Need help troubleshooting Need help troubleshooting...

Topic: Need help troubleshooting

Post Need help troubleshooting Postfix SMTP relay
by Byte Knight LLC on Monday, August 21, 2017

Sorry for the long post...

So I have setup my home email server following the instructions provided at https://workaround.org/ispmail/jessie and everything as far as I can tell was done correctly. I can login to my local roundcube apache interface as user@domain. However I cannot send or receive email. I can send from root to user@domain using sendmail but that doesn't do me any good. I checked my logs (var/log/mail.log) and see the same message whether I am using store\forward or smtp relay dynu service.

store/forward:
Aug 21 20:20:09 mail postfix/smtp[1458]: connect to smtp.dynu.com[207.38.69.195]:2525: Connection timed out
Aug 21 20:20:09 mail postfix/smtp[1458]: E012F2314E: to=<external@domain.net>, relay=none, delay=30, delays=0.1/0.04/30/0, dsn=4.4.1, status=deferred (connect to smtp.dynu.com[207.38.69.195]:2525: Connection timed out)

smtp relay:
Aug 21 23:51:23 mail postfix/smtp[2983]: connect to relay.dynu.com[199.233.237.19]:587: Connection timed out
Aug 21 23:51:23 mail postfix/smtp[2983]: 9987923384: to=<external@domain.net>, relay=none, delay=922, delays=892/0.05/30/0, dsn=4.4.1, status=deferred (connect to relay.dynu.com[199.233.237.19]:587: Connection timed out)

All ports are open and forwarded correctly from my router.

main.cf
==================
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/mailserver.pem <---self signed cert
smtpd_tls_key_file = /etc/ssl/private/mailserver.pem <---self signed cert
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = host.domain.us
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = byteknight.us, mail.byteknight.us, localhost.byteknight.us, localhost
relayhost = relay.dynu.com:587 <<<<<------This gets changed to smtp.dynu.com:2525 and vice/versa
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes

smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
==================

Tried telnet and get this:
# telnet 207.38.69.195 2525
Trying 207.38.69.195...

# telnet 199.233.237.19 587
Trying 199.233.237.19...


I'm pulling my hair out trying to figure out how to simply use a home email server without paying the ISP ungodly amounts of money for a static IP to unblock port 25...did not expect this to be so difficult. Any ideas or links that may help me get this working? Thanks!

Reply with quote | Report
Post Re: Need help troubleshooting
by byteknight on Tuesday, August 22, 2017

Thanks for the reply and link to postfix smtp relay, I'm sure I'll refer to it.
https://www.dynu.com/Resources/Tutorials/EmailServices/EmailServerSetup/How-to-configure-postfix-with-SMTP-relay

The telnet commands failing got me thinking; I'm pretty security conscious and have very strict settings on my firewall. As a test I temporarily turned it off and re-tried the telnet commands and got the following:

# telnet relay.dynu.com 587
Trying 199.233.237.19...
telnet: Unable to connect to remote host: Connection refused

# telnet smtp.dynu.com 2525
Trying 207.38.69.195...
telnet: Unable to connect to remote host: Connection refused

# telnet smtp.gmail.com 587
Trying 74.125.206.108...
Trying 74.125.206.109...
Trying 2a00:1450:400c:c04::6d...
telnet: Unable to connect to remote host: Network is unreachable

The last one seemed (at least to me to be a DNS issue, but...
# nslookup smtp.gmail.com
Server: 8.26.56.26
Address: 8.26.56.26#53

Non-authoritative answer:
smtp.gmail.com canonical name = gmail-smtp-msa.l.google.com.
Name: gmail-smtp-msa.l.google.com
Address: 74.125.206.108
Name: gmail-smtp-msa.l.google.com
Address: 74.125.206.109

I looked at my firewall a little closer and noticed I allowed 23 (telnet) out but not in, changed that and added 2525 TCP in and out, same thing. Allowed all undefined ports in and out, effectively making a firewall moot and same thing. What am I missing here?

Weird thing is when I make a change to the firewall and it is applying the changes I go back to the shell and telnet works. After, same problem. Ok, I think I can safely assume the problem is on my router/firewall somewhere...

Is there a port or protocol I need to add/modify on my firewall anyone with more smarts than me can quickly identify?


Reply with quote | Report
Monday, December 18, 2017 3:22 PM