Discussion:
postfix sends but does not receive
(too old to reply)
Bob
2016-07-25 16:13:45 UTC
Permalink
I am using postfix on an Ubuntu 16.04 system. I have also installed
dovecot as my mail server. I am able to send mail, I am also able to
check my mx setup from outside my domain (mxtoolbox) and it tells me
there is only one issue with a banner mismatch in my reverse dns. The
problem is I cannot receive mail. The system returns a "user not found"
or "user unknown" message in the logs. I checked my home directory and
there is a Maildir in that directory. I do not have virtual mailboxes
set up. Any help would be appreciated.

Bob
Wietse Venema
2016-07-25 16:22:20 UTC
Permalink
Post by Bob
I am using postfix on an Ubuntu 16.04 system. I have also installed
dovecot as my mail server. I am able to send mail, I am also able to
check my mx setup from outside my domain (mxtoolbox) and it tells me
there is only one issue with a banner mismatch in my reverse dns. The
problem is I cannot receive mail. The system returns a "user not found"
or "user unknown" message in the logs. I checked my home directory and
there is a Maildir in that directory. I do not have virtual mailboxes
set up. Any help would be appreciated.
On this list, in addition to your opinions, we also want to see hard
evidence in the form of "postconf -n" command out and logfile records,
perhaps anonymized, and never with verbose logging turned on.

---- text below is from the mailing list welcome message ----
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail

TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Thank you for using Postfix.
---- text above is from the mailing list welcome message ----

Wietse
Bob
2016-07-25 17:30:55 UTC
Permalink
Post by Wietse Venema
Post by Bob
I am using postfix on an Ubuntu 16.04 system. I have also installed
dovecot as my mail server. I am able to send mail, I am also able to
check my mx setup from outside my domain (mxtoolbox) and it tells me
there is only one issue with a banner mismatch in my reverse dns. The
problem is I cannot receive mail. The system returns a "user not found"
or "user unknown" message in the logs. I checked my home directory and
there is a Maildir in that directory. I do not have virtual mailboxes
set up. Any help would be appreciated.
On this list, in addition to your opinions, we also want to see hard
evidence in the form of "postconf -n" command out and logfile records,
perhaps anonymized, and never with verbose logging turned on.
So, I now know what you need to see and will send it.

postconf -n
***@server:~$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_size_limit = 0
mailman_destination_recipient_limit = 1
mydestination = server, localhost.faithwalk.ca, mail.faithwalk.ca,
faithwalk.ca, localhost
mydomain = mydomain
myhostname = faithwalk.ca
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = faithwalk.ca, lists.faithwalk.ca
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_client_hostname
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated
smtpd_relay_restrictions = permit_mynetworks
permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = faithwalk.ca
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/certs/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport

Send test mail /var/logs/mail.log
Jul 25 10:14:12 server postfix/submission/smtpd[5387]: connect from
www.faithwalk.ca[24.72.66.135]
Jul 25 10:14:12 server postfix/submission/smtpd[5387]: Anonymous TLS
connection established from www.faithwalk.ca[24.72.66.135]: TLSv1.2
with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jul 25 10:14:12 server postfix/submission/smtpd[5387]: DA38012800A7:
client=www.faithwalk.ca[24.72.66.135], sasl_method=PLAIN,
sasl_username=bob
Jul 25 10:14:12 server postfix/cleanup[5395]: DA38012800A7:
message-id=<b13e2061-5e4c-3435-729e-***@faithwalk.ca>
Jul 25 10:14:12 server postfix/qmgr[1870]: DA38012800A7:
from=<***@faithwalk.ca>, size=688, nrcpt=1 (queue active)
Jul 25 10:14:13 server postfix/submission/smtpd[5387]: disconnect
from www.faithwalk.ca[24.72.66.135] ehlo=2 starttls=1 auth=1 mail=1
rcpt=1 data=1 quit=1 commands=8
Jul 25 10:14:13 server postfix/smtp[5396]: DA38012800A7:
to=<***@gmail.com>,
relay=gmail-smtp-in.l.google.com[74.125.28.26]:25, delay=0.94,
delays=0.06/0.13/0.44/0.31, dsn=2.0.0, status=sent (250 2.0.0 OK
1469463253 i1si34342138pfe.149 - gsmtp)
Jul 25 10:14:13 server postfix/qmgr[1870]: DA38012800A7: removed

Receive mail to main user /var/log/mail.log
Jul 25 10:01:47 server postfix/qmgr[1870]: A8DC012800A9:
from=<bounce+bdd7f1.9c403-bob=***@mxtoolbox.com>,
size=45253, nrcpt=1 (queue active)
Jul 25 10:01:47 server postfix/pipe[5182]: A8DC012800A9:
to=<***@faithwalk.ca>, relay=mailman, delay=0.69,
delays=0.4/0.01/0/0.27, dsn=5.1.1, status=bounced (user unknown)
Jul 25 10:01:47 server postfix/cleanup[5181]: 467ED12800AB:
message-id=<***@faithwalk.ca>
Jul 25 10:01:47 server postfix/bounce[5184]: A8DC012800A9: sender
non-delivery notification: 467ED12800AB
Jul 25 10:01:47 server postfix/qmgr[1870]: 467ED12800AB: from=<>,
size=47185, nrcpt=1 (queue active)
Jul 25 10:01:47 server postfix/qmgr[1870]: A8DC012800A9: removed
Jul 25 10:01:48 server postfix/smtp[5185]: 467ED12800AB:
to=<bounce+bdd7f1.9c403-bob=***@mxtoolbox.com>,
relay=aspmx.l.google.com[74.125.199.26]:25, delay=0.98,
delays=0.03/0.15/0.71/0.09, dsn=5.2.1, status=bounced (host
aspmx.l.google.com[74.125.199.26] said: 550-5.2.1 The user you are
trying to contact is receiving mail at a rate that 550-5.2.1
prevents additional messages from being delivered. For more
550-5.2.1 information, please visit 550 5.2.1
https://support.google.com/mail/answer/6592 k62si34251346pfb.69 -
gsmtp (in reply to RCPT TO command))
Jul 25 10:01:48 server postfix/qmgr[1870]: 467ED12800AB: removed
Post by Wietse Venema
---- text below is from the mailing list welcome message ----
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
Thank you for using Postfix.
---- text above is from the mailing list welcome message ----
Wietse
Wietse Venema
2016-07-25 17:41:23 UTC
Permalink
Post by Bob
Receive mail to main user /var/log/mail.log
size=45253, nrcpt=1 (queue active)
delays=0.4/0.01/0/0.27, dsn=5.1.1, status=bounced (user unknown)
What is the 'mailman' service in master.cf?

Wietse
Viktor Dukhovni
2016-07-25 17:54:19 UTC
Permalink
Post by Bob
Post by Wietse Venema
evidence in the form of "postconf -n" command out and logfile records,
perhaps anonymized, and never with verbose logging turned on.
So, I now know what you need to see and will send it.
mydestination = server, localhost.faithwalk.ca, mail.faithwalk.ca, faithwalk.ca, localhost
mydomain = mydomain
I hope that "mydomain" setting is an obfuscation attempt, and not
the actual value.
Post by Bob
relay_domains = faithwalk.ca, lists.faithwalk.ca
You probably want these in mydestination (the first is there
already), with "relay_domains" set empty.
Post by Bob
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_client_hostname
The last of these is generally much too strict.
Post by Bob
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated
These do nothing, because there is an implicit "permit" when the
end of the restrictions is reached without a reject or defer, so
just empty does the same thing more efficiently.
Post by Bob
smtpd_relay_restrictions = permit_mynetworks
permit_sasl_authenticated defer_unauth_destination
Here "reject_unauth_destination" is much better than
"defer_unauth_destination".
Post by Bob
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
With sufficiently recent Postfix versions (>= 2.11) server-side
caches are no longer recommended, as session tickets work better.
Post by Bob
transport_maps = hash:/etc/postfix/transport
You probably have unwanted entries in the transport table that
route all local mail to the "mailman" transport.
Post by Bob
delays=0.4/0.01/0/0.27, dsn=5.1.1, status=bounced (user unknown)
Which is unable to deliver the mail when the recipient address is
not that of a mailman mailing list.
--
Viktor.
Bob
2016-07-25 21:44:49 UTC
Permalink
If you are asking what is in the master.cf
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
If you are asking what is Mailman, it is a mailing list manager.
Post by Bob
Receive mail to main user /var/log/mail.log
size=45253, nrcpt=1 (queue active)
delays=0.4/0.01/0/0.27, dsn=5.1.1, status=bounced (user unknown)
What is the 'mailman' service in master.cf?
Wietse
Bob
2016-07-25 22:28:19 UTC
Permalink
Post by Viktor Dukhovni
Post by Bob
Post by Wietse Venema
evidence in the form of "postconf -n" command out and logfile records,
perhaps anonymized, and never with verbose logging turned on.
So, I now know what you need to see and will send it.
mydestination = server, localhost.faithwalk.ca, mail.faithwalk.ca, faithwalk.ca, localhost
mydomain = mydomain
I hope that "mydomain" setting is an obfuscation attempt, and not
the actual value.
Post by Bob
relay_domains = faithwalk.ca, lists.faithwalk.ca
You probably want these in mydestination (the first is there
already), with "relay_domains" set empty.
Post by Bob
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_client_hostname
The last of these is generally much too strict.
Post by Bob
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated
These do nothing, because there is an implicit "permit" when the
end of the restrictions is reached without a reject or defer, so
just empty does the same thing more efficiently.
Post by Bob
smtpd_relay_restrictions = permit_mynetworks
permit_sasl_authenticated defer_unauth_destination
Here "reject_unauth_destination" is much better than
"defer_unauth_destination".
Post by Bob
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
With sufficiently recent Postfix versions (>= 2.11) server-side
caches are no longer recommended, as session tickets work better.
Ok, so I changed all of the above. They all came out of a set up postfix
how to.
Post by Viktor Dukhovni
Post by Bob
transport_maps = hash:/etc/postfix/transport
Here is the file, which explains why mail is going to mailman as well,
but I am not sure how to change it. I want mail coming in to go to the
***@faithwalk.ca, as well as ***@faithwalk.ca rather than using
***@lists.faithwalk.ca.


/etc/postfix/transport
lists.faithwalk.ca mailman:
faithwalk.ca mailman:


As I look this up, what I find is changing the line "faithwalk.ca
mailman" to "faithwalk.ca smtp:faithwalk.ca" but it seems wrong to me as
I look at it. Do I need to change to virtual domains to use mailman?
Post by Viktor Dukhovni
You probably have unwanted entries in the transport table that
route all local mail to the "mailman" transport.
Post by Bob
delays=0.4/0.01/0/0.27, dsn=5.1.1, status=bounced (user unknown)
Which is unable to deliver the mail when the recipient address is
not that of a mailman mailing list.
Viktor Dukhovni
2016-07-25 22:33:17 UTC
Permalink
Post by Bob
Post by Bob
transport_maps = hash:/etc/postfix/transport
/etc/postfix/transport
There's your mistake, you can't deliver non-list mail via mailman, it only
handles mailing lists. Only the "lists" subdomain should be routed to "mailman".
Post by Bob
As I look this up, what I find is changing the line "faithwalk.ca mailman" to "faithwalk.ca smtp:faithwalk.ca" but it seems wrong to me as I look at it. Do I need to change to virtual domains to use mailman?
Local domains should, and by default do, get delivered by local(8) not smtp(8).
--
Viktor.
Bob
2016-07-25 23:04:15 UTC
Permalink
Please excuse my questions, I am just learning this. More response below
Post by Viktor Dukhovni
Post by Bob
Post by Bob
transport_maps = hash:/etc/postfix/transport
/etc/postfix/transport
There's your mistake, you can't deliver non-list mail via mailman, it only
handles mailing lists. Only the "lists" subdomain should be routed to "mailman".
I understand, but don't know how to make this happen.
Post by Viktor Dukhovni
Post by Bob
As I look this up, what I find is changing the line "faithwalk.ca mailman" to "faithwalk.ca smtp:faithwalk.ca" but it seems wrong to me as I look at it. Do I need to change to virtual domains to use mailman?
Local domains should, and by default do, get delivered by local(8) not smtp(8).
So, should I take out "faithwalk.ca mailman" if it works by default?
Viktor Dukhovni
2016-07-25 23:14:51 UTC
Permalink
Post by Bob
Post by Viktor Dukhovni
There's your mistake, you can't deliver non-list mail via mailman, it only
handles mailing lists. Only the "lists" subdomain should be routed to "mailman".
I understand, but don't know how to make this happen.
You'll need to find a sufficiently detailed HOW-TO. Or perhaps
someone else on the list can walk you through this step-by-step.
Post by Bob
Post by Viktor Dukhovni
Post by Bob
As I look this up, what I find is changing the line "faithwalk.ca mailman"
to "faithwalk.ca smtp:faithwalk.ca" but it seems wrong to me as I look at
it. Do I need to change to virtual domains to use mailman?
Local domains should, and by default do, get delivered by local(8) not smtp(8).
So, should I take out "faithwalk.ca mailman" if it works by default?
Yes, but if you host lists at that domain, you'll need some aliases,
if all the lists are in the "lists." subdomain, then it might be
sufficient, provided there are no other issues.
--
Viktor.
Bob
2016-07-26 13:26:56 UTC
Permalink
Post by Viktor Dukhovni
Post by Bob
Post by Viktor Dukhovni
There's your mistake, you can't deliver non-list mail via mailman, it only
handles mailing lists. Only the "lists" subdomain should be routed to "mailman".
I understand, but don't know how to make this happen.
You'll need to find a sufficiently detailed HOW-TO. Or perhaps
someone else on the list can walk you through this step-by-step.
Post by Bob
Post by Viktor Dukhovni
Post by Bob
As I look this up, what I find is changing the line "faithwalk.ca mailman"
to "faithwalk.ca smtp:faithwalk.ca" but it seems wrong to me as I look at
it. Do I need to change to virtual domains to use mailman?
Local domains should, and by default do, get delivered by local(8) not smtp(8).
So, should I take out "faithwalk.ca mailman" if it works by default?
Yes, but if you host lists at that domain, you'll need some aliases,
if all the lists are in the "lists." subdomain, then it might be
sufficient, provided there are no other issues.
I believe I have solved the issue. I removed the 'faithwalk.ca' line
from /etc/postfix/transport, had postmap regenerate the transport.db and
then sent a message to ***@faithwalk.ca and received it. I believe this
issue is solved. Thank you for your help.
Bob
2016-07-26 13:28:13 UTC
Permalink
BTW, I do have aliases for emails to the mailman lists in my alias
database, so I believe that is also good.
Post by Viktor Dukhovni
Post by Bob
Post by Viktor Dukhovni
There's your mistake, you can't deliver non-list mail via mailman, it only
handles mailing lists. Only the "lists" subdomain should be routed to "mailman".
I understand, but don't know how to make this happen.
You'll need to find a sufficiently detailed HOW-TO. Or perhaps
someone else on the list can walk you through this step-by-step.
Post by Bob
Post by Viktor Dukhovni
Post by Bob
As I look this up, what I find is changing the line "faithwalk.ca mailman"
to "faithwalk.ca smtp:faithwalk.ca" but it seems wrong to me as I look at
it. Do I need to change to virtual domains to use mailman?
Local domains should, and by default do, get delivered by local(8) not smtp(8).
So, should I take out "faithwalk.ca mailman" if it works by default?
Yes, but if you host lists at that domain, you'll need some aliases,
if all the lists are in the "lists." subdomain, then it might be
sufficient, provided there are no other issues.
/dev/rob0
2016-07-27 00:42:37 UTC
Permalink
BTW Bob, I answered your question on July 18 when you asked it the
first time.

http://marc.info/?l=postfix-users&m=146888588215649&w=2
Post by Bob
BTW, I do have aliases for emails to the mailman lists in my alias
database, so I believe that is also good.
The setup of GNU Mailman with the lists subdomain in $mydestination
(and *without* the transport_maps!) is trivially easy.

Yes, you add the Mailman aliases file to alias_maps. There is no
need to maintain parallel virtual_alias_maps entries nor the
"mailman" transport. It all Just Works, out of the box.
Post by Bob
Post by Viktor Dukhovni
Post by Bob
Post by Viktor Dukhovni
There's your mistake, you can't deliver non-list mail via
mailman, it only handles mailing lists. Only the "lists"
subdomain should be routed to "mailman". If you want lists of
I understand, but don't know how to make this happen.
You'll need to find a sufficiently detailed HOW-TO. Or perhaps
someone else on the list can walk you through this step-by-step.
(That's more or less what I am trying to do here.)
Post by Bob
Post by Viktor Dukhovni
Post by Bob
Post by Viktor Dukhovni
Post by Bob
As I look this up, what I find is changing the line
"faithwalk.ca mailman" to "faithwalk.ca smtp:faithwalk.ca" but
it seems wrong to me as I look at it. Do I need to change to
virtual domains to use mailman?
That way lies madness. It's a good choice for masochists.
Post by Bob
Post by Viktor Dukhovni
Post by Bob
Post by Viktor Dukhovni
Local domains should, and by default do, get delivered by
local(8) not smtp(8).
So, should I take out "faithwalk.ca mailman" if it works by
default?
Yes, but if you host lists at that domain, you'll need some
aliases, if all the lists are in the "lists." subdomain, then it
might be sufficient, provided there are no other issues.
The "other issues" might be namespace collisions. If you host more
than one list domain, you can only have any particular list name in
one of them. For example, if you host lists.example.com and also
lists.example.org, and you have "***@lists.example.com" as a
Mailman list, you can't also have "***@lists.example.org".

And yet, those addresses would be seen as valid for smtpd recipient
validation, so you might need to put in check_recipient_access
restrictions to prevent getting list mail for the wrong domain.

Similarly, if your regular users are using local(8) delivery, you
should consider whether you have other namespace collisions in
regular users with Mailman lists (and vice versa.) If you have a
system user named "info" and a Mailman list called
"***@lists.example.com", the system user "info" won't get any
mail; it would go to the Mailman list alias.

Perhaps neither of these are problems for you; if so, don't worry
about it.

If namespace collisions are a problem, see:

http://www.postfix.org/VIRTUAL_README.html#virtual_alias
http://www.postfix.org/ADDRESS_CLASS_README.html#virtual_alias_class
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Bob
2016-07-27 14:53:52 UTC
Permalink
Post by /dev/rob0
BTW Bob, I answered your question on July 18 when you asked it the
first time.
http://marc.info/?l=postfix-users&m=146888588215649&w=2
I am sorry I missed your reply. Thank you for trying to help me.
Post by /dev/rob0
Post by Bob
BTW, I do have aliases for emails to the mailman lists in my alias
database, so I believe that is also good.
The setup of GNU Mailman with the lists subdomain in $mydestination
(and *without* the transport_maps!) is trivially easy.
Yes, you add the Mailman aliases file to alias_maps. There is no
need to maintain parallel virtual_alias_maps entries nor the
"mailman" transport. It all Just Works, out of the box.
Something got screwed up though as I followed a 'how-to' and I couldn't
figure it out. Your conclusion is the same one I eventually got to. I
only have the one domain on this server at the moment, at least for the
maillist and for general mail.
Post by /dev/rob0
Post by Bob
Post by Viktor Dukhovni
Post by Bob
Post by Viktor Dukhovni
There's your mistake, you can't deliver non-list mail via
mailman, it only handles mailing lists. Only the "lists"
subdomain should be routed to "mailman". If you want lists of
I understand, but don't know how to make this happen.
You'll need to find a sufficiently detailed HOW-TO. Or perhaps
someone else on the list can walk you through this step-by-step.
(That's more or less what I am trying to do here.)
Post by Bob
Post by Viktor Dukhovni
Post by Bob
Post by Viktor Dukhovni
Post by Bob
As I look this up, what I find is changing the line
"faithwalk.ca mailman" to "faithwalk.ca smtp:faithwalk.ca" but
it seems wrong to me as I look at it. Do I need to change to
virtual domains to use mailman?
That way lies madness. It's a good choice for masochists.
Yes it is and thank you for verifying this for me! Besides, it felt more
confusing to this wannabe smart guy.
Post by /dev/rob0
Post by Bob
Post by Viktor Dukhovni
Post by Bob
Post by Viktor Dukhovni
Local domains should, and by default do, get delivered by
local(8) not smtp(8).
So, should I take out "faithwalk.ca mailman" if it works by
default?
Yes, but if you host lists at that domain, you'll need some
aliases, if all the lists are in the "lists." subdomain, then it
might be sufficient, provided there are no other issues.
The "other issues" might be namespace collisions. If you host more
than one list domain, you can only have any particular list name in
one of them. For example, if you host lists.example.com and also
And yet, those addresses would be seen as valid for smtpd recipient
validation, so you might need to put in check_recipient_access
restrictions to prevent getting list mail for the wrong domain.
Similarly, if your regular users are using local(8) delivery, you
should consider whether you have other namespace collisions in
regular users with Mailman lists (and vice versa.) If you have a
system user named "info" and a Mailman list called
mail; it would go to the Mailman list alias.
Perhaps neither of these are problems for you; if so, don't worry
about it.
http://www.postfix.org/VIRTUAL_README.html#virtual_alias
http://www.postfix.org/ADDRESS_CLASS_README.html#virtual_alias_class
As you said, none of this is an issue for me. I will be keeping the
'names' unique so there is no namespace collisions. It is a small
private system and service to select groups of people, so this will not
be an issue to administer now that it is all working.

Again, I apologize for not seeing your reply when I first posted.
Loading...