Postfix Failed to Receive Email

Question

I am trying to set up a mailing server with postfix and dovecot in ubuntu 12.04 following this guide. All seems to have worked out correctly and when I try this echo test | mail email1@example.org everything works out as expected. But when I try to send a mail to the server from my gmail account I get this error

Delivery to the following recipient failed permanently:

     email1@example.org

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain example.org by aspmx.l.google.com. [2607:f8b0:4001:c05::1a].

The error that the other server returned was:
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 m1si13660174ige.61 - gsmtp

After failing to mail I tried to test the mail server with this and I got 1 error because my HTTPS certificate was invalid, and 7 warnings because of my custom SMTP banner and missing SPF records. Any ideas on how I change my HTTPS cert and if it has the problem with gmail?

I also tried to test sending mail online from here and I got this result:

Resolving hostname...
Connecting...
SMTP -> FROM SERVER:
220 floatnet.org ESMTP Postfix (Ubuntu)
SMTP -> FROM SERVER: 
250-floatnet.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: underworldseed@gmail.com
SMTP -> FROM SERVER:
530 5.7.0 Must issue a STARTTLS command first
SMTP -> ERROR: MAIL not accepted from server: 530 5.7.0 Must issue a STARTTLS command first

RCPT TO: email1@floatnet.org
SMTP -> FROM SERVER:
530 5.7.0 Must issue a STARTTLS command first
SMTP -> ERROR: RCPT not accepted from server: 530 5.7.0 Must issue a STARTTLS command first

Message sending failed.

This is my main.cf file:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination

#smtpd_reject_unlisted_sender = no
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = floatnet.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = floatnet.org, vps2473.directvps.nl, localhost.directvps.nl, localhost
mydestination = localhost 
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
#smtpd_sasl_type = dovecot
#smtpd_sasl_path = private/auth-client
#smtpd_sasl_auth_enable = yes
#smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

Answer 1

Actually there are two different error messages above although the problem was same: Failed to receive email.

The first error was came when you send email from GMAIL. It is failed with error

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain domain.org by aspmx.l.google.com. [2607:f8b0:4001:c05::1a].

The reason why Google reject your email was because the MX record of floatnet.org was pointed to Gmail server instead to postfix server.

$ dig floatnet.org MX +short
20 ALT2.ASPMX.L.GOOGLE.COM.
30 ASPMX4.GOOGLEMAIL.COM.
30 ASPMX3.GOOGLEMAIL.COM.
30 ASPMX5.GOOGLEMAIL.COM.
30 ASPMX2.GOOGLEMAIL.COM.
20 ALT1.ASPMX.L.GOOGLE.COM.
10 ASPMX.L.GOOGLE.COM.

Solution: fix your MX record.

---

The second error was revealed when you test your SMTP server.

  Must issue a STARTTLS command first

This error was possible duplicate of this question postfix TLS configuration for incoming gmx-mail. The proposed solution is change smtpd_tls_security_level to "may" instead "encrypt".

Answer 2

Your parameter smtpd_tls_auth_only = yes doesn't allow you to skip TLS communication. Therefore, if a SMTP client isn't able (or refuses) to do TLS, your MTA will refuse the connection. As an example, your telnet session is cleartext (no TLS).

You might be missing smtp_use_tls=yes in your /etc/posfix/main.cf