Postfix, designed by the devil?

13 posts / 0 new
Topic locked
Last post
#1 Tue, 09/16/2014 - 19:13
zushiba

Postfix, designed by the devil?

I'm running CentOS 6.2. Try as I might I simply cannot get incoming mail to work on a virtual server. Here's the myriad of problems I'm unable to solve.

*Internal mail sends to others on the same server. Shows up ONLY in Postfix Mail Server section of Webmin when looking at User Mailboxes. Does not show up in Roundcube :/

No mail seems to make it to the server, I thought the problem was in the main.cf file at the line inet_interfaces = localhost which I changed to include the server IP address, but that just results in mail being bounced back by gmail or outlook live.

Delivered-To: <MyEmailAccount>@gmail.com
Received: by 10.202.184.11 with SMTP id i11csp1375181oif;
        Tue, 16 Sep 2014 16:38:20 -0700 (PDT)
X-Received: by 10.70.94.201 with SMTP id de9mr34625241pdb.103.1410910699795;
        Tue, 16 Sep 2014 16:38:19 -0700 (PDT)
Return-Path: <>
Received: from li251-129.localdomain ([2600:3c01::f03c:91ff:feae:4415])
        by mx.google.com with ESMTP id so6si32049546pac.164.2014.09.16.16.38.19
        for <<MyEmailAccount>@gmail.com>;
        Tue, 16 Sep 2014 16:38:19 -0700 (PDT)
Received-SPF: none (google.com: li251-129.localdomain does not designate permitted sender hosts) client-ip=2600:3c01::f03c:91ff:feae:4415;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: li251-129.localdomain does not designate permitted sender hosts) smtp.mail=
Received: by li251-129.localdomain (Postfix)
    id 6EBBE21517D; Tue, 16 Sep 2014 16:38:19 -0700 (PDT)
Date: Tue, 16 Sep 2014 16:38:19 -0700 (PDT)
From: MAILER-DAEMON@localdomain.localdomain (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: <MyEmailAccount>@gmail.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
    boundary="4DCD3215172.1410910699/li251-129.localdomain"
Message-Id: <20140916233819.6EBBE21517D@li251-129.localdomain>
 
This is a MIME-encapsulated message.
 
--4DCD3215172.1410910699/li251-129.localdomain
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
 
This is the mail system at host li251-129.localdomain.
 
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
 
For further assistance, please send mail to postmaster.
 
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
 
                   The mail system
 
<test-<MyDomainName>.com@localdomain.localdomain> (expanded from
    <test@<MyDomainName>.com>): Host or domain name not found. Name service
    error for name=localdomain.localdomain type=AAAA: Host not found
 
--4DCD3215172.1410910699/li251-129.localdomain
Content-Description: Delivery report
Content-Type: message/delivery-status
 
Reporting-MTA: dns; li251-129.localdomain
X-Postfix-Queue-ID: 4DCD3215172
X-Postfix-Sender: rfc822; <MyEmailAccount>@gmail.com
Arrival-Date: Tue, 16 Sep 2014 16:38:19 -0700 (PDT)
 
Final-Recipient: rfc822; test-<MyDomainName>.com@localdomain.localdomain
Original-Recipient: rfc822;test@<MyDomainName>.com
Action: failed
Status: 5.4.4
Diagnostic-Code: X-Postfix; Host or domain name not found. Name service error
    for name=localdomain.localdomain type=AAAA: Host not found
 
--4DCD3215172.1410910699/li251-129.localdomain
Content-Description: Undelivered Message
Content-Type: message/rfc822
 
Return-Path: <<MyEmailAccount>@gmail.com>
Received: from mail-oa0-f54.google.com (mail-oa0-f54.google.com [209.85.219.54])
    by li251-129.localdomain (Postfix) with ESMTP id 4DCD3215172
    for <test@<MyDomainName>.com>; Tue, 16 Sep 2014 16:38:19 -0700 (PDT)
Received: by mail-oa0-f54.google.com with SMTP id m19so504614oag.27
        for <test@<MyDomainName>.com>; Tue, 16 Sep 2014 16:38:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:reply-to:date:message-id:subject:from:to:content-type;
        bh=wAGrXgvUlLqChAjlWWPTYp9iLw6VuU5NXx2HI9BipN8=;
        b=qb7MqrDgYBHNCrJF8YeQ/6e9SUPq401UpQL4cwOnOtJzs4C4gyInjeD5UtWsKv3g/W
         pr1JaeM3D8bfp+k9mrS4joMldyC/vPK60vpZM3TfNNydQ+DOpzqJIinHuKEx3FOy/SAH
         gFB834RuZEXjGpwQ497hiZrO5w9Df/SQGH3wqIxDWkzjdphyf3eQxcw9stVNRZn7JxNi
         oWWttzS7fBzul/fROiwzDNPitxW1qAHwAJjEy7y/94FN/GVf5UsuFIk1JGGiYighZUx4
         AYk6v7Zbd2mftjSvWxpzLfb1kzc/Pi0WaksrzjsugPHbeFx3vAXdVgIO7B53NxHaDr/u
         xi7A==
MIME-Version: 1.0
X-Received: by 10.182.236.162 with SMTP id uv2mr39007039obc.12.1410910698910;
 Tue, 16 Sep 2014 16:38:18 -0700 (PDT)
Received: by 10.202.184.11 with HTTP; Tue, 16 Sep 2014 16:38:18 -0700 (PDT)
Reply-To: <MyEmailAccount>@gmail.com
Date: Tue, 16 Sep 2014 16:38:18 -0700
Message-ID: <CADZm3zo=RUpPCCgPMo3jpuX1Y6f1aaTKj_k1ATESDnGtRKw2Rw@mail.gmail.com>
Subject: ugh
From: Jason <<MyEmailAccount>@gmail.com>
To: test@<MyDomainName>.com
Content-Type: multipart/alternative; boundary=001a11c2eb5204ba310503373f14
 
--001a11c2eb5204ba310503373f14
Content-Type: text/plain; charset=UTF-8
 
I really hate you postfix.
 
--001a11c2eb5204ba310503373f14
Content-Type: text/html; charset=UTF-8
 
<div dir="ltr">I really hate you postfix.<br></div>
 
--001a11c2eb5204ba310503373f14--
 
--4DCD3215172.1410910699/li251-129.localdomain--

Note, changing the line back to localhost without the IP, emails no longer bounce back but they aren't delivered either.

Tue, 09/16/2014 - 22:04
andreychek

Howdy,

Try setting the "inet_interfaces" option in your main.cf to "all", that will cause it to listen on all interfaces.

Let us know if that solves some or all of the issues you're seeing; if there's any remaining, let us know which are still issues and we can work from there :-)

-Eric

Wed, 09/17/2014 - 01:19
zushiba

I have made the change and restarted Postfix, no change.

I try to telnet to port 25 to the domain in question in the console and get

[me@hostname me]# telnet mail.<domain>.com 25
Trying <serverIP>...
telnet: connect to address <serverIP>: Connection refused

but I have no problem telnetting to 127.0.0.1 25

[me@hostname me]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 <MyDomain> ESMTP Postfix
ehlo localhost
250-<MyDomain>
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

I've made certain that iptables is configured to allow outside traffic on port 25 but even with iptables OFF I'm unable to connect to port 25 using the domain name.tld.

ACCEPT   tcp   --   anywhere      anywhere      tcp dpt:smtp

netstat -plnt |grep :25
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      21505/master

So that's where I am. I am getting mail bounced back now with the change of inet_interfaces to all.

Wed, 09/17/2014 - 09:42
andreychek

Howdy,

Just to verify, did you restart Postfix after changing that option?

Also, to verify that Postfix is indeed listening on all interfaces, you can run this command:

netstat -an | grep :25

Wed, 09/17/2014 - 09:54
zushiba

Yes I did restart Postfix after making the change.

[me@domain ~]# netstat -an | grep :25
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN
tcp        0      0 ::1:25                      :::*                        LISTEN
Wed, 09/17/2014 - 10:01
andreychek

Howdy,

Hmm, it doesn't appear that Postfix is listening for connections other than localhost.

What is the output of these two commands:

/sbin/ifconfig
postconf -n | grep inet_interfaces
Wed, 09/17/2014 - 11:48
zushiba
[me@domain ~]# /sbin/ifconfig
eth0      Link encap:Ethernet  HWaddr F2:3C:91:AE:44:15
          inet addr:173.255.241.129  Bcast:173.255.241.255  Mask:255.255.255.0
          inet6 addr: 2600:3c01::f03c:91ff:feae:4415/64 Scope:Global
          inet6 addr: fe80::f03c:91ff:feae:4415/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:40698019 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38938966 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10027583653 (9.3 GiB)  TX bytes:52687395622 (49.0 GiB)
 
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:37639634 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37639634 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:19964951352 (18.5 GiB)  TX bytes:19964951352 (18.5 GiB)

and

[me@domain ~]# postconf -n | grep inet_interfaces
inet_interfaces = all
Wed, 09/17/2014 - 11:56
zushiba

If it helps here's a bounced mail from my gmail account.

Delivery to the following recipient failed permanently:
 
     test@<domain>.com
 
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain <domain>.com by mail.<domain>.com. [<ip>].
 
The error that the other server returned was:
554 5.7.1 <test@<domain>.com>: Relay access denied
 
 
----- Original message -----
 
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:reply-to:date:message-id:subject:from:to:content-type;
        bh=G1kw12wq97/7u8tfg1ZXtBJsDJa0IQ2f34t8bj9cawU=;
        b=HePiK5rGYJJMjMf/BOtTq2BFzh3Bi/IUly5A3jRmK5Pp4xJvu312BORxIT3OU0YLP0
         p1wN3h6bL/SxUOz5DeBElhZAgJ/dAyfYIi7hyqT3UJN//uTCHfo8Ao++94Zf6aEJyEXB
         B51FptgqsTROJ/65bNPtSWwAyC0nzADwlmmKd5qTJjhjby01orPHluc7TUzkfYHxj4oa
         1ObKqskDnFgABLZzeXp0kOXovUSl7jDf3mVPn2zIaNsq976ExSr8Lv5hsRctcgIs9KAP
         bcY9mLWMCd0VWmtLyDjBbKCcEMauv5ookdFHfXA8f449QQisvDKExR/BMaTd4m+fM/7V
         AROg==
MIME-Version: 1.0
X-Received: by 10.182.70.4 with SMTP id i4mr4496259obu.29.1410972629427; Wed,
 17 Sep 2014 09:50:29 -0700 (PDT)
Received: by 10.202.184.11 with HTTP; Wed, 17 Sep 2014 09:50:29 -0700 (PDT)
Reply-To: <myemail>@gmail.com
Date: Wed, 17 Sep 2014 09:50:29 -0700
Message-ID: <CADZm3zo=2TvMCSUs+6qhKnW3u=iA98JpTaFTEZe=kvPAv8sPZg@mail.gmail.com>
Subject: hammer meet head
From: Jason <<myemail>@gmail.com>
To: test@<domain>.com
Content-Type: multipart/alternative; boundary=089e0153806a5d977f050345aad0
 
work...please?
Wed, 09/17/2014 - 12:02
andreychek

Just to be sure, could you try running this command:

/etc/init.d/postfix restart

After that, what is the output of this command:

netstat -an | grep :25

If Postfix still isn't listening on all interfaces, do you see any errors in "/var/log/maillog" that occur during or just after restarting Postfix?

-Eric

Wed, 09/17/2014 - 13:00
zushiba
[me@domain ~]# /etc/init.d/postfix restart
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]

and

[root@hitpoints ~]# netstat -an | grep :25
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN
tcp        0      0 :::25                       :::*                        LISTEN

Here's the update in maillog after restarting.

Sep 17 10:55:46 li251-129 postfix/postfix-script[375]: stopping the Postfix mail system
Sep 17 10:55:46 li251-129 postfix/master[32631]: terminating on signal 15
Sep 17 10:55:46 li251-129 postfix/postfix-script[448]: starting the Postfix mail system
Sep 17 10:55:46 li251-129 postfix/master[449]: daemon started -- version 2.6.6, configuration /etc/postfix
Sep 17 10:55:52 li251-129 dovecot: imap-login: Login: user=<test@<domain>.com>, method=PLAIN, rip=::1, lip=::1, mpid=456, secured
Sep 17 10:55:52 li251-129 dovecot: imap(test@<domain>.com): Disconnected: Logged out bytes=50/404
Wed, 09/17/2014 - 13:03
andreychek

There we go! Now it does appear to be listening on all interfaces (we can determine that by seeing it listen on "0.0.0.0").

Can you try accessing port 25 again, on your public IP address?

-Eric

Wed, 09/17/2014 - 13:35
zushiba

Is there a difference in the commands "Service postfix restart" vs "/etc/init.d/postfix restart"? Seemed as though they accomplished the same thing but I guess not?

I am able to telnet in from my outside IP though so that's progress. Mail is still bouncing though back though. I'll include the latest bounced email below.

Before I paste that though I'd like to thank you for all the help I appreciate it very much.

 
Delivered-To: <myemail>@gmail.com
Received: by 10.202.184.11 with SMTP id i11csp109094oif;
        Wed, 17 Sep 2014 11:26:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of  designates 10.60.67.226 as permitted sender) client-ip=10.60.67.226
Authentication-Results: mr.google.com;
       spf=pass (google.com: domain of  designates 10.60.67.226 as permitted sender) smtp.mail=;
       dkim=pass header.i=@googlemail.com
X-Received: from mr.google.com ([10.60.67.226])
        by 10.60.67.226 with SMTP id q2mr436005oet.7.1410978396857 (num_hops = 1);
        Wed, 17 Sep 2014 11:26:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20120113;
        h=mime-version:from:to:subject:message-id:date:content-type;
        bh=Rgfg27yvWawoR6TJ4y320EQGEr1RT+v4LtQwpR0zjFs=;
        b=yBmJjqPBW0WO2JyLvun1Wpym0OkCSs56Le8k8l6eHRRxx2fJqehCU7NCafg3S2joJO
         +MFQja+Ms3AQcvoMfMbYbOr9VBBaISHbLjpmebMSTyc1XQOa4/mXYeW9/Hlf8TZp3t4R
         Z4m5XryW7lBauOYBi5NwAB2yjregzaoOK6bjvSURjNCltmionBA+NbQZiJ1h8pXUIyTA
         Tdwxl3DpQ+DLn1FV5XiLl4521/+9UiOXCAYXz/aSM3wXGaQ0fdsdAD9wf8VCC9G0Mhz+
         L80njpZc95hqc5z/gi9oHSBcjlWjmkJ7ojb9GpTyk4FwNrErFCE+OqT878XdTLnoiiS3
         PRSQ==
X-Received: by 10.60.67.226 with SMTP id q2mr436005oet.7.1410978396854;
        Wed, 17 Sep 2014 11:26:36 -0700 (PDT)
MIME-Version: 1.0
Return-Path: <>
Received: by 10.60.67.226 with SMTP id q2mr305177oet.7; Wed, 17 Sep 2014
 11:26:36 -0700 (PDT)
From: Mail Delivery Subsystem <mailer-daemon@googlemail.com>
To: <myemail>@gmail.com
X-Failed-Recipients: test@<domain>.com
Subject: Delivery Status Notification (Failure)
Message-ID: <001a11c3239021574c0503470213@google.com>
Date: Wed, 17 Sep 2014 18:26:36 +0000
Content-Type: text/plain; charset=ISO-8859-1
 
Delivery to the following recipient failed permanently:
 
     test@<domain>.com
 
Technical details of permanent failure: 
Google tried to deliver your message, but it was rejected by the server for the recipient domain <domain>.com by mail.<domain>.com. [<ip>].
 
The error that the other server returned was:
554 5.7.1 <test@<domain>.com>: Relay access denied
 
 
----- Original message -----
 
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:reply-to:date:message-id:subject:from:to:content-type;
        bh=HZVMiC743Zf3wQB9nrs2bzHlsdqzKqhOFn0Eemy4nRM=;
        b=eqvbOhhT+VjgowdGvJcVBDrC+EKYYtIcYgfXt8YjUjLbsk9eax1gjk9/+4PgkXc8SQ
         GmB2iuL0/iVO2Xfz8AtgN2u/T6nlbuwu7Iu18RRU2bDy1R8J5yRi2LHn84dfy0S3iO8b
         Irs+R5hl2KsC98CKEW/As/Hp5M3ziSDgN18JOOLvSEv9mJoeufUBtON+1xtlD5dIzTZm
         ZDEOIsbkM1DLbrYngh8FDzn410hUUI4SsRpQFa9T9jOEeu94iMSOWeoWnnOsjpdylLs3
         ro0Rb4emsJd3Np9TtPW/BcqXBvkiQYPlAK0wi+COJZZITKmgcoVGhXz+8gd01dYeLg6u
         Z+Bg==
MIME-Version: 1.0
X-Received: by 10.60.67.226 with SMTP id q2mr435953oet.7.1410978396339; Wed,
 17 Sep 2014 11:26:36 -0700 (PDT)
Received: by 10.202.184.11 with HTTP; Wed, 17 Sep 2014 11:26:36 -0700 (PDT)
Reply-To: <myemail>@gmail.com
Date: Wed, 17 Sep 2014 11:26:36 -0700
Message-ID: <CADZm3zqnrw1Oeq4=N=52RywHqOfFJ=KE6hKJmLvJO0_eWtraVw@mail.gmail.com>
Subject: let's try this again
From: Jason <<myemail>@gmail.com>
To: test@<domain>.com
Content-Type: multipart/alternative; boundary=001a11c3239019cd340503470228
 
Hopefully this time it works.
Wed, 09/17/2014 - 20:06
zushiba

So the mail log is finally producing something. Up til now it was just information on local users connecting/disconnecting if they were logged in to Roundmail.

Sep 17 17:59:52 li251-129 postfix/smtpd[16165]: connect from mail-oi0-f50.google.com[209.85.218.50]
Sep 17 17:59:52 li251-129 postfix/smtpd[16165]: NOQUEUE: reject: RCPT from mail-oi0-f50.google.com[209.85.218.50]: 554 5.7.1 <test@<domain>.com>: Relay access denied; from=<<myemail>@gmail.com> to=<test@<domain>.com> proto=ESMTP helo=<mail-oi0-f50.google.com>
Sep 17 17:59:53 li251-129 postfix/smtpd[16165]: disconnect from mail-oi0-f50.google.com[209.85.218.50]
Topic locked