Hi all,

For two days now I have been trying to resolve a problem which seems simple (i'm sure it is) but is causing me a lot of confusion.

my setup is
Debian, postfix, dovecot

To summarize what I have done so far

New domain added to my linode 1 month ago which I will call "mydomain.com" and added to my linode DNS manager control panel with the default entries.

postfix main.cf is as follows

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/postfix.pem
smtpd_tls_key_file=/etc/ssl/private/postfix.key

smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mydomain.com
virtual_alias_maps = hash:/etc/postfix/virtual
home_mailbox = mail/
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mydomain.com, mail.mydomain.com, localhost.mydomain.com, localhost
smtpd_tls_key_file=/etc/ssl/private/postfix.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

Note that up until a day ago the "myhostname = mydomain.com" entry was "myhostname = FQ.mydomain.com".

My reverse dns in the linode control panel is set to "mydomain.com". I also changed this from "FQ.mydomain.com" a day ago.

Now, when I send a mail from gmail to me@mydomain.com I get the following bounce message.



Here is my mail.log

Nov 27 10:53:20 server postfix/smtpd[4617]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 10:53:21 server postfix/smtpd[4617]: connect from imccf.imnicamail.com[66.154.117.212]
Nov 27 10:53:21 server postfix/trivial-rewrite[4621]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 10:53:21 server postfix/cleanup[4622]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 10:53:21 server postfix/smtpd[4617]: B119B2CB38: client=imccf.imnicamail.com[66.154.117.212]
Nov 27 10:53:21 server postfix/cleanup[4622]: B119B2CB38: message-id=<62c192f6a4c71a38f7dd4b9387b998d0@imnicamail.com>
Nov 27 10:53:21 server postfix/qmgr[4067]: B119B2CB38: from=<bounce-12579704-4267928-2530868-865004@imnicamail.com>, size=2771, nrcpt=1 (queue active)
Nov 27 10:53:22 server postfix/smtpd[4617]: disconnect from imccf.imnicamail.com[66.154.117.212]
Nov 27 10:53:22 server postfix/smtp[4623]: B119B2CB38: to=<me@FQ.mydomain.com>, orig_to=<me@mydomain.com>, relay=none, delay=0.54, delays=0.32/0.01/0.21/0, dsn=5.4.6, status=bounced (mail for FQ.mydomain.com loops back to myself)
Nov 27 10:53:22 server postfix/cleanup[4622]: 1B4CE2CB49: message-id=<20111127105322.1B4CE2CB49@mydomain.com>
Nov 27 10:53:22 server postfix/bounce[4624]: B119B2CB38: sender non-delivery notification: 1B4CE2CB49
Nov 27 10:53:22 server postfix/qmgr[4067]: 1B4CE2CB49: from=<>, size=4824, nrcpt=1 (queue active)
Nov 27 10:53:22 server postfix/qmgr[4067]: B119B2CB38: removed
Nov 27 10:53:23 server postfix/smtp[4623]: 1B4CE2CB49: to=<bounce-12579704-4267928-2530868-865004@imnicamail.com>, relay=smtp.imnicamail.com[67.215.233.94]:25, delay=1.8, delays=0/0/1.4/0.47, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 8FB84635BA1AD)
Nov 27 10:53:23 server postfix/qmgr[4067]: 1B4CE2CB49: removed
Nov 27 10:56:42 server postfix/anvil[4620]: statistics: max connection rate 1/60s for (smtp:66.154.117.212) at Nov 27 10:53:21
Nov 27 10:56:42 server postfix/anvil[4620]: statistics: max connection count 1 for (smtp:66.154.117.212) at Nov 27 10:53:21
Nov 27 10:56:42 server postfix/anvil[4620]: statistics: max cache size 1 at Nov 27 10:53:21
Nov 27 12:56:38 server postfix/smtpd[4690]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 12:56:39 server postfix/smtpd[4690]: warning: 187.56.1.39: hostname 187-56-1-39.dsl.telesp.net.br verification failed: Name or service not known
Nov 27 12:56:39 server postfix/smtpd[4690]: connect from unknown[187.56.1.39]
Nov 27 12:56:40 server postfix/trivial-rewrite[4694]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 12:56:41 server postfix/smtpd[4690]: NOQUEUE: reject: RCPT from unknown[187.56.1.39]: 450 4.1.8 <tppk@ysfb.net>: Sender address rejected: Domain not found; from=<tppk@ysfb.net> to=<me@mydomain.com> proto=ESMTP helo=<187-56-1-39.dsl.telesp.net.br>
Nov 27 12:56:41 server postfix/smtpd[4690]: lost connection after RCPT from unknown[187.56.1.39]
Nov 27 12:56:41 server postfix/smtpd[4690]: disconnect from unknown[187.56.1.39]
Nov 27 13:00:02 server postfix/anvil[4693]: statistics: max connection rate 1/60s for (smtp:187.56.1.39) at Nov 27 12:56:39
Nov 27 13:00:02 server postfix/anvil[4693]: statistics: max connection count 1 for (smtp:187.56.1.39) at Nov 27 12:56:39
Nov 27 13:00:02 server postfix/anvil[4693]: statistics: max cache size 1 at Nov 27 12:56:39
Nov 27 13:57:18 server postfix/smtpd[4727]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 13:57:18 server postfix/smtpd[4727]: connect from mail-lpp01m010-f44.google.com[209.85.215.44]
Nov 27 13:57:18 server postfix/smtpd[4727]: setting up TLS connection from mail-lpp01m010-f44.google.com[209.85.215.44]
Nov 27 13:57:18 server postfix/smtpd[4727]: Anonymous TLS connection established from mail-lpp01m010-f44.google.com[209.85.215.44]: TLSv1 with cipher RC4-SHA (128/128 bits)
Nov 27 13:57:19 server postfix/trivial-rewrite[4731]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 13:57:19 server postfix/cleanup[4732]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 13:57:19 server postfix/smtpd[4727]: 1F0582CB38: client=mail-lpp01m010-f44.google.com[209.85.215.44]
Nov 27 13:57:19 server postfix/cleanup[4732]: 1F0582CB38: message-id=<CAGE60DK1kmvN-7Lp+jdwY2k4f=ZSaf5QSrtHuG84mGm62FRJvw@mail.gmail.com>
Nov 27 13:57:19 server postfix/qmgr[4067]: 1F0582CB38: from=<practicalfreedom@gmail.com>, size=1574, nrcpt=1 (queue active)
Nov 27 13:57:19 server postfix/smtp[4733]: 1F0582CB38: to=<me@FQ.mydomain.com>, orig_to=<me@mydomain.com>, relay=none, delay=0.57, delays=0.19/0.01/0.37/0, dsn=5.4.6, status=bounced (mail for FQ.mydomain.com loops back to myself)
Nov 27 13:57:19 server postfix/cleanup[4732]: 9A4D72CB49: message-id=<20111127135719.9A4D72CB49@mydomain.com>
Nov 27 13:57:19 server postfix/qmgr[4067]: 9A4D72CB49: from=<>, size=3480, nrcpt=1 (queue active)
Nov 27 13:57:19 server postfix/bounce[4734]: 1F0582CB38: sender non-delivery notification: 9A4D72CB49
Nov 27 13:57:19 server postfix/qmgr[4067]: 1F0582CB38: removed
Nov 27 13:57:20 server postfix/smtp[4733]: certificate verification failed for gmail-smtp-in.l.google.com[209.85.229.27]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Nov 27 13:57:20 server postfix/smtp[4733]: 9A4D72CB49: to=<practicalfreedom@gmail.com>, relay=gmail-smtp-in.l.google.com[209.85.229.27]:25, delay=1, delays=0/0/0.48/0.56, dsn=2.0.0, status=sent (250 2.0.0 OK 1322402240 em21si5355046wbb.59)
Nov 27 13:57:20 server postfix/qmgr[4067]: 9A4D72CB49: removed
Nov 27 13:57:49 server postfix/smtpd[4727]: disconnect from mail-lpp01m010-f44.google.com[209.85.215.44]
Nov 27 13:59:28 server postfix/smtpd[4727]: connect from 85-238-120-213.broadband.tenet.odessa.ua[85.238.120.213]
Nov 27 13:59:28 server postfix/cleanup[4756]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 13:59:28 server postfix/smtpd[4727]: 4E1A82CB38: client=85-238-120-213.broadband.tenet.odessa.ua[85.238.120.213]
Nov 27 13:59:29 server postfix/cleanup[4756]: 4E1A82CB38: message-id=<201111271359.TT1ks01@dnsserver.sm.ucc.mail.yahoo.com>
Nov 27 13:59:29 server postfix/qmgr[4067]: 4E1A82CB38: from=<shzjj@yahoo.com>, size=2174, nrcpt=1 (queue active)
Nov 27 13:59:29 server postfix/smtp[4757]: 4E1A82CB38: to=<me@FQ.mydomain.com>, orig_to=<me@mydomain.com>, relay=none, delay=1.2, delays=1.2/0.01/0.02/0, dsn=5.4.6, status=bounced (mail for FQ.mydomain.com loops back to myself)
Nov 27 13:59:29 server postfix/cleanup[4756]: 7846B2CB49: message-id=<20111127135929.7846B2CB49@mydomain.com>
Nov 27 13:59:29 server postfix/bounce[4758]: 4E1A82CB38: sender non-delivery notification: 7846B2CB49
Nov 27 13:59:29 server postfix/qmgr[4067]: 7846B2CB49: from=<>, size=4113, nrcpt=1 (queue active)
Nov 27 13:59:29 server postfix/qmgr[4067]: 4E1A82CB38: removed
Nov 27 13:59:29 server postfix/smtpd[4727]: lost connection after RSET from 85-238-120-213.broadband.tenet.odessa.ua[85.238.120.213]
Nov 27 13:59:29 server postfix/smtpd[4727]: disconnect from 85-238-120-213.broadband.tenet.odessa.ua[85.238.120.213]
Nov 27 13:59:30 server postfix/smtp[4757]: 7846B2CB49: to=<shzjj@yahoo.com>, relay=mta6.am0.yahoodns.net[66.94.238.147]:25, delay=1.5, delays=0/0/0.57/0.89, dsn=5.0.0, status=bounced (host mta6.am0.yahoodns.net[66.94.238.147] said: 554 delivery error: dd This user doesn't have a yahoo.com account (shzjj@yahoo.com) [0] - mta1474.mail.mud.yahoo.com (in reply to end of DATA command))
Nov 27 13:59:30 server postfix/qmgr[4067]: 7846B2CB49: removed
Nov 27 14:02:49 server postfix/anvil[4730]: statistics: max connection rate 1/60s for (smtp:209.85.215.44) at Nov 27 13:57:18
Nov 27 14:02:49 server postfix/anvil[4730]: statistics: max connection count 1 for (smtp:209.85.215.44) at Nov 27 13:57:18
Nov 27 14:02:49 server postfix/anvil[4730]: statistics: max cache size 1 at Nov 27 13:57:18
Nov 27 14:04:18 server postfix/smtpd[4767]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 14:04:18 server postfix/smtpd[4767]: connect from mail-pz0-f45.google.com[209.85.210.45]
Nov 27 14:04:19 server postfix/smtpd[4767]: setting up TLS connection from mail-pz0-f45.google.com[209.85.210.45]
Nov 27 14:04:19 server postfix/smtpd[4767]: Anonymous TLS connection established from mail-pz0-f45.google.com[209.85.210.45]: TLSv1 with cipher RC4-SHA (128/128 bits)
Nov 27 14:04:19 server postfix/trivial-rewrite[4770]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 14:04:19 server postfix/cleanup[4771]: warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual
Nov 27 14:04:19 server postfix/smtpd[4767]: D76392CB38: client=mail-pz0-f45.google.com[209.85.210.45]
Nov 27 14:04:20 server postfix/cleanup[4771]: D76392CB38: message-id=<CAL62f6UrE86DvaDj_7gN83_ZU9e_41+DOLujMxaLTLgz3ZReMg@mail.gmail.com>
Nov 27 14:04:20 server postfix/qmgr[4067]: D76392CB38: from=<swatchways@googlemail.com>, size=1560, nrcpt=1 (queue active)
Nov 27 14:04:20 server postfix/smtp[4772]: D76392CB38: to=<me@FQ.mydomain.com>, orig_to=<me@mydomain.com>, relay=none, delay=0.5, delays=0.49/0.01/0/0, dsn=5.4.6, status=bounced (mail for FQ.mydomain.com loops back to myself)
Nov 27 14:04:20 server postfix/cleanup[4771]: 374022CB49: message-id=<20111127140420.374022CB49@mydomain.com>
Nov 27 14:04:20 server postfix/bounce[4773]: D76392CB38: sender non-delivery notification: 374022CB49
Nov 27 14:04:20 server postfix/qmgr[4067]: 374022CB49: from=<>, size=3463, nrcpt=1 (queue active)
Nov 27 14:04:20 server postfix/qmgr[4067]: D76392CB38: removed
Nov 27 14:04:20 server postfix/smtp[4772]: certificate verification failed for gmail-smtp-in.l.google.com[209.85.229.26]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Nov 27 14:04:21 server postfix/smtp[4772]: 374022CB49: to=<swatchways@googlemail.com>, relay=gmail-smtp-in.l.google.com[209.85.229.26]:25, delay=1.3, delays=0/0/0.08/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1322402661 dl3si15381528wib.55)
Nov 27 14:04:21 server postfix/qmgr[4067]: 374022CB49: removed
Nov 27 14:04:50 server postfix/smtpd[4767]: disconnect from mail-pz0-f45.google.com[209.85.210.45]
Nov 27 14:08:10 server postfix/anvil[4769]: statistics: max connection rate 1/60s for (smtp:209.85.210.45) at Nov 27 14:04:18
Nov 27 14:08:10 server postfix/anvil[4769]: statistics: max connection count 1 for (smtp:209.85.210.45) at Nov 27 14:04:18
Nov 27 14:08:10 server postfix/anvil[4769]: statistics: max cache size 1 at Nov 27 14:04:18

And, if i go to say mxtoolbox.com and run their diagnosis test on "smtp:mydomain.com" I get




So what is it that I'm missing? Is postfix main.cf configured correctly?

Any insights would be appreciated

Thanks

First, it sounds like you edited /etc/postfix/virtual without rebuilding its database; "postmap /etc/postfix/virtual" will fix that error.

Second problem is that it sounds like you want to use /etc/postfix/virtual to handle mail to mydomain.com. If so, you will need to ensure your system's hostname, the postfix myhostname setting, and postfix's mydestination list do not contain mydomain.com. something.mydomain.com is ok, they just cannot contain mydomain.com if you are planning to use /etc/postfix/virtual for mail to that domain.

May I ask why you changed that? It sounds like it was configured correctly before, but if there's a reason for the change, there are some workarounds possible. (Nothing quite as nice as having it all in virtual_alias_maps, of course.)

_________________

/* TODO: need to add signature to posts */

Hi hoopycat


this is true however, i did do this right after i posted here.



Ahh, so I have messed up in all 3 places. just so I understand completely,

hostname - something.mydomain.com
main.cf - myhostname = something.mydomain.com
main.cf - mydestination = something.mydomain.com

As for the rDNS setting in linode control panel, should this also be set to something.mydomain.com?



As you can probably tell, I am quite new to all this and don't as yet have a clear understanding of dns or email delivery. I changed it all because It would not work. And after reading some forum comments I thought I understood what to do.

Thanks for the quick reply.





thanks for the quick reply

It doesn't matter too much, as long as it's set to something. It's easiest to have them all the same, though. The hostname and the reverse DNS(*) both refer to the server, so keeping everything the same across the board for a single server is a good idea.

Like a person, a server is its own distinct entity with its own unique name (and personality, and mortality, and...). This does not directly relate to the service(s) it provides(**). So, there's no expectation that the server that handles web traffic for example.com be named www.example.com, nor even anything within example.com. Same with mail servers. It's just expected that something loved it enough to give it some name. So don't sweat it too much

(*) Well, really, the reverse DNS refers to an IP address, but there's usually a 1:1 relationship between servers and IP addresses. When there isn't, things can get a little more abstract.
(**) Someone with the last name of "Miller" is not necessarily a diluter of horse urine, and, to the best of my knowledge, none of the children of Linode employees have the last name "Cloudier." Yet.

_________________

/* TODO: need to add signature to posts */

Sorry I have not replied, I have been in hospital a fair bit. I very much appreciate the help.

I made the changes suggested by hoopcat 5 days ago which were

Server
hostname = server.mydomain.com
rDNS = server.mydomain.com

postfix
myhostname= server.mydomain.com
mydestination= server.mydomain.com


So now i can receive mails from outside except, they have to be sent to me@server.mydomain.com instead of me@mydomain.com

Thanks

No need to apologize; I've been in l'Hôpital a fair bit this week and haven't been following the forums. Division by zero is no excuse, of course, but that's water under the ducks now.

Believe it or not, it's a good thing that it doesn't work. It means you can now explicitly tell it where to stick your mail through the virtual alias maps.

You should still have a line in your main.cf stating:

virtual_alias_maps = hash:/etc/postfix/virtual

This will cause postfix to look for two things in /etc/postfix/virtual when it gets an e-mail for you@example.com:

example.com        DOMAIN
you@example.com    freeweaver@gmail.example

The first is the domain in the left-hand side, and something in the right-hand side. (It doesn't really matter what, but I use DOMAIN in all caps.)

The second is the e-mail address in the left-hand side, and some destination(s) in the right-hand side. (You can specify more than one by separating with commas.)

Whenever you edit /etc/postfix/virtual, always remember to "postmap /etc/postfix/virtual" to rebuild its index.

The example.com DOMAIN entry is probably the one that's missing, since it isn't an obvious need: it could just go straight to a lookup for you@example.com and save you some time. Turns out that postfix lets you configure virtual_alias_domains separately from virtual_alias_maps, which can be handy if you have, say, an LDAP server in Tuvalu that doesn't need or want to be queried for every single message transiting your system on the off chance that hugh@jorgan.net is now a user.

_________________

/* TODO: need to add signature to posts */

Hi again hoopycat,



Yep, that was it and I would not have thought to add it. All mail now sent to any domain I have on this server is redirecting to the system user I have specified in /etc/postfix/virtual.

because of your help it is now working exactly as it should and everything is a little clearer. I owe you a beer!

Many thanks hoopycat

Nick

\o/

Yay beer!

_________________

/* TODO: need to add signature to posts */