Postfix send mail only to GMail, all other domains are deferred and not sended

Question

My Postfix server is running on Debian Stretch. It is able to send emails to a GMail address without problems which are not considered as spam. At the DNS level I configured DKIM, SPF and DMARC and GMail informs me of the "Pass" value for all three. Messages are also encrypted by my domain name (Google does NOT put the red padlock indicating that the message is not encrypted). I use Let's Encrypt to encrypt my domain. I need only Postfix in my case, only for send mail from the server.

The logs are ok when I send mail to a Gmail adress and show :

Jul 1 11:46:25 mydomain-linux postfix/smtp[16054]: Trusted TLS connection established to gmail-smtp-in.l.google.com[2a00:1450:400c:c07::1a]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
Jul 1 11:46:25 mydomain-linux postfix/smtp[16054]: 35AB4600BB6: to=<myadress@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c07::1a]:25, delay=0.81, delays=0.12/0.01/0.38/0.29, dsn=2.0.0, status=sent (250 2.0.0 OK  1593085583 r2si6295852wrp.70 - gsmtp)

On the other hand, mails intended for other couriers such as Protonmail or GMX are not received. I have always this error message status=deferred in my logs file /Var/log/mail.log :

Jul 1 18:36:28 mydomain-linux postfix/error[13029]: 28F18600BF6: to=<myadress@protonmail.com>, relay=none, delay=23, delays=0.13/23/0/0.06, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out)
Jul 1 18:36:31 mydomain-linux postfix/smtp[12946]: connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out
Jul 1 18:36:31 mydomain-linux postfix/smtp[12946]: DAFA8600BF2: to=<myadress@protonmail.com>, relay=none, delay=60, delays=0.12/0.03/60/0, dsn=4.4.1, status=deferred (connect to mailsec.protonmail.ch[185.70.40.102]:25: Connection timed out)

And I don't find the problem.

Here my Postfix configuration :

The /etc/postfix/main.cf file :

# ----------------------------------------------------------
# -   General Settings 
# ----------------------------------------------------------
smtpd_banner          = $myhostname ESMTP $mail_name (Debian/GNU)
biff                  = no
append_dot_mydomain   = no
readme_directory      = no
compatibility_level   = 2 
delay_warning_time    = 4h
mailbox_size_limit    = 0 
recipient_delimiter   = + 

inet_interfaces       = all 
inet_protocols        = all 

myhostname    = mydomain-linux.fr
myorigin      = mydomain-linux.fr
mydestination = localhot localhost.$myhostname
relayhost     =   
mynetworks    = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

alias_maps        = hash:/etc/aliases
alias_database    = hash:/etc/aliases

# ----------------------------------------------------------
# - TLS parameters
# ----------------------------------------------------------

tls_medium_cipherlist = EECDH+AESGCM:EDH+AESGCM
tls_preempt_cipherlist = yes 
tls_random_source      = dev:/dev/urandom
broken_sasl_auth_clients = yes 

lmtp_tls_session_cache_database  = btree:${data_directory}/lmtp_scache


# SMTPD

smtpd_sasl_auth_enable          = yes 
smtpd_sasl_path                 = private/auth
smtpd_sasl_security_options     = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_local_domain         = $mydomain
smtpd_sasl_authenticated_header = yes 
smtpd_tls_CAfile              = $smtp_tls_CAfile
smtpd_tls_dh1024_param_file   = $config_directory/dh2048.pem
smtpd_tls_dh512_param_file    = $config_directory/dh512.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtpd_use_tls                 = yes
smtpd_tls_CApath              = /etc/letsencrypt/live/mydomain-linux.fr/fullchain.pem
smtpd_tls_cert_file           = /etc/letsencrypt/live/mydomain-linux.fr/cert.pem
smtpd_tls_key_file            = /etc/letsencrypt/live/mydomain-linux.fr/privkey.pem
smtpd_tls_loglevel            = 1
smtpd_tls_security_level      = may
smtpd_tls_auth_only           = yes
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols           = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers   = medium
smtpd_tls_dh1024_param_file   = $config_directory/dh2048.pem
smtpd_tls_dh512_param_file    = $config_directory/dh512.pem
smtpd_tls_session_cache_database  = btree:${data_directory}/smtpd_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

# SMTP ( INCOMING / Client )
smtp_tls_session_cache_database  = btree:${data_directory}/smtp_scache
smtp_tls_CApath               = /etc/ssl/certs
smtp_tls_CAfile               = /etc/ssl/certs/ca.cert.pem
smtp_tls_loglevel             = 1
smtp_tls_security_level       = may
smtp_tls_note_starttls_offer  = yes
smtp_tls_protocols            = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols  = !SSLv2, !SSLv3
smtp_tls_mandatory_ciphers    = high
smtp_tls_session_cache_database   = btree:${data_directory}/smtp_scache
smtp_tls_exclude_ciphers      = aNULL, eNULL, EXPORT, DES, 3DES, RC2, RC4, MD5, PSK, SRP, DSS, AECDH, ADH

# ----------------------------------------------------------
# - OpenDKIM 
# ----------------------------------------------------------
smtpd_milters           = inet:127.0.0.1:8891
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept
milter_protocol         = 6

The /etc/postfix/master.cf file :

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
   -o content_filter=spamassassin
   
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_tls_dh1024_param_file=${config_directory}/dh2048.pem
  -o content_filter=spamassassin
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache

maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
  
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
  
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
  
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
  
scalemail-backend unix  - n n - 2 pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
  
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

Who is your hosting provider? It looks like they have blocked outgoing SMTP except to Google. — Michael Hampton, Jul 01 '20 at 15:51
Strange, they do not block SMTP. And it works on my soyoustart servers. — Michael Hampton, Jul 01 '20 at 16:14
Very strange yes. For example, a `telnet` on `gmail-smtp-in.l.google.com 25` works but not on `mailsec.protonmail.ch 25` — Zetam, Jul 02 '20 at 01:14
Observation: Working example with Google is IPv6. Failing example is IPv4. — anx, Dec 11 '20 at 18:47

score 0 · Answer 1 · answered Dec 11 '20 at 14:12

0

"connection timed out" may be related to reputation issues.

Try to enter your ip address here: http://multirbl.valli.org/

Then try with the sending domain name.

answered Dec 11 '20 at 14:12

Rodolfo Saccani

99
4

Postfix send mail only to GMail, all other domains are deferred and not sended

1 Answers1