Postfix can't receive emails from external domains

I'm very confused by this and need help.

I followed this guide to the wire: http://www.howtoforge.com/virtual-u...urier-mysql-and-squirrelmail-ubuntu-12.04-lts

Everything works fine, except that I can't receive email from any source other than localhost (gmail, etc)

Here is my main.cf:


# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.goldenoakit.com
alias_maps = hash:/etc/aliases
myhostname = mail.goldenoakit.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.goldenoakit.com, localhost, localhost.localdomain, goldenoakit.com
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2emai$
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps$
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings


and here is my master.cf:


#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
587 inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
#submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}

# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================

#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks


my iptables are as follows:

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6277
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:24441
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2703
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5667
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12489
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25565
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0

and dig -t mx goldenoakit.com returns this:

; <<>> DiG 9.8.1-P1 <<>> -t mx goldenoakit.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23416
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 1

;; QUESTION SECTION:
;goldenoakit.com. IN MX

;; ANSWER SECTION:
goldenoakit.com. 86400 IN MX 10 mail.goldenoakit.com.

;; AUTHORITY SECTION:
goldenoakit.com. 86400 IN NS ns4.linode.com.
goldenoakit.com. 86400 IN NS ns3.linode.com.
goldenoakit.com. 86400 IN NS ns2.linode.com.
goldenoakit.com. 86400 IN NS ns5.linode.com.
goldenoakit.com. 86400 IN NS ns1.linode.com.

;; ADDITIONAL SECTION:
mail.goldenoakit.com. 86400 IN A 173.255.254.114

;; Query time: 133 msec
;; SERVER: 74.207.242.5#53(74.207.242.5)
;; WHEN: Mon Sep 10 11:25:07 2012
;; MSG SIZE rcvd: 167



Why can't I receive external mail??

 

Hi ansabhailte;

Can you also 1) attempt to send an email from another domain outside your network, then 2) include the output from tail -n 25 /var/log/mail.log ?

Also, the output from "netstat -tap" would be helpful.

G

 

You mean try to send an email from Gmail to my postfix?

josh@nigel:~$ sudo tail -f /var/log/mail.log
Sep 10 12:11:23 nigel postfix/smtpd[28876]: disconnect from localhost[127.0.0.1]
Sep 10 12:11:23 nigel amavis[2987]: (02987-13) Passed CLEAN, [99.115.92.105] [99.115.92.105] <[email protected]> -> <[email protected]>, mail_id: HbqWrB82bR4n, Hits: -0.859, size: 75819, queued_as: EAD8F2B2D, 1720 ms
Sep 10 12:11:23 nigel postfix/smtp[28870]: 9CA032B2C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=1.7/0.01/0/1.7, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EAD8F2B2D)
Sep 10 12:11:23 nigel postfix/qmgr[28855]: 9CA032B2C: removed
Sep 10 12:11:25 nigel postfix/smtp[28878]: EAD8F2B2D: to=<[email protected]>, relay=mailin-01.mx.aol.com[205.188.159.42]:25, delay=1.5, delays=0.01/0.01/0.55/0.92, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as AF87A380001C9)
Sep 10 12:11:25 nigel postfix/qmgr[28855]: EAD8F2B2D: removed
Sep 10 12:11:25 nigel postfix/smtpd[28862]: disconnect from adsl-99-115-92-105.dsl.lsan03.sbcglobal.net[99.115.92.105]
Sep 10 12:11:26 nigel imapd: Connection, ip=[::ffff:127.0.0.1]
Sep 10 12:11:26 nigel imapd: LOGIN, [email protected], ip=[::ffff:127.0.0.1], port=[36137], protocol=IMAP
Sep 10 12:11:26 nigel imapd: LOGOUT, [email protected], ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=87, sent=391, time=0


^Cjosh@nigel:~$ sudo tail -n 25 /var/log/mail.log
Sep 10 12:10:49 nigel postfix/postfix-script[28851]: refreshing the Postfix mail system
Sep 10 12:10:49 nigel postfix/master[3040]: reload -- version 2.9.3, configuration /etc/postfix
Sep 10 12:10:49 nigel postfix/anvil[28815]: statistics: max connection rate 1/60s for (submission:99.115.92.105) at Sep 10 12:09:37
Sep 10 12:10:49 nigel postfix/anvil[28815]: statistics: max connection count 1 for (submission:99.115.92.105) at Sep 10 12:09:37
Sep 10 12:10:49 nigel postfix/anvil[28815]: statistics: max cache size 1 at Sep 10 12:09:37
Sep 10 12:11:20 nigel postfix/smtpd[28862]: connect from adsl-99-115-92-105.dsl.lsan03.sbcglobal.net[99.115.92.105]
Sep 10 12:11:20 nigel postfix/smtpd[28862]: 9CA032B2C: client=adsl-99-115-92-105.dsl.lsan03.sbcglobal.net[99.115.92.105], sasl_method=LOGIN, [email protected]
Sep 10 12:11:20 nigel postfix/cleanup[28869]: 9CA032B2C: message-id=<>
Sep 10 12:11:22 nigel postfix/qmgr[28855]: 9CA032B2C: from=<[email protected]>, size=75819, nrcpt=1 (queue active)
Sep 10 12:11:23 nigel postfix/smtpd[28876]: connect from localhost[127.0.0.1]
Sep 10 12:11:23 nigel postfix/smtpd[28876]: EAD8F2B2D: client=localhost[127.0.0.1]
Sep 10 12:11:23 nigel postfix/cleanup[28869]: EAD8F2B2D: message-id=<[email protected]>
Sep 10 12:11:23 nigel postfix/qmgr[28855]: EAD8F2B2D: from=<[email protected]>, size=76352, nrcpt=1 (queue active)
Sep 10 12:11:23 nigel postfix/smtpd[28876]: disconnect from localhost[127.0.0.1]
Sep 10 12:11:23 nigel amavis[2987]: (02987-13) Passed CLEAN, [99.115.92.105] [99.115.92.105] <[email protected]> -> <[email protected]>, mail_id: HbqWrB82bR4n, Hits: -0.859, size: 75819, queued_as: EAD8F2B2D, 1720 ms
Sep 10 12:11:23 nigel postfix/smtp[28870]: 9CA032B2C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=1.7/0.01/0/1.7, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as EAD8F2B2D)
Sep 10 12:11:23 nigel postfix/qmgr[28855]: 9CA032B2C: removed
Sep 10 12:11:25 nigel postfix/smtp[28878]: EAD8F2B2D: to=<[email protected]>, relay=mailin-01.mx.aol.com[205.188.159.42]:25, delay=1.5, delays=0.01/0.01/0.55/0.92, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as AF87A380001C9)
Sep 10 12:11:25 nigel postfix/qmgr[28855]: EAD8F2B2D: removed
Sep 10 12:11:25 nigel postfix/smtpd[28862]: disconnect from adsl-99-115-92-105.dsl.lsan03.sbcglobal.net[99.115.92.105]
Sep 10 12:11:26 nigel imapd: Connection, ip=[::ffff:127.0.0.1]
Sep 10 12:11:26 nigel imapd: LOGIN, [email protected], ip=[::ffff:127.0.0.1], port=[36137], protocol=IMAP
Sep 10 12:11:26 nigel imapd: LOGOUT, [email protected], ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=87, sent=391, time=0
Sep 10 12:12:18 nigel imapd: Connection, ip=[::ffff:99.115.92.105]
Sep 10 12:12:18 nigel imapd: LOGIN, [email protected], ip=[::ffff:99.115.92.105], port=[6376], protocol=IMAP

The weird thing is that mail.log doesnt seem to record any errors, and mail.err has nothing relevant.

Forgot to add netstat -tap:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:10024 *:* LISTEN 2431/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 3040/master
tcp 0 0 localhost:mysql *:* LISTEN 2165/mysqld
tcp 0 0 *:submission *:* LISTEN 3040/master
tcp 0 0 *:ftp *:* LISTEN 2069/vsftpd
tcp 0 0 *:ssh *:* LISTEN 2108/sshd
tcp 0 0 nigel.goldenoakit:34597 adsl-99-115-92-10:12489 TIME_WAIT -
tcp 0 0 nigel.goldenoakit:59238 adsl-99-36-141-12:12489 TIME_WAIT -
tcp 0 0 nigel.goldenoakit:34595 adsl-99-115-92-10:12489 TIME_WAIT -
tcp 0 192 nigel.goldenoakit.c:ssh adsl-75-28-136-56:39971 ESTABLISHED 26356/sshd: josh [p
tcp6 0 0 [::]:imaps [::]:* LISTEN 2871/couriertcpd
tcp6 0 0 [::]op3s [::]:* LISTEN 2909/couriertcpd
tcp6 0 0 [::]:submission [::]:* LISTEN 3040/master
tcp6 0 0 [::]op3 [::]:* LISTEN 2887/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 2849/couriertcpd
tcp6 0 0 [::]:http [::]:* LISTEN 3194/apache2
tcp6 0 0 [::]:ssh [::]:* LISTEN 2108/sshd
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:33669 ESTABLISHED 25775/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:53946 ESTABLISHED 26270/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:36333 ESTABLISHED 29755/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-105:7181 ESTABLISHED 29869/imapd
tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-105:6496 ESTABLISHED 29038/imapd
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:52259 ESTABLISHED 25777/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:53950 ESTABLISHED 26272/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-105:7178 ESTABLISHED 29868/imapd
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:54962 ESTABLISHED 28432/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-105:1291 ESTABLISHED 25055/imapd
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:40477 ESTABLISHED 29752/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:52823 ESTABLISHED 25770/couriertls
tcp6 0 0 nigel.goldenoakit:imaps adsl-75-28-136-56:40566 ESTABLISHED 28428/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-10:64725 ESTABLISHED 24436/imapd
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:48019 ESTABLISHED 25768/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:54964 ESTABLISHED 28435/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-10:65447 ESTABLISHED 24817/imapd
tcp6 0 0 nigel.goldenoakit:imaps adsl-75-28-136-56:39555 ESTABLISHED 26266/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:38579 ESTABLISHED 25779/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-75-28-136-56:37680 ESTABLISHED 29758/couriertls
tcp6 0 0 nigel.goldenoakit:imap2 adsl-99-115-92-105:6294 ESTABLISHED 28820/imapd

 

Hmm

I'm not sure if this has anything to do with it, but my hostname is nigel.goldenoakit.com and I also have mail.goldenoakit.com. I set up postfix to use mail, but do you think having that be different than the hostname would affect anything?

 

Hi ansabhailte;

I would use my actual hostname if I were you;

From your master.cf, above:

maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

My maildrop line:

maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}

See the difference? I would put a space or two before the first character on every continuation line in that file, for one thing. In your log, you see the message come in, but don't see it delivered to a mailbox. Maybe it's reading that statement wrong?

G

ps ... this forum program is removing the leading space on the continuation line, so never mind on that. But still your maildrop line lacks all the vmail stuff ...

 

Now I'm getting this

Sep 10 13:06:08 nigel postfix/master[3040]: fatal: /etc/postfix/master.cf: line 98: bad transport type: user=vmail

from mail.log

 

This

It sounds like my problem is similar to this guys:

Hi guys,

after much pulling out (of grey hairs only), i finally realised this was a transport issue.
The transport data was being held in Mysql, and was not being resolved.

My best guess is that because i had smtp:mail.mydomain.com as the only transport it therefor wouldn't know about anything locally.

anyhow - all sorted now, will more on to more exciting things now

Thanks for the hand!

Grant

But I'm not sure how to go about fixing this.

 

I have been setting up email addresses like this through MySQL:

INSERT INTO `domains` (`domain`) VALUES ('example.com');
INSERT INTO `users` (`email`, `password`, `quota`) VALUES ('[email protected]', ENCRYPT('secret'), 10485760);

Do I also need to add anything like this?:

INSERT INTO `transport` (`domain`, `transport`) VALUES ('example.com', 'smtp:mail.example.com');

 

ok

Disregard the last 3 replies. I didn't put white space in front of the line you gave me to replace. That's taken care of now.

Still can't receive email. Nothing shows up in the mail log either.

 

If you type in the command "mailq", does it show a bunch of stuff trapped in the queue? To me, the log seems to indicate the incomming mail is being queued but not delivered. If you use web mail and deliver it to another mail box at the same domain, does it deliver?

G

 

No, nothing in the queue.

Of course, the logfile that I posted shows a lot of activity because all the addresses can successfully send/receive to each other, and can send mail to anybody (including gmail)


I don't get it. Everything works except for receiving from external hosts. And mail.log never shows anything for that; not even rejected messages. And Gmail doesnt show delay/failure notices.

 

What should the permissions be for /var/spool/postfix/var/run/saslauthd?

saslauthd returns this:

drwx--x--- 2 root sasl 4096 Sep 10 19:46 saslauthd

and the contents return this:

-rw------- 1 root root 0 Sep 10 19:46 cache.flock
-rw------- 1 root root 945152 Sep 10 19:46 cache.mmap
srwxrwxrwx 1 root root 0 Sep 10 19:46 mux
-rw------- 1 root root 0 Sep 10 19:46 mux.accept
-rw------- 1 root root 5 Sep 10 19:46 saslauthd.pid

 

one more thing

I just ran testsaslauthd:

sudo testsaslauthd -u [email protected] -p *password* -f /var/spool/postfix/var/run/saslauthd/mux -s submission

(I'm running smtp on 587 not 25) and it returns:

NO "authentication failed"

auth.log shows this:

Sep 10 20:30:33 nigel saslauthd[5002]: pam_unix(submission:auth): check pass; user unknown
Sep 10 20:30:33 nigel saslauthd[5002]: pam_unix(submission:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Sep 10 20:30:35 nigel saslauthd[5002]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Sep 10 20:30:35 nigel saslauthd[5002]: do_auth : auth failure: [service=submission] [realm=] [mech=pam] [reason=PAM auth error]

Also, when I run:

sudo testsaslauthd -u [email protected] -p *password* -s submission

it returns:

connect() : No such file or directory

I'm thinking my problem lies within the SASL area... that would explain why I can receive mail from local accounts.

edit: I'm running postfix chrooted, per Falko's guide (linked at top of thread)

edit2: When I run testsaslauthd with -u josh -p *password* (being my UNIX username and password, not my MySQL email username and password) I get:

OK "Success."

 

Ok, I've figured out the problem.

I run testsaslauthd with mail_admin as the username (the account courier should be using) and the authentication fails.

If I run it using root as the user it succeeds, and also if I use my local UNIX account (josh).

But I've configured everything to use mail_admin. Any idea why mail_admin can't authenticate?

edit: I read that Cyrus SASL doesn't support encrypted SQL passwords? Is this still true? (I read it on a forum thread from 2008) I'm not sure if it would still be true since your guide says to use encrypted passwords...

 

Just so you know ... my system is able to receive and the above looks identical on my system ...

 

What are the contents of your /etc/postfix/sasl/smtpd.conf ?

 

cat /etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: *password*
sql_database: mail
sql_select: select password from users where email = '%u@%r'

 

Lemme grok your smtp.conf for a minute ... meanwhile ... the following two statements are missing from your main.cf as compared to mine:

maildrop_destination_recipient_limit = 1
virtual_transport = maildrop

You are specifying maildrop in your master.cf ... did you leave those out on purpose?

 

No, I just followed the guide by Falko. He left them out.

edit: I went ahead and added those lines.

 

Ok, well, let's reason for a minute.

According to your main.cf, master.cf, and sasl/smtpd.conf, you are sending email to remote hosts requiring SASL authentication, sending that authentication via plain text (non-encrypted) on port 587 (submission) ... and that is working. If you were sending using encryption, you'd be using port 465 and have some more parameters set up. If you are able to successfully send an email, I'd say SASL is working, and getting the correct username and password out of MySQL. Agree?

Now ... receiving. If you can log in to read your mail, you are authenticating, correct?

I don't think there is any authentication involved in the mail transport agent (MTA) receiving mail from a remote host. I don't think there is any authentication involved either in delivering that mail to a mailbox. So, even though it may seem like authentication is involved ... to me, it doesn't seem so. Agree/disagree with my logic?