Good afternoon,

I'm running CentOS7 and have a perplexing issue. All emails sent to my server from external places (iCloud) are bounced with Service Unavailable. All server to server mail is bounced. All mail sent to example.com from example.com are bounced. I've deleted the mail queue. maillog is showing no errors. If I refresh the mail queue every so often it shows entries, but postdate -vf shows that the id's are unavailable Mail tools like MxToolbox tell me that the server is reachable and properly configured. Dovecot appears to be working because I get the bounced messages. Here's what I have.

Dovecot
PostFix
OpenDKIM
Spamassassin
ClamAV

Thank you so much for shedding light on how to even start addressing this issue!

Bruce

Did you have an MX record?

Is port 25 isn't open to your server? The typical ISP blocks mail server ports.

Hello,

Yes, I hava a resolving MX record and PTR record. The DNS and queries to the MTA all resolve properly. None of my ports are blocked. I have port 25 and port 587 (submission) configured.

Bruce

What do the bounce messages say, exactly? Which mail server is sending them?
Paste the whole bounce message here, please.

Hello, here's the bounce message. They are being generated by my domain.

-----------------------------------------------------

This is the mail system at host mail.example.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<info@example.com>: service unavailable
Reporting-MTA: dns; mail.example.com
X-Postfix-Queue-ID: 3465A40505B2D
X-Postfix-Sender: rfc822; info@example.com
Arrival-Date: Mon, 23 Apr 2018 03:18:58 -0700 (MST)

Final-Recipient: rfc822; info@example.com
Original-Recipient: rfc822;info@example.com
Action: failed
Status: 5.3.0
Diagnostic-Code: x-unix; service unavailable

From: Elyon Research <info@example.com>
Subject: DKIM
Date: April 23, 2018 at 3:18:55 AM MST
To: info@example.com


Dkim

Can you telnet from some external IP address, like from a mobile phone network, to your mail server's ports? Again, most ISPs block mail server ports unless explicitly requesting opening.

To further debug sending mail, you need to learn how to send mail via telnet so you can see the interaction/session on both sides and figure out what's going on.

If your domain is sending the bounce messages, there's obviously not a problem accessing port 25.

One possibility is that the mail is being rejected by either spamd or clamd ... Unless specially configured, spam and/or clam rejections often just use "5.3.0 service unavailable" in the bounce messages.

Check the spam and clamav logs for entries at the time of the rejections. If it's happening to all incoming mail, check the spamassassin default limits.

Thanks Sean,

I'm able to telnet in like previously suggested. I upgraded to current versions of Postfix and Dovecot this morning and changed the log levels. Working through issues in the logs.

Thank you,

Bruce

I got it working, Phew!. I upgraded to the latest dovecot/postfix/opendkim. There was a TLS issue that was causing no ALPN to be negotiated.