0

I've been having issues with getting my postfix email server to accept emails. I started with port 587 open, but whenever I would send an email to that, it would seem like nothing happened, and /var/log/mail.log would say access denied on port 25 (I did not have port 25 opened as I thought it was only 587 necessary).

I then tried opening port 25 for it, and now I am getting the error 5.7.1 Relay access denied.

I am unsure of what this is happening and can't seem to be able to fix it. I do seem to be able to send mail fine though.

Here is the output of postconf -n

alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Mail/Inbox/
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 6
mydestination = localhost.$mydomain, localhost, $mydomain
myhostname = website.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
non_smtpd_milters = inet:localhost:12301
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_CAfile = /etc/letsencrypt/live/mail.website.com/cert.pem
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
smtpd_milters = inet:localhost:12301
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain
smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.website.com/fullchain.pem
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
smtpd_tls_key_file = /etc/letsencrypt/live/mail.website.com/privkey.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
tls_preempt_cipherlist = yes

And here is postconf -M

cleanup    unix  n       -       y       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       y       1000?   1       tlsmgr
rewrite    unix  -       -       y       -       -       trivial-rewrite
bounce     unix  -       -       y       -       0       bounce
defer      unix  -       -       y       -       0       bounce
trace      unix  -       -       y       -       0       bounce
verify     unix  -       -       y       -       1       verify
flush      unix  n       -       y       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
relay      unix  -       -       y       -       -       smtp
showq      unix  n       -       y       -       -       showq
error      unix  -       -       y       -       -       error
retry      unix  -       -       y       -       -       error
discard    unix  -       -       y       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       y       -       -       lmtp
anvil      unix  -       -       y       -       1       anvil
scache     unix  -       -       y       -       1       scache
postlog    unix-dgram n  -       n       -       1       postlogd
maildrop   unix  -       n       n       -       -       pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
spamassassin unix -      n       n       -       -       pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
smtp       unix  -       -       n       -       -       smtp
smtp       inet  n       -       y       -       -       smtpd -o content_filter=spamassassin
submission inet  n       -       y       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes
smtps      inet  n       -       y       -       -       smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
spamassassin unix -      n       n       -       -       pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

(Domain changed to website.com from real domain)

DanielRoberts
  • 103
  • 2
  • how do you send email to mail server ? via telneting to the mail server with "MAIL FROM" and "RCPT TO" commands? or via mail client and authentication? – Zareh Kasparian Feb 10 '23 at 19:37

1 Answers1

1

mydestination = localhost.$mydomain, localhost, $mydomain

You accept mail destined for localhost, localhost.$mydomain and $mydomain.

You don't define $mydomain anywhere. Add a line with mydomain = example.com where example.com is the domain you wish to receive mail for.

That said, e-mail is a thankless service to host. A single mistake and you're blacklisted by all the major players. It's generally a good idea to stay away if you don't know some bits'n'pieces of how the protocol works.

vidarlo
  • 6,654
  • 2
  • 18
  • 31
  • Ah thank you! Makes sense now I think about it, and you're probably right about hosting it myself - I think I was doing it more for the fun of setting something like that up in a time of boredom! – DanielRoberts Feb 11 '23 at 11:50
  • Absolutely worth doing to learn - just be aware of the pitfalls. – vidarlo Feb 11 '23 at 12:38