Postfix configuration

[yugpatel]

I have Windows 2008 sever with Virtual box running Ubuntu 12.04 server. I have named the server "mailserver". The mx recordentry is mailserver.ormondkwikstop.com. I am trying to run Postfix mail server but even after reading extensively, I seem not to configure it right.
I am trying to get my feet wet with web server and mail server, especially outgoing, so that I can have web server and mail server on a separate server (virtual or physical). Meanwhile I am trying to integrate clamav and other spam filter by reading https://help.ubuntu.com/community/PostfixAmavisNew


What am I doing wrong?


Here is my main.cf file:
***************************************************
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mailserver.ormondkwikstop.com
mydomain = mailserver.ormondkwikstop.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $mydomain, mailserver, localhost.localdomain, localhost
myorigin = $mydomain
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
notify_classes = bounce
smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_non_fqdn_hostname reject_invalid_hostname check_helo_access pcre:/etc/postfix/helo_checks check_sender_mx_access cidr:/etc/postfix/bogus_mx reject_rbl_client zen.spamhaus.org reject_rbl_client cbl.abuseat.org reject_rbl_client dnsbl-1.uceprotect.net permit
*******************************************************************



Here is mail.log file:
****************************************************************
Feb 27 12:41:21 mailserver spamd[1369]: spamd: server started on port 783/tcp (running version 3.3.2)
Feb 27 12:41:21 mailserver spamd[1369]: spamd: server pid: 1369
Feb 27 12:41:21 mailserver spamd[1369]: spamd: server successfully spawned child process, pid 1370
Feb 27 12:41:21 mailserver spamd[1369]: spamd: server successfully spawned child process, pid 1372
Feb 27 12:41:21 mailserver spamd[1369]: prefork: child states: IS
Feb 27 12:41:21 mailserver spamd[1369]: prefork: child states: II
Feb 27 12:41:49 mailserver postfix/master[1839]: daemon started -- version 2.9.6, configuration /etc/postfix
Feb 27 12:57:43 mailserver postfix/pickup[1844]: 62FDA2E1799: uid=0 from=<bharatpatel@mailserver>
Feb 27 12:57:43 mailserver postfix/cleanup[2658]: 62FDA2E1799: message-id=<1393523863.2649@mailserver>
Feb 27 12:57:43 mailserver postfix/qmgr[1845]: 62FDA2E1799: from=<bharatpatel@mailserver>, size=601, nrcpt=1 (queue active)
Feb 27 12:57:43 mailserver postfix/smtp[2664]: warning: relayhost configuration problem
Feb 27 12:57:43 mailserver postfix/smtp[2664]: 62FDA2E1799: to=<yugpatel@hotmail.com>, relay=none, delay=0.4, delays=0.22/0.11/0.08/0, dsn=4.3.5, status=deferred (Host or domain name not found. Name service error for name=smtp.localdomain type=AAAA: Host not found)
Feb 27 13:06:49 mailserver postfix/qmgr[1845]: 62FDA2E1799: from=<bharatpatel@mailserver>, size=601, nrcpt=1 (queue active)
Feb 27 13:06:49 mailserver postfix/smtp[2851]: warning: relayhost configuration problem
Feb 27 13:06:49 mailserver postfix/smtp[2851]: 62FDA2E1799: to=<yugpatel@hotmail.com>, relay=none, delay=546, delays=546/0.17/0/0, dsn=4.3.5, status=deferred (Host or domain name not found. Name service error for name=smtp.localdomain type=AAAA: Host not found)
Feb 27 13:09:22 mailserver postfix/postfix-script[3523]: refreshing the Postfix mail system
Feb 27 13:09:22 mailserver postfix/master[1839]: reload -- version 2.9.6, configuration /etc/postfix
Feb 27 13:19:22 mailserver postfix/qmgr[3528]: 62FDA2E1799: from=<bharatpatel@mailserver>, size=601, nrcpt=1 (queue active)
Feb 27 13:19:24 mailserver postfix/smtp[3756]: 62FDA2E1799: to=<yugpatel@hotmail.com>, relay=mx3.hotmail.com[65.54.188.110]:25, delay=1301, delays=1299/0.12/1.6/0.34, dsn=2.0.0, status=sent (250 <1393523863.2649@mailserver> Queued mail for delivery)
Feb 27 13:19:24 mailserver postfix/qmgr[3528]: 62FDA2E1799: removed
*****************************************************************

 

[smakme7757]

First up:
An MX record for mailserver.ormondkwikstop.com doesn't exist.

Secondly: The log file is stating that it's having problems relaying mail. If your ISP blocks sending of mail from private mail servers you will have to use their smart host which would relay your mail for your.

Thirdly: Your "From" address in the logs is
"bharatpatel@mailserver" which isn't a correct email. My ISP blocks all mail it is going to relay if it doesn't have a correct domain name.

 

[yugpatel]

First up:
An MX record for mailserver.ormondkwikstop.com doesn't exist.

How would I check? I know it takes upto 72 hours for MX records to propogate.

Secondly: The log file is stating that it's having problems relaying mail. If your ISP blocks sending of mail from private mail servers you will have to use their smart host which would relay your mail for your.

How would I resolve this issue?

Thirdly: Your "From" address in the logs is
"bharatpatel@mailserver" which isn't a correct email. My ISP blocks all mail it is going to relay if it doesn't have a correct domain name.

I am not sure why it is not picking up FQDN.

Can some one point corrections to be made and where? As I mentioned in my OP, I did try to read few posts but still can not some up with the correct configuration.

 

[smakme7757]

I can have a closer look during the weekend.

But ring your ISP and ask if they have an email relay you can use. Should also be on they website.

 

[yugpatel]

I can have a closer look during the weekend.

But ring your ISP and ask if they have an email relay you can use. Should also be on they website.

MY ISP is Bright House in Central Florida. I have been reading on Postfix configuration but still can not figure out why is it doing bharatpatel@mailserver as out going address. I have been able to send outbound e-mails but in bound is a problem. I will await your feedback/suggestion.

 

[Scarpozzi]

If you have all your configuration setup and the service running, you can verify that it's listening by using netstat.

$ netstat -a|grep LISTEN

To test your firewall and port forwarding to make sure it's setup right, you should be able to start a telnet session with the SMTP server. If you have an android-based phone with a data plan, you can install connect bot or something that can telnet so you don't have to leave home.

telnet mailserver.ormondkwikstop.com 25
Here's some telnet mail documentation...there are other sources for documentation on how to do it...
http://support.microsoft.com/kb/153119

Testing the routing/protocol and making sure your mx is in DNS are the keys.

 

[yugpatel]

If you have all your configuration setup and the service running, you can verify that it's listening by using netstat.

$ netstat -a|grep LISTEN

I am not sure about my configuration at all. I can send out e-mails but incoming are not working at all. Here is the output of above command you suggested for POP:
tcp 0 0 *op3s *:* LISTEN
tcp 0 0 *op3 *:* LISTEN
tcp6 0 0 [::]op3s [::]:* LISTEN
tcp6 0 0 [::]op3 [::]:* LISTEN
unix 2 [ ACC ] STREAM LISTENING 71524 /var/run/dovecot/login/pop3

To test your firewall and port forwarding to make sure it's setup right, you should be able to start a telnet session with the SMTP server. If you have an android-based phone with a data plan, you can install connect bot or something that can telnet so you don't have to leave home.

telnet mailserver.ormondkwikstop.com 25
Here's some telnet mail documentation...there are other sources for documentation on how to do it...
http://support.microsoft.com/kb/153119

Testing the routing/protocol and making sure your mx is in DNS are the keys.

I am not able to telnet in to my mail server. I ran Zenmap and the out put is:
*****************************************************************
Initiating ARP Ping Scan at 08:27

Scanning 192.168.1.117 [1 port]

Completed ARP Ping Scan at 08:27, 0.36s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 08:27

Completed Parallel DNS resolution of 1 host. at 08:27, 13.00s elapsed

Initiating SYN Stealth Scan at 08:27

Scanning 192.168.1.117 [1000 ports]

Discovered open port 995/tcp on 192.168.1.117

Discovered open port 80/tcp on 192.168.1.117

Discovered open port 53/tcp on 192.168.1.117

Discovered open port 23/tcp on 192.168.1.117

Discovered open port 993/tcp on 192.168.1.117

Discovered open port 110/tcp on 192.168.1.117

Discovered open port 139/tcp on 192.168.1.117

Discovered open port 25/tcp on 192.168.1.117

Discovered open port 22/tcp on 192.168.1.117

Discovered open port 445/tcp on 192.168.1.117

Discovered open port 143/tcp on 192.168.1.117

Discovered open port 10000/tcp on 192.168.1.117

Completed SYN Stealth Scan at 08:27, 0.49s elapsed (1000 total ports)

Initiating Service scan at 08:27

Scanning 12 services on 192.168.1.117

Completed Service scan at 08:27, 5.02s elapsed (12 services on 1 host)

Initiating OS detection (try #1) against 192.168.1.117

Retrying OS detection (try #2) against 192.168.1.117

Retrying OS detection (try #3) against 192.168.1.117

Retrying OS detection (try #4) against 192.168.1.117

Retrying OS detection (try #5) against 192.168.1.117

NSE: Script scanning 192.168.1.117.

Initiating NSE at 08:27

NSE Timing: About 41.67% done; ETC: 08:28 (0:00:43 remaining)

Completed NSE at 08:33, 368.58s elapsed

Nmap scan report for 192.168.1.117

Host is up (0.0024s latency).

Not shown: 988 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh?

23/tcp open telnet?

25/tcp open smtp?

|_smtp-commands: Couldn't establish connection on port 25

53/tcp open domain?

80/tcp open http?

|_http-title: Site doesn't have a title (text/html).

110/tcp open pop3?

139/tcp open netbios-ssn?

143/tcp open imap?

| imap-capabilities:

|_ ERROR: Failed to connect to server

445/tcp open microsoft-ds?

993/tcp open imaps?

995/tcp open pop3s?

10000/tcp open snet-sensor-mgmt?
*******************************************************
When I ran telnet mailserver.ormondkwikstop.com 25, I get error:
telnet: could not resolve mailserver.ormondkwikstop.com/25: Name or service not known.

I am not sure if I need to set up DNS server on my Ubuntu server or not.

Any help is higly appreciated.

 

[yugpatel]

"A" record screenshot.


MX record scrren shot


DNS screenshot.


I am not sure if these entries are correct or not.
Also what goes in the DNS (servers) entries.

 

[tomt4535]

The error you got when trying to telnet says that the client was unable to resolve mailserver.ormondkwikstop.com. First, try to telnet with the IP address instead of the name and see if that works. Also, the DNS server for ormondkwikstop.com needs to have an A record for mailserver.ormondkwikstop.com in order to use the name when trying to connect to the machine. The A record maps a hostname to an IP address, so if that does not exist, connecting to anything by name will not work since it does not know what IP to connect to. While I'm not familiar with the interface screenshots you provided, it looks like you can add that record similar to how the www name is set.

EDIT: Add the A record for mailserver.ormondkwikstop.com to the IP address of your mail server. It is not necessary to change the DNS server information, leave that as is.

 

[manly]

$ telnet mailserver.ormondkwikstop.com 25
Trying ...
^C

It doesn't work.

Wouldn't the Linux VM be NAT'd by the host server, which probably sits behind a consumer home router?

edit: Removed IP per OP's request.

yugpatel, your IP is not private by any means. It's in DNS so anybody can see it. I normally use the nslookup tool (exists on Unix and Windows), but there are others.

Make sure you don't have any unnecessary network services running, but it shouldn't matter if you're behind a router and ports have to be explicitly forwarded.

 

[yugpatel]

It doesn't work.

Wouldn't the Linux VM be NAT'd by the host server, which probably sits behind a consumer home router?

I can telnet into mailserver.ormondkwikstop.com but, now, after I made changes mention in the above screenshots, outgoing mail quite working too.
I got the following error:

Mar 7 08:06:27 mailserver postfix/smtpd[2250]: NOQUEUE: reject: RCPT from col0-omc4-s16.col0.hotmail.com[65.55.34.218]: 451 4.3.5 <col0-omc4-s16.col0.hotmail.com>: Helo command rejected: Server configuration error; from=<r2d2t2@live.com> to=<bharatpatel@ormondkwikstop.com> proto=ESMTP helo=<col0-omc4-s16.col0.hotmail.com>

 

[yugpatel]

As I did not get this postfix issue resolved yet(incoming mail not working for what ever reasons), I installed hMailserver and tested my MX records and everything works fine, incoming as well as outgoing mail works. Hence, there has to be something wrong either witj the postfix configuration or firewall.
Telent works and ssh works fine.
Any one has ant clue?

 

[SunnyD]

This might help.