Postfix can’t receive external mail

emailpostfix

Im trying to setup a mail server to receive email and I am working with Postfix on an Ubuntu EC2 instance with an Elastic IP and the reverse DNS Lookup points to my domain.

I am able to send and receive email between local accounts but unable to receive external email.

I have setup my MX records and am able to telnet to port 25 without problems, though I still have doubts if my MX records are correct



A   mail.example.in     123.123.3.11 (delete)       300         2010-10-12 03:37:24
A   example.in          123.123.3.11 (delete)       300         2010-10-11 04:34:53
MX  example.in          mail.example.in (delete)    300     10  2010-10-12 02:03:03
A   www.example.in      123.123.3.11 (delete)       300         2010-10-11 04:34:15
MX  www.example.in      mail.example.in (delete)    300     10  2010-10-12 02:12:51

netstat -nl gives me

 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:3306             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:110                0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:143                0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2000               0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80                 0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22                 0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25                 0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:993                0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:995                0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                            :::*                          LISTEN     
tcp6       0      0 :::25                            :::*                          LISTEN     
udp        0      0.0.0.0:68                   0.0.0.0:*

My /etc/postfix/main.cf looks as follows


smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = www.example.in
mydomain = example.in
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $myhostname,localhost.$mydomain, localhost, $mydomain
relayhost =
#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

local_recipient_maps =
virtual_alias_domains =  www.example.in

virtual_alias_maps = hash:/etc/postfix/virtual
inet_protocols = all
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -n -m "${EXTENSION}"
smtp_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom

The see no log of the mail actually reaching my server and there is no detail in /var/log/syslog

Im sure i am missing something basic and would like some help on how to go about setting this up.

I have setup a catch all id in /etc/postfix/virtual which works for local emails. I intend to process incoming mails using a ruby but I've been having trouble getting this up and running.

My mails keep getting the following message

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

Message will be retried for 2 more day(s)

Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at http://mail.google.com/support/bin/answer.py?answer=7720
[mail.example.in. (10): Connection timed out]

Thanks in advance

Best Answer

If you can access the server from outside your network by IP then there must be something wrong with your MX record. Google for an open relay tester and put your IP in there and see if it is able to connect to the server.

Connection timed out is usually caused by one of two things: a firewall eating the connection (could be on the server itself or the network firewall) or the IP address being wrong and pointing to an unused address where nothing can reject the connection. Note that if you just changed the DNS configuration, depending on how long your DNS records tell everyone to cache the lookup results, they may still be using the old information for a while.

If the IP works from outside of your network and it's been long enough since you set it up that the DNS caches have updated, then figuring out whats wrong with your MX record isn't going to be easy without real information. The only rules for an MX record is that
1) The MX record must contain a hostname (not an IP) and
2) The hostname must have an A record containing its IP (not a CNAME)
Most mailservers identify a completely invalid MX record and bounce with a message saying so.

Your best bet is to use dig MX example.in which should produce something like

;; ANSWER SECTION:
example.in.      6400    IN    MX   mail.example.in.

Then, dig A mail.example.in should say something like

;; ANSWER SECTION:
mail.example.in.   6400  IN    A    xxx.xxx.xxx.xxx

The only other thing I can think of is that in the anonymized sample DNS configuration you pasted, the terminating "." is missing from the hostnames, but I don't know if that was because of your search-and-replace or because that paste came from some kind of web-editor which may be hiding those terminating "."s from you. The bounce message you pasted used "mail.example.in." so I suspect it's just hidden.

If the IP doesn't work from outside your network then you'll need to check the server firewall (iptables on Linux) to make sure it's not blocking connections. If you can connect from another machine within your network, then the port is either blocked by your network firewall/router, or your ISP is blocking SMTP.

Also, make sure your Elastic IP is correctly associated with your instance. This looks like a pretty complex operation according to the docs here: http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1346

Best Answer

Related Solutions

Postfix: How to Make Email Aliases Work

Postfix rejects all incoming mail (Client host rejected: Access denied)

Related Topic