Postfix almost working

[davecove]

I put Fedora 14 on a VPS so the I could have a 'real' machine on the 'real' internet and start doing some of my own hosting (that is, moving my junk from a hosting provider to my own box).

I have postfix running, and it seems pretty happy, except that emails sent thru it never seem to actually get to their destination. For example, if I use mailx to send an email to my gmail account, like this:

Code:

echo test | mail -s "test email" me@gmail.com

I see the message go thru the maillog, and it seems OK, but it never appears in gmail (inbox, trash, or junk).

Code:

Jan 23 00:06:22 ns1 postfix/pickup[3958]: D3B261900E0: uid=0 from=<root>
Jan 23 00:06:22 ns1 postfix/cleanup[3998]: D3B261900E0: message-id=<20120123050622.D3B261900E0@ns1.foo.com>
Jan 23 00:06:22 ns1 postfix/qmgr[3959]: D3B261900E0: from=<root@foo.com>, size=442, nrcpt=1 (queue active)
Jan 23 00:06:23 ns1 postfix/smtp[4000]: D3B261900E0: to=<me@gmail.com>, relay=gmail-smtp-in.l.google.com[209.85.225.26]:25, delay=0.51, delays=0.1/0.01/0.31/0.09, dsn=2.0.0, status=sent (250 2.0.0 OK 1327295183 d6si6330731icx.47)
Jan 23 00:06:23 ns1 postfix/qmgr[3959]: D3B261900E0: removed

The same thing happens when I send a message to one of my hosted domains.

Yet when I use mailx to send an email to a local accout, the message is delivered to the local user with this in the maillog:

Code:

Jan 23 00:39:04 ns1 postfix/pickup[3958]: 935C61900E0: uid=0 from=<root>
Jan 23 00:39:04 ns1 postfix/cleanup[4037]: 935C61900E0: message-id=<20120123053904.935C61900E0@ns1.foo.com>
Jan 23 00:39:04 ns1 postfix/qmgr[3959]: 935C61900E0: from=<root@foo.com>, size=446, nrcpt=1 (queue active)
Jan 23 00:39:04 ns1 postfix/local[4039]: 935C61900E0: to=<dave@foo.com>, orig_to=<dave>, relay=local, delay=0.02, delays=0.01/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Jan 23 00:39:04 ns1 postfix/qmgr[3959]: 935C61900E0: removed

Inbound emails send from that gmail account to the dave@foo.com account are delivered fine.

Any insight would be appriciated.

</Dave>

[stevea]

Something is wrong there ... My deliver lines look basically like yours.
The smtp seems to have finished correctly - which points the blame at gmail.
Any chance you have a filer on your gmail acct ?


I think there is a 98% chance that the mail went out corretly, but you might want to wireshark the transaction.
(it's easy to read).

[Doug G]

Some things to consider:

Does your server have a static external IP? Is your PTR record setup properly? Does your ISP block SMTP? Can you send mail to other external mailboxes besides gmail?

[davecove]

Ok, it is gmail... if I send email to one of my non-gmail accounts, the message is delivered (yeah!). If I send it to a non-gmail account that gmail aggregates for me, and thus picks email up from, the message appears at the non-gmail account until gmail visits to pick up messages. At that point, the message disappears from the non-gmail inbox but never appears in my gmail inbox.

Now to figure out why gmail doesn't like my server. Both intodns.com and mxtoolbox.com give me 'all green'.

Can anyone suggest another tool that would analyse emails from my domain and reveal why gmail is having a fit. is there something like a gmail maillog?

Dave

[jpollard]

Might have a DNS authentication problem. If the gmail server can't authenticate your server it might reject the connections.

At a minimum the forward lookup of your domain must match the reverse lookup.

If you have a home based connection your ISP will not likely permit that. Forward lookups they can't stop, and that works if the remote server doesn't validate the name used in the SMTP header. But some servers will take that name and validate it by doing a reverse lookup of the IP number used for the connection, and if it doesn't match then it rejects the message. There are alternate authentications available, but they have progressively more effort at setup (I'm trying to remember them now...)

Got the others... SPF, Sender ID, and DomainKeys/DKIM:

http://help.campaignmonitor.com/topic.aspx?t=88

I do have to warn, this information appears specific to their operation, but the ideas should get you started.

[davecove]

How would gmail be authenticating my server? What can I check?

BTW: MXtoolbox.com shows that my reverse DNS is good and that I am not on any blacklists. IntoDNS.com is happy with my DNS settings except it doesn't like the fact I only have 1 operational name server and something about 'Stealth DNS records were sent'.

</Dave>

[Doug G]

I have my own mail server here running on fedora 15/postfix/dovecot imap on verizon fios with static external IP. Reverse DNS lookup for my IP returns the verizon fios hostname, not my mail domain name. No problems sending to gmail, the only extra thing I've done to this setup was to create a SPF record for my mail doman name. DNS is handled by godaddy dns.

[jpollard]

http://getsatisfaction.com/google/to...il_for_domains

looks appropriate.

[stevea]

FWIW Google's SMTP only accepts SSL/port=993 or STARTTLS/port=587 only.
http://support.google.com/mail/bin/a...n&answer=78799

Also w/ Google+ (and maybe otherwise) you must use an application specific password generated by google - see here. The gmail web account password will not work for SMTP
https://www.google.com/accounts/IssuedAuthSubTokens

Quote:

Originally Posted by Doug G

Some things to consider:

Does your server have a static external IP? Is your PTR record setup properly? Does your ISP block SMTP? Can you send mail to other external mailboxes besides gmail?

Ahem - every email client on the planet sends email w/ SMTP protocol - so no rational ISP blocks SMTP.
Nope - that's not it.

Quote:

Originally Posted by jpollard

Might have a DNS authentication problem. If the gmail server can't authenticate your server it might reject the connections.

At a minimum the forward lookup of your domain must match the reverse lookup.

This potentially COULD be a problem, however google's smtp is supposed to accept emails from random laptop user clients from random locations - so it's pretty clear it's not picky about DNS verification. The OP is sending email to an SMTP service, not receiving SMTP.


==============

NB: I configures thunder bird to send messages SMTP to gmail with ne great issues.
user name is like "someone@gmail.com", and the password is unencrypted (but inside TLS) plain text.

---------- Post added at 08:20 PM ---------- Previous post was at 07:44 PM ----------

===========
For postfix I think you want ...
master.cf need this uncommented ....
tlsmgr unix - - n 1000? 1 tlsmgr
main.cf
relayhost = [smtp.gmail.com]

The smtp auth is tricky, and I've never done it.
F14+ postfix is build to allow cyrus auth or dovecot auth

Quote:

[stevea@hypoxylon postfix]$ postconf -a
cyrus
dovecot

Here are some instructions for cyrus auth setup for auth
http://postfix.state-of-mind.de/patr...tter/smtpauth/

But I think more generally you need the saslauthd service running and configuerd(how?)

[Doug G]

Quote:

Ahem - every email client on the planet sends email w/ SMTP protocol - so no rational ISP blocks SMTP.

Ahem to you too. Not only are your facts incorrect, your choice of wording is really not very wise.

Many, if not most, residential ISP's (in the US) block smtp on default smtp ports.

[jpollard]

stevea - postfix is a MTA, not a MUA.

MUA has user authorization capability, operating an MTA means that authorization isn't available.