1

I've installed postfix and opendkim on my ubuntu server, intending to use this server as a private relay for an application to send "activation" emails to new users. I configured SASL authentication with dovecot-commons to protect it.

I did a test using the following method: echo "Email Body" | mail -s "Subject" em@il.com and used mail-tester.com to verify my configuration and SPF/DMARC records are working correctly. I also used telnet to test, connecting to the SMTP socket and filling in my own username in the MAIL FROM field. This was also successful.

I then set up a new user account on the server and tested sending as that new user. This was when nothing worked. Both the mail command and telnet methods will report success without errors, but the email will never reach the recipient. I tested using an identical set of subject and message body, sent to the same external email address. The logs do not indicate any errors and look equally successful.

Are there any pre-requisites for a user account to be able to use postfix + dovecot?

Log Entry for Attempt using Old User Account

Nov 24 21:09:42 host postfix/pickup[21809]: D816C20CC7: uid=1000 from=<old_user_account@domain>
Nov 24 21:09:42 host postfix/cleanup[21918]: D816C20CC7: message-id=<20151124130942.D816C20CC7@mail.domain>
Nov 24 21:09:42 host opendkim[21821]: D816C20CC7: DKIM-Signature field added (s=mail, d=domain)
Nov 24 21:09:42 host postfix/qmgr[21810]: D816C20CC7: from=<old_user_account@domain>, size=368, nrcpt=1 (queue active)
Nov 24 21:09:45 host postfix/smtp[21929]: D816C20CC7: to=<external.em@il.com>, relay=mx2.hotmail.com[65.54.188.72]:25, delay=2.6, delays=0.05/0.01/1.6/0.92, dsn=2.0.0, status=sent (250  <20151124130942.D816C20CC7@mail.domain> Queued mail for delivery)
Nov 24 21:09:45 host postfix/qmgr[21810]: D816C20CC7: removed

Log Entry for Attempt using New User Account

Nov 24 21:10:36 host postfix/pickup[21809]: 72A4C20CC7: uid=1002 from=<new_user_account@domain>
Nov 24 21:10:36 host postfix/cleanup[21918]: 72A4C20CC7: message-id=<20151124131036.72A4C20CC7@mail.domain>
Nov 24 21:10:36 host opendkim[21821]: 72A4C20CC7: DKIM-Signature field added (s=mail, d=domain)
Nov 24 21:10:36 host postfix/qmgr[21810]: 72A4C20CC7: from=<new_user_account@domain>, size=371, nrcpt=1 (queue active)
Nov 24 21:10:39 host postfix/smtp[21929]: 72A4C20CC7: to=<external.em@il.com>, relay=mx2.hotmail.com[65.55.33.135]:25, delay=3.3, delays=0.06/0/1.7/1.5, dsn=2.0.0, status=sent (250  <20151124131036.72A4C20CC7@mail.domain> Queued mail for delivery)
Nov 24 21:10:39 host postfix/qmgr[21810]: 72A4C20CC7: removed
ystan-
  • 367
  • 1
  • 2
  • 10
  • Private open relay server is an oxymoron: if it's private it isn't open. You want a normal relay, that is to say restricted to authorized accounts or IPs. If you have to authenticate before sending, then that is good. – Law29 Nov 24 '15 at 10:25
  • apologies for the confusion. edited! – ystan- Nov 24 '15 at 11:42

1 Answers1

1

You get a queued for delivery message, but you don't give enough information for us to know whether it was just queued on your postfix or if it was also queued at the destination.

You say a different hotmail server was used, I assume you are sending to an address at hotmail? If hotmail says "queued for delivery" for two different mails and one does not arrive, then the problem is the content. One is detected as spam.

Maybe the receiving user can find it in his spam folder. Otherwise, add the sender to the "safe senders" list and try again, if it works then you'll have confirmation that it was the anti-spam rules.

Maybe your DMARC works well for mails sent from your server, but not for mails relayed by your server? Try to find the "lost" email or send a new one to some address that has less spam filtering, and compare the headers. Maybe you know someone who has SpamAssassin filtering; SpamAssassin will usually write an analysis into the headers that you can use to find out why your mail in considered spam.

EDIT: Thanks for adding your logs. They show both mails correctly delivered to hotmail. The fact that the Hotmail IPs are different is not important. If one is repeatably getting through and not the other, the filtering must be doing something different depending on the source e-mail address. Since this is Hotmail, try adding the new sender to the safe senders list. In other situations the problem might be manual filtering (some providers will let you write your own rules, and sometimes people forget about them).

Law29
  • 3,557
  • 1
  • 16
  • 28
  • how do i find out if it's queued at the destination? the logs don't mention what happens after it's done on its part. i sent identical plain-text strings using both methods multiple times just to test this. the mail method works each time and the smtp connect fails each time. in the fail attempts, the message never appears in the external mailbox, spam or otherwise. i should also note that i was not connecting to the smtp socket from a remote host, it was a localhost connection. – ystan- Nov 24 '15 at 11:47
  • apologies @Law29 i found out the problem wasn't the method but the username used. revised the entire question to better describe the problem. – ystan- Nov 24 '15 at 13:30
  • OK, the problem is what I thought above: for some reason hotmail is junking one of the mails and not the other. Your logs show the messages being given to hotmail, after that point there is nothing you can do or know about what happens to it. Try some other destinations not at hotmail to see if there is still a difference. – Law29 Nov 24 '15 at 20:56
  • You're right! Not only was the mail junked, it looked outright ignored for some reason so I couldn't find any remnant of it. I added my domain to the safe senders list and the mail came through. Can you edit your answer to reflect this so I can mark it as the answer? Thanks. – ystan- Nov 25 '15 at 09:35