Postfix won't send emails

Madrig88 · Mar 16, 2016

I currently have 2 issues, the first is that my postfix will not send emails, it was somewhat working and then I changed some settings and now it won't send at all. I am trying to use gmail smtp to send my emails.

ISSUE 1
I was able to send an email but as soon as it made it to the GMAIL SMTP server it was telling me that I need to issue Starttls. in the process of figuring that out, I broke my main.cf file.

Here is the main.cf file:

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/apache2/ssl/domain.com.crt
smtpd_tls_key_file = /etc/apache2/ssl/domain.com.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy


# start new test lines
smtp_tls_loglevel = 1
smtp_connect_timeout = 120s
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_starttls_timeout = 300s
# end new test lines

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
myhostname = hostname
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = domain.com
myorigin = /etc/mailname
mydestination = domain.com, PC-NAME, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8, 10.82.88.0/24, [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
debug_peer_list=smtp.gmail.com
debug_peer_level=3
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = no
tls_random_source = dev:/dev/urandom
content_filter = smtp-amavis:[127.0.0.1]:10024

This is my mail.log

Code:

Mar 16 14:22:40 Coffee-Grounds postfix/smtpd[4756]: connect from unknown[155.133.82.84]
Mar 16 14:22:40 Coffee-Grounds postfix/smtpd[4756]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 14:22:40 Coffee-Grounds postfix/smtpd[4756]: fatal: no SASL authentication mechanisms
Mar 16 14:22:41 Coffee-Grounds postfix/master[4682]: warning: process /usr/lib/postfix/smtpd pid 4756 exit status 1
Mar 16 14:22:41 Coffee-Grounds postfix/master[4682]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 14:24:07 Coffee-Grounds postfix/smtpd[4757]: connect from unknown[155.133.82.84]
Mar 16 14:24:07 Coffee-Grounds postfix/smtpd[4757]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 14:24:07 Coffee-Grounds postfix/smtpd[4757]: fatal: no SASL authentication mechanisms
Mar 16 14:24:08 Coffee-Grounds postfix/master[4682]: warning: process /usr/lib/postfix/smtpd pid 4757 exit status 1
Mar 16 14:24:08 Coffee-Grounds postfix/master[4682]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 14:24:15 Coffee-Grounds postfix/anvil[4746]: statistics: max connection rate 1/60s for (smtp:155.133.82.84) at Mar 16 14:14:15
Mar 16 14:24:15 Coffee-Grounds postfix/anvil[4746]: statistics: max connection count 1 for (smtp:155.133.82.84) at Mar 16 14:14:15
Mar 16 14:24:15 Coffee-Grounds postfix/anvil[4746]: statistics: max cache size 1 at Mar 16 14:14:15
Mar 16 14:25:36 Coffee-Grounds postfix/smtpd[4758]: connect from unknown[155.133.82.84]
Mar 16 14:25:36 Coffee-Grounds postfix/smtpd[4758]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 14:25:36 Coffee-Grounds postfix/smtpd[4758]: fatal: no SASL authentication mechanisms
Mar 16 14:25:37 Coffee-Grounds postfix/master[4682]: warning: process /usr/lib/postfix/smtpd pid 4758 exit status 1
Mar 16 14:25:37 Coffee-Grounds postfix/master[4682]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 14:27:02 Coffee-Grounds postfix/smtpd[4759]: connect from unknown[155.133.82.84]
Mar 16 14:27:02 Coffee-Grounds postfix/smtpd[4759]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 14:27:02 Coffee-Grounds postfix/smtpd[4759]: fatal: no SASL authentication mechanisms
Mar 16 14:27:03 Coffee-Grounds postfix/master[4682]: warning: process /usr/lib/postfix/smtpd pid 4759 exit status 1
Mar 16 14:27:03 Coffee-Grounds postfix/master[4682]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

And just in case, this is my master.cf

Code:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    unix  n       -       -       60      1       pickup
         -o content_filter=
         -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       -       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
s_se

ztk.me · Mar 16, 2016

master.cf put # before smtpd to make it look like
Code:
#smtpd     pass  -       -       -       -       -       smtpd
Check your main.cf to make it look like
Code:
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/letsencrypt/live/{domain}/chain.pem

smtpd_tls_cert_file = /etc/letsencrypt/live/{domain}/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/{domain}/privkey.pem

smtp_tls_cert_file = /etc/letsencrypt/live/{domain}/fullchain.pem
smtp_tls_key_file = /etc/letsencrypt/live/{domain}/privkey.pem

smtp_use_tls = yes
I created the SSL files using lets encrypt services
Code:
apt-get install git;
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt/
./letsencrypt-auto certonly
( ./letsencrypt-auto certonly --rsa-key-size 4096 -d domain.tld -d www.domain.tld )
Check permissions of your sasl_passwd and make sure it's postmapped
Code:
chmod 400 /etc/postfix/sasl/sasl_passwd
postmap /etc/postfix/sasl/sasl_passwd
In addition to that,

Postfix releases 2.9.14, 2.10.8, 2.11.6, 3.0.2, released on 20/Jul/2015 and all later releases are not vulnerable in their default configuration. The below recommended TLS settings for Postfix are sufficient to avoid exposure to DROWN. Many of these are defaults in sufficiently recent releases. Nevertheless, in addition to ensuring that your Postfix configuration disables SSLv2 and weak or obsolete ciphers, you should also deploy the appropriate OpenSSL upgrade.
Click to expand...
Code:
   # Minimal recommended settings.  Whenever the built-in defaults are
   # sufficient, let the built-in defaults stand by deleting any explicit
   # overrides.  The default mandatory TLS protocols have never included
   # SSLv2, check to make sure you have not inadvertently enabled it.
   #
   smtpd_tls_protocols = !SSLv2, !SSLv3
   smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
   tlsproxy_tls_protocols = $smtpd_tls_protocols
   tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols

   smtp_tls_protocols = !SSLv2, !SSLv3
   smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
   lmtp_tls_protocols = !SSLv2, !SSLv3
   lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3

   smtpd_tls_ciphers = medium
   smtp_tls_ciphers = medium

   # Other best practices

   # Strongly recommended:
   # http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs
   #
   smtpd_tls_dh1024_param_file=${config_directory}/dh2048.pem
   smtpd_tls_eecdh_grade = strong

   # Suggested, not strictly needed:
   #
   smtpd_tls_exclude_ciphers =
        EXPORT, LOW, MD5, SEED, IDEA, RC2
   smtp_tls_exclude_ciphers =
        EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2
https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/
EDH Server support (Postfix ≥ 2.2, all supported OpenSSL versions)

Execute as root (prime group generation can take a few seconds to a few minutes):

# cd /etc/postfix
# umask 022
# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
# chmod 644 dh512.pem dh1024.pem dh2048.pem
The Postfix SMTP server EDH parameter files are not secret, after all these parameters are sent to all remote SMTP clients in the clear. Mode 0644 is fine.
You can improve security against pre-computation attacks further by regenerating the Postfix SMTP server EDH parameters periodically (an hourly or daily cron job running the above commands as root can automate this task).
Once the parameters are in place, update main.cf as follows:

/etc/postfix/main.cf:
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
If some of your MSA clients don't support 2048-bit EDH, you may need to adjust the submission entry in master.cf accordingly:
/etc/postfix/master.cf:
submission inet n - n - - smtpd
# Some submission clients may not yet do 2048-bit EDH, if such
# clients use your MSA, configure 1024-bit EDH instead. However,
# as of mid-2015, many submission clients no longer accept primes
# with less than 2048-bits. Each site needs to determine which
# type of client is more important to support.
-o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
Click to expand...

http://www.postfix.org/FORWARD_SECRECY_README.html#server_fs

Madrig88 · Mar 16, 2016

Thank you for such a quick reply! I am still having a few issues.
I have roundcube for webmail if that matters however, now I can't even log into roundcube.

Here is the main.cf with the changes you suggested, they aren't in the same order unless that matters:

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/spiritbearstudios.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/spiritbearstudios.com/privkey.pem
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy


# start new test lines
smtp_tls_loglevel = 1
smtp_connect_timeout = 120s
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_starttls_timeout = 300s
# end new test lines

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
myhostname = Coffee-Grounds
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = spiritbearstudios.com
myorigin = /etc/mailname
mydestination = spiritbearstudios.com, Coffee-Grounds, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8, 10.82.88.0/24, [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
debug_peer_list=smtp.gmail.com
debug_peer_level=4
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"
smtpd_tls_received_header = yes
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = no
tls_random_source = dev:/dev/urandom
content_filter = smtp-amavis:[127.0.0.1]:10024

This is the new mail.log:

Code:

Mar 16 15:12:25 Coffee-Grounds postfix/smtpd[5005]: warning: TLS library problem: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:682:
Mar 16 15:12:25 Coffee-Grounds postfix/smtpd[5005]: connect from localhost[127.0.0.1]
Mar 16 15:12:25 Coffee-Grounds postfix/smtpd[5005]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 15:12:25 Coffee-Grounds postfix/smtpd[5005]: fatal: no SASL authentication mechanisms
Mar 16 15:12:26 Coffee-Grounds amavis[1618]: (01618-06) (!)FWD from <[email protected]> -> <[email protected]>, 451 4.5.0 From MTA() during fwd-connect (Negative gre$
Mar 16 15:12:26 Coffee-Grounds postfix/master[4682]: warning: process /usr/lib/postfix/smtpd pid 5005 exit status 1
Mar 16 15:12:26 Coffee-Grounds postfix/master[4682]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 15:12:26 Coffee-Grounds amavis[1618]: (01618-06) Blocked MTA-BLOCKED {TempFailedOutbound}, LOCAL [127.0.0.1]:46454 [127.0.0.1] <[email protected]> -> <wdunha$
Mar 16 15:12:26 Coffee-Grounds postfix/smtp[5000]: 5747B40063: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=17460, delays=17446/0.05/0/14, dsn=4.5.0, status=d$
Mar 16 15:13:10 Coffee-Grounds postfix/smtpd[6906]: warning: cannot get RSA certificate from file /etc/letsencrypt/live/spiritbearstudios.com/fullchain.pem: disabling TLS suppo$
Mar 16 15:13:10 Coffee-Grounds postfix/smtpd[6906]: warning: TLS library problem: error:02001002:system library:fopen:No such file or directory:bss_file.c:391:fopen('/etc/letse$
Mar 16 15:13:10 Coffee-Grounds postfix/smtpd[6906]: warning: TLS library problem: error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:393:
Mar 16 15:13:10 Coffee-Grounds postfix/smtpd[6906]: warning: TLS library problem: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:682:
Mar 16 15:13:10 Coffee-Grounds postfix/smtpd[6906]: connect from unknown[155.133.82.84]
Mar 16 15:13:10 Coffee-Grounds postfix/smtpd[6906]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 15:13:10 Coffee-Grounds postfix/smtpd[6906]: fatal: no SASL authentication mechanisms
Mar 16 15:13:11 Coffee-Grounds postfix/master[4682]: warning: process /usr/lib/postfix/smtpd pid 6906 exit status 1
Mar 16 15:13:11 Coffee-Grounds postfix/master[4682]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 15:14:15 Coffee-Grounds postfix/anvil[4746]: statistics: max connection rate 1/60s for (smtp:155.133.82.84) at Mar 16 15:04:16
Mar 16 15:14:15 Coffee-Grounds postfix/anvil[4746]: statistics: max connection count 1 for (smtp:155.133.82.84) at Mar 16 15:04:16
Mar 16 15:14:15 Coffee-Grounds postfix/anvil[4746]: statistics: max cache size 1 at Mar 16 15:04:16
Mar 16 15:14:52 Coffee-Grounds postfix/smtpd[7104]: warning: cannot get RSA certificate from file /etc/letsencrypt/live/spiritbearstudios.com/fullchain.pem: disabling TLS suppo$
Mar 16 15:14:52 Coffee-Grounds postfix/smtpd[7104]: warning: TLS library problem: error:02001002:system library:fopen:No such file or directory:bss_file.c:391:fopen('/etc/letse$
Mar 16 15:14:52 Coffee-Grounds postfix/smtpd[7104]: warning: TLS library problem: error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:393:
Mar 16 15:14:52 Coffee-Grounds postfix/smtpd[7104]: warning: TLS library problem: error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:682:
Mar 16 15:14:52 Coffee-Grounds postfix/smtpd[7104]: connect from unknown[155.133.82.84]
Mar 16 15:14:52 Coffee-Grounds postfix/smtpd[7104]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 15:14:52 Coffee-Grounds postfix/smtpd[7104]: fatal: no SASL authentication mechanisms
Mar 16 15:14:53 Coffee-Grounds postfix/master[4682]: warning: process /usr/lib/postfix/smtpd pid 7104 exit status 1
Mar 16 15:14:53 Coffee-Grounds postfix/master[4682]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 15:16:22 Coffee-Grounds postfix/smtpd[7140]: connect from unknown[155.133.82.84]
Mar 16 15:16:22 Coffee-Grounds postfix/smtpd[7140]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 15:16:22 Coffee-Grounds postfix/smtpd[7140]: fatal: no SASL authentication mechanisms
Mar 16 15:16:23 Coffee-Grounds postfix/master[4682]: warning: process /usr/lib/postfix/smtpd pid 7140 exit status 1
Mar 16 15:16:23 Coffee-Grounds postfix/master[4682]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 15:17:38 Coffee-Grounds postfix/master[4682]: reload -- version 2.11.3, configuration /etc/postfix
Mar 16 15:17:38 Coffee-Grounds postfix/anvil[7106]: statistics: max connection rate 1/60s for (smtp:155.133.82.84) at Mar 16 15:14:52
Mar 16 15:17:38 Coffee-Grounds postfix/anvil[7106]: statistics: max connection count 1 for (smtp:155.133.82.84) at Mar 16 15:14:52
Mar 16 15:17:38 Coffee-Grounds postfix/anvil[7106]: statistics: max cache size 1 at Mar 16 15:14:52
Mar 16 15:17:53 Coffee-Grounds postfix/smtpd[7171]: connect from unknown[155.133.82.84]
Mar 16 15:17:53 Coffee-Grounds postfix/smtpd[7171]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 15:17:53 Coffee-Grounds postfix/smtpd[7171]: fatal: no SASL authentication mechanisms
Mar 16 15:17:54 Coffee-Grounds postfix/master[4682]: warning: process /usr/lib/postfix/smtpd pid 7171 exit status 1
Mar 16 15:17:54 Coffee-Grounds postfix/master[4682]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 15:19:00 Coffee-Grounds dovecot: master: Error: service(auth): unlink(/var/spool/postfix/private/auth) failed: Is a directory
Mar 16 15:19:00 Coffee-Grounds dovecot: master: Fatal: Failed to start listeners

ztk.me · Mar 16, 2016

You're still missing smtp_tls_cert_file and smtp_tls_key_file

Madrig88 · Mar 16, 2016

I inserted the lines from both of your posts, however I still cannot login through roundcube, its stating "Connection to storage server failed." I have attempted and I also cannot telnet to localhost 25
Is this the way you were having me set this up? I have created a backup just in case.

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
tlsproxy_tls_protocols = $smtpd_tls_protocols
tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols

smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3

smtpd_tls_ciphers = medium
smtp_tls_ciphers = medium

smtpd_tls_dh1024_param_file=${config_directory}/dh2048.pem
smtpd_tls_eecdh_grade = strong

smtpd_tls_exclude_ciphers = EXPORT, LOW, MD5, SEED, IDEA, RC2
smtp_tls_exclude_ciphers = EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2

smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/spiritbearstudios.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/spiritbearstudios.com/privkey.pem
smtp_tls_cert_file = /etc/letsencrypt/live/spiritbearstudios.com/fullchain.pem
smtp_tls_key_file = /etc/letsencrypt/live/spiritbearstudios.com/privkey.pem
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy


# start new test lines
smtp_tls_loglevel = 1
smtp_connect_timeout = 120s
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_starttls_timeout = 300s
# end new test lines

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
myhostname = Coffee-Grounds
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = spiritbearstudios.com
myorigin = /etc/mailname
mydestination = spiritbearstudios.com, Coffee-Grounds, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8, 10.82.88.0/24, [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
debug_peer_list=smtp.gmail.com
debug_peer_level=4
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy


# start new test lines
smtp_tls_loglevel = 1
smtp_connect_timeout = 120s
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_starttls_timeout = 300s
# end new test lines

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
myhostname = Coffee-Grounds
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = spiritbearstudios.com
myorigin = /etc/mailname
mydestination = spiritbearstudios.com, Coffee-Grounds, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8, 10.82.88.0/24, [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
debug_peer_list=smtp.gmail.com
debug_peer_level=4
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}"
smtpd_tls_received_header = yes
smtpd_tls_auth_only = no
tls_random_source = dev:/dev/urandom
content_filter = smtp-amavis:[127.0.0.1]:10024

Here is the mail log

Code:

Mar 16 16:42:08 Coffee-Grounds postfix/master[8369]: warning: process /usr/lib/postfix/smtpd pid 8457 exit status 1
Mar 16 16:42:08 Coffee-Grounds postfix/master[8369]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 16:43:13 Coffee-Grounds postfix/anvil[8430]: statistics: max connection rate 1/60s for (smtp:155.133.82.84) at Mar 16 16:33:13
Mar 16 16:43:13 Coffee-Grounds postfix/anvil[8430]: statistics: max connection count 1 for (smtp:155.133.82.84) at Mar 16 16:33:13
Mar 16 16:43:13 Coffee-Grounds postfix/anvil[8430]: statistics: max cache size 1 at Mar 16 16:33:13
Mar 16 16:43:36 Coffee-Grounds postfix/smtpd[8458]: warning: cannot load 512-bit DH parameters from file /etc/postfix/dh512.pem???: No such file or directory -- using compiled-$
Mar 16 16:43:36 Coffee-Grounds postfix/smtpd[8458]: connect from unknown[155.133.82.84]
Mar 16 16:43:36 Coffee-Grounds postfix/smtpd[8458]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 16:43:36 Coffee-Grounds postfix/smtpd[8458]: fatal: no SASL authentication mechanisms
Mar 16 16:43:37 Coffee-Grounds postfix/master[8369]: warning: process /usr/lib/postfix/smtpd pid 8458 exit status 1
Mar 16 16:43:37 Coffee-Grounds postfix/master[8369]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 16:45:04 Coffee-Grounds postfix/smtpd[8459]: warning: cannot load 512-bit DH parameters from file /etc/postfix/dh512.pem???: No such file or directory -- using compiled-$
Mar 16 16:45:10 Coffee-Grounds postfix/smtpd[8459]: connect from unknown[155.133.82.84]
Mar 16 16:45:10 Coffee-Grounds postfix/smtpd[8459]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 16:45:10 Coffee-Grounds postfix/smtpd[8459]: fatal: no SASL authentication mechanisms
Mar 16 16:45:11 Coffee-Grounds postfix/master[8369]: warning: process /usr/lib/postfix/smtpd pid 8459 exit status 1
Mar 16 16:45:11 Coffee-Grounds postfix/master[8369]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 16:46:33 Coffee-Grounds postfix/smtpd[8461]: warning: cannot load 512-bit DH parameters from file /etc/postfix/dh512.pem???: No such file or directory -- using compiled-$
Mar 16 16:46:36 Coffee-Grounds postfix/smtpd[8461]: connect from unknown[155.133.82.84]
Mar 16 16:46:36 Coffee-Grounds postfix/smtpd[8461]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 16:46:36 Coffee-Grounds postfix/smtpd[8461]: fatal: no SASL authentication mechanisms
Mar 16 16:46:37 Coffee-Grounds postfix/master[8369]: warning: process /usr/lib/postfix/smtpd pid 8461 exit status 1
Mar 16 16:46:37 Coffee-Grounds postfix/master[8369]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

ztk.me · Mar 16, 2016

You still need to change your
Code:
smtp_tls_CAfile = /etc/letsencrypt/live/spiritbearstudios.com/chain.pem
Beware that you have the following block twice, remove one block and use the above mentioned tls_CAfile param

# start new test lines
smtp_tls_loglevel = 1
smtp_connect_timeout = 120s
smtp_tls_note_starttls_offer = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_starttls_timeout = 300s
# end new test lines
Click to expand...

This is a rather old config ( version 2.3 and less ) and defaults to smtpd anyway, you can remove that line
it's smtpd_sasl_path for version newer versions.
Code:
smtpd_sasl_application_name = smtpd
Also I did quote/mention some ssl-related stuff because it's a ssl related topic, if you use that, please read the full text

Mar 16 16:45:04 Coffee-Grounds postfix/smtpd[8459]: warning: cannot load 512-bit DH parameters from file /etc/postfix/dh512.pem???: No such file or directory -- using compiled-$
Click to expand...

You need to generate the dh-files if you want to use PFS.

Madrig88 · Mar 16, 2016

I have the one about the DH parameters solved and I do want to use PFS for some reason the config wasn't recognizing the dh512.pem in the postfix folder but I got it working. for some reason I cant even telnet I find this odd. I actually just installed postfix not long ago and I started shoving old fixes in thinking that it would help... this is probably a newer config gone wrong by user error.

This is what happens when I try to telnet to the server:

Code:

root@Coffee-Grounds:/etc/postfix# telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ehlo localhost
        # Waits approx 2 mins then...
Connection closed by foreign host.

Mail.log:

Code:

Mar 16 17:41:28 Coffee-Grounds postfix/master[10023]: daemon started -- version 2.11.3, configuration /etc/postfix
Mar 16 17:41:40 Coffee-Grounds postfix/smtpd[10026]: connect from unknown[155.133.82.84]
Mar 16 17:41:40 Coffee-Grounds postfix/smtpd[10026]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 17:41:40 Coffee-Grounds postfix/smtpd[10026]: fatal: no SASL authentication mechanisms
Mar 16 17:41:41 Coffee-Grounds postfix/master[10023]: warning: process /usr/lib/postfix/smtpd pid 10026 exit status 1
Mar 16 17:41:41 Coffee-Grounds postfix/master[10023]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 17:43:11 Coffee-Grounds postfix/smtpd[10031]: connect from unknown[155.133.82.84]
Mar 16 17:43:11 Coffee-Grounds postfix/smtpd[10031]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 17:43:11 Coffee-Grounds postfix/smtpd[10031]: fatal: no SASL authentication mechanisms
Mar 16 17:43:12 Coffee-Grounds postfix/master[10023]: warning: process /usr/lib/postfix/smtpd pid 10031 exit status 1
Mar 16 17:43:12 Coffee-Grounds postfix/master[10023]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Mar 16 17:44:12 Coffee-Grounds postfix/smtpd[10033]: connect from localhost[127.0.0.1]
Mar 16 17:44:12 Coffee-Grounds postfix/smtpd[10033]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 16 17:44:12 Coffee-Grounds postfix/smtpd[10033]: fatal: no SASL authentication mechanisms
Mar 16 17:44:13 Coffee-Grounds postfix/master[10023]: warning: process /usr/lib/postfix/smtpd pid 10033 exit status 1
Mar 16 17:44:13 Coffee-Grounds postfix/master[10023]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

ztk.me · Mar 16, 2016

Ok, make sure dovecot is running and does provide private/auth
See this article for instructions.
And just in case you missed it
Code:
adduser postfix sasl

Madrig88 · Mar 17, 2016

Alright, so roundcube works now, and I am able to send emails, however, now I cannot receive the test email because of the following. perhaps you can make heads or tails out of this. this was Issue 2 unable to send email through the GMail smtp. This was the issue that caused the changes that I had made.

Code:

Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: private/tlsmgr: wanted attribute: (list terminator)
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: input attribute name: (end)
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: Untrusted TLS connection established to smtp.gmail.com[209.85.147.109]:587: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 ($
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: smtp_stream_setup: maxtime=300 enable_deadline=0
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: > smtp.gmail.com[209.85.147.109]:587: EHLO spiritbearstudios
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: vstream_fflush_some: fd 19 flush 24
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: vstream_buf_get_ready: fd 19 got 221
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: < smtp.gmail.com[209.85.147.109]:587: 250-smtp.gmail.com at your service, [75.128.91.10]
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: < smtp.gmail.com[209.85.147.109]:587: 250-SIZE 35882577
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: < smtp.gmail.com[209.85.147.109]:587: 250-8BITMIME
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: < smtp.gmail.com[209.85.147.109]:587: 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: < smtp.gmail.com[209.85.147.109]:587: 250-ENHANCEDSTATUSCODES
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: < smtp.gmail.com[209.85.147.109]:587: 250-PIPELINING
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: < smtp.gmail.com[209.85.147.109]:587: 250-CHUNKING
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: < smtp.gmail.com[209.85.147.109]:587: 250 SMTPUTF8
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: server features: 0x102f size 35882577
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: Using ESMTP PIPELINING, TCP send buffer size is 44800, PIPELINING buffer size is 4096
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: maps_find: smtp_sasl_passwd: smtp.gmail.com: not found
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: maps_find: smtp_sasl_passwd: hash:/etc/postfix/sasl/sasl_passwd(0,lock|fold_fix): [smtp.gmail.com]:587 = ########:$
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: smtp_sasl_passwd_lookup: host `smtp.gmail.com' user `########' pass `#########'
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: starting new SASL client
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: name_mask: noplaintext
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: name_mask: noanonymous
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: smtp_sasl_authenticate: smtp.gmail.com[209.85.147.109]:587: SASL mechanisms LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER$
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: warning: SASL authentication failure: No worthy mechs found
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: connect to subsystem private/defer
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr nrequest = 0
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr flags = 0
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr queue_id = E49D6403DE
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr original_recipient = [email protected]
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr recipient = [email protected]
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr offset = 607
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr dsn_orig_rcpt = rfc822;[email protected]
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr notify_flags = 0
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr status = 4.7.0
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr diag_type = x-sasl
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr diag_text = no mechanism available
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr mta_type =
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr mta_mname =
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr action = delayed
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: send attr reason = SASL authentication failed; cannot authenticate to server smtp.gmail.com[209.85.147.109]: no mechanism ava$
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: vstream_fflush_some: fd 20 flush 386
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: vstream_buf_get_ready: fd 20 got 10
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: private/defer socket: wanted attribute: status
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: input attribute name: status
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: input attribute value: 0
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: private/defer socket: wanted attribute: (list terminator)
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: input attribute name: (end)
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: E49D6403DE: to=<[email protected]>, relay=smtp.gmail.com[209.85.147.109]:587, delay=0.86, delays=0.02/0.02/0.82/0, dsn=4.7.0, $
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: flush_add: site bsdd.com id E49D6403DE
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: match_hostname: bsdd.com ~? spiritbearstudios.com
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: match_hostname: bsdd.com ~? Coffee-Grounds
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: match_hostname: bsdd.com ~? localhost.localdomain
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: match_hostname: bsdd.com ~? localhost
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: match_list_match: bsdd.com: no match
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: flush_add: site bsdd.com id E49D6403DE status 4
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: smtp_stream_setup: maxtime=300 enable_deadline=0
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: > smtp.gmail.com[209.85.147.109]:587: QUIT
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: name_mask: resource
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: name_mask: software
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: vstream_fflush_some: fd 19 flush 6
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: vstream_fflush_some: fd 19 flush 0
Mar 17 14:09:55 Coffee-Grounds postfix/smtp[13472]: disposing SASL state information
Mar 17 14:10:40 Coffee-Grounds dovecot: imap-login: Login: user=<wdunham>, method=PLAIN, rip=10.82.88.1, lip=10.82.88.182, mpid=13475, TLS, session=<YGZVjEIuDgAKUlgB>
Mar 17 14:10:40 Coffee-Grounds dovecot: imap(wdunham): Disconnected: Logged out in=91 out=866

filtered User and password for SMTP server

ztk.me · Mar 17, 2016

Check your password file

Code:

$cat /etc/postfix/sasl/sasl_passwd
smtp.gmail.com      user:pass

It says it can't find it.

Also do:

Code:

chown root:root /etc/postfix/sasl/sasl_passwd && chmod 600 /etc/postfix/sasl/sasl_passwd

postmap hash:/etc/postfix/sasl/sasl_passwd

Madrig88 · Mar 17, 2016

Alright now its telling me authentication required...

When my password file looks like this...

Code:

smtp.gmail.com      user:pass

and postmapped I get this...

Code:

Mar 17 14:58:18 Coffee-Grounds postfix/smtp[14313]: < smtp.gmail.com[209.85.147.109]:587: 530-5.5.1 Authentication Required. Learn more at
Mar 17 14:58:18 Coffee-Grounds postfix/smtp[14313]: < smtp.gmail.com[209.85.147.109]:587: 530 5.5.1  https://support.google.com/mail/answer/14257 p1sm4160155iop.12 - gsmtp

So I made sure to follow the link and click this and authorize... https://accounts.google.com/DisplayUnlockCaptcha
after trying again I get the same result. however when my password file looks like this...

Code:

smtp.gmail.com:587 user:pass

and postmapped I get this...

Code:

Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: smtp_sasl_authenticate: smtp.gmail.com[209.85.147.108]:587: SASL mechanisms LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER$
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: warning: SASL authentication failure: No worthy mechs found
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: connect to subsystem private/defer
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr nrequest = 0
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr flags = 0
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr queue_id = DEEF3403F7
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr original_recipient = [email protected]
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr recipient = [email protected]
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr offset = 607
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr dsn_orig_rcpt = rfc822;[email protected]
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr notify_flags = 0
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr status = 4.7.0
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr diag_type = x-sasl
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr diag_text = no mechanism available
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr mta_type =
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr mta_mname =
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: warning: SASL authentication failure: No worthy mechs found
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: connect to subsystemMar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr action = delayed
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: send attr reason = SASL authentication failed; cannot authenticate to server smtp.gmail.com[209.85.147.108]: no mechanism ava$
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: vstream_fflush_some: fd 20 flush 386
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: vstream_buf_get_ready: fd 20 got 10
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: private/defer socket: wanted attribute: status
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: input attribute name: status
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: input attribute value: 0
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: private/defer socket: wanted attribute: (list terminator)
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: input attribute name: (end)
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: DEEF3403F7: to=<[email protected]>, relay=smtp.gmail.com[209.85.147.108]:587, delay=0.64, delays=0.01/0/0.63/0, dsn=4.7.0, sta$
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: flush_add: site bsdd.com id DEEF3403F7
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: match_hostname: bsdd.com ~? spiritbearstudios.com
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: match_hostname: bsdd.com ~? Coffee-Grounds
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: match_hostname: bsdd.com ~? localhost.localdomain
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: match_hostname: bsdd.com ~? localhost
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: match_list_match: bsdd.com: no match
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: flush_add: site bsdd.com id DEEF3403F7 status 4
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: smtp_stream_setup: maxtime=300 enable_deadline=0
Mar 17 15:06:10 Coffee-Grounds postfix/smtp[14372]: > smtp.gmail.com[209.85.147.108]:587: QUIT

Madrig88 · Mar 17, 2016

Alright I figured this issue out!
This is the sasl_passwd file:
Code:
[smtp.gmail.com]:587 user:pass
Then I realized I missed this in the main.cf(which I missed when you stated it earlier):
Code:
smtp_sasl_security_options = noanonymous
and then I had to enable the account using https://accounts.google.com/DisplayUnlockCaptcha and then use less secure apps with this link: https://www.google.com/settings/security/lesssecureapps

now everything that I have missed on previous email attempts is pushing through, but they are all going to my spam folder. Is there anything with the given information above that I can do to help prevent this?

ztk.me · Mar 17, 2016

if you haven't done already, you could/should setup SPF for your mail domains.

Madrig88 · Mar 17, 2016

Thank you for your help I have been able to successfully send multiple emails. I greatly appreciate your assistance in this matter.

Log in or Sign up

Postfix won't send emails

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

Share This Page

Log in or Sign up

Postfix won't send emails

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

Madrig88 New Member

ztk.me ISPConfig Developer ISPConfig Developer

Madrig88 New Member

Share This Page

Useful Searches