Discussion:
Postfix can't send external email
(too old to reply)
markus79
2016-07-18 21:11:38 UTC
Permalink
Hi,

I'm trying to use port 5877 as my SMTP port because 587 is blocked. When I
try to send email to another domain I get the following errors in my log:

Jul 18 21:02:51 wcp-2 postfix/qmgr[17329]: warning: connect to transport
private/smtpd: Connection refused
Jul 18 21:02:51 wcp-2 postfix/error[17378]: EC27841F46: to=, relay=none,
delay=0.09, delays=0.08/0/0/0, dsn=4.3.0, status=deferred (mail transport
unavailable)

Here is the results of postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
default_transport = smtpd
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = localhost
myhostname = willcountyprogressives.org
mynetworks =
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/willcountyprogressives.org.ca-bundle
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/willcountyprogressives.org.crt
smtpd_tls_key_file = /etc/ssl/private/willcountyprogressives.org.key
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

And here is my master.cnf file:

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd -v
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
#submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

5877 inet n - - - - smtpd



Thanks for any help!

Markus




--
View this message in context: http://postfix.1071664.n5.nabble.com/Postfix-can-t-send-external-email-tp85073.html
Sent from the Postfix Users mailing list archive at Nabble.com.
Wietse Venema
2016-07-18 21:19:46 UTC
Permalink
Post by markus79
Hi,
I'm trying to use port 5877 as my SMTP port because 587 is blocked. When I
Jul 18 21:02:51 wcp-2 postfix/qmgr[17329]: warning: connect to transport
private/smtpd: Connection refused
You have no master.cf entry that starts with

smtpd unix ... ...
...
Post by markus79
default_transport = smtpd
Why? Remove that line.

Wietse
markus79
2016-07-18 21:32:06 UTC
Permalink
Thanks. I removed that line and added

"smtpd unix - - n - - smtpd"

Now, I get errors indicating that it wants to go out SMTP over port 25
instead of port 5877.

Should I have the "submission" lines uncommented out?

My new master.cnf:

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd -v
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
#submission inet n - - - - smtpd -v
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# # -o smtpd_client_restrictions=$mua_client_restrictions
# # -o smtpd_helo_restrictions=$mua_helo_restrictions
# # -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
smtpd unix - - n - - smtpd
# relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

5877 inet n - n - - smtpd



--
View this message in context: http://postfix.1071664.n5.nabble.com/Postfix-can-t-send-external-email-tp85073p85078.html
Sent from the Postfix Users mailing list archive at Nabble.com.
Wietse Venema
2016-07-18 23:39:55 UTC
Permalink
Post by markus79
Thanks. I removed that line and added
"smtpd unix - - n - - smtpd"
Don't add that line.
Post by markus79
Now, I get errors indicating that it wants to go out SMTP over port 25
I see no evidence of that.

Wietse
/dev/rob0
2016-07-19 00:01:50 UTC
Permalink
Post by markus79
I'm trying to use port 5877 as my SMTP port because 587 is blocked.
Back up here. What? Why? Tell us what ISP blocks port 587. This
seems farfetched to me. How did you test and determine that this is
so?

Also, what does "use X as my SMTP port" mean? There is exactly one
port defined as the port for Internet mail exchange, and it's neither
587 nor 5877; it is 25. If your outbound port 25 is blocked (that's
rather common), you cannot send mail without a relayhost.
Post by markus79
When I try to send email to another domain I get the following
Jul 18 21:02:51 wcp-2 postfix/qmgr[17329]: warning: connect to transport
private/smtpd: Connection refused
Jul 18 21:02:51 wcp-2 postfix/error[17378]: EC27841F46: to=, relay=none,
delay=0.09, delays=0.08/0/0/0, dsn=4.3.0, status=deferred (mail transport
unavailable)
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
default_transport = smtpd
You seem to be confusing the functions of smtpd(8), the SMTP server
which receives mail, and smtp(8), the SMTP client which sends mail.
Post by markus79
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = localhost
myhostname = willcountyprogressives.org
mynetworks =
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/willcountyprogressives.org.ca-bundle
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/willcountyprogressives.org.crt
smtpd_tls_key_file = /etc/ssl/private/willcountyprogressives.org.key
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd -v
Turn off verbose logging. You do not need it. It will only cause
confusion, and hide the important log messages in the noise.

[snip]
Post by markus79
5877 inet n - - - - smtpd
No other sites will connect to you for mail exchange on this port.

You could, potentially, use that port for users' mail submission, but
I suspect your initial conclusion about the ISP blocking 587 is not
correct.

Note that a submission smtpd instance would require more -o option
overrides in the master.cf service definition. See the example lines
for submission.

Please review DEBUG_README.html#mail before you continue. (The same
information is in the list welcome message.)
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
markus79
2016-07-19 21:10:26 UTC
Permalink
Thanks for the help. I have servers in Google Cloud. They block outgoing mail
on 25, 465, and 587.

https://cloud.google.com/compute/docs/tutorials/sending-mail/

I know it's possible to do this as I did it on another server awhile ago but
can't seem to get this one to work.


Mark




--
View this message in context: http://postfix.1071664.n5.nabble.com/Postfix-can-t-send-external-email-tp85073p85107.html
Sent from the Postfix Users mailing list archive at Nabble.com.
markus79
2016-07-19 21:35:33 UTC
Permalink
I see port 25 in my mail log and when I run mailq:

(connect to ALT1.ASPMX.L.GOOGLE.com[2607:f8b0:400c:c08::1a]:25: Network is
unreachable)





--
View this message in context: http://postfix.1071664.n5.nabble.com/Postfix-can-t-send-external-email-tp85073p85108.html
Sent from the Postfix Users mailing list archive at Nabble.com.
Benny Pedersen
2016-07-19 21:38:44 UTC
Permalink
Post by markus79
(connect to ALT1.ASPMX.L.GOOGLE.com[2607:f8b0:400c:c08::1a]:25: Network
is
unreachable)
ping6 -c 3 ipv6.google.com

what results ?
markus79
2016-07-19 21:45:30 UTC
Permalink
***@wcp-2:/etc/postfix# ping6 -c 3 ipv6.google.com
connect: Network is unreachable


On Tue, Jul 19, 2016 at 4:39 PM, Benny Pedersen-2 [via Postfix] <
Post by Benny Pedersen
Post by markus79
(connect to ALT1.ASPMX.L.GOOGLE.com[2607:f8b0:400c:c08::1a]:25: Network
is
unreachable)
ping6 -c 3 ipv6.google.com
what results ?
------------------------------
If you reply to this email, your message will be added to the discussion
http://postfix.1071664.n5.nabble.com/Postfix-can-t-send-external-email-tp85073p85109.html
To unsubscribe from Postfix can't send external email, click here
<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=85073&code=bWFya0BtYXJra251dHNvbi5jb218ODUwNzN8LTE0MjAwOTM3MzU=>
.
NAML
<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
--
View this message in context: http://postfix.1071664.n5.nabble.com/Postfix-can-t-send-external-email-tp85073p85110.html
Sent from the Postfix Users mailing list archive at Nabble.com.
Noel Jones
2016-07-19 22:01:38 UTC
Permalink
Post by markus79
Thanks for the help. I have servers in Google Cloud. They block outgoing mail
on 25, 465, and 587.
https://cloud.google.com/compute/docs/tutorials/sending-mail/
You'll need a relayhost that accepts your mail on a non-standard
port, and then relays the mail to its final destination for you.
Because of the blocked ports, you cannot send mail without using an
external relayhost that agrees to accept your mail by prior arrangement.

The postfix config you need is
# main.cf
relayhost = [external.host.name]:5877

http://www.postfix.org/postconf.5.html#relayhost


The google tutorial you referenced above suggests some services you
can use for a relayhost.





-- Noel Jones
markus79
2016-07-19 22:10:30 UTC
Permalink
Thanks, but I've set up a server in Google Cloud to use 5877 in the past
when 587 was blocked without having to use a relayhost. I just can't access
that server now :(

On Tue, Jul 19, 2016 at 5:02 PM, Noel Jones-2 [via Postfix] <
Post by Noel Jones
Post by markus79
Thanks for the help. I have servers in Google Cloud. They block outgoing
mail
Post by markus79
on 25, 465, and 587.
https://cloud.google.com/compute/docs/tutorials/sending-mail/
You'll need a relayhost that accepts your mail on a non-standard
port, and then relays the mail to its final destination for you.
Because of the blocked ports, you cannot send mail without using an
external relayhost that agrees to accept your mail by prior arrangement.
The postfix config you need is
# main.cf
relayhost = [external.host.name]:5877
http://www.postfix.org/postconf.5.html#relayhost
The google tutorial you referenced above suggests some services you
can use for a relayhost.
-- Noel Jones
------------------------------
If you reply to this email, your message will be added to the discussion
http://postfix.1071664.n5.nabble.com/Postfix-can-t-send-external-email-tp85073p85111.html
To unsubscribe from Postfix can't send external email, click here
<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=85073&code=bWFya0BtYXJra251dHNvbi5jb218ODUwNzN8LTE0MjAwOTM3MzU=>
.
NAML
<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
--
View this message in context: http://postfix.1071664.n5.nabble.com/Postfix-can-t-send-external-email-tp85073p85113.html
Sent from the Postfix Users mailing list archive at Nabble.com.
Noel Jones
2016-07-19 22:16:47 UTC
Permalink
Post by markus79
Thanks, but I've set up a server in Google Cloud to use 5877 in the past
when 587 was blocked without having to use a relayhost. I just can't access
that server now :(
Sorry, that's not how email works. No server will accept mail on a
non-standard port without prior arrangement.

You'll need to use a relay service. Either one of the
google-recommended ones or another of your choosing, or a server you
control that isn't in the google cloud. There isn't any magic
configuration option to work around this.


-- Noel Jones
Benny Pedersen
2016-07-19 22:22:54 UTC
Permalink
Post by markus79
connect: Network is unreachable
then its not a postfix problem, but badly firewall, eq slack autoconfig
?

sorry cant help more

Continue reading on narkive:
Loading...