Need help troubleshooting Need help troubleshooting...

Topic: Need help troubleshooting

Post Need help troubleshooting Postfix SMTP relay
by Byte Knight LLC on 2017年8月21日

Sorry for the long post...

So I have setup my home email server following the instructions provided at and everything as far as I can tell was done correctly. I can login to my local roundcube apache interface as user@domain. However I cannot send or receive email. I can send from root to user@domain using sendmail but that doesn't do me any good. I checked my logs (var/log/mail.log) and see the same message whether I am using store\forward or smtp relay dynu service.

Aug 21 20:20:09 mail postfix/smtp[1458]: connect to[]:2525: Connection timed out
Aug 21 20:20:09 mail postfix/smtp[1458]: E012F2314E: to=<>, relay=none, delay=30, delays=0.1/0.04/30/0, dsn=4.4.1, status=deferred (connect to[]:2525: Connection timed out)

smtp relay:
Aug 21 23:51:23 mail postfix/smtp[2983]: connect to[]:587: Connection timed out
Aug 21 23:51:23 mail postfix/smtp[2983]: 9987923384: to=<>, relay=none, delay=922, delays=892/0.05/30/0, dsn=4.4.1, status=deferred (connect to[]:587: Connection timed out)

All ports are open and forwarded correctly from my router.
# See /usr/share/postfix/ for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/mailserver.pem <---self signed cert
smtpd_tls_key_file = /etc/ssl/private/mailserver.pem <---self signed cert
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =,,, localhost
relayhost = <<<<<------This gets changed to and vice/versa
mynetworks = [::ffff:]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
virtual_mailbox_domains = mysql:/etc/postfix/
virtual_mailbox_maps = mysql:/etc/postfix/
virtual_alias_maps = mysql:/etc/postfix/
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes

smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Tried telnet and get this:
# telnet 2525

# telnet 587

I'm pulling my hair out trying to figure out how to simply use a home email server without paying the ISP ungodly amounts of money for a static IP to unblock port 25...did not expect this to be so difficult. Any ideas or links that may help me get this working? Thanks!

Reply with quote | Report
Post Re: Need help troubleshooting
by byteknight on 2017年8月22日

Thanks for the reply and link to postfix smtp relay, I'm sure I'll refer to it.

The telnet commands failing got me thinking; I'm pretty security conscious and have very strict settings on my firewall. As a test I temporarily turned it off and re-tried the telnet commands and got the following:

# telnet 587
telnet: Unable to connect to remote host: Connection refused

# telnet 2525
telnet: Unable to connect to remote host: Connection refused

# telnet 587
Trying 2a00:1450:400c:c04::6d...
telnet: Unable to connect to remote host: Network is unreachable

The last one seemed (at least to me to be a DNS issue, but...
# nslookup

Non-authoritative answer: canonical name =

I looked at my firewall a little closer and noticed I allowed 23 (telnet) out but not in, changed that and added 2525 TCP in and out, same thing. Allowed all undefined ports in and out, effectively making a firewall moot and same thing. What am I missing here?

Weird thing is when I make a change to the firewall and it is applying the changes I go back to the shell and telnet works. After, same problem. Ok, I think I can safely assume the problem is on my router/firewall somewhere...

Is there a port or protocol I need to add/modify on my firewall anyone with more smarts than me can quickly identify?

Reply with quote | Report
2024年4月24日 5:14