2

I have a mail server with postfix and dovecot that uses ssl. Everything was working fine, but it stopped working apparently without reason. I already tried to update the ssl certificates, change inet_protocols to accepdt only ipv4 on main.cf, change mydestionation parameters and nothing worked.

/etc/postfix/main.cf

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = localhost
mydomain = domain.com.br
myhostname = mail.domain.com.br
mynetworks = 127.0.0.1 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/letsencrypt/live/domain.com.br/chain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/domain.com.br/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/domain.com.br/privkey.pem
smtpd_tls_security_level = may
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

commando mailq

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
1F7A4C0012      849 Wed Jan  3 16:40:28  user@domain.com.br
(connect to alt4.gmail-smtp-in.l.google.com[173.194.79.27]:25: Connection timed out)
                                         user2@gmail.com

5873EC0414     1259 Wed Jan  3 16:49:44  user@domain.com.br
(connect to alt4.gmail-smtp-in.l.google.com[173.194.79.27]:25: Connection timed out)
                                         user2@gmail.com

Thanks for your help.

EDIT: Enabling the verbose on smtpd, I identified the following strange lines: 

Jan  4 10:45:05 user postfix/smtpd[4729]: ctable_locate: leave existing entry key destination@yahoo.com.br
Jan  4 10:45:05 user postfix/smtpd[4729]: maps_find: recipient_canonical_maps: destination@yahoo.com.br: not found
Jan  4 10:45:05 user postfix/smtpd[4729]: match_string: yahoo.com.br ~? localhost
Jan  4 10:45:05 user postfix/smtpd[4729]: match_list_match: yahoo.com.br: no match
Jan  4 10:45:05 user postfix/smtpd[4729]: maps_find: recipient_canonical_maps: @yahoo.com.br: not found
Jan  4 10:45:05 user postfix/smtpd[4729]: mail_addr_find: destination@yahoo.com.br -> (not found)
Jan  4 10:45:05 user postfix/smtpd[4729]: maps_find: canonical_maps: destination@yahoo.com.br: not found
Jan  4 10:45:05 user postfix/smtpd[4729]: match_string: yahoo.com.br ~? localhost
Jan  4 10:45:05 user postfix/smtpd[4729]: match_list_match: yahoo.com.br: no match
Jan  4 10:45:05 user postfix/smtpd[4729]: maps_find: canonical_maps: @yahoo.com.br: not found
Jan  4 10:45:05 user postfix/smtpd[4729]: mail_addr_find: destination@yahoo.com.br -> (not found)
Jan  4 10:45:05 user postfix/smtpd[4729]: dict_mysql_get_active: attempting to connect to host 127.0.0.1
Jan  4 10:45:05 user postfix/smtpd[4729]: dict_mysql: successful connection to host 127.0.0.1
Jan  4 10:45:05 user postfix/smtpd[4729]: dict_mysql: successful query from host 127.0.0.1
Jan  4 10:45:05 user postfix/smtpd[4729]: dict_mysql_lookup: retrieved 0 rows
Jan  4 10:45:05 user postfix/smtpd[4729]: maps_find: virtual_alias_maps: destination@yahoo.com.br: not found
Jan  4 10:45:05 user postfix/smtpd[4729]: match_string: yahoo.com.br ~? localhost
Jan  4 10:45:05 user postfix/smtpd[4729]: match_list_match: yahoo.com.br: no match
Jan  4 10:45:05 user postfix/smtpd[4729]: dict_mysql_get_active: found active connection to host 127.0.0.1
Jan  4 10:45:05 user postfix/smtpd[4729]: dict_mysql: successful query from host 127.0.0.1
Jan  4 10:45:05 user postfix/smtpd[4729]: dict_mysql_lookup: retrieved 0 rows
Jan  4 10:45:05 user postfix/smtpd[4729]: maps_find: virtual_alias_maps: @yahoo.com.br: not found
Jan  4 10:45:05 user postfix/smtpd[4729]: mail_addr_find: destination@yahoo.com.br -> (not found)
Mauricio José
  • 21
  • 2
  • Do you use a firewall? what happens if you try telnet 173.194.79.27 25 – EvilTorbalan Jan 03 '18 at 23:20
  • Contact your ISP. – Michael Hampton Jan 03 '18 at 23:28
  • `Everything was working fine, but it stopped working apparently without reason.` - There's always a reason. You just haven't found it yet. `I already tried to update the ssl certificates, change inet_protocols to accepdt only ipv4 on main.cf, change mydestionation parameters and nothing worked.` - So when you encounter a problem you just start making random changes in the hopes that you'll get lucky and one of them will fix the problem? That seems... ineffective. – joeqwerty Jan 04 '18 at 00:14
  • @EvilTorbalan, the problem continues same with the firewall down. And, the telnet not works. – Mauricio José Jan 04 '18 at 15:10
  • @joeqwerty Thanks for your time but didn't help much. – Mauricio José Jan 04 '18 at 15:12
  • Obviously something is blocking the connection or you have no route to those servers. It might be your ISP or google or something in the middle try traceroute to the IP and see if you get to the end. or tcptraceroute – EvilTorbalan Jan 04 '18 at 15:15

1 Answers1

1

It looks like you are trying to deliver all your mail via google (possibly to you). A few questions:

  • Do you have a dynamic IP address? This will result in problems delivering outgoing email. Configure your Postfix server to use your ISP's email relay for deliveries.
  • Did you install or modify a firewall? Make sure you have enabled outgoing traffic on port 25.
  • Are you relaying to multiple addresses via Google? Configure Postfix to use an authenticated connection on port 587 (Submission).
  • Have you tried using a TCP capable traceroute to determine where your connection dies? It is possible your ISP has chosen to block outgoing email (spam) traffic from dynamic IP addresses. Get a static IP address and configure our SMTP server correctly: rDNS validation; SPF; DKIM; DMARC; etc.

Read the canonical answer on avoiding having your email classified as Spam. Search for other answers on delivery issues.

BillThor
  • 27,354
  • 3
  • 35
  • 69
  • I'm using static IP, and the server is configured to use authenticated submission with both ports 25 and 587 open on firewall. I already checked about any restriction and everything is ok. – Mauricio José Jan 04 '18 at 15:33
  • @MauricioJosé A tcptraceroute to various MX IP addresses is likley to give you clues as to where you are blocked. You may also have DNS issues. You will likely get better support by sharing unobfuscated domain and IP address data for your server. – BillThor Jan 05 '18 at 04:20
  • you are right, the traceroute are blocked in somewhere and the telnet are not responding properly. I'm got in touch with digitalocean team to get some support. I guess that there is no more what I can do. – Mauricio José Jan 05 '18 at 13:05