Postfix sending emails with delay

Question

I am running Ubuntu 16.04 on Amazon Lightsail. I just configures Postfix to send emails.

• If I send an email after a few hours the email is received instantly.

• If I send multiple emails at one the emails get delayed for about 10-30 minutes.

Questions:

1. How to I fix the delay so that emails are sent instantly?
2. How to I make sure that all emails sent to users (root & ubuntu) by local applications get sent to an outward email that has the same domain?

My configuration:

/etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 172.x.x.x
search ec2.internal

/etc/hosts

127.0.0.1       localhost
127.0.1.1       webserver.DOMAIN-NAME.com webserver
3x.x.x.x        webserver.DOMAIN-NAME.com webserver #3.x.x.x is the IP that is mentioned in domain DNS

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

/etc/hostname

webserver

/etc/aliases

postmaster:    root
root:          myemail@address.com

/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = webserver.DOMAIN-NAME.com
mydomain = DOMAIN-NAME.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = /etc/mailname
myorigin = $mydomain
#mydestination = $myhostname, DOMAIN-NAME.com, webserver.DOMAIN-NAME.com, localhost.DOMAIN-NAME.com, localhost
mydestination =
#relayhost =
relayhost = $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
#inet_interfaces = all
inet_interfaces = loopback-only
#inet_protocols = all
inet_protocols = ipv4

/var/log/mail.log

May  1 02:17:15 webserver postfix/smtp[6105]: 0287CC775F: to=<alex@DOMAIN-NAME.com>, relay=alt1.aspmx.l.google.com[64.233.190.27]:25, delay=531, delays=465/0.01/64/1.9, dsn=2.0.0, status=sent (250 2.0.0 OK 1493605035 h2si13051738qte.100 - gsmtp)
May  1 02:17:15 webserver postfix/qmgr[6102]: 0287CC775F: removed
May  1 02:17:40 webserver postfix/smtp[6107]: connect to alt1.aspmx.l.google.com[64.233.190.27]:25: Connection timed out
May  1 02:17:40 webserver postfix/smtp[6108]: connect to alt1.aspmx.l.google.com[64.233.190.27]:25: Connection timed out
May  1 02:18:10 webserver postfix/smtp[6108]: connect to aspmx2.googlemail.com[64.233.190.27]:25: Connection timed out
May  1 02:18:10 webserver postfix/smtp[6107]: connect to aspmx3.googlemail.com[209.85.203.26]:25: Connection timed out
May  1 02:18:40 webserver postfix/smtp[6108]: connect to aspmx3.googlemail.com[209.85.203.26]:25: Connection timed out
May  1 02:18:40 webserver postfix/smtp[6107]: connect to aspmx2.googlemail.com[64.233.190.27]:25: Connection timed out
May  1 02:18:40 webserver postfix/smtp[6108]: CBE50C77C6: to=<alex@DOMAIN-NAME.com>, relay=none, delay=7845, delays=7695/0.02/150/0, dsn=4.4.1, status=deferred (connect to aspmx3.googlemail.com[209.85.203.26]:25: Connection timed out)
May  1 02:18:40 webserver postfix/smtp[6107]: 2266DC775D: to=<alex123@gmail.com>, relay=none, delay=174, delays=24/0.01/150/0, dsn=4.4.1, status=deferred (connect to aspmx2.googlemail.com[64.233.190.27]:25: Connection timed out)
May  1 02:20:02 webserver postfix/scache[6110]: statistics: start interval May  1 02:16:41
May  1 02:20:02 webserver postfix/scache[6110]: statistics: domain lookup hits=0 miss=1 success=0%
May  1 02:20:02 webserver postfix/scache[6110]: statistics: address lookup hits=0 miss=2 success=0%
May  1 02:20:02 webserver postfix/scache[6110]: statistics: max simultaneous domains=1 addresses=1 connection=1
May  1 02:26:10 webserver postfix/qmgr[6102]: 2266DC775D: from=<ubuntu@webserver.DOMAIN-NAME.com>, size=425, nrcpt=1 (queue active)
May  1 02:26:10 webserver postfix/smtp[6138]: 2266DC775D: to=<alex123@gmail.com>, relay=aspmx.l.google.com[209.85.201.26]:25, delay=625, delays=624/0.01/0.09/0.18, dsn=2.0.0, status=sent (250 2.0.0 OK 1493605570 p15si12740899qta.122 - gsmtp)
May  1 02:26:10 webserver postfix/qmgr[6102]: 2266DC775D: removed

Answer 1

Amazon Lightsail is a low-end low-price cloud VPS solution for web application developers. Everything on Lightsail documentation is related to choosing and configuring web servers and CMS platforms. It is not clearly stated but otherwise apparent that Lightsail isn't ment to be an email server. Even the very name of your server is webserver!

A web application might send an emails every once in a while. Therefore SMTP port 25 is not completely blocked but rather has limitations. Your Postfix configuration is ok for a stand-alone SMTP server, but the mail.log shows what is happening: after you reach the limitation, SMTP connections gets timed out and the mail gets deferred, postponed for a later try. The RFC 3463 based SMTP status code dsn=4.4.1 tells the same:

4.4.1 The recipient’s server is not responding

This is an error emanating from your server indicating that the recipient’s server is not responding. Your server will automatically try again a number of times – how many depends on how your server has been configured.

You mentioned in a comment that this only happens with Postfix on Ubuntu but not with Sendmail on Amazon Linux. I'm not so familiar with Amazon Linux and Amazon SES, but I guess that Amazon Linux Sendmail might have Amazon SES preconfigured as a relay. It is possible to integrate Amazon SES with Postfix, too.

As you have relayhost = $mydomain, you probably are trying to relay all mail to an external mail server of your domain, as it should be. However, the limitation on port 25 doesn't have exception for your external MTA. Therefore, you should use message submission agent (port 587) instead.

1. You have to have MSA configured in your email server. If it's also Postfix, you should have /etc/postfix/master.cf section beginning with submission uncommented:

    submission inet n       -       -       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
   

2. Configure your Lightsail relayhost to use submission port and authentication, main.cf:

    relayhost = $mydomain:587
    # Alternative example without DNS MX lookup:
    # relayhost = [mail.example.com]:587
    smtp_sasl_auth_enable = yes
    smtp_sasl_security_options = noanonymous
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_use_tls = yes
    smtp_tls_security_level = encrypt
    smtp_tls_note_starttls_offer = yes
   

3. The /etc/postfix/sasl_passwd is a Berkeley DB (hash:) for the username and password information to be used for authenticating with the mail gateway server. Examples:

    # destination                   credentials
    [mail.example.com]              username:password
    # Alternative form:
    # [mail.example.com]:submission username:password
   

For more detailed information, see Postfix SASL Howto.