Postfix - can't recieve emails from external domain (Ubuntu 16.04)

spieriz · 02-13-2019, 09:17 AM

Good morning!

I have a bit common problem, but I didn't found any solution yet, after reading really a lot of forums and tutorials. Shortly: I want to send an email from external domain to my server, but it's never recieved.

Server:
VPS with Ubuntu 16.04.

Followed tutorial:
https://www.digitalocean.com/communi...n-ubuntu-16-04
(and a lot of others, after detecting problems, but that one was the main)

What I have / can do:
+ Open port 25 (test passed in https://www.yougetsignal.com/tools/open-ports/)
+ Port 25 is listening (checked by netstat -plnt, result below)
+ Configured SPF, DKIM, DMARC records (test passed in https://mxtoolbox.com/)
+ Using TLS (CA - Let’s Encrypt)
+ Send emails to external domains (i.e. gmail.com)
+ Recieve emails sent from internal (i.e. if I'll use mail/sendmail at my VPS to admin@example.com - I'm recieving this email in home/admin/Maildir)
+ Passing SMTP tests (https://www.wormly.com/test-smtp-server, https://www.smtper.net/ - both version passes: with tls / without tls)

What I dont have / can't do:
- Any error logs in mail.log, syslog
- Recieve email from any external domain (i.e. gmail.com)

What I try to do (but I can't):
* Send email from external domain (i.e. gmail.com) and recieve it in my Maildir in example.com domain

Postfix main.cf

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

myhostname = vps_name
mydomain = example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 my_server_ip_address
mydestination = $myhostname, localhost, localhost.$mydomain, $mydomain

# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem

#smtpd_use_tls=yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
#smtpd_tls_protocols=!SSLv2

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_sender_restrictions = permit_sasl_authenticated
smtpd_relay_restrictions = 
    permit_mynetworks 
    permit_sasl_authenticated 
    permit_inet_interfaces 
    reject_unauth_destination
smtpd_recipient_restrictions =
    permit_mynetworks 
    permit_sasl_authenticated
    permit_inet_interfaces
    reject_unauth_destination

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

relayhost = 

mailbox_command = 
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
myorigin = /etc/mailname

milter_protocol = 2
milter_default_action = accept

smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
home_mailbox = Maildir/

virtual_alias_maps = hash:/etc/postfix/virtual

Port 25 listening:

Code:

tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      32022/master
tcp6       0      0 :::25                   :::*                    LISTEN      32022/master

I spent a lot of hours trying to solve this problem and I failed.
I will be very grateful for any advice what I'm doing wrong and how I can fix the problem.

scasey · 02-13-2019, 11:37 AM

When you attempt to send from gmail, does the message bounce? That is, do you get a message from gmail that it couldn't deliver the email? What does that bounce message say?

Is there a public IP address on the VPS?

spieriz · 02-13-2019, 12:13 PM

@scasey,

About 1-2 days ago I've been recieving non-delivery message from gmail, there were error code "454 4.7.1 Relay access denied" (message on my gmail account).

After I changed several config params(unfortunately I don't remember what exactly it was - im trying to solve this problem about a weak, tried much different things) I'm not recieving this message again - not sure if is it caused by VPS or gmail just get bored about sending this message

IP is static and public.

Additionally,
mxtoolbox - 'test email server'

Code:

Connecting to IP_ADDRESS

220 VPS_NAME ESMTP Postfix (Ubuntu) [1126 ms]
EHLO keeper-us-east-1b.mxtoolbox.com
250-VPS_NAME 
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [705 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 2.1.0 Ok [687 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
554 5.7.1 <test@mxtoolboxsmtpdiag.com>: Relay access denied [690 ms]

LookupServer 8529ms

scasey · 02-13-2019, 01:14 PM

That appears to be a problem with your postfix configuration. I'm sorry, I don't speak postfix.

There appears to be a lot of help here. See the second link there, maybe?

Perhaps someone who knows more about postfix will jump in. Sorry.

spieriz · 02-13-2019, 02:50 PM

I have it already done, unfortunately no result.

Thank you for your try to help me

spieriz · 02-26-2019, 05:13 AM

Hi again!

I've just solved this issue.

Problem was inside /etc/aliases.
I had there:

Code:

postmaster: admin
admin: admin@example.com

The second line was a remnant of the previous postfix configuration, when I had email forwarding. I forgot to delete it. Now I have only first line left:

Code:

postmaster: admin

And it works fine.

Problem solved, thread can be closed.