Postfix Won't Work

[WaitingForNehalem]

Postfix won't send or receive mail. I have an Ubuntu LAMP server with webmin, procmail, dovecot, postfix, ssh, telnet, and squirrelmail. Comcast sent me an e-mail saying one of my computers was sending out spam and I'm pretty sure they blocked port 25. I need to telnet it.

Here is my mail.log full of errors.

Oct 21 20:18:30 davidsserver postfix/smtpd[7124]: connect from localhost[127.0.0.1]
Oct 21 20:19:00 davidsserver postfix/cleanup[7128]: fatal: open /etc/postfix/header_checks: No such file or directory
Oct 21 20:19:01 davidsserver postfix/master[6403]: warning: process /usr/libexec/postfix/cleanup pid 7128 exit status 1
Oct 21 20:19:01 davidsserver postfix/master[6403]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling
Oct 21 20:20:01 davidsserver postfix/cleanup[7130]: fatal: open /etc/postfix/header_checks: No such file or directory
Oct 21 20:20:02 davidsserver postfix/master[6403]: warning: process /usr/libexec/postfix/cleanup pid 7130 exit status 1
Oct 21 20:20:02 davidsserver postfix/master[6403]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling
Oct 21 20:21:02 davidsserver postfix/cleanup[7131]: fatal: open /etc/postfix/header_checks: No such file or directory
Oct 21 20:21:03 davidsserver postfix/master[6403]: warning: process /usr/libexec/postfix/cleanup pid 7131 exit status 1
Oct 21 20:21:03 davidsserver postfix/master[6403]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling
Oct 21 20:22:03 davidsserver postfix/cleanup[7133]: fatal: open /etc/postfix/header_checks: No such file or directory
Oct 21 20:22:04 davidsserver postfix/master[6403]: warning: process /usr/libexec/postfix/cleanup pid 7133 exit status 1
Oct 21 20:22:04 davidsserver postfix/master[6403]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling
Oct 21 20:23:04 davidsserver postfix/cleanup[7134]: fatal: open /etc/postfix/header_checks: No such file or directory
Oct 21 20:23:05 davidsserver postfix/master[6403]: warning: process /usr/libexec/postfix/cleanup pid 7134 exit status 1
Oct 21 20:23:05 davidsserver postfix/master[6403]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling
Oct 21 20:23:43 davidsserver dovecot: imap-login: Login: user=<david>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Oct 21 20:23:43 davidsserver dovecot: IMAP(david): Disconnected: Logged out
Oct 21 20:24:06 davidsserver postfix/cleanup[7139]: fatal: open /etc/postfix/header_checks: No such file or directory
Oct 21 20:24:07 davidsserver postfix/master[6403]: warning: process /usr/libexec/postfix/cleanup pid 7139 exit status 1
Oct 21 20:24:07 davidsserver postfix/master[6403]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling
Oct 21 20:25:07 davidsserver postfix/cleanup[7140]: fatal: open /etc/postfix/header_checks: No such file or directory
Oct 21 20:25:08 davidsserver postfix/master[6403]: warning: process /usr/libexec/postfix/cleanup pid 7140 exit status 1
Oct 21 20:25:08 davidsserver postfix/master[6403]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling
Oct 21 20:26:08 davidsserver postfix/cleanup[7141]: fatal: open /etc/postfix/header_checks: No such file or directory
Oct 21 20:26:09 davidsserver postfix/master[6403]: warning: process /usr/libexec/postfix/cleanup pid 7141 exit status 1
Oct 21 20:26:09 davidsserver postfix/master[6403]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling

Here is my Postfix.conf (I don't understand what some of the settings mean but they look good.) :

#
### Postfix main.cf
#
### Verify these directory settings - they are critical to Postfix operation.
biff = no
recipient_delimiter = .
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
program_directory = /usr/libexec/postfix

### Interface to listen on

### smtp banner
mail_name = davidsserver Daemon
smtpd_banner = $mail_name. All Spam Is Reported. ESMTP

### Who delivers the mail (never root for security).
setgid_group = postdrop

### Default user to deliver mail to (NEVER ENABLE)
luser_relay =

### The myorigin parameter specifies the domain that appears in mail that is posted on/through this machine.
append_dot_mydomain = no
append_at_myorigin = yes

### alias's
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

### the internet hostname of this mail system
myhostname = davidsserver
mydomain=com

### The mydestination parameter specifies what domains this machine will deliver locally, instead
### of forwarding to another machine. The default is to receive mail for the machine itself.
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

### Relay Host this mail server should send its mail to. (NONE)
relayhost = [smtp.comcast.net]

### Relay Client SASL Authentication
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

### External Networks to accept RELAYED mail from.
mynetworks = 127.0.0.0/8

### Where to send mail that is delivered locally.
mailbox_command = procmail -a "$EXTENSION"

### How much of the message in bytes will be bounced back to the sender.
bounce_size_limit = 5000

### No limit on mailbox size.
mailbox_size_limit = 0

### Message Restrictions
header_checks = regexp:/etc/postfix/header_checks

### Limit sent/recieved emails to 1 Meg "(header+body+attachment)x(mime-encoding) <= 1 meg"
message_size_limit = 102400

### How long do messages stay in the queue before being sent back to the sender. (in days)
### By default, postfix attempts to resend the message every (1000 secs)x(# attempts)x(days).
bounce_queue_lifetime = 4h
maximal_queue_lifetime = 4h
delay_warning_time = 1h

### Parrallel delivery force (local=2 and dest=20 are aggressive)
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20

### Max flow rate (1 sec delay per 50 emails/sec over the number of emails delivered/sec)
in_flow_delay = 1s

### no one needs to ask our server who is on it
disable_vrfy_command = yes

#### user%domain != user@domain
allow_percent_hack = no

#### user!domain != user@domain
swap_bangpath = no

smtpd_sasl_auth_enable = yes

##################### END #####################################################

Here is the original config file I copied from:

#
### Postfix main.cf
#
### Verify these directory settings - they are critical to Postfix operation.
biff = no
recipient_delimiter = .
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
program_directory = /usr/libexec/postfix

### Interface to listen on

### smtp banner
mail_name = davidsserver Daemon
smtpd_banner = $mail_name. All Spam Is Reported. ESMTP

### Who delivers the mail (never root for security).
setgid_group = postdrop

### Default user to deliver mail to (NEVER ENABLE)
luser_relay =

### The myorigin parameter specifies the domain that appears in mail that is posted on/through this machine.
append_dot_mydomain = no
append_at_myorigin = yes

### alias's
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

### the internet hostname of this mail system
myhostname = davidsserver
mydomain=com

### The mydestination parameter specifies what domains this machine will deliver locally, instead
### of forwarding to another machine. The default is to receive mail for the machine itself.
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

### Relay Host this mail server should send its mail to. (NONE)
relayhost = [smtp.comcast.net]:587

### Relay Client SASL Authentication
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

### External Networks to accept RELAYED mail from.
mynetworks = 127.0.0.0/8

### Where to send mail that is delivered locally.
mailbox_command = procmail -a "$EXTENSION"

### How much of the message in bytes will be bounced back to the sender.
bounce_size_limit = 5000

### No limit on mailbox size.
mailbox_size_limit = 0

### Message Restrictions
header_checks = regexp:/etc/postfix/header_checks

### Limit sent/recieved emails to 1 Meg "(header+body+attachment)x(mime-encoding) <= 1 meg"
message_size_limit = 102400

### How long do messages stay in the queue before being sent back to the sender. (in days)
### By default, postfix attempts to resend the message every (1000 secs)x(# attempts)x(days).
bounce_queue_lifetime = 4h
maximal_queue_lifetime = 4h
delay_warning_time = 1h

### Parrallel delivery force (local=2 and dest=20 are aggressive)
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20

### Max flow rate (1 sec delay per 50 emails/sec over the number of emails delivered/sec)
in_flow_delay = 1s

### clients must send a HELO (or EHLO) command at the beginning of an SMTP session.
smtpd_helo_required = yes

### no one needs to ask our server who is on it
disable_vrfy_command = yes

#### user%domain != user@domain
allow_percent_hack = no

#### user!domain != user@domain
swap_bangpath = no

### delay until RCPT TO: to reject the email for nagios compatability

### Tarpit those bots/clients/spammers who send errors or scan for accounts !!!!
smtpd_error_sleep_time = 20
smtpd_soft_error_limit = 4
smtpd_hard_error_limit = 6
smtpd_junk_command_limit = 4

### Reject codes (change these as you see fit)
access_map_reject_code = 450
invalid_hostname_reject_code = 450
maps_rbl_reject_code = 450
multi_recipient_bounce_reject_code = 450
non_fqdn_reject_code = 450
plaintext_reject_code = 450
reject_code = 450
relay_domains_reject_code = 450
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 450
unknown_relay_recipient_reject_code = 450
unknown_virtual_alias_reject_code = 450
unknown_virtual_mailbox_reject_code = 450
unverified_recipient_reject_code = 450
unverified_sender_reject_code = 450

### SMTP Restrictions
smtpd_client_restrictions = permit_mynetworks,
reject_invalid_hostname,
check_client_access regexp:/etc/postfix/client_restrictions
reject_rbl_client zen.spamhaus.org,
reject_unknown_client,
permit

smtpd_helo_restrictions = permit_mynetworks,
check_helo_access hash:/etc/postfix/helo_access,
reject_unauth_pipelining,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit

smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_sender reject_non_fqdn_recipient reject_non_fqdn_hostname reject_invalid_hostname reject_unauth_pipelining reject_rbl_client zen.spamhaus.org reject_unknown_sender_domain reject_unknown_recipient_domain reject_unauth_destination reject_unknown_client permit

smtpd_sender_restrictions = permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_address,
permit

smtpd_etrn_restrictions = permit_mynetworks,
reject

smtpd_data_restrictions = reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit

##################### END #####################################################

 

[Skunk]

You need to create the file /etc/postfix/header_checks and postmap it for postfix, or comment it out. Ensure you have also postmapped any other checks as well.
/etc/postfix/sasl_passwd also will need to be created and postmapped as well.

 

[WaitingForNehalem]

Thanks. After doing all that everything is much better but mail still doesn't send.

mail.log

Oct 22 16:30:49 davidsserver postfix/smtp[5544]: 967F8822C4: to=<*@yahoo.com>, relay=smtp.comcast.net[76.96.62.117]:587, delay=3319, delays=3297/0.22/0.23/22, dsn=4.1.0, status=deferred (host smtp.comcast.net[76.96.62.117] said: 452 4.1.0 ... temporary failure (in reply to MAIL FROM command))

 

[Skunk]

That error is not coming from your server. You successfully sent the mail to comcasts smtp but they are having a problem sending it any further. Its a soft reset though so it might go through eventually. Try sending to a different domain (gmail or hotmail) and see if comcast is able to put that one through.

 

[WaitingForNehalem]

Thank God I got it working after installing ca-certificates and uncommenting #smtp_use_tls = yes, #smtpd_use_tls = yes. The only problem is that after my email is relayed on gmail, it shows up as my original gmail address, not un@davidsserver.com. How do I fix that.

 

[WaitingForNehalem]

So I am back to sqaure 1. I need to use smtp.comcast.net:587 but I get temporary failure, too many sessions.

 

[Crusty]

Originally posted by: WaitingForNehalem
Thank God I got it working after installing ca-certificates and uncommenting #smtp_use_tls = yes, #smtpd_use_tls = yes. The only problem is that after my email is relayed on gmail, it shows up as my original gmail address, not un@davidsserver.com. How do I fix that.

Google changes the email if you relay through their servers.

 

[WaitingForNehalem]

What other free relay servers are available that don't change your name?

 

[WaitingForNehalem]

I think the reason comcast as a relay won't work is because it doesn't accept custom domains. Would a free DynDNS dynamic DNS do anything?

 

[Nothinman]

No, you still need a SMTP server that will let you relay through it.

 

[WaitingForNehalem]

Do you know any free smtp servers that allow a custom domain?

 

[Nothinman]

Not sure, you could always get one of those generic hosting services like a Linode and put your SMTP server there.

 

[WaitingForNehalem]

Originally posted by: Nothinman
Not sure, you could always get one of those generic hosting services like a Linode and put your SMTP server there.

Then I'd have to pay .

 

[Nothinman]

Yea, no one in their right mind runs a free open relay.

 

[WaitingForNehalem]

Can I setup my own smtp relay server that would use port 587?

 

[Nothinman]

Good question. I'm not sure if your ISP would be blocking 587 for you already and I don't know how many MTAs out there even try 587 yet.

 

[WaitingForNehalem]

I setup an IIS smtp server for relaying mail. I made it send mail on port 587. If I "telnet [ip address] 587" it works fine. The problem is that all mail gets stuck in the queue folder and doesn't send. I googled but there are no solutions, just unresolved threads.

 

[Nothinman]

RFC4409 is still pretty new and message submission (port 587) isn't meant to replace message relaying on port 25 anyway. It's meant to separate submission from relaying so it's really only meant to be used by mail clients doing an initial message submission.

 

[WaitingForNehalem]

I'm running the server on Windows in case your were wondering. So basically what you're saying is that there is no way I can get mail out for free. I really appreciate your help.

 

[Nothinman]

It doesn't matter what you're running, if their MTA isn't accepting mail on port 587 then you're screwed. Port 25 is the standard port for mail server to mail server communication, port 587 is a new port that's supposed to be for client to server mail submission.

 

[skyking]

Originally posted by: WaitingForNehalem
What other free relay servers are available that don't change your name?

Can you run your domain through google apps? that will take care of the relaying problems.
http://www.google.com/a/help/intl/en-GB/org/index.html
you can still run your server as a client to google's.

 

[WaitingForNehalem]

Originally posted by: skyking

Originally posted by: WaitingForNehalem
What other free relay servers are available that don't change your name?

Can you run your domain through google apps? that will take care of the relaying problems.
http://www.google.com/a/help/intl/en-GB/org/index.html
you can still run your server as a client to google's.

I want to use my email server, not Google's. Plus, I think you need a purchased domain. Shoud I just give up on this? It is so frustrating that after all this work, I can't send because Comcast's relay doesn't allow custom domains.

 

[Crusty]

If you want to run your email server you need to get a business class ISP, have a static IP, own a domain, and your ISP needs to add a reverse DNS record for your IP -> Domain so you can send mail to places like Yahoo with little to no trouble. You'll probably want a TXT record with spf info in it as well to help fight spam. Running an email server is quite a bit more complex then something like a web server or ftp server, and there are 100 times the security headaches to worry about as well.

 

[WaitingForNehalem]

Originally posted by: Crusty
If you want to run your email server you need to get a business class ISP, have a static IP, own a domain, and your ISP needs to add a reverse DNS record for your IP -> Domain so you can send mail to places like Yahoo with little to no trouble. You'll probably want a TXT record with spf info in it as well to help fight spam. Running an email server is quite a bit more complex then something like a web server or ftp server, and there are 100 times the security headaches to worry about as well.

So I can't do it for free huh. Oh well, kinda sad to throw away all that effort.

 

[skyking]

Originally posted by: Crusty
If you want to run your email server you need to get a business class ISP, have a static IP, own a domain, and your ISP needs to add a reverse DNS record for your IP -> Domain so you can send mail to places like Yahoo with little to no trouble. You'll probably want a TXT record with spf info in it as well to help fight spam. Running an email server is quite a bit more complex then something like a web server or ftp server, and there are 100 times the security headaches to worry about as well.

That is the hard truth of it. I got all that done for one of my clients, and eventually migrated them elsewhere due to the high overhead of keeping it all working, spam and virus free. it was a reat learning experience but not worth it for the limited numbe of users.
I still have that static IP and reverse DNS record, quest was good about setting that up for me.