0

Alright, so I only got Postfix for a PHP contact form that will send email to a single . I only want it to send out mail to a single external address (foo@example.com). I have domain sub1.sub2.domain.com. I installed Postfix out of the Ubuntu repo, with minimal config changes. I cannot get Postfix to send mail externally (though it succeeds for internal accounts, which is unnecessary).

The email simply defers if I generate an email using PHP mail(). If I try to form my own in telnet, right after rcpt to: [email]foo@example.com[/email], I get a

postfix/smtpd[31606]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <foo@example.com>: Recipient address rejected: example.com; from=<root@localhost> to=<foo@example.com> proto=ESMTP helo=<localhost>

when commenting out default_transport = error and relay_transport = error lines, I get the following:

Jun 26 14:33:00 sub1 postfix/smtp[12191]: 2DA06F88206A: to=<bar@gmail.com>, relay=none, delay=514, delays=409/0.01/105/0, dsn=4.4.1, status=deferred (connect to aspmx3.googlemail.com[74.125.127.27]:25: Connection timed out)
Jun 26 14:36:36 sub1 postfix/smtp[12225]: connect to mta7.am0.yahoodns.net[98.139.175.224]:25: Connection timed out
Jun 26 14:38:00 sub1 postfix/smtp[12225]: 22952F88208E: to=<foo@yahoo.com>, relay=none, delay=655, delays=550/0.01/105/0, dsn=4.4.1, status=deferred (connect to mta5.am0.yahoodns.net[67.195.168.230]:25: Connection timed out)

My main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = sub1.sub2.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = sub1.sub2.domain.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
default_transport = error
relay_transport = error

Also, a dig sub1.sub2.domain.com MX returns:

; <<>> DiG 9.7.0-P1 <<>> sub1.sub2.domain.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4853
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;sub1.sub2.domain.com.    IN    MX

;; AUTHORITY SECTION:
sub2.domain.com.    600    IN    SOA    sub2.domain.com. sub5.domain.com. 2012062915 7200 600 1209600 600

;; Query time: 0 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Fri Jun 29 16:35:00 2012
;; MSG SIZE  rcvd: 84

lsof -i returns empty

netstat -t -a | grep LISTEN returns

tcp        0      0 localhost:mysql         *:*                     LISTEN    
tcp        0      0 *:ftp                   *:*                     LISTEN    
tcp        0      0 *:ssh                   *:*                     LISTEN    
tcp        0      0 localhost:ipp           *:*                     LISTEN    
tcp        0      0 *:smtp                  *:*                     LISTEN    
tcp6       0      0 [::]:netbios-ssn        [::]:*                  LISTEN    
tcp6       0      0 [::]:www                [::]:*                  LISTEN    
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN    
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN    
tcp6       0      0 [::]:microsoft-ds       [::]:*                  LISTEN
BLaZuRE
  • 103
  • 1
  • 1
  • 4

2 Answers2

1

Jun 26 14:36:36 sub1 postfix/smtp[12225]: connect to mta7.am0.yahoodns.net[98.139.175.224]:25: Connection timed out

Your ISP forbids outgoing mail to port 25.

Take it up with them.

adaptr
  • 16,576
  • 23
  • 34
0
  • Do you have a firewall configured?
  • Does your hosting provider have a firewall installed?

One of these is most likely the problem.

Ask your hosting provider if they allow outbound connections on port 25. If not, ask if the have a smarthost.

You can check your host's firewall with iptables -L -nv.

The two lines:

default_transport = error
default_relay = error

Will also cause you troubles. You can comment both of these out and fall back to the defaults if you don't have a smarthost or, if you do, add it as the default_relay.

If you are sending to a Google apps account, you can whitelist your server's IP address. Other email providers may offer the same thing. If you can't get your server whitelisted with whoever you are sending to then you will want to go through all the normal deliverability tasks: SPF, reverse DNS, valid mailname, DKIM, DMARC, RFC addresses (postmaster, etc.), valid bounce address, MX records for the domain of the bounce address, monitoring of bounces.

Ladadadada
  • 26,337
  • 7
  • 59
  • 90
  • Thank you, port 25 was blocked elsewhere. Silly me, wasted hours thinking it was something else. – BLaZuRE Jul 19 '12 at 00:30