Score:1

Postfix still uses port 25 despite configuration saying port 587

cn flag

I have a postfix server that is a relay for the main mail server.

That main mail server is to be used with the 587 port when i do a telnet on it it works just fine :

telnet 10.10.10.10 587
    Trying 10.10.10.10...
    Connected to 10.10.10.10
    Escape character is '^]'.
    220 front1 SMTP Server (Flowmailer SMTP Service) ready

Here is how i declared it in my /etc/postfix/main.cf :

relayhost = [10.10.10.10]:587

And here is how i declared it in my /etc/postfix/master.cf :

submission inet n       -       n       -       -       smtpd

After that i restarted my postfix with

systemctl restart postfix

And get no error message so far.

Then i try to send an email through my relay and here is the error i have :

2022-03-03T11:27:31.031822+01:00 mypostfix postfix/error[32000]: 044D63FBFA: to=<[email protected]>, relay=none, delay=0.01, delays=0.01/0/0/0.01, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 10.10.10.10[10.10.10.10]:25: Connection timed out)

And i don't understand why it keeps trying to use port 25 when i stated that i wanted to use port 587. Am i missing a configuration file here ?

Edit : Rest of the main.cf file :

compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/bin/
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mypostfix.mylocaldomain.com
mydomain = mylocaldomain.com
myorigin = $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 192.168.1.0/24 (and all other subnets in my domain)
header_checks = regexp:/etc/postfix/header_checks
smtpd_banner = $myhostname ESMTP
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix-doc/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix-doc/samples
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
biff = no
content_filter =
delay_warning_time = 1h
disable_dns_lookups = no
disable_mime_output_conversion = no
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = ipv4
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
mynetworks_style = subnet
relayhost = [10.10.10.10]:587
alias_maps = hash:/etc/aliases
canonical_maps = regexp:/etc/postfix/canonical
relocated_maps = hash:/etc/postfix/relocated
sender_canonical_maps = hash:/etc/postfix/sender_canonical
transport_maps = hash:/etc/postfix/transport
mail_spool_directory = /var/mail
message_strip_characters = \0
defer_transports =
mailbox_command =
mailbox_transport = smtp
mailbox_size_limit = 0
message_size_limit = 0
strict_8bitmime = no
strict_rfc821_envelopes = no
smtpd_delay_reject = yes
smtpd_helo_required = no
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_restriction_classes = verify_sender_mycompany,verify_sender_world,verify_sender_all
verify_sender_mycompany = check_client_access hash:/etc/postfix/maps/access_client_mycompany
verify_sender_world = check_client_access hash:/etc/postfix/maps/access_client_world
verify_sender_all = check_client_access hash:/etc/postfix/maps/access_client_all
smtpd_recipient_restrictions = check_recipient_access pcre:/etc/postfix/maps/verify_domains,reject_unauth_destination
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
tls_random_source = dev:/dev/urandom
smtpd_tls_protocols = !SSLv2, !SSLv3, TLSv1.1, TLSv1.2
smtpd_tls_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, TLSv1.1, TLSv1.2
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level = none
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, TLSv1.1, TLSv1.2
smtp_tls_mandatory_ciphers = high
smtp_tls_security_level = may
tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
smtp_use_tls = no
smtp_enforce_tls = no
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_key_file =
smtp_tls_session_cache_database =
smtpd_use_tls = no
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 3
smtpd_tls_CAfile = /etc/ssl/certs/mylocaldomain.com-WC-2022.pem
smtpd_tls_CApath =
smtpd_tls_cert_file = /etc/ssl/certs/mylocaldomain.com-WC-2022.cer
smtpd_tls_key_file = /etc/ssl/private/other-WC-2022.key
smtpd_tls_ask_ccert = yes
smtpd_tls_exclude_ciphers = RC4
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
virtual_alias_maps = hash:/etc/postfix/virtual

Also my domain is mylocaldomain.com and i'm trying to sed an email to myself at [email protected] and to do so i use the transport file in which there is this line :

company.com             smtp:10.10.10.10
Appleoddity avatar
ng flag
What’s the rest of your main.cf look like? Does `mydestination` contain the domain you are trying to send to by any chance? Or perhaps $mydomain, and $mydomain = the recipient’s domain. If you want to forward all mail, make sure the mydestination parameter does not have a value.
cn flag
Hi thank you for your answer, here is what `mydestination` looks like : `mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain` Removing that line doesn't change anything, i still get the connection timed out error probably because it still tries to use port 25 instead of port 587 like i want it.
Appleoddity avatar
ng flag
Well, it says relay=none in the log. So it’s not actually using your relayhost setting from the looks of it. Something doesn’t add up. In the config it would say `mydestination=` with nothing after it. Just removing the whole line I think causes it to default to $mydomain. Anyways, you should [edit] your question and include your full config files. Too many settings work together to guess here.
Appleoddity avatar
ng flag
You don’t have to use real information but please use an IP address, where an IP address is expected, instead of words, when you obfuscate your information. Same goes for mycompany, etc. you can obfuscate just make sure it matches up through all the info you provide so we can decipher how everything aligns between logs and settings, etc.
cn flag
Thank you, i edited the post, sorry i'm still new to these kind of forums
asktyagi avatar
in flag
Might be this solution will help https://serverfault.com/a/1018407/521194
Appleoddity avatar
ng flag
Ok. It’s becoming more clear now. Why are you using a transport map? Is the mail server handling mail in any other way or for any other systems? Otherwise, if it’s whole purpose is to relay mail in the way you described then transport_maps should be removed from main.cf. Otherwise, I also need to see master.cf because your transport map is overriding the relayhost you configured. The entry in your transport map is wrong. It should be `smtp:[10.10.10.10]:587` just like how you used it in `relayhost`. But, shouldn’t be used or needed at all when postfix is used as you described.
Score:0
jp flag

In your transport file you declare that for the domain company.com postfix should use the smtp transport (i.e. port 25).

So I guess your postfix would use port 587 for every other domain except company.com.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.