[SOLVED]Postfix won't send e-mail to other domains

etakeh32 · 2015-05-24 22:04:49

Hello,

I have set up my server according to

https://wiki.archlinux.org/index.php/Vi … ail_system

as best as I could. I can receive e-mails from gmail, and I can send e-mails from my @mydomain to @mydomain. But I cannot send e-mails from @mydomain to anywhere else.

/var/log/mail.log:

May 24 21:42:28 server postfix/qmgr[382]: 69CF9E3462: from=<tkh@domain.com>, size=1021, nrcpt=1 (queue active)
May 24 21:42:58 server postfix/smtp[1379]: connect to gmail-smtp-in.l.google.com[74.125.20.27]:25: Connection timed out
May 24 21:43:28 server postfix/smtp[1379]: connect to alt1.gmail-smtp-in.l.google.com[173.194.192.27]:25: Connection timed out
May 24 21:43:58 server postfix/smtp[1379]: connect to alt2.gmail-smtp-in.l.google.com[74.125.137.27]:25: Connection timed out
May 24 21:44:28 server postfix/smtp[1379]: connect to alt3.gmail-smtp-in.l.google.com[173.194.206.27]:25: Connection timed out
May 24 21:44:58 server postfix/smtp[1379]: connect to alt4.gmail-smtp-in.l.google.com[74.125.141.27]:25: Connection timed out
May 24 21:44:58 server postfix/smtp[1379]: 69CF9E3462: to=<me@gmail.com>, relay=none, delay=36632, delays=36482/0.05/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[74.125.141.27]:25: Connection timed out)

Main.cf:

compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/bin
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = domain.com
mydomain = domain.com
myorigin = $mydomain
mydestination = localhost
unknown_local_recipient_reject_code = 550
mynetworks_style = host
relay_domains = $mydestination
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps

debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/bin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1

Master.cf:

smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache

Last edited by etakeh32 (2015-05-24 23:12:44)

madeye · 2015-05-24 22:36:18

From the postfix configuration page I would say that you need to change the

relay_domains = $mydestination

to be empty. (or comment it out).

That's the way it is in my server as well, for me to be able to send email outside of my local domain.

http://www.postfix.org/postconf.5.html#relay_domains

etakeh32 · 2015-05-24 22:44:48

I set it to the following and restarted postfix.

relay_domains = *

No success. Still getting:

May 24 18:42:22 server postfix/smtp[27904]: connect to gmail-smtp-in.l.google.com[74.125.20.26]:25: Connection timed out
May 24 18:42:52 server postfix/smtp[27904]: connect to alt1.gmail-smtp-in.l.google.com[173.194.192.26]:25: Connection timed out

Last edited by etakeh32 (2015-05-24 22:46:08)

madeye · 2015-05-24 22:54:24

I don't know how postfix reacts to an * in the "relay_domains" line. I would comment the whole line out.

#relay_domains =

But you get a timeout on the connection to the google server. Is it possible that you have an ip address in a range that is black listed?
You could check with:
http://www.anti-abuse.org/multi-rbl-check/
or
http://rbl-check.org/

Btw. I have always found https://workaround.org/ispmail to be a good source when I setup my mail server.

etakeh32 · 2015-05-24 22:57:44

Both websites show that I pass for all services except b.barracudacentral.org. Do you think that is the issue? I think the Arch Wiki had it with an *, will try and comment it out.

fukawi2 · 2015-05-24 23:04:27

I'm guessing your ISP blocks outbound port 25 as an anti-spam measure. Are you able to `telnet aspmx.l.google.com 25` and get a greeting that starts with "220"?

etakeh32 · 2015-05-24 23:10:23

No But I am able to do so from my local machine. Is there a work-around I can implement, or will I need to contact my VPS provider?

Can you take a quick look at my iptables please and confirm that all outbound is permitted?

# Generated by iptables-save v1.4.21 on Sun May 24 12:26:32 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [23:3238]
:TCP - [0:0]
:UDP - [0:0]
:sshguard - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 9322 -j sshguard
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A TCP -p tcp -m tcp --dport 9322 -j ACCEPT
-A TCP -p tcp -m tcp --dport 80 -j ACCEPT
-A TCP -p tcp -m tcp --dport 443 -j ACCEPT
-A TCP -p tcp -m tcp --dport 993 -j ACCEPT
-A TCP -p tcp -m tcp --dport 587 -j ACCEPT
-A TCP -p tcp -m tcp --dport 9321 -j ACCEPT
COMMIT

fukawi2 · 2015-05-24 23:11:48

etakeh32 wrote:

Is there a work-around I can implement, or will I need to contact my VPS provider?

You'll need to contact your provider to get it unblocked.

etakeh32 wrote:

Can you take a quick look at my iptables please and confirm that all outbound is permitted?

Yes, those rules will allow outbound SMTP.

etakeh32 · 2015-05-24 23:12:19

Thank you both!

Arch Linux

#1 2015-05-24 22:04:49

[SOLVED]Postfix won't send e-mail to other domains

#2 2015-05-24 22:36:18

Re: [SOLVED]Postfix won't send e-mail to other domains

#3 2015-05-24 22:44:48

Re: [SOLVED]Postfix won't send e-mail to other domains

#4 2015-05-24 22:54:24

Re: [SOLVED]Postfix won't send e-mail to other domains

#5 2015-05-24 22:57:44

Re: [SOLVED]Postfix won't send e-mail to other domains

#6 2015-05-24 23:04:27

Re: [SOLVED]Postfix won't send e-mail to other domains

#7 2015-05-24 23:10:23

Re: [SOLVED]Postfix won't send e-mail to other domains

#8 2015-05-24 23:11:48

Re: [SOLVED]Postfix won't send e-mail to other domains

#9 2015-05-24 23:12:19

Re: [SOLVED]Postfix won't send e-mail to other domains

Board footer