Need help troubleshooting Need help troubleshooting...

Topic: Need help troubleshooting

Post Need help troubleshooting Postfix SMTP relay
by Byte Knight LLC on Monday, August 21, 2017

Sorry for the long post...

So I have setup my home email server following the instructions provided at and everything as far as I can tell was done correctly. I can login to my local roundcube apache interface as user@domain. However I cannot send or receive email. I can send from root to user@domain using sendmail but that doesn't do me any good. I checked my logs (var/log/mail.log) and see the same message whether I am using store\forward or smtp relay dynu service.

Aug 21 20:20:09 mail postfix/smtp[1458]: connect to[]:2525: Connection timed out
Aug 21 20:20:09 mail postfix/smtp[1458]: E012F2314E: to=<>, relay=none, delay=30, delays=0.1/0.04/30/0, dsn=4.4.1, status=deferred (connect to[]:2525: Connection timed out)

smtp relay:
Aug 21 23:51:23 mail postfix/smtp[2983]: connect to[]:587: Connection timed out
Aug 21 23:51:23 mail postfix/smtp[2983]: 9987923384: to=<>, relay=none, delay=922, delays=892/0.05/30/0, dsn=4.4.1, status=deferred (connect to[]:587: Connection timed out)

All ports are open and forwarded correctly from my router.
# See /usr/share/postfix/ for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/mailserver.pem <---self signed cert
smtpd_tls_key_file = /etc/ssl/private/mailserver.pem <---self signed cert
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =,,, localhost
relayhost = <<<<<------This gets changed to and vice/versa
mynetworks = [::ffff:]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
virtual_mailbox_domains = mysql:/etc/postfix/
virtual_mailbox_maps = mysql:/etc/postfix/
virtual_alias_maps = mysql:/etc/postfix/
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes

smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Tried telnet and get this:
# telnet 2525

# telnet 587

I'm pulling my hair out trying to figure out how to simply use a home email server without paying the ISP ungodly amounts of money for a static IP to unblock port 25...did not expect this to be so difficult. Any ideas or links that may help me get this working? Thanks!

Reply with quote | Report
Post Re: Need help troubleshooting
by byteknight on Tuesday, August 22, 2017

Thanks for the reply and link to postfix smtp relay, I'm sure I'll refer to it.

The telnet commands failing got me thinking; I'm pretty security conscious and have very strict settings on my firewall. As a test I temporarily turned it off and re-tried the telnet commands and got the following:

# telnet 587
telnet: Unable to connect to remote host: Connection refused

# telnet 2525
telnet: Unable to connect to remote host: Connection refused

# telnet 587
Trying 2a00:1450:400c:c04::6d...
telnet: Unable to connect to remote host: Network is unreachable

The last one seemed (at least to me to be a DNS issue, but...
# nslookup

Non-authoritative answer: canonical name =

I looked at my firewall a little closer and noticed I allowed 23 (telnet) out but not in, changed that and added 2525 TCP in and out, same thing. Allowed all undefined ports in and out, effectively making a firewall moot and same thing. What am I missing here?

Weird thing is when I make a change to the firewall and it is applying the changes I go back to the shell and telnet works. After, same problem. Ok, I think I can safely assume the problem is on my router/firewall somewhere...

Is there a port or protocol I need to add/modify on my firewall anyone with more smarts than me can quickly identify?

Reply with quote | Report
Tuesday, March 20, 2018 2:26 PM