I installed postfix on a server, but port 25 was blocked by ISP. I followed http://www.postfix.org/TLS_README.html#client_smtps to configure smtps on port 465.
I follow the configuration as Postfix ≥ 3.0: Sending only mail for a specific destination via SMTPS,
But I have to add mail domain to /etc/postfix/transport.
a.com relay-smtps:mx.a.com:465
b.com relay-smtps:mx.b.com:465
part of /etc/postfix/main.cf:
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_tls_security_level = may
tls_random_source = dev:/dev/urandom
smtp_tls_loglevel = 1
transport_maps = hash:/etc/postfix/transport
part of /etc/postfix/master.cf:
relay-smtps unix - - n - - smtp
# Client-side SMTPS requires "encrypt" or stronger.
-o smtp_tls_security_level=encrypt
-o smtp_tls_wrappermode=yes
For destination not in transport, postfix tries connect to port 25.
I can only send email to destination listed in transport.
How do I change the postfix so that it tries send all emails to [their own DNS MX record]:465 ?
I have tried Postfix ≥ 3.0: Sending all remote mail to an SMTPS server:
relayhost = [mx.a.com]:465
But it was regarded as spam.
If I do like:
mydomain.com :
* relay-smtps:how can use DNS MX recode auto:465
How can I specify port 465 and use DNS MX record?
Thanks!
Related
I've set up mail server with iRedMail. It should act as an SMTP server for web app. Postfix is restricted only for localhost usage.
Let's assume that I create an account web#example.com.
What I need is to allow set arbitrary from header, e.g. bar#example.com, or even baz#my-second-domain.com
Currently this is rejecting:
postfix/smtpd[7386]: NOQUEUE: reject: RCPT from ***[127.0.0.1]: 550 5.1.0 <notlviv#pb.org.ua>: Sender address rejected: User unknown in virtual mailbox table; from=<notlviv#pb.org.ua> to=<some#email.com> proto=ESMTP helo=<[127.0.0.1]>
How can this be allowed?
Ok, figured out:
smtpd_reject_unlisted_sender = yes # set to no
# Sender restrictions
smtpd_sender_restrictions =
reject_unknown_sender_domain
reject_non_fqdn_sender
reject_unlisted_sender # comment this
After searching for a while and reading a lot of examples, cases and/or answer on Google and Stackoverflow, I didn't find a solution for my problem. I'm more and more confused with the notion of SPF and relay, so I'm asking my question here hoping to receive a proper answer and understand once for ever !
In summary :
I have a current main server with a mailserver installed on it (postfix + dovecot + vimbadmin), on domain exampleA.com.
I have a new server for a new website, with a new domain exampleB.com.
My goal is that all the emails of the new website (XXXX[AT]exampleB.com) have to be sent & received using the main server.
Knowing that the mainserver has to send the emails of exampleB.com, I modified the SPF entry of exampleB.com to allow the main server to send emails of exampleB.com.
The mails are sent OK and I receive the emails OK, but when I look the original sources of email in Gmail :
Return-Path: <root#FQDN_NEW_SERVER>
Received: from mail.exampleA.com (FQDN_MAIN_SERVER [IP_MAIN_SERVER])
by mx.google.com with ESMTPS id f64si6392532wma.52.2016.05.20.04.59.06
for <xxxxxxx#gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 20 May 2016 04:59:06 -0700 (PDT)
Received-SPF: neutral (google.com: IP_MAIN_SERVER is neither permitted nor denied by best guess record for domain of root#FQDN NEW SERVER) client-ip=IP MAIN SERVER;
Authentication-Results: mx.google.com;
spf=neutral (google.com: IP MAIN SERVER is neither permitted nor denied by best guess record for domain of root#FQDN NEW SERVER) smtp.mailfrom=root#IP MAIN SERVER
Received: from FQDN NEW SERVER (REVERSEDNS_NEW_SERVER [IP_NEW_SERVER])
by mail.exampleA.com (Postfix) with ESMTPA id 67C8C60421;
Fri, 20 May 2016 13:59:06 +0200 (CEST)
Received: by FQDN_NEW_SERVER (Postfix, from userid 0)
id A1949A07AB; Fri, 20 May 2016 13:58:57 +0200 (CEST)
I'm getting more and more confused which SPF I have to modify, and which MX is pointing to who..
Edit : It seems that I have a connection timed out when my main server tries to connect to my new server on port 25, but with telnet it seems ok..
Edit2 : I know that my DNS and my Reverse DNS are not the same.. My server is an instance in a public cloud, and I can't change my reverse since it's configured in the virtual router.
Edit3 : I have this error in the main server postfix logs :
May 20 16:25:40 ns33rgdrg4 postfix/smtpd[2956]: NOQUEUE: reject_warning: RCPT from csikxdqzdqzdqzdqzdqzress.com[IP_NEW_SERV]: 450 4.1.7 <root#FQDN_NEW_SERVER>: Sender address rejected: unverified address: connect to FQDN_NEW_SERV[IP_NEW_SERV]:25: Connection timed out; from=<root#FQDN_NEW_SERV> to=<myownmail#owndomain.com> proto=ESMTP helo=<FQDN_NEW_SERV>
Here is the current configuration of servers :
Server Main
Dovecot + Postfix configured
Domain : exampleA.com
DNS :
- exampleA.com. MX mail.exampleA.com
- mail.exampleA.com A IP_MAIN_SERVER
- exampleA.com. SPF "v=spf1 a mx ptr include:spf4.newsletterpartner.net ~all"
New server
Postfix installed, normally why relayhost = mail.exampleA.com
Domain : exampleB.com
DNS :
- exampleB.com. MX mail.exampleA.com
- exampleB.com. SPF "v=spf1 mx:mail.exampleA.com mx:exampleA.com include:mail.exampleA.com include:exampleA.com ~all"
The MX of my new domain is pointing to the MX of my main server (I don't know if it is the good thing to do)
Here is the a part of the new server /etc/postfix/main.cf :
myhostname = FQDN_NEW_SERVER
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
relayhost = mail.exampleA.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
We can see that the new server has his postfix relayhost pointing to the MX of my mainserver.
I don't know if the MX of my new server has to point to himself (knowing that its own postfix has a relayhost configured), or if it has to be configured directly to the main server which will send the emails.
NB : I have this error : No SPF records found for mail.exampleA.com when I check with a website looking for MX and SPF, but exampleA.com has a MX, not mail.exampleA.com
It's driving me crazy for days now... Thanks in advance for your little helps guys :)
Regards,
Julien Q.
Ok I think it is finally solved thanks to you #henry !
In the file /etc/postfix/main.cf, myorigin was /etc/mailname, which was my FQDN.
Since Google was checking, as he says, a "record for domain of root#FQDN_NEW_SERVER", I though he had to check root#DOMAIN, and not FQDN. Google was also saying "IP_MAIN_SERVER is neither permitted nor denied by guest" so instead of putting the MX main server in my new server SPF, I put the main server IP in IPV4.
I changed myorigin from FQDN_NEW_SERVER to DOMAIN_NEW_SERVER instead, and specified my relayhost IPV4 in my new server SPF. After checking with your method AND gmail, everything seems OK now !
So here is the final configuration of my infrastructure.
Main server, Relay SMTP
Dovecot + Postfix configured
Domain : exampleA.com
DNS :
- exampleA.com. MX mail.exampleA.com
- mail.exampleA.com A IP_MAIN_SERVER
- exampleA.com. SPF "v=spf1 a mx ptr include:spf4.newsletterpartner.net ~all"
New server, forwarding emails to the main server
Domain : exampleB.com
DNS :
- exampleB.com. MX mail.exampleA.com
- exampleB.com. SPF "v=spf1 ip4:IP_MAIN_SERVER -all"
New server /etc/postfix/main.cf
myhostname = FQDN_NEW_SERVER
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = /etc/mailname <-- OLD CONF with FQDN_NEW_SERVER in
myorigin = exampleB.com
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
relayhost = mail.exampleA.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
Gmail original sources
Received: from MX_MAIN_SERVER (FQDN_MAIN_SERVER [IP_MAIN_SERVER])
by mx.google.com with ESMTPS id s5si18916426wme.105.2016.05.16.02.06.09
for <FROM_EMAIL_ADDRESS>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 16 May 2016 02:06:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of RECEIVER_EMAIL_ADDRESS designates IP_MAIN_SERVER as permitted sender) client-ip=IP_MAIN_SERVER;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of RECEIVER_EMAIL_ADDRESS designates IP_MAIN_SERVER as permitted sender) smtp.mailfrom=FROM_EMAIL_ADDRESS
Hoping it can help someone else than me.
Thanks again guys !
Julien Q.
I think you made a typo, can you please confirm..
Domain : exampleB.com
DNS :
- exampleB.com. MX mail.exampleA.com
- exampleA.com. SPF "v=spf1 mx:mail.exampleA.com mx:exampleA.com include:mail.exampleA.com include:exampleA.com ~all"
On the bottom I think ExampleA.com. should read ExampleB.com.
And your SPF record should read
"v=spf1 mx ~all"
Since your MX record is mail.exampleA.com, that's all you have to specify in your SPF.
Your timeout issue I think might be related to DoveCot, DoveCot has a long connection time associated to it 18+ seconds. I'm not a linux person, so I really can't point you where to look for timeout settings.
Instead of testing with gmail you can test by sending an email to mailtest#unlockthienbox.com all basic authentication results are displayed (SPF, DKIM, Etc.)
I use a Centos Server in Windows HyperV. When I was sent a mail over this server, I get an error mail.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
serefseven#gmail.com
host gmail-smtp-in.l.google.com [66.102.1.26]
SMTP error from remote mail server after end of data:
550-5.7.1 [185.124.86.138] The IP address sending this message does not have a
550-5.7.1 PTR record setup. As a policy, Gmail does not accept messages from
550-5.7.1 IPs with missing PTR records. Please visit
550-5.7.1 https://support.google.com/mail/answer/81126#authentication for more
550 5.7.1 information. y187si26143569wmc.112 - gsmtp
Reporting-MTA: dns; ln1.postoflscell.com
Action: failed
Final-Recipient: rfc822;serefseven#gmail.com
Status: 5.0.0
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [185.124.86.138] The IP address sending this message does not have a
550-5.7.1 PTR record setup. As a policy, Gmail does not accept messages from
550-5.7.1 IPs with missing PTR records. Please visit
550-5.7.1 https://support.google.com/mail/answer/81126#authentication for more
550 5.7.1 information. y187si26143569wmc.112 - gsmtp
mxtollbox.com smtp test result :
SMTP Reverse DNS Mismatch Reverse DNS does not contain the hostname
SMTP Banner Check Reverse DNS does not match SMTP Banner
SMTP TLS Warning - Does not support TLS.
SMTP Transaction Time 15.485 seconds - Not good! on Transaction Time
SMTP Valid Hostname OK - Reverse DNS is a valid Hostname
SMTP Connection Time 0 seconds - Good on Connection time
SMTP Open Relay OK - Not an open relay.
how to fix this problem?
As the error states, The IP address sending this message does not have a PTR record setup, so you need to set the PTR record for 185.124.86.138 (it is quite usual that receiving mail server requires this). Reverse DNS is controlled by whoever "owns" the IP address, so you should probably contact Bilgehosting to set the record for you)
How do I send postfix bounce to another SMTP server?
I have 2 postfix server (server_A and server_B).
I need the bounce generated from server_A sent to Internet by server_B.
Half a year late... You should try adding this into your main.cf file located in your postfix directory:
notify_classes = bounce, 2bounce
bounce_notice_recipient = <server_B mail address>
2bounce_notice_recipient = <server_B mail address>
*Feel free to include other options in your notify_classes (eg. delay, policy, protocol, resource, software, data) if needed
Addition info: http://www.postfix.org/postconf.5.html#notify_classes
I recently installed Postfix, Dovecot to setup a mail server on my own VPS ( using this tutorial: Email with Postfix, Dovecot, Mysql)
Imaps server uses port 993 for Authentication, and Postfix uses port 25 to send mails.
In this tutorial, users stored in a Database ( so imaps use mysql to authenticate users).
i'm sure every thing works fine with imaps and postfix , because few days ago i installed Kmail client (on my linux) and receive mails from my server. sending mails also works fine, i sent a mail to Gmail and google received it without a problem (in my "Gmail inbox" not spam folder)
So to get to my Emails from a web mail client, i installed Roundcube on /var/www/mail directory.
I configured Roundcube many times. but each time it gives me this Error:
IMAP Error: Login failed for [me#mydomain] from X.x.X.x . Empty
startup greeting (localhost:993) in
/var/www/mm/program/lib/Roundcube/rcube_imap.php on line 184 (POST
/mm/?_task=login?_task=login&_action=login)
When i do log in from roundcube, imap server says ( in /var/log/mail.log ):
May 20 07:05:16 my-server dovecot: imap-login: Disconnected (no auth
attempts): rip=::1, lip=::1, TLS handshaking: Disconnected
Here is my roundcube config file :
$config['db_dsnw'] = 'mysql://roundcubeuser:myPassword#localhost/roundcubemail';
// ----------------------------------
// IMAP
// ----------------------------------
$config['debug_level'] = 13;
$config['default_host'] = 'ssl://127.0.0.1';
$config['default_port'] = 993;
// ----------------------------------
// SMTP
// ----------------------------------
$config['smtp_server'] = 'ssl://localhost';
What's the problem? i really have no idea what is happening !
Thank you.
I'm using postfix + dovecot + roundcube a few months now and it's working for me. In my configuration, postfix rejects plaintext sessions, so roundcube has to connect with ssl - and it's working.
This is from my main.inc.php. I don't remember editing anything here, it's just the initial config created during the installation.
Now that I'm looking at it, default_port doesn't make any sense, I think it's just ignored.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %s - domain name after the '#' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %d = domain.tld
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
$rcmail_config['default_host'] = array("ssl://localhost:993");
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
In case the other answer does not work, this is what worked for me. My config.inc.php now contains:
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
NOTE: using tls://localhost did not work for me. I had to specify ssl:// as the URI scheme.
Via PhpMyAdmin, I also ran this SQL command (all my user accounts are on the same machine that runs RoundCube):
UPDATE `rc_users` SET `mail_host`='ssl://localhost'
I got the port number 993 from running sudo netstat -tulnp in order to determine the port on which Dovecot was listening.