Join Log in
Score:0
Eric F avatar Server

Email server will not receive emails - Postfix / Dovecot / Raspberry Pi

in flag
Eric F

Background

I have been working on getting an email server set up using a Raspberry Pi as the host. I have been primarily using this guide as my help but I appear to be stuck. I do have a residential service but have an account at dynu.com with the services "SMTP Outbound relay" and "Email Store / Forward" to get around this. They also host my domain name as well.

Problem

I can send emails no problem, what I am having an issue with is receiving them. I will post a lot of detail as I have tried many things and feel like something is bound to turn up a clue.

Ports

Using a port scanner I can determine the following:

  • Port 25 = Blocked
  • Port 2525 = Unblocked
  • Port 143 = Unblocked
  • Port 465 = Unblocked
  • Port 993 = Unblocked

All ports are forwarding through the router successfully to my email host.

OpenSSL Testing (works)

Using the command openssl s_client -connect mail.xxx.com:993 -quiet (where xxx is my actual domain) I can login using a login user password , `b select inbox', 'c logout' Using my actual domain name rather than localhost makes me feel that this is set up correctly.

Monitoring mail.log when receiving an email

The only entry that appears: enter image description here

I see in my Dyno Email Store / Forward service that they just sit there and never transfer:

enter image description here

I have the Dyno email forward / store service set up as follows:

enter image description here

I might not even need this Email Forward / Store service since port 993 is not blocked by my ISP? I just am using it because I can't get it to work without it either so may as well try something different.

Relevant configuration files

Main.cfg

smtpd_banner = $myhostname ESMTP $mail_name (Raspbian)
biff = no

append_dot_mydomain = no

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
defer_unauth_destination
myhostname = xxx.com (I have the real one here)
mydomain = xxx.com (I have the real one here)

myorigin = $mydomain

mydestination = localhost, localhost.localdomain

#added
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

relayhost = [relay.dynu.com]:2525
smtp_sasl_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_generic_maps = hash:/etc/postfix/generic

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all


smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destinations

smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_helo_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_helo_hostname,
    check_helo_access hash:/etc/postfix/helo_access

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes

Master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
2525       inet  n   -   n   -   -   smtpd
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
#submission inet n       -       y       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
# 
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1 
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} 
${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

Dovecot 10-master.conf

Definitely is listening on port 993 as demonstrated by the login above:

service imap-login {
  port = 143
}
inet_listener imaps {
  port = 993
  ssl = yes
}

If there are any other config files that need to be checked / posted, let me know and I can show.

Dynu email service / fetchmail configuration

Dynu configuration:

enter image description here

I can specify a login username and password as well:

enter image description here

Fetchmailrc:

# /etc/fetchmailrc for system-wide daemon mode

# This file must be chmod 0600, owner fetchmail



set daemon        300                # Pool every 5 minutes

set syslog                        # log through syslog facility

set postmaster  root



set no bouncemail                # avoid loss on 4xx errors

                            # on the other hand, 5xx errors get

                            # more dangerous...

# Hosts to pool


# Defaults ===============================================================
# Set antispam to -1, since it is far safer to use that together with

# no bouncemail

defaults:

timeout 300

antispam -1

batchlimit 100

poll store1.dynu.com protocol POP3 username "eric" password "password"

So, in the configuration above I still do not get emails. Should the user name and password in fetchmail match that in the authentication for dynu? Is the poll store1.dynu.com protocol POP3 username "eric" password "password" portion right?

140
0 + 0
fr flag
Tomek
Try `poll store1.dynu.com protocol ETRN user <your_domain_name>`
0
Reply
fr flag
Tomek
Correction, it should have been `fetchdomains`, not `user`: `poll store1.dynu.com protocol ETRN fetchdomains <your_domain_name>`.
0
Reply
Eric F avatar
in flag
Eric F
@Tomek Thanks for the suggestion! I did try this but still no emails will go through. I did discover that I was missing `home_mailbox = Maildir/` and `mailbox_command = ` in my main.cf. Adding these lines now allows me to send an email to myself (internal to my own network) which is more than I could do before. Still not able to send from outside though
0
Reply
Eric F avatar
in flag
Eric F
@tomek I finally got it to work! The key was to set my ETRN port on dynu to 465 and to authenticate using my username and password. Thanks so much for your help Tomek!!
0
Reply
Score:2
avatar Server
fr flag
Tomek

You are confusing different services. Your store-and-forward server @ dynu is configured for ETRN. This means you HAVE to trigger email transfer using ETRN protocol and as the result dynu will contact your SMTP server, probably @ ETRN port (993) above. You don't need dovecot listening there, just postfix.

One ETRN client I know about is fetchmail. Its man page has this note:

The ETRN mode allows you to ask a compliant ESMTP server (such as BSD sendmail at release 8.8.0 or higher) to immediately open a sender-SMTP connection to your client machine and begin forwarding any items addressed to your client machine in the server's queue of undelivered mail.

So probably configuring and running it is the last missing piece you need to take care of.

DISCLAMER: I've never run such setup and cannot guarantee this would work.

EDIT: The fetchmail command likely is:

fetchmail store1.dynu.com -p etrn --fetchdomains <your_domain_name>

giving the following poll line:

poll store1.dynu.com protocol etrn fetchdomains <your_domain_name>
0 + 0
Eric F avatar
in flag
Eric F
Thank you for the response. I believe "SquirrelMail" does the same thing as well? I ask only because this is in the original article I have been using (https://samhobbs.co.uk/2013/12/raspberry-pi-email-server-part-3-squirrelmail) I still need this component regardless of the client side? I still need this even if I decide to not use the dynu email store / forward service?
0
Reply
fr flag
Tomek
`dovecot` is IMAP and POP3 server - to present emails from local storage to client applications like `thundirbird` or even `outlook`. `squirrelmail`, as far as I remember is a web client and likely can (or even must) use IMAP or POP3 server as its backend. So you MIGHT need it if you want to have web interface but it is completely unnecessary for ETRN itself.
1
Reply
Eric F avatar
in flag
Eric F
Thanks so much! I will try installing / setting up fetchmail and will post back
0
Reply
fr flag
Tomek
BTW, your ETRN port probably shouldn't be 993 (as you have dovecot there) but 26 or 2525. And you must configure postfix to listen on that port. Or router to forward it appropriately.
0
Reply
Eric F avatar
in flag
Eric F
How do I get postfix to listen on that port? Both 2526 and 26 are open. Is that in the master.cf?
0
Reply
fr flag
Tomek
You already have postfix listening on port 2525 as I just noticed in master.cf file. This probably should be your ETRN port.
0
Reply
Eric F avatar
in flag
Eric F
Tomek - Already THANK YOU so much for your help. I finally did get fetchmail installed (manually) but it is up and running. See my updated question as I must still be missing something small...
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.