3

My email server has been ok for months now, since today my server would not receive any emails, I could send though. I seem to have fixed that by disabling and enabling UFW, not sure why that works but it has.

However, I ran a few test emails and I used this one email provider https://tutanota.com/ to send a test email to my server...

When I send the email I get a "Undelivered Mail Returned to Sender" email and when I check the logs I see:

Sender address rejected: Access denied (in reply to RCPT TO command))

postfix/bounce[3371]: BED7E20A01C9: sender non-delivery notification: 98A3620A0939

When I send the same test email from Gmail I dont get any of this?

My main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
myorigin = /etc/mailname

#smtpd_banner = $myhostname ESMTP $mail_name
smtpd_banner = static.xx.xx.xx.xx.clients.your-server.de ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

#Enable TLS/ SASL/ SSL
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.[domain].com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.[domain].com/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtpd_tls_loglevel = 1
broken_sasl_auth_clients = yes
smtpd_tls_protocols = !SSLv2, !SSLv3

tls_random_source = dev:/dev/urandom
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA

# Insist on stronger ciphers
smtpd_tls_ciphers = high
smtp_tls_ciphers = high

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#Enabling SMTP for authenticated users, and handing off authentication to Dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_recipient_restrictions =  permit_sasl_authenticated,  permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = Thunderbird-1
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $mydomain, $myhostname, Thunderbird-1, localhost.localdomain, localhost
#mydestination = localhost

relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 51200000
recipient_delimiter = +
inet_interfaces = all

#Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp

#Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
        mysql:/etc/postfix/mysql-virtual-email2email.cf

policyd-spf_time_limit = 3600

milter_protocol = 2
milter_default_action = accept

smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

Postfix bounced postfix/smtp[4060]: 4D21820A01C9: to=<[email]@tuta.io>, orig_to=<email@[mydomain].com>, relay=mail.tutanota.de[81.3.6.162]:25, delay=0.84, delays=0.14/0.01/0.26/0.42, dsn=5.7.1, status=bounced (host mail.tutanota.de[81.3.6.162] said: 554 5.7.1 <[email]@tuta.io>: Sender address rejected: Access denied (in reply to RCPT TO command))

jimbob1929
  • 31
  • 1
  • 1
  • 3
  • 1
    Have you looked at `mail.log` on the server? It may be more enlightening. –  Jan 09 '18 at 13:01
  • @fkraiem Yes I have included the errors in the post? – jimbob1929 Jan 09 '18 at 13:02
  • Are you sending to a valid address on your server? If so there may be more information in the bounced mail header. Another thought is that Tutanota will take the most secure path it can so something may be slightly misconfigured that is preventing a TLS over SMTP connection completing but I can't see what it is from there. – Simon Greenwood Jan 09 '18 at 13:31
  • Ok in my mail.log, I have updated my answer with the bounced line... – jimbob1929 Jan 09 '18 at 13:39
  • Sorry, I read too fast... A test e-mail from tutanota.com works for me, and the only difference in policy is that I don't use `policyd-spf` (I have a very permissive spam policy at the Postfix level, and use SpamAssassin instead.) You can try removing it from `smtpd_recipient_restrictions`, and if the test e-mail goes through you will know what's blocking it. –  Jan 09 '18 at 13:44
  • I will give that ago but it is weird because the email still gets to my inbox but tutanota gets a Undelivered Mail Returned to Sender email back – jimbob1929 Jan 09 '18 at 13:46

0 Answers0