IN	MX	5 gmail-smtp-in.l.google.com.
gmail.com.		2181	IN	MX	10 alt1.gmail-smtp-in.l.google.com.

Telnet:

Code:

telnet gmail-smtp-in.l.google.com. 25
Trying 173.194.76.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.

So apparently my server is able to connect with Gmail SMTP server, however, POSTFIX fails.

Why is this?

Thanks!

EDIT: some minutes later the logs showed the problem:

Code:

This mail has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM. 550-5.7.26  550-5.7.26  Authentication results: 550-5.7.26  DKIM = did not pass 550-5.7.26  SPF [master.domain.here]

TenTenths · 04-23-2024, 03:39 AM

Quote:

Originally Posted by banderas20

EDIT: some minutes later the logs showed the problem:

Code:

This mail has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM. 550-5.7.26  550-5.7.26  Authentication results: 550-5.7.26  DKIM = did not pass 550-5.7.26  SPF [master.domain.here]

So your SPF or DKIM aren't configured properly.

banderas20 · 04-23-2024, 07:40 AM

Quote:

Originally Posted by TenTenths

So your SPF or DKIM aren't configured properly.

They aren't configured at all XD.

Thanks!