Set this thing up awhile ago, and it sends messages Just fine, However I wanted to start being able to receive messages.
Iv tried telneting into port 25, and nothing.
dig dzwxgames.com mx:
dzwxgames.com. 60 IN MX 10 34.210.135.57.
Now, AWS requires usage of SES relaying to send messages which works fine. But when I try to receive them, it acts like all the ports are blocked.
netstat -lntu
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp6 0 0 :::25 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
tcp6 0 0 :::110 :::* LISTEN
tcp6 0 0 :::143 :::* LISTEN
But netstat reports they are being listened too.
So I checked my Security group Rules on AWS Console:
SMTP TCP 25 0.0.0.0/0
SMTPS TCP 465 0.0.0.0/0
POP3 TCP 110 0.0.0.0/0
Seems fine. Ok... perhaps Postfix is not working?
postfix -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = $myhostname, dzwxgames.com, localhost, localhost.localdomain, localhost
myhostname = DZWXGamesWeb.dzwxgames.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [email-smtp.us-west-2.amazonaws.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
Ok... So postfix is only listeneing on localhost?
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
I did some googling and it says that dovecot might need to be enabled?
Ok so added that to postfix master config
/etc/postfix/master.cf:
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver
-f ${sender} -d ${recipient}
Ok still nothing. Maybe dovecot is not listening to the correct ports?
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:103: 'imaps' protocol is no longer necessary, remove it
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:103: 'pop3s' protocol is no longer necessary, remove it
# OS: Linux 4.4.0-45-generic x86_64 Ubuntu 16.04.5 LTS ext3
mail_location = maildir:/home/%u/Maildir
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = pop3 imap
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service imap {
process_limit = 1024
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
}
service pop3 {
process_limit = 1024
}
ssl = no
userdb {
driver = passwd
}
Yea I don't understand this. The tutorial I used to set this up seems to be long gone. And alot of questions still remain.
- Where did I go wrong in this configuration?
- How do I fix it?
- If I use Cloudflare to mask my Server IPs will that break my MX records?
- Why does my netstat show port 25 is being listen too but I cant talk to it?
I know that amazon blocks alot of communication from port 25 but there does not seem to be any information that says they block communication TO that port. I also set up sending limits already.
And the logs don't even report that they got a message.