Part 2: Install Dovecot IMAP server on Ubuntu &#038; Enable TLS Encryption

Thanx for the guide!

I can receive but I cannot send? Any clue what may cause it?

From mail log:

Feb  4 22:35:40 postfix/submission/smtpd[21672]: warning: database /etc/aliases.db is older than source file /etc/aliases
Feb  4 22:35:40 postfix/submission/smtpd[21672]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains
Feb  4 22:35:41 postfix/master[21332]: warning: process /usr/lib/postfix/sbin/smtpd pid 21672 exit status 1
Feb  4 22:35:41 postfix/master[21332]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling

As per this guide I have in my master.cf file:

 -o smtpd_relay_restrictions=permit_sasl_authenticated, reject
 -o smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject

So do not have idea why this fatal error is there … or maybe it is not that?

Any help would be apreciated …

Xiao Guoan (Admin)
1 year ago

There should be no space after the comma.
- Seba
  1 year ago
  
  Works like a charm!
  Thank you!

Alex
1 year ago

Hello there,

At this stage I can received but when try to send it always says: Timeout when setting up SSL/TLS.

The log file of the mail client shows:
11:24:28 C: STARTTLS
11:24:28 S: 454 4.7.0 TLS not available due to local problem
11:24:28 Error: Unexpected return code 454 (expected 220):
“4.7.0 TLS not available due to local problem”.
11:24:28 Error code: 2001
11:24:28 Failed action (0). Reset observed read/write timeouts: 8/8

Can someone help with?
- Xiao Guoan (Admin)
  1 year ago
  
  It’s likely that you have made a typo or something in the Postfix configuration file.
Alex
1 year ago

Hello Xiao & Thank You so much,
– You was right, I just redone the typing and it is now working but did not found where; I am now on way to part 3.
– Also on getting the Letsencrypt certificates you must disable the default virtual host of apache2 – “sudo a2dissite *default” – before enable your own. Otherwise it will fail every time you try to get the certificates.
—
Kindest Regards.
- Xiao Guoan (Admin)
  1 year ago
  
  Disabling the default virtual host is not a must, if you have correctly configured the mail.yourdomain.com virtual host. I have obtained numerous TLS certificates without disabling the default virtual host.
Alex
1 year ago
Hello there,
on “Obtaining TLS Certificate with Nginx Web Server” the syntax of
```
...
location ~ /.well-known/acme-challenge {
         allow all;
      }
...
```
the “~” is followed by a SPACE or by the SLASH ?
- Xiao Guoan (Admin)
  1 year ago
  
  It’s a space. The ~ in Nginx is a regular expression. It’s not the Linux ~ (home directory).
Alex
1 year ago

In the file “/etc/nginx/conf.d/mail.your-domain.com.conf”,
the line “root /var/www/mail.your-domain.com/;” move the nginx server from “Welcome to nginx!” to “403 Forbidden”,
meaning when the line is comment with “#” the server answer with “Welcome to nginx!” and when the line is uncomment the server answer with “403 Forbidden”.

Any clue why?
- Xiao Guoan (Admin)
  1 year ago
  
  This is not important in part 2. Follow my Roundcube tutorial to install a webmail client, then you will be able to login from webmail client at https://mail.your-domain.com.

Alex

Hello Xiao,

I follow this ‘IT Security Guidelines for Transport Layer Security
(TLS)’ from NCSC-NL, guideline B2-1 to B2-4 and table 2, 4, 6 and 7 (in
English) witch is considered here one of the best guides to cyber
security.
The website is :
[https://english.ncsc.nl/publications/publications/2019/juni/01/it-security-guidelines-for-transport-layer-security-tls]

The test tool is : “internet.nl”

About my installation they say on Ciphers (Algorithm selections) this:

•••••••••••••••••••••••••
Technical details:
Mail server (MX): mail.digitalblueprint.eu.
First found affected cipher: DHE-RSA-SEED-SHA
Status: phase out
•••••••••••••••••••••••••
At least one of your mail servers supports one or more ciphers that have
a phase out status, because they are known to be fragile and are at risk
of becoming insufficiently secure.

Is there any way to unused phased out Ciphers?

—
Kindest Regards,
Alex

Xiao Guoan (Admin)

You can add the following lines in Postfix main configuration file to improve the security of TLS connection.

#Enforce high grade TLS ciphers
smtpd_tls_ciphers = high
smtpd_tls_mandatory_ciphers = high

#Exclude non-secure ciphers
smtpd_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtpd_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL

#Disable client-initiated renegotiation to prevent DoS attacks inside a TLS connection
tls_ssl_options = 0x40000000

#Enable server cipher-suite preferences
tls_preempt_cipherlist = yes

However, don’t be obsessed with TLS for SMTP and IMAP servers. If you are too strict about TLS, then there will be SMTP clients that can’t establish TLS connection with your SMTP server.

Dejan Zivanov
1 year ago

Hi i am having currently problem with the setting up my account via Thunderbird for start. I went three times over all three tutorials but something is always not working, i think i am maybe wonky with my fingers or whatever. But here we go, third time is the charm. So, at the moment i am at this stage(2nd).

And when i am trying to connect via Thunderbird, what password should i use?
Because we never created that during first 2 tutorials.

Should i use password that i am using to connect via terminal?
- Xiao Guoan (Admin)
  1 year ago
  
  The first two parts use local Unix accounts as email addresses. For example, if you have a user called dejan on your Ubuntu server, then you have an email address: [email protected], and the password for the email address is the same password for the dejan user.
  - Dejan Zivanov
    1 year ago
    
    Thank you, i managed to login via THunderbird, but at the moment i am getting this error(in var/logs) dovecot: imap(contact): Error: Failed to autocreate mailbox Trash: Permission denied
    
    Not sure what could be cause of this problem
david
1 year ago

please note that (at this date: 28/03/2020) in my machine: ubuntu 18.04.3 , the file: /etc/dovecot/conf.d/10-master.conf had the ports commented out, this resulted in the ports being “closed” when scanned from the outside
Other tan that, great job, I cant say wether all of this is needed to set it up in a “simple” way but anyway thanks 🙂
Quang Mai
1 year ago

Hi Xiao,

I have another issues with the Thunderbird setup account:
I checked all the Q&A above in the thread and I understand that the [email protected] as the UNIX root and password. Do you have any solutions? How do I create a second: [email protected] to check it? Thanks so much.
- Xiao Guoan (Admin)
  1 year ago
  To create another email address, simply create another Unix user account on your Ubuntu server.
```
sudo adduser user2
```
  Part 3 will show you how to create virtual users.
Neil
1 year ago

Hello,

Loving my setup… Thanks – I have followed all the way through (all 8ish parts).
I have run into one Challenge post setup, and this is confusing me.
Firstly… worth noting – Your setup is working!!!
It is working for all devices apart from an OLD Samsung Tab 2 failed the setup.
I have put this current challenge on this page as I think it could be the TLS SSL min protocols being part of the problem. But I don’t really want to tinker as I don’t know why you suggested these protocols. – Any suggestions as to what could be causing 1 old device to not work.
The device also doesn’t allow STARTTLS , so tried every option and none worked.

Also – feature request – PUSH messages, I would like to use this account for messages but the 15 mins or so i have to wait for IOS messages feels like an eternity . I have been searching and it appears you have to pay for Apple notification service? Feels bonkers!
neutek-narco
1 year ago

Thank you!

I had to use this command to get past 404 errors with certbot

certbot certonly –agree-tos –expand –authenticator webroot –installer apache -d mail.domain.org –webroot-path /var/www/mail.domain.org/
Ken Wright
1 year ago

Having a problem here. I’ve run the Postfix instructions in Part 2, but when I check systemctl status postfix it says postfix is “active (exited). Does this mean Postfix isn’t running? What have I done wrong?
- Xiao Guoan (Admin)
  1 year ago
  This is normal, because the Postfix systemd service is a oneshot service. Postfix will run the master process after the main Postfix exits. If you run the following command, you can verify if Postfix master process if running.
```
sudo netstat -lnpt | grep master
```
  Output:
```
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      1200577/master      
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      1200577/master      
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      1200577/master      
tcp6       0      0 :::587                  :::*                    LISTEN      1200577/master      
tcp6       0      0 :::465                  :::*                    LISTEN      1200577/master      
tcp6       0      0 :::25                   :::*                    LISTEN      1200577/master    
```
  As you can see, the Postfix master process is listening on port 587, 465 and 25 on my mail server.
  
  The dovecot systemd service is a simple service, so you will see “active(running)” instead of “active(exited)”.
Ken Wright
1 year ago

That’s not what I get. I don’t see 587 or 465 listed when I run the above command. Any ideas?
Ken Wright
1 year ago

Found the problem! I had missed an underline character in /etc/postfix/main.cf. Once I fixed that and reloaded Postfix, everything fell into place.
Steinar
1 year ago

I have already postfix installed as a sendonly SMTP server using your other guide. I want to be able to also send from desktop client. Do I need to install dovecot to be able to communicate with Postfix? If so, are there other steps I can omit from this guide when I don’t need to receive email?
- Xiao Guoan (Admin)
  1 year ago
  
  Why do you want to manually send emails from a desktop email client, but don’t want to receive reply email from the recipient?
  - Steinar
    1 year ago
    
    The reply goes to another email server (Gmail). I can’t send mail from that server.
- Xiao Guoan (Admin)
  1 year ago
  
  That’s not a good practice.
Steinar
1 year ago

Hmm really? So my wordpress server is sending out emails. Sometimes I need to write a custom email.
Another server is taking care of incoming mail.
Do you mean that you send only postfix server guide shouldn’t be combined with an external mail server for incoming and other email?
I can also send mail from the other server, but not in this case (my colleague is in China, where gmail is blocked so can’t send out email).
Thanks.
- Xiao Guoan (Admin)
  1 year ago
  
  I mean if you send an email from your own domain, but the reply email goes to a free third-party email service like gmail, that will trigger some spam filters. Why not receive reply emails on your own domain?
  - Steinar
    1 year ago
    
    I do receive emails to my own domains. GSuite (gmail) is setup for incoming mail to mydomain.com. The wordpress server is not connected to Gsuite and sending with Postfix. I though from your-send only Postfix guide that this was a ok setup?
- Xiao Guoan (Admin)
  1 year ago
  
  Ok. I understand now. Simply follow the instructions in this article and you will be able to use desktop email client. Note that inet_interfaces should be set to all in the /etc/postfix/main.cf file.
Steinar
1 year ago

Thanks, so you mean I do need dovecot even when I will not receive mail?
- Xiao Guoan (Admin)
  1 year ago
  
  Mozilla Thunderbird, and also other mail clients I think, will not allow you to log into your mail server or send emails if there’s no IMAP/POP3 server running.
Steinar
1 year ago

Ok, I see. I thought the separate settings in thunderbird etc for smtp server was connecting directly to postfix, but I guess that’s also dovecot than.
Victor Kulibaba
1 year ago
Hi Xiao, thank you for the awesome guide!
I keep to fail at the last step (configuring Thunderbird). It always shows error box that IMAP server doesn’t allow choosen authentication method.
I checked nmap for srv.kulibaba.site and it seems that all necessary ports are open.
Also dovecot is running fine:
```
● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-05-10 21:01:19 MSK; 1h 7min ago
     Docs: man:dovecot(1)
           http://wiki2.dovecot.org/
  Process: 15947 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
  Process: 16148 ExecReload=/usr/bin/doveadm reload (code=exited, status=0/SUCCESS)
  Process: 15986 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS)
 Main PID: 15990 (dovecot)
   CGroup: /system.slice/dovecot.service
           ├─15990 /usr/sbin/dovecot
           ├─15993 dovecot/anvil
           └─16151 dovecot/log

May 10 21:41:47 srv.kulibaba.site dovecot[16151]: imap-login: Disconnected (no auth attempts in 0 s
ecs): user=, rip=185.48.37.80, lip=194.58.119.56, TLS: SSL_read() failed: error:14094412:SSL rout
ines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=
```
In the log part you can see the error I get.
When I created let’s encrypt certificate for srv.kulibaba.site I also added –must-staple option, that’s probably the only thing I did “against” your guide…
I also tried to tweak Thunderbird changing general.useragent.compatMode.firefox to True, though it didn’t help. Neither choosing oAuth2 as auth method helped. My next concern is ssl = required in 10-ssl.conf, but at this point I decided to refer to the source, making this comment.
Btw, initially if my hostname and MX record is srv.kulibaba.site, was it right to create virtual nginx host and issue certificate using this name instead of “mail.kulibaba.site”?
- Victor Kulibaba
  1 year ago
  
  Seems like I managed to resolve the issue by setting:
  security.ssl.enable_ocsp_must_staple = false
  in Thunderbird config editor
- Xiao Guoan (Admin)
  1 year ago
  
  Postfix and Dovecot don’t support OCSP stapling. If you add --must-staple to your TLS certificate, then mail clients (Thunderbird) would refuse to connect. I didn’t test it, but other SMTP servers are probably not able to establish secure TLS connection with your Postfix SMTP server.
  
  So I recommend obtaining a new TLS certificate for your hostname (srv.kulibaba.site) without using --must-staple.
  - Alex
    1 year ago
    
    On ubuntu 20.04LTS “ssl_min_protocol = TLSv1.3” is not supported and we need to upgrade to at least dovecot 2.8
    
    Can you help with ?
    - Xiao Guoan (Admin)
      1 year ago
      
      The latest stable version of Dovecot is 2.3.
      
      Don’t be obsessed with using the latest cutting-edge TLS settings. That’s why you get TLS errors in your mail log. TLSv1.2 is secure enough.
Victor Kulibaba
1 year ago

Hi Xiao, at the beginning of the guide you wrote: “You need to have an Nginx virtual host for mail.your-domain.com before obtaining Let’s Encrypt TLS certificate”.

This is probably not true, I just need the certificate and see no reason in creating root folder and granting access to www-data. So I used certbot “certonly” option and configured nginx to make MX url forbidden (return 403). It seems to work fine. Do you see any problem with that?
- Xiao Guoan (Admin)
  1 year ago
  
  Creating a virtual host is not a must if you have a default Nginx virtual host. There’s no problem with your method. However, you need to create a dedicated Nginx virtual host if you want to install Roundcube webmail later.
  - Alex
    1 year ago
    
    On Obtaining TLS Certificate with Nginx Web Server for ubuntu 20.04LTS I get the following error:
    
    “AttributeError: module ‘acme.challenges’ has no attribute ‘TLSSNI01′”
    
    Any clue on how to resolve this?
    - Xiao Guoan (Admin)
      1 year ago
      
      If you see the following error while trying to obtain TLS certificate on Ubuntu 20.04
      
      module 'acme.challenges' has no attribute 'TLSSNI01'
      
      You need to edit a config file.
      
      sudo nano /usr/lib/python3/dist-packages/certbot_nginx/configurator.py
      
      Change
      
      return [challenges.HTTP01, challenges.TLSSNI01]
      
      to:
      
      return [challenges.HTTP01]
      
      Save and close the file. Then run the certbot command again to obtain TLS certificate.
Laurentiu
1 year ago

Hello Xiao,

thank you for your very good tutorial. I successfully installed an email server using it. All good, but one point.

We have an ERP application which should send emails, but I cannot connect it to my email server. Not sure if I a missing some options of if I am inputing somethin wrong.

So I have:
outgoing mail server: mail.mydomain.com
port: 25
encryption: TLS

error: could not connect to SMTP host.
I tested with SMTP authentication (just took one created email address, not sure if I need another SMTP account..), I also tried without authentication.

Can you please give some insight?

Thank you!
- Xiao Guoan (Admin)
  1 year ago
  
  You should use port 587.
  - Laurentiu
    1 year ago
    
    Tahnk you.
    Using port 587 I am a step closer. Same error if trying to connect to mail.domain.com but working if connecting to internal server IP.
    Tested without SMTP auth (this is correct)?
    New error on test email:
    
    Mailer Error: Language string failed to load: tls The following From address failed: [email protected] Called Mail() without being connected
    
    Can you please help with this error?
    
    Thank you!
- Xiao Guoan (Admin)
  1 year ago
  
  You should enable SMTP auth (enter an email address and password) on port 587.

Veelst

really very nice and awesome tut! thanks for ur work

im trying to install mailserver for only local use, i have my own local dns server (bind9) and have mx record and stuff for my mail server, obv i cant use Let’s Encrypt, so im using openssl instead, followed to this part, i think everything’s fine

i can login using thunderbird in my laptop fine, it auto detect my settings, i try to send test email to myself (or another local account), i see the mail in sent folders but i receive nothing in inbox.

i see this in the /var/log/mail.log

May 23 12:58:34 tsun postfix/submission/smtpd[2723]: connect from unknown[192.168.7.17]
May 23 12:58:34 tsun postfix/submission/smtpd[2723]: Anonymous TLS connection established from unknown[192.168.7.17]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
May 23 12:58:34 tsun postfix/submission/smtpd[2723]: CC429802AE: client=unknown[192.168.7.17], sasl_method=PLAIN, sasl_username=veelst
May 23 12:58:34 tsun postfix/cleanup[2728]: CC429802AE: message-id=
May 23 12:58:34 tsun postfix/qmgr[2556]: CC429802AE: from=, size=576, nrcpt=1 (queue active)
May 23 12:58:34 tsun postfix/submission/smtpd[2723]: disconnect from unknown[192.168.7.17] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
May 23 12:58:34 tsun postfix/smtp[2729]: CC429802AE: to=, relay=none, delay=0.07, delays=0.06/0.01/0/0, dsn=5.4.6, status=bounced (mail for tsun.net loops back to myself)
May 23 12:58:34 tsun postfix/cleanup[2728]: EBED4802C6: message-id=
May 23 12:58:35 tsun postfix/bounce[2730]: CC429802AE: sender non-delivery notification: EBED4802C6
May 23 12:58:35 tsun postfix/qmgr[2556]: EBED4802C6: from=, size=2417, nrcpt=1 (queue active)
May 23 12:58:35 tsun postfix/qmgr[2556]: CC429802AE: removed
May 23 12:58:35 tsun dovecot: imap(veelst): Logged out in=544 out=708 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
May 23 12:58:35 tsun postfix/smtp[2729]: EBED4802C6: to=, relay=none, delay=0.04, delays=0.04/0/0/0, dsn=5.4.6, status=bounced (mail for tsun.net loops back to myself)
May 23 12:58:35 tsun postfix/qmgr[2556]: EBED4802C6: removed

i dont know where im going wrong, help is much appreciated!
thanks!

Veelst
1 year ago

for some reasons i see the reply is posted “4 seconds ago” and it been days lol
anyway, solved my problem thanks!

Mysterion
1 year ago

Hi, thanks for the great tutorial!

What if Postfix and dovecot are running on separate servers like smtp.example.com and imap.example.com? How to configure LMTP?
- Xiao Guoan (Admin)
  1 year ago
  Edit the Dovecot 10-master.conf file.
```
sudo nano /etc/dovecot/conf.d/10-master.conf
```
  When Postfix and Dovecot are running on separte servers, you need to make LMTP service listen on TCP socket. Change the lmtp service definition to the following.
```
service lmtp {

 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   mode = 0600
   user = postfix
   group = postfix
  }

  inet_listener lmtp {
    address = 10.10.10.2
    port = 2424
  }

}
```
  LMTP should be used in a local LAN and not be visible to the Internet, so you should use a private IP address for the inet_listener. Replace 10.10.10.2 with your own private IP address. If your SMTP server and IMAP server are not in the same LAN, you can use wireguard to create a virtual private network.
  
  Save and close the file. Then restart Dovecot.
```
sudo systemctl restart dovecot
```
  Next, edit the Postfix main configuration file on the other server.
```
sudo nano /etc/postfix/main.cf
```
  Add the following lines at the end of the file. The first line tells Postfix to deliver emails to local message store via the dovecot LMTP server listening on 10.10.10.2:2424. The second line disables SMTPUTF8 in Postfix, because Dovecot-LMTP doesn’t support this email extension.
```
mailbox_transport = lmtp:inet:10.10.10.2:2424
smtputf8_enable = no
```
  Save and close the file. restart Postfix.
```
sudo systemctl restart postfix
```
ivan006
1 year ago

outbox/drafts etc not creating automatically:

When i set the 15-mailboxes.conf to create boxes automatically, then create a user with “sudo adduser user1” and then add it to thunder bird thunderbird only contains the inbox and nothing else (which confuses it when it tries to save sent mails to outbox etc)

“`

mailbox Junk {
auto = create
special_use = \Junk
}
mailbox Trash {
auto = create
special_use = \Trash
}

# For \Sent mailboxes there are two widely used names. We’ll mark both of
# them as \Sent. User typically deletes one of them if duplicates are created.
mailbox Sent {
auto = create
special_use = \Sent
}
mailbox “Sent Messages” {
special_use = \Sent
}
“`
- Xiao Guoan (Admin)
  1 year ago
  
  The “Sent” folder will be automatically created when you send the first email. The “Trash” folder will be automatically created when you delete an email, etc.
Ross
1 year ago

Huge thanks for creating and maintaining this guide!

Everything is working happily for me… except the Microsoft Mail App (on Windows 10) which, no mater what I’ve tried, proclaims “Untrusted certificate”.

The cert is configured in /etc/dovecot/conf.d/10-ssl.conf
Another client I’ve tried (GMail on Android) doesn’t complain about the cert.
I’ve configured the MS Mail App to use mail. names for the incoming and outgoing servers and used the suggested ports of 143 and 587 (which default to imap.:993 for incoming and smtpauths.:25 for outgoing)
I almost wonder if despite the settings it’s still expecting to see imap. and smtpauths. listed in the cert or some other stupidity… it really gives me no detailed error information to go on.
I’ve sworn at it repeatedly and cursed windows 10 many times

I can ignore the “untrusted certificate” warning and everything appears happy – of course then once the cert gets renewed the windows mail app just silently stops syncing because the force-accepted cert no longer matches the retrieved cert and i have to remove the account(s), re-add them, and ignore the untrusted cert issue again because MS.

At this point I don’t think the problem is on the linux postfix/dovecot side, HOWEVER, I did experience my gmail client silently stop syncing too – until today when i was fiddling with my linux configs again when the gmail app suddenly started syncing my mail again.

If I can’t get this figured out I guess I’ll have to setup a daily cron to flick an email at me as a canary and go through the remove/re-add account process when the daily mails stop due to the cert being refreshed… I’d really like to solve this problem correctly though and have confidence that I’m not missing important mails.

Thanks again! Sorry for getting long winded here.
Tim
1 year ago

Thank you so very much!

This is by far the most helpful tutorial about anything that I have ever read, for so many reasons.

Cheers!
Akarshit Waal
1 year ago

Hey! Great article. I have one doubt. I have a client send me a mail on port 25(which I cannot change). After following the first part, the client was able to send the mail on 25 and I was able to receive it.
After the 2nd part postfix was not listening to port 25.
I found out that `smtp inet n – y – 1 postscreen` line was commented in master.cf. I uncommented it and now I see it listening to port 25, but when the client tried to send a mail, he get’s no response and the request is just pending. Any idea what could be missing?
- Xiao Guoan (Admin)
  1 year ago
  
  If you want to enable Postscreen, please read this article: Enable and Configure Postscreen in Postfix to Block Spambots
- Xiao Guoan (Admin)
  1 year ago
  If you cat the /etc/postfix/master.cf file and paste it here, I might be able to troubleshoot your problem.
```
cat /etc/postfix/master.cf
```
  Also check your mail log file (/var/log/mail.log), it might give you some clues.
ivan006
1 year ago

Where does postfix (or dovecot) even store these emails please?
- Xiao Guoan (Admin)
  1 year ago
  
  If you are using virtual mailbox (PostfixAdmin), the emails are stored in /var/vmail/yourdomain.com/username.
  If you are not using virtual mailbox, the emails are stored under ~/Maildir (The Maildir subdirectory under each user’s home directory.)
  - ivan006
    1 year ago
    
    Much appreciated
    - ivan006
      1 year ago
      
      im not using virtual mailbox. Is it “/root/Maildir/new”? “/root/Maildir” has no other loose files and its other subdirectories ae empty. Anyway if it is “/root/Maildir/new” I see there are files in there but nothing after the 13 (this month) but i have sent many emails why is this? how is this even working?
    - ivan006
      1 year ago
      
      oh i see its in
      /home/plefort/Maildir
- ivan006
  1 year ago
  
  One more question. When i add my custom email account to gmail it doesnt save my sent emails to the sent folder. any thoughts?
  - ivan006
    1 year ago
    
    is it because its using pop conventions, and so doesnt care about server storage, and so wont save anything to the server?
- Xiao Guoan (Admin)
  1 year ago
  
  I’m not sure what you mean by “add my custom email account to gmail”.
Insignia
1 year ago
Hello,

First, thank you for the detailed tutorial on setting up an email server with Ubuntu!
I’ve also followed the RoundCube tutorial (And the Postfix tutorial)from you and setup everything properly, but there seems to be an obstacle that prevents me from using Roundcube.

Logging in to Roundcube works perfectly fine, but sending and receiving emails cannot be done.
When using my email to test the server, I get a “Mail Undeliverable” message with the following error:
```
:host
mail.domain.com [private/dovecot-lmtp] said: 550 5.1.1
 user does not exist:
[email protected] (in Reply to RCPT TO command)
```
So the mail server cannot receive email.

Sending email using the Roundcube does nothing. After I compose a test email and click send, Roundcube would keep loading with no progress until I get an error that says “Request timed out”

What can I do to resolve this? Any leads would be appreciated, thank you!
- Insignia
  1 year ago
  Looks like some information was omitted for some reason, here is the actual error message I get from trying to send an email to my mail server:
```
([email protected]):host
mail.domain.com [private/dovecot-lmtp] said: 550 5.1.1
([email protected]) user does not exist:
[email protected] (in Reply to RCPT TO command)
```
Insignia
1 year ago
Okay so now I can receive emails in the server. There is a minor change that I need to do in
```
etc/dovecot/conf.d/10-auth.conf
```
I had to modify this line to include %Ln
```
auth_username_format = %Ln
```
This fixed the issue of not being able to receive emails in the mail server. But the problem of sending emails still persists. The Roundcube just loads indefinitely until the request timed out.
- Xiao Guoan (Admin)
  1 year ago
  
  If you encounter errors with Roundcube, you can check the error logs at /var/log/apache2/roundcube_error.log (if you are using Apache), or /var/log/nginx/roundcube.error (if you are using Nginx.)
  - Insignia
    1 year ago
    
    Thank you for this guide! It’s been very thorough and helpful
- Insignia
  1 year ago
  
  Nevermind, the issue has been resolved. I checked /var/log/mail.log and found out where the issue is. There was a typo (my bad lol) in master.cf file. After I fixed that one typo, and restarted the service, Roundcube can send and receive emails without problem.
Hironori
1 year ago

Hi, Xiao. Thank you for helpful tutorials so much!! And I can’t send & recieve mail until this stage. mail.log says
mail postfix/lmtp[3305]:: to=, relay=mail.example.com[private/dovecot-lmtp], delay=0.14, delays=0.09/0.01/0.02/0.02, dsn=5.1.1, status=bounced (host mail.example.com[private/dovecot-lmtp] said: 550 5.1.1 User doesn’t exist: [email protected] (in reply to RCPT TO command))
Any ideas? thanks
- Xiao Guoan (Admin)
  1 year ago
  Perhaps your email address is in lower case, but you used upper case when you send the email. You can edit the /etc/dovecot/conf.d/10-auth.conf file and change the auth_username_format to
```
auth_username_format = %Ln
```
  So dovecot would lowercase the username. Restart Dovecot.
```
sudo systemctl restart dovecot
```
  - Alex
    1 year ago
    
    Hello there,
    
    After installing Dovecot on ubuntu 20.04LTS i found out that dovecot 2.3.7.2 does not work with SSL1.3. So I need to update Dovecot to at least the version 2.3.8 or to the stable version 2.4
    
    Can you help with?
    - Xiao Guoan (Admin)
      1 year ago
      
      The latest stable version of Dovecot is 2.3.
      
      Don’t be obsessed with using the latest cutting-edge TLS settings. That’s why you get TLS errors in your mail log. TLSv1.2 is secure enough.
Brad
1 year ago

I concur this is an AMAZING write-up, thank you. I have several gsuite accounts and am trying to migrate one over to my local MX. Like a few others, I’ve completed the setup, triple checked your instructions, confirmed that there are no postfix or dovecot errors, yet can only send messages, but not receive any. Now, if I send a message from the domain I migrated, [email protected] to [email protected] it appears in my inbox. If I send from [email protected] to [email protected] – it also WORKS, but if I send from [email protected] to [email protected] the message never arrives in my Inbox. (18.04, Dovecot v. 2.3.10.1)
Thank you.
- Xiao Guoan (Admin)
  1 year ago
  
  If there are no errors in mail log (/var/log/mail.log) after sending emails from gmail to your domain address. It could be:
  
  1.) Your MX record is wrong, or the MX hostname doesn’t have an IP address.
  
  2.) Port 25 (inbound) is closed.
  - Brad
    1 year ago
    
    Awesome. Port 25 was the issue; I’m 100%. I appreciate the article and the prompt response.
Alex
1 year ago

Hello there,

my mail log have a lot of this

SSL_accept error from st43p00im-ztfb10063301.me.com[17.58.63.179]: -1
Jul 7 16:44:01 www postfix/smtpd[66273]: warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:1685

What can be this? On their side or on my side?

Thank You
- Xiao Guoan (Admin)
  1 year ago
  
  Don’t be obsessed with using the latest cutting-edge TLS settings. That’s why you get TLS errors in your mail log.
Dave
1 year ago

One other thing, I saw this message in mail.log:
‘mail dovecot: config: Warning: please set ssl_dh= /etc/dovecot/dh.pem’
After executing the suggested command, I didn’t see that message again…
HTH and thanks for your work on this how-to 🙂
Dave
1 year ago

Last suggestion: I always found it complicated and error-prone to get a Letsencrypt certificate via the method you recommend (which is the method commonly adopted in how-to’s on the Web). Instead, I prefer to stop the Web server and use the following command, which works without hassle every time:

certbot certonly –standalone –preferred-challenges http -d example.com -d www.example.com

(obviously, you have to replace ‘example.com’ with your own domain.) Then I respond to the prompts for a mail address and permission to be contacted by EFF and restart the Web server. I prefer to do certificate renewals in the same way…
- Xiao Guoan (Admin)
  1 year ago
  
  You have to stop your web server again when you renew TLS certificate. (every 90 days)
  
  If it’s not working, you have done something wrong. If you paste the error message when obtaining TLS certificate, perhaps I can help.
  - Dave
    1 year ago
    
    I have my certificates, and they’re working fine… I think you missed the point of what I was saying… 😉
    Personally, I find that ‘certbot certonly –standalone’ with the Web server temporarily shut down is a lot less hassle than being obliged to set up the vhosts first and satisfy all the constraints of using the nginx/apache2 plugins…
Pawel
1 year ago

after running sudo netstat -lntp | dovecot I am getting the following error message:
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 14: ssl_cert: Can’t open file /etc/letsencrypt/live/mail.lobap.ca/fullchain.pem: Permission denied
Any suggestion on how to fix it, please.
- Xiao Guoan (Admin)
  1 year ago
  The correct command is
```
sudo netstat -lnpt | grep dovecot
```
tito
12 months ago

Hi, hope to save me. Everything is perfect until this command UbuntuServer 20.04.
“sudo add-apt-repository ppa:certbot/certbot”

E: The repository ‘http://ppa.launchpad.net/certbot/certbot/ubuntu focal Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I can´t install TLS Certificate. the port 443 does not open “attach picture”
I opened the ports by firewall UFW and I call my isp and all port are open. can you help me?
- Xiao Guoan (Admin)
  12 months ago
  Certbot doesn’t have a PPA for Ubuntu 20.04. Remove it with:
```
sudo add-apt-repository --remove ppa:certbot/certbot
```
  Install certbot from the default software repository.
```
sudo apt update
sudo apt install certbot
```
Alex Xia
12 months ago

Hello Guo an,
When I send an email to my gmail account, there is a red lock on gmail which means that my email is not encrypted. However, my TLS letsencrypt connection is working so I don’t know what the problem is. How do I get rid of the red lock?
- Xiao Guoan (Admin)
  12 months ago
  Maybe you forgot to add the following lines in /etc/postfix/main.cf file?
```
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
```
  - Alex Xia
    11 months ago
    Found the problem!
    It turns out that my postfix had enabled a PIX workaround “disable esmtp” which for some reason downgraded the connection to a HELO connection to Google.
    I had the following line in my mail.log file:
    
    enabling PIX workarounds: disable_esmtp delay_dotcrlf for gmail-smtp-in.l.google.com
    
    This problem was fixed when I added the following line in my main.cf file:
    
    smtp_pix_workarounds = delay_dotcrlf
Sherratt
12 months ago

Absolutely great guide. Life-saver!
IMRON HS
12 months ago
When I try this step:
```
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d mail.your-domain.com
```
I got error message like attach file, can you help me Xiao?
- Xiao Guoan (Admin)
  12 months ago
  
  Add DNS A record for email.vanhussen.net
  - jade
    10 months ago
    
    I’m getting the same error, even though I have created an A record in my dns
    - Xiao Guoan (Admin)
      10 months ago
      
      Can’t find the A record of your hostname on dnsmap.io: https://dnsmap.io/#A/mail.nerdcomputers.net
      
      Ask you domain registrar to find out why the A record doesn’t propagate to the Internet.
Robert Herzog
11 months ago

My Ubuntu 20.04 did not allow incoming traffic, while I explicitly have given ufw allow 25
In postfix main.cf file, I changed inet_interfaces from 127.0.0.1 to 0.0.0.0
If I understand well, the postfix installation that preexisted on my rented server was looking only at localserver for email. Probably kind of a countermeasure to prevent newly installed servers from accepting-relaying smap if postfix is not properly configured…
Robert
- Xiao Guoan (Admin)
  11 months ago
  Edit /etc/postfix/main.cf file and change the value of inet_interfaces to all.
```
inet_interfaces = all
```
  Then restart Postfix.
Herzog Albert
11 months ago

Thanks ! This is indeed what I tried and it cured the issue.
Robert
Joseph
11 months ago
I keep getting the following error when trying to obtain a TLS certificate. I definitely have an A record on my godaddy domain page that leads to the server IP address. Is there anything else that could be causing this?
```
   Domain: mail.domainname.online
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up A for
   mail.josephngechu.online - check that a DNS record exists for this
   domain
```
- Xiao Guoan (Admin)
  11 months ago
  
  I can’t find the A record for mail.josephngechu.online. https://dnsmap.io/#A/mail.josephngechu.online
- Hector Garcia
  11 months ago
  Hello,
  
  Great guide. I’m getting this error when installing the certbot certificate:
```
 - The following errors were reported by the server:

   Domain: mail.lunitacrafts.com
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up A for
   mail.lunitacrafts.com - check that a DNS record exists for this
   domain
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
```
  It didn’t show up on dnsmap.io so i contacted namecheap and they told me (for the A and AAAA records) to get rid of the domain in the host field so to only have it as “mail”. It showed up on dnsmap.io but then i got this error:
```
 - The following errors were reported by the server:

   Domain: mail.lunitacrafts.com
   Type:   unauthorized
   Detail: Invalid response from
   http://mail.lunitacrafts.com/.well-known/acme-challenge/IRyYyYc_boEZJ7CPXEdRJQPHB7LoipSFbqzO30jt_dQ
   [2607:5501:3000:1141::2]: "\n\n404 Not
   Found\n\nNot Found\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
```
  Your help fixing this would be much appreciated.
  - Xiao Guoan (Admin)
    11 months ago
    
    Can’t find your A or AAAA record on dnsmap.io.
    - Hector Garcia
      11 months ago
      
      Sorry i left it with the broken records to see the error message. It now gives me this error message when i run the certbot certificate. I checked the IPv4 and v6 I entered and they’re correct.
      
      Domain: mail.lunitacrafts.com
      Type: unauthorized
      Detail: Invalid response from
      http://mail.lunitacrafts.com/.well-known/acme-challenge/MNUHdMy9MMeKL8fe5KOEecoCDaLkUFDJMV_lESlhckc
      [2607:5501:3000:1141::2]: “\n\n404 Not<br /> Found\n\n
      
      Not Found
      
      \n<p"
      
      To fix these errors, please make sure that your domain name was
      entered correctly and the DNS A/AAAA record(s) for that domain
      contain(s) the right IP address.
  - Xiao Guoan (Admin)
    11 months ago
    It seems a firewall is blocking http/https requests to your mail server.
    
    You need to open the following TCP ports on your mail server.
    
    25,80,443,587,465,143,993

Robert J

Hello. I am having issues with getting incoming mail working. I keep getting the error below when a mail server tries to connect to me:

Sep  2 21:03:45 lucy postfix/smtpd[308599]: warning: SASL: Connect to /var/spool/postfix/private/auth failed: No such file or directory
Sep  2 21:03:45 lucy postfix/smtpd[308599]: fatal: no SASL authentication mechanisms

The file definitely exists with what look like the correct permissions:

[email protected]:/etc/dovecot# ls -la /var/spool/postfix/private/auth
srw-rw---- 1 postfix postfix 0 Sep  2 21:03 /var/spool/postfix/private/auth

And here is my config excerpt from dovecot’s 10-master.conf:

service auth {                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    # Postfix smtp-auth                                                                                                                                                                                                                                                                                           unix_listener /var/spool/postfix/private/auth {
    mode = 0660                                                                                                                                                                                                                                                                                                   user = postfix                                                                                                                                                                                                                                                                                                group = postfix                                                                                                                                                                                                                                                                                             }                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     }

I am at a loss to what the problem could be. I am using Ubuntu 20.04 LTS.

Xiao Guoan (Admin)
11 months ago

It looks like you changed the submission service in the /etc/postfix/master.cf file.

Thomas
11 months ago

Besides configuring dovecot’s mailbox, postfix also needs to be configured; which is missing in this tutorial:

sudo postconf -e “home_mailbox = Maildir/”
- Xiao Guoan (Admin)
  11 months ago
  Unless you didn’t configure LMTP as told in this article.
  
  The home_mailbox parameter is used by Postifx’s local delivery agent. After configuring LMTP, Postfix will not use its own local delivery agent, but pass incoming emails to Dovecot via LMTP protocol, which is effected by the following setting. Postfix doesn’t care which mailbox format you are going to use.
```
mailbox_transport = lmtp:unix:private/dovecot-lmtp
```
  - Thomas
    11 months ago
    
    Yes, thanks for the hint. I did miss the service lmtp configuration part. Thus, I ultimately ran into another issue, I just was able to solve. (dovecot-lmtp: No such file or directory) Thanks for the lesson! Your tutorial is great and our Email-SRV is up and running flawlessly. (A bit slow, but at least it works for now)

prad

Hi Xiao,
I attempted to redo the setup from the start and I’m now stuck – after configuring thunderbird and trying to send an email – I’m getting the following error :

Sending of the message failed.
An error occurred while sending mail: Unable to establish a secure link with Outgoing server (SMTP) mail.thevadasan.com using STARTTLS since it doesn't advertise that feature. Switch off STARTTLS for that server or contact your service provider.

I’m assuming it is listening on port 587:

[email protected]:~$ sudo netstat -lnpt | grep master
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      15523/master        
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1292/nginx: master  
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      15523/master        
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      15523/master        
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1292/nginx: master  
tcp6       0      0 :::587                  :::*                    LISTEN      15523/master        
tcp6       0      0 :::80                   :::*                    LISTEN      1292/nginx: master  
tcp6       0      0 :::465                  :::*                    LISTEN      15523/master        
tcp6       0      0 :::25                   :::*                    LISTEN      15523/master        
tcp6       0      0 :::443                  :::*                    LISTEN      1292/nginx: master

Xiao Guoan (Admin)

Your submission service on port 587 advertises STARTTLS. Always check the mail log (/var/log/mail.log) when something went wrong.

prad

I’m getting some errors on the RSA keys, from the priv.key – i’ve checked that the file exists. I’m not sure how to interpret this –

Sep 13 14:14:16 mail postfix/submission/smtpd[9866]: warning: cannot get RSA private key from file "/etc/letsencrypt/live/mail.thev>
Sep 13 14:14:16 mail postfix/submission/smtpd[9866]: warning: TLS library problem: error:02001002:system library:fopen:No such file>
Sep 13 14:14:16 mail postfix/submission/smtpd[9866]: warning: TLS library problem: error:20074002:BIO routines:file_ctrl:system lib>
Sep 13 14:14:16 mail postfix/submission/smtpd[9866]: warning: TLS library problem: error:140B0002:SSL routines:SSL_CTX_use_PrivateK>
Sep 13 14:14:20 mail postfix/submission/smtpd[9866]: warning: hostname client-2a0d-7c40-3000-b8b--3.hostwindsdns.com does not resol>
Sep 13 14:14:20 mail postfix/submission/smtpd[9866]: connect from unknown[2a0d:7c40:3000:b8b::3]

Xiao Guoan (Admin)
11 months ago
It seems you didn’t correctly enter the path for your TLS private key in /etc/postfix/main.cf file. The path is not complete.
```
/etc/letsencrypt/live/mail.thev
```
- prad
  11 months ago
  
  yes, you’re correct there was an error with the path. I had a typo on privkey.pem

Danny

10 months ago

Thanks you for the excellent guide!

I’ve been successful with creating the relay according to your relevant guide (sent confirmed it using the “mail [email protected]”). I’ve also been successful in connecting via IMAP from a mail client (Mac Mail client).

However, when trying to use the SMTP via Mac Mail client, I’m unsuccessful. Why could this be?

Thank you so much, and please accept my small donation 🙂

Here are a failed log (from Mail client) and a success log (from mail “[email protected]” command):

Sep 23 05:30:04 mail postfix/smtpd[92233]: connect from unknown[my.client.ip.address]
Sep 23 05:30:05 mail postfix/smtpd[92233]: Anonymous TLS connection established from unknown[my.client.ip.address]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Sep 23 05:30:06 mail postfix/smtpd[92233]: NOQUEUE: reject: RCPT from unknown[my.client.ip.address]: 454 4.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Sep 23 05:30:06 mail postfix/smtpd[92233]: disconnect from unknown[my.client.ip.address] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
Sep 23 05:30:24 mail postfix/smtpd[92233]: connect from unknown[my.client.ip.address]
Sep 23 05:30:24 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=my.client.ip.address, lip=10.128.0.3, mpid=92237, TLS, session=
Sep 23 05:30:25 mail dovecot: imap([email protected]): Logged out in=32 out=515 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Sep 23 05:30:25 mail postfix/smtpd[92233]: Anonymous TLS connection established from unknown[my.client.ip.address]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Sep 23 05:30:25 mail postfix/smtpd[92233]: disconnect from unknown[my.client.ip.address] ehlo=2 starttls=1 quit=1 commands=4
Sep 23 05:30:29 mail postfix/smtpd[92233]: connect from unknown[my.client.ip.address]
Sep 23 05:30:30 mail postfix/smtpd[92233]: Anonymous TLS connection established from unknown[my.client.ip.address]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Sep 23 05:30:31 mail postfix/smtpd[92233]: NOQUEUE: reject: RCPT from unknown[my.client.ip.address]: 454 4.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Sep 23 05:30:31 mail postfix/smtpd[92233]: disconnect from unknown[my.client.ip.address] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
...
Sep 23 05:33:59 mail postfix/pickup[92192]: 17C5313E9D6: uid=1002 from=
Sep 23 05:33:59 mail postfix/cleanup[92282]: 17C5313E9D6: message-id=
Sep 23 05:33:59 mail postfix/qmgr[92193]: 17C5313E9D6: from=, size=421, nrcpt=1 (queue active)
Sep 23 05:33:59 mail postfix/smtp[92284]: Untrusted TLS connection established to smtp.sendgrid.net[167.89.123.53]:587: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Sep 23 05:33:59 mail postfix/smtp[92284]: 17C5313E9D6: to=, relay=smtp.sendgrid.net[167.89.123.53]:587, delay=0.47, delays=0.02/0.02/0.35/0.08, dsn=2.0.0, status=sent (250 Ok: queued as MDDkRGxuSC28fIdiuMOxPA)
Sep 23 05:33:59 mail postfix/qmgr[92193]: 17C5313E9D6: removed

Xiao Guoan (Admin)
10 months ago

It seems your Mac mail client is trying to connect to port 25 of the mail server when sending emails. You should configure the mail client to connect to port 587 or 465.
- Danny Albocher
  10 months ago
  
  Thanks for the reply! Why shouldn’t the mail client connect with my server on port 25 (incoming)? If I understood you correctly, the client can connect with my server on 25, and my server will communicate with the world via relay (which it seems like it does successfully from the fact that “mail …” worked.
Xiao Guoan (Admin)
10 months ago

Port 25 is usually used for MTA to MTA communication. MTA stands for Mail Transfer Agent, aka SMTP server.

Your mail client is MUA (Mail User Agent). Port 587 and 465 are used for MUA to MTA communication.

Most residential ISPs block port 25. It doesn’t make sense for mail clients to use port 25 to submit outgoing emails.
- Danny Albocher
  10 months ago
  
  Thanks. Understood. Interesting then that that was the default for the Mail client.
  
  Switched to 587, and it worked!
  
  Thanks 🙂

Delym

10 months ago

Hi Xiao,
First of all,thank you for sharing the experience in seting up a mail server.
I have through the Part 2 and followed every step to setup a mail server,while I test the server,the test account ([email protected],ubuntu is my Linux user)can not receive any email from any server,but can send a mail.The error messages are bellow(as the attachment):

"The mail system : host mail.xxx.com[private/dovecot-lmtp] said: 550
    5.1.1  User doesn't exist: [email protected] (in
    reply to RCPT TO command)"

And the mail.log snippet:

"
Sep 29 08:46:18 localhost dovecot: master: Dovecot v2.2.33.2 (d6601f4ec) starting up for imap, pop3, lmtp, imap, lmtp, pop3 (core dumps disabled)
Sep 29 08:46:19 localhost postfix/postfix-script[1659]: starting the Postfix mail system
Sep 29 08:46:19 localhost postfix/master[1663]: daemon started -- version 3.3.0, configuration /etc/postfix
Sep 29 08:47:06 localhost dovecot: imap-login: Disconnected (no auth attempts in 13 secs): user=, rip=83.97.20.25, lip=172.17.0.5, session=
Sep 29 08:48:50 localhost postfix/smtpd[2289]: connect from out20-85.mail.aliyun.com[115.124.20.85]
Sep 29 08:48:50 localhost postfix/smtpd[2289]: Anonymous TLS connection established from out20-85.mail.aliyun.com[115.124.20.85]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Sep 29 08:48:50 localhost postfix/smtpd[2289]: ECFC88290A: client=out20-85.mail.aliyun.com[115.124.20.85]
Sep 29 08:48:50 localhost postfix/cleanup[2302]: ECFC88290A: message-id=
Sep 29 08:48:51 localhost postfix/qmgr[1667]: ECFC88290A: from=, size=1263, nrcpt=1 (queue active)
Sep 29 08:48:51 localhost dovecot: lmtp(2305): Connect from local
Sep 29 08:48:51 localhost postfix/lmtp[2304]: ECFC88290A: to=, relay=mail.xxx.com[private/dovecot-lmtp], delay=0.13, delays=0.05/0.01/0.05/0.02, dsn=5.1.1, status=bounced (host mail.xxx.com[private/dovecot-lmtp] said: 550 5.1.1  User doesn't exist: [email protected] (in reply to RCPT TO command))
Sep 29 08:48:51 localhost dovecot: lmtp(2305): Disconnect from local: Successful quit
Sep 29 08:48:51 localhost postfix/cleanup[2302]: 1320D8290D: message-id=
Sep 29 08:48:51 localhost postfix/bounce[2310]: ECFC88290A: sender non-delivery notification: 1320D8290D
Sep 29 08:48:51 localhost postfix/qmgr[1667]: 1320D8290D: from=, size=3377, nrcpt=1 (queue active)
Sep 29 08:48:51 localhost postfix/qmgr[1667]: ECFC88290A: removed
Sep 29 08:48:51 localhost postfix/smtpd[2289]: disconnect from out20-85.mail.aliyun.com[115.124.20.85] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Sep 29 08:48:51 localhost postfix/smtp[2312]: Untrusted TLS connection established to mxn.mxhichina.com[42.120.219.27]:25: TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)
Sep 29 08:48:51 localhost postfix/smtp[2312]: 1320D8290D: to=, relay=mxn.mxhichina.com[42.120.219.27]:25, delay=0.69, delays=0.01/0.01/0.11/0.57, dsn=2.0.0, status=sent (250 Data Ok: queued as freedom)
Sep 29 08:48:51 localhost postfix/qmgr[1667]: 1320D8290D: removed
Sep 29 08:51:05 localhost dovecot: pop3-login: Disconnected (no auth attempts in 11 secs): user=, rip=83.97.20.25, lip=172.17.0.5, TLS: Disconnected, session=
"

The status of Dovecot:

"
dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-09-29 08:46:18 CST; 20min ago
     Docs: man:dovecot(1)
           http://wiki2.dovecot.org/
 Main PID: 1193 (dovecot)
    Tasks: 7 (limit: 4915)
   CGroup: /system.slice/dovecot.service
           ├─1193 /usr/sbin/dovecot -F
           ├─1329 dovecot/anvil
           ├─1331 dovecot/log
           ├─1335 dovecot/config
           ├─3177 dovecot/imap-login
           ├─3179 dovecot/ssl-params
           └─3184 dovecot/imap

Sep 29 08:46:18 VM-0-5-ubuntu systemd[1]: Started Dovecot IMAP/POP3 email server.
Sep 29 08:46:18 VM-0-5-ubuntu dovecot[1193]: master: Dovecot v2.2.33.2 (d6601f4ec) starting up for imap, pop3, lmtp, imap, lmtp, pop3 (core dumps disabled)
Sep 29 08:47:06 VM-0-5-ubuntu dovecot[1331]: imap-login: Disconnected (no auth attempts in 13 secs): user=, rip=83.97.20.25, lip=172.17.0.5, session=
Sep 29 08:48:51 VM-0-5-ubuntu dovecot[1331]: lmtp(2305): Connect from local
Sep 29 08:48:51 VM-0-5-ubuntu dovecot[1331]: lmtp(2305): Disconnect from local: Successful quit
Sep 29 08:51:05 VM-0-5-ubuntu dovecot[1331]: pop3-login: Disconnected (no auth attempts in 11 secs): user=, rip=83.97.20.25, lip=172.17.0.5, TLS: Disconnected, session=
Sep 29 08:54:13 VM-0-5-ubuntu dovecot[1331]: imap-login: Login: user=, method=PLAIN, rip=113.87.92.134, lip=172.17.0.5, mpid=3184, TLS, session=
Sep 29 08:54:22 VM-0-5-ubuntu dovecot[1331]: imap-login: Disconnected (no auth attempts in 11 secs): user=, rip=83.97.20.25, lip=172.17.0.5, TLS: Disconnected, session=
"

I have try to set the /etc/dovecot/conf.d/10-auth.conf file and change the auth_username_format to
auth_username_format = %Ln
but it’s still not work !

Could you help me to fix the issues?
Thanks a lot!

Xiao Guoan (Admin)
10 months ago
Run the following command to list all available mailboxes on your server.
```
sudo doveadm user '*'
```

Steve
10 months ago

I already set up Apache server using cloudflare origin certificate. do I still need another certificate for email? or Can I point to the same SSL cert i am using in Apache2 conf?
- Xiao Guoan (Admin)
  10 months ago
  
  If your mail server hostname is mail.example.com and your current certificate covers mail.example.com, then you can use the current certificate.
Hooj
10 months ago

Hello. Thank you for the tutorials, I am learning a lot and its nice to have solid independant resources to learn from.

I have ran into a problem that I can not find a solution for. I will try to get help at #dovecot, but perhaps it’s something to bring up here as well. I successfully installed postfix and dovecot, and got connected through thunderbid and again on spark through my iphone. I successfuly add postfixadmin and did not retest the email. I moved on to trying to install roundcube and got to the config test and failed. Upon trying to relog into thunderbird and spark I was unable to login. Then I noticed I was unable to send email from the command line using postfix. I worked for awhile trying to find a solution and decided to start over.

Eventually I decided to purge everything and try again, once I did postfix worked again in the command line, so I tried to jump ahead and test roundcube. Postfix went down again. I am back to a point where I can send from the terminal in postfix, and it appears dovecot is running correctly, but I am unable to login in from thunderbird and spark still. I ran journalctl -eu dovecot and the only oddity that I found is this…

dovecot[10422]: auth: passwd-file(*user*,*clientip*,): unknown user
*user* being my user name without the domain and *clientip* being my home ip address, as I am logged in through ssh.

Any thoughts would be greatly appreciated, thanks.
- Xiao Guoan (Admin)
  10 months ago
  Run the following command to list all mailbox users on your server.
```
sudo doveadm user '*'
```
  It seems you changed the userdb settings in the /etc/dovecot/conf.d/auth-system.conf.ext file.
  - Hooj
    10 months ago
    
    This displayed my account in the vmail system, which is correctly configued. I had made no changes to the userdb setting in /etc/dovecot/conf.d/auth-system.conf.ext., the only variable uncommented is driver = passwd. I realize now that this issue belongs in a thread on part 3, so I will move it over there.
    
    Something much larger is going on here and I have spent many hours pouring over this to understand it and express it just in case anyone else comes across my issues so they don’t have to waste their time. The problem has too many oddities for it to be a simple error in syntax, or missed variable… etc. I have poured over the first 3 tutorials top to bottom and front to back, I am pretty certain I have everything correctly.
Rowan
10 months ago
When I configure the SMTP server on thunderbird I can use the server properly (port 587 with standard TLS OR 465 SSL) but in both cases when I send an e-mail to my gmail account, the e-mail is not encrypted (red lock icon). I believe it is because of the following:
```
 Oct 13 10:31:08 auth[125289]: pam_unix(dovecot:auth): Couldn't open /etc/securetty: No such file or directory
Oct 13 10:31:08 auth[125289]: pam_unix(dovecot:auth): Couldn't open /etc/securetty: No such file or directory
Oct 13 10:31:08 dovecot[123350]: imap(/my_user/): Connection closed (IDLE running for 0.001 + waiting in> 
```
Can you help me?
- Rowan
  10 months ago
  
  I should maybe have mentioned: 1. Thank you so much for the tutorial!!! 2. both SPF and DKIM pass when I send e-mails (from part 4 of the tutorial)
- Rowan
  10 months ago
  AND, as from the other comments, the following params are set:
```
 smtpd_tls_security_level=may
smtp_tls_loglevel=1 
```
- Rowan
  10 months ago
  My bad, I was missing the following in my /etc/postfix/main.cf:
```
 smtp_tls_security_level=may
smtpd_tls_loglevel=1
```
  I’m sorry for cluttering the comment section and again, grateful for the tutorial!!
- Yadi Apriyadi
  3 months ago
  
  Just try this command to copy /etc/securetty
  
  sudo cp /usr/share/doc/util-linux/examples/securetty /etc/securetty
Xiao Guoan (Admin)
9 months ago
How to migrate from mbox to maildir

If you previously use mbox mail format, now you want to migrate to maildir format, here’s how.
Edit /etc/dovecot/conf.d/10-mail.conf file.
```
sudo nano /etc/dovecot/conf.d/10-mail.conf
```
Go to the namespace inbox {} section, find the following line.
```
#separator =
```
Uncomment this line and specify separator for the inbox namespace.
```
separator = /
```
Then set
```
mail_location=maildir:~/Maildir
```
Save and close the file. Restart Dovecot for the changes to take effect.
```
sudo systemctl restart dovecot
```
Stop Postfix so there won’t be any new emails coming in.
```
sudo systemctl stop postfix
```
Then run the following command to convert mbox to maildir for a user. (Sometimes I found I need to manually type the command. If I copy and paste it in the terminal, sometimes it won’t won’t. I don’t know why.)
```
sudo dsync -u username mirror mbox:~/mail:INBOX=/var/mail/username
```
If you have created folder in your mailbox, they will be converted as well and stored as hidden files under ~/Maildir.

If you have followed part 3 to set up virtual mailbox, then you need to sync the Maildir for the virtual users. For example,
```
sudo rsync -av --progress /home/xiao/Maildir/ /var/vmail/linuxbabe.com/xiao
```
Then change the ownership to vmail user.
```
sudo chown vmail:vmail /var/vmail/linuxbabe.com/xiao/ -R
```
Now reload the webmail. If some folders don’t show anymore, don’t worry, they are still there. You just need to re-enable them in Roundcube webmail settings.
TIAMIYU SAHEED OLUWATOSIN
9 months ago

if you see this error this error

● dovecot.service – Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2020-11-11 14:33:44 UTC; 6s ago
Docs: man:dovecot(1)
http://wiki2.dovecot.org/
Process: 13110 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
Process: 22093 ExecStart=/usr/sbin/dovecot -F (code=exited, status=89)
Main PID: 22093 (code=exited, status=89)

Nov 11 14:33:44 mail.deeglowempire.com systemd[1]: Started Dovecot IMAP/POP3 email server.
Nov 11 14:33:44 mail.deeglowempire.com dovecot[22093]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 54: Unknown setting: ssl_min_protocol = TLSv1.2
Nov 11 14:33:44 mail.deeglowempire.com systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
Nov 11 14:33:44 mail.deeglowempire.com systemd[1]: dovecot.service: Failed with result ‘exit-code’.

OPEN /etc/dovecot/conf.d/10-ssl.conf

PLEASE COMMENT OUT THIS LINE

#ssl_min_protocol = TLSv1.2
Gabriel
9 months ago

Hi, I noticed that to connect my email account to Thunderbird I have to disable Cloudflare option for my domain. Do you know what can cause such a problem ? When trying to set up an email account in Thunderbird with Cloudflare enabled, the program does not detect the server settings…
- Xiao Guoan (Admin)
  9 months ago
  
  You should not enable the CDN (proxy) feature when creating DNS A record and AAAA record for the hostname of your mail server. Cloudflare doesn’t support SMTP or IMAP proxy 🙂
Antoni
9 months ago
Hi Xiao,
Thank you for the tutorials. I fallowed everything and the server is running but when I try to send mail it is not delivered, on the log is written:
```
 postfix/smtp[10168]: connect to reception.mail-tester.com[94.23.206.89]:25: Connection timed out
 postfix/smtp[10168]: 81A55BD795: to=, relay=none, delay=31, delays=0.25/0.26/30/0, dsn=4.4.1, status=deferred (connect to reception.mail-tester.com[94.23.206.89]:25: Connection timed out)
```
- Xiao Guoan (Admin)
  9 months ago
  
  Port 25 (outbound) is blocked.
  https://www.linuxbabe.com/mail-server/setup-basic-postfix-mail-sever-ubuntu#port-25-outbound
  - Antoni
    9 months ago
    
    Thank you very match Xiao. I spoke with my ISP and port 25 was open, but they were put connection restrictions on it. After they remove it, everything works. Thank you very match again!
florian
8 months ago
Hi Xiao,

thank you very much for the comprehensive tutorial! Basically everything works and I can send and receive mails. However postfix keeps randomly shutting down. Sometimes when I try to send an email and sometimes just by itself. Do you have any clue why such a thing occurrs?
```
Nov 21 16:18:58 mail postfix/postfix-script[2572]: stopping the Postfix mail system
Nov 21 16:18:58 mail postfix/master[2509]: terminating on signal 15
```
- Xiao Guoan (Admin)
  8 months ago
  You can open the /var/log/syslog file to see if you can find any clue. Search for the word “kill” in this file.
  
  For example,
```
systemd invoked oom-killer: gfp_mask=0x14200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0
Out of memory: Kill process 18211 (mysqld) score 245 or sacrifice child
```
  This indicates the server ran out of memory, so it killed the mysqld process.
  - florian
    8 months ago
    
    Thanks for the response. Actually it was the monit process that was killing it. I don’t know how it was configured but disabling fixed the problem

Scott

Hello Xiao, Love your tutorials. I’ve followed parts 1 and 2 for setting up postfix and dovecote on ubuntu 20.04 and able to connect and log into imaps, but cannot get ports 465 and 587 to listen. The result from netstat is:

 tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      176810/master

and submission and smtps as in your instructions are followed in postfix master.cf

 smtps     inet  n       -       y       -       -       smtpd
 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth

and dovecot.conf unix listener

 service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   mode = 0600
   user = postfix
   group = postfix
  }
}

Been over this for the past 2 weeks looking for errors in the logs and not information reported in mail.log and dovecote.log. You help will be very much a time saver.

Xiao Guoan (Admin)
8 months ago
Stop Postfix.
```
sudo systemctl stop postfix
```
Do a health check.
```
sudo postfix check
```
Run it in the foreground.
```
sudo postfix start-fg
```
The output might give you some clues.

Scott

Xiao,
from sudo postfix check

/usr/lib/postfix/sbin/post-install: Error: /etc/postfix/postfix-files is not a file.
postfix/postfix-script: warning: unable to create missing queue directories
postfix/postfix-script: warning: symlink leaves directory: /etc/postfix/./makedefs.out

checked the makedefs.out

# Do not edit -- this file documents how Postfix was built for your machine.
#----------------------------------------------------------------
# Start of summary of user-configurable 'make makefiles' options.
# CCARGS=-g -O2 -fdebug-prefix-map=/build/postfix-q6EyY5/postfix-3.4.13=. -fstack-protector-strong -Wformat -Werror=format-security -DDEBIAN -DHAS_PCRE -DHAS_LDAP -DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE  -DHAS_CDB -DHAS_LMDB -DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql -DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS
# AUXLIBS=-lssl -lcrypto -lsasl2 -lpthread -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -L/build/postfix-q6EyY5/postfix-3.4.13/debian
# AUXLIBS_CDB=-lcdb -L../../lib -L. -lpostfix-util
# AUXLIBS_LMDB=-llmdb -L../../lib -L. -lpostfix-util
# AUXLIBS_MYSQL=-lmysqlclient -L../../lib -L. -lpostfix-util -lpostfix-global
# AUXLIBS_LDAP=-lldap -llber -L../../lib -L. -lpostfix-util -lpostfix-global
# AUXLIBS_PCRE=-lpcre -L../../lib -L. -lpostfix-util
# AUXLIBS_SQLITE=-lsqlite3 -L../../lib -L. -lpostfix-util -lpostfix-global -lpthread
# AUXLIBS_PGSQL=-lpq -L../../lib -L. -lpostfix-util -lpostfix-global
# shared=yes
# dynamicmaps=yes
# pie=yes
# daemon_directory=/usr/lib/postfix/sbin
# html_directory=/usr/share/doc/postfix/html
# manpage_directory=/usr/share/man
# readme_directory=/usr/share/doc/postfix
# End of summary of user-configurable 'make makefiles' options.
#--------------------------------------------------------------
# System-dependent settings and compiler/linker overrides.
SYSTYPE	= LINUX4
_AR	= ar
ARFL	= rv
_RANLIB	= ranlib
SYSLIBS	= -pie -z relro -z now -lssl -lcrypto -lsasl2 -lpthread -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -L/build/postfix-q6EyY5/postfix-3.4.13/debian -ldb -lnsl -lresolv -ldl -licui18n -licuuc -licudata 
AUXLIBS_CDB = -lcdb -L../../lib -L. -lpostfix-util
AUXLIBS_LDAP = -lldap -llber -L../../lib -L. -lpostfix-util -lpostfix-global
AUXLIBS_LMDB = -llmdb -L../../lib -L. -lpostfix-util
AUXLIBS_MYSQL = -lmysqlclient -L../../lib -L. -lpostfix-util -lpostfix-global
AUXLIBS_PCRE = -lpcre -L../../lib -L. -lpostfix-util
AUXLIBS_PGSQL = -lpq -L../../lib -L. -lpostfix-util -lpostfix-global
AUXLIBS_SQLITE = -lsqlite3 -L../../lib -L. -lpostfix-util -lpostfix-global -lpthread
CC	= gcc -fPIC -I. -I../../include -g -O2 -fdebug-prefix-map=/build/postfix-q6EyY5/postfix-3.4.13=. -fstack-protector-strong -Wformat -Werror=format-security -DDEBIAN -DHAS_PCRE -DHAS_LDAP -DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB -DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql -DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS -DHAS_DEV_URANDOM -DDEF_DAEMON_DIR=\"/usr/lib/postfix/sbin\" -DDEF_HTML_DIR=\"/usr/share/doc/postfix/html\" -DDEF_MANPAGE_DIR=\"/usr/share/man\" -DDEF_README_DIR=\"/usr/share/doc/postfix\" -DUSE_DYNAMIC_LIBS -DUSE_DYNAMIC_MAPS $(WARN)
OPT	= -O2
DEBUG	= -g
AWK	= awk
STRCASE = 
EXPORT	= CCARGS='-I. -I../../include -g -O2 -fdebug-prefix-map=/build/postfix-q6EyY5/postfix-3.4.13=. -fstack-protector-strong -Wformat -Werror=format-security -DDEBIAN -DHAS_PCRE -DHAS_LDAP -DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB -DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql -DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS -DHAS_DEV_URANDOM -DDEF_DAEMON_DIR=\"/usr/lib/postfix/sbin\" -DDEF_HTML_DIR=\"/usr/share/doc/postfix/html\" -DDEF_MANPAGE_DIR=\"/usr/share/man\" -DDEF_README_DIR=\"/usr/share/doc/postfix\" -DUSE_DYNAMIC_LIBS -DUSE_DYNAMIC_MAPS' OPT='-O2' DEBUG='-g'
WARN	= -Wall -Wno-comment -Wformat -Wimplicit -Wmissing-prototypes \
	-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
	-Wunused -Wno-missing-braces -fcommon
DEFINED_MAP_TYPES = pcre ldap sqlite cdb lmdb mysql pgsql ssl dev_urandom
MAKE_FIX = 
# Switch between Postfix static and dynamically-linked libraries.
AR	= :
RANLIB	= :
LIB_PREFIX = postfix-
LIB_SUFFIX = .so
SHLIB_CFLAGS = -fPIC
SHLIB_DIR = /usr/lib/postfix
SHLIB_ENV = LD_LIBRARY_PATH=/build/postfix-q6EyY5/postfix-3.4.13/lib
SHLIB_LD = gcc -shared -Wl,-soname,${LIB}
SHLIB_SYSLIBS = -lssl -lcrypto -lsasl2 -lpthread -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -L/build/postfix-q6EyY5/postfix-3.4.13/debian -ldb -lnsl -lresolv -ldl -licui18n -licuuc -licudata
SHLIB_RPATH = -Wl,--enable-new-dtags -Wl,-rpath,${SHLIB_DIR}
# Switch between dynamicmaps.cf plugins and hard-linked databases.
NON_PLUGIN_MAP_OBJ = 
PLUGIN_MAP_OBJ = $(MAP_OBJ)
PLUGIN_MAP_OBJ_UPDATE = plugin_map_obj_update
PLUGIN_MAP_SO_MAKE = plugin_map_so_make
PLUGIN_MAP_SO_UPDATE = plugin_map_so_update
PLUGIN_LD = gcc -shared
POSTFIX_INSTALL_OPTS = 
# Application-specific rules.

Could it be a permissions issue?

Scott

Xiao,
Problem solved. The file /etc/postfix/postfix-files was not created on the install (there was a directory instead named postfix-files.d). Created file by touch postfix-files and presto magic, ports 465 and 587 appeared. Thanks for your time.

sudo netstat sudo netstat -lnpt | grep master
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      46819/master        
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      46819/master        
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      46819/master

IMRON HS

Hi Xiao, always got the error when I try to send mail:

Unable to send email to [email protected]!

But when I restart my postfix:

sudo systemctl restart postfix

I can send my email.
But after that, I get the error again “Unable to send email to [email protected]!”

This is my mail.log:

[email protected]:~# tail -f /var/log/mail.log 
Nov 29 01:24:36 mail postfix/postfix-script[5126]: fatal: the Postfix mail system is already running
Nov 29 01:24:41 mail dovecot: master: Warning: Killed with signal 15 (by pid=5140 uid=0 code=kill)
Nov 29 01:24:42 mail dovecot: log(4493): Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Nov 29 01:24:42 mail dovecot: master: Dovecot v2.3.9.2 (cf2918cac) starting up for imap, lmtp (core dumps disabled)
Nov 29 01:26:39 mail opendkim[584]: OpenDKIM Filter v2.11.0 starting (args: -x /etc/opendkim.conf)
Nov 29 01:30:29 mail postfix/postfix-script[2192]: starting the Postfix mail system
Nov 29 01:30:29 mail postfix/master[2196]: daemon started -- version 3.3.0, configuration /etc/postfix
Nov 29 01:30:35 mail dovecot: master: Dovecot v2.3.9.2 (cf2918cac) starting up for imap, lmtp (core dumps disabled)
Nov 29 01:30:39 mail postfix/postfix-script[2249]: stopping the Postfix mail system
Nov 29 01:30:39 mail postfix/master[2196]: terminating on signal 15

Can you help me? THANK YOU!

Xiao Guoan (Admin)
8 months ago
I don’t know why, but some folks have problems after installing Monit. Try disabling Monit.
```
sudo systemctl stop monit
sudo systemctl disable monit
```
- IMRON HS
  8 months ago
  I have try this sir:
```
sudo systemctl stop monit
sudo systemctl disable monit
```
  But stil got the error, but when I try remove monit.
```
sudo apt-get remove  monit
sudo apt-get remove --auto-remove monit
sudo apt-get purge monit
sudo systemctl restart postfix dovecot
```
  Now I can send message anytime.
- Florian
  2 weeks ago
  Here is what monit log kept sending after restarting postfix:
```
'postfix' failed to start -- could not start required services: 'master_bin'
```
  perhaps this is of any help Xiao?

Daniel Alberto Guglielmi
8 months ago

Hello, I get an error when I’m trying to run the following command:
sudo doveadm user ‘*’

RESULT:
Error: auth-master: userdb list: User listing returned failure
Fatal: user listing failed

Any idea of what can I do to fix it?
Regards,
- Xiao Guoan (Admin)
  3 months ago
  
  Can you check the /var/log/mail.log file to see if there are any errors in the log?
Illia Polianskyi
8 months ago
Hello
as I tried to log in in thunderbird, I had dovecot log like user=
```
Dec 12 04:50:06 polanski dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=, rip=167.248.133.39, lip=178.165.47.83, TLS: Disconnected, session=
```
I created a unix user and dovecot doesn’t sees it,
thunderbird says cant login wrong pass or username
- Xiao Guoan (Admin)
  8 months ago
  
  Maybe you should reboot your server?
Illia Polianskyi
8 months ago

hello Xiao, thanks for quick answer
I restarted dovecot many times, dovecot lists mailusers only [email protected]
I created unix user info, it doesn’t list it
thunderbird says cant login to smtp server wrong user or pass
- Xiao Guoan (Admin)
  8 months ago
  
  If you followed part 3, then you can no longer use Unix accounts as email addresses. You must create virtual users in PostfixAdmin.
Illia Polianskyi
8 months ago

I didn’t follow part 3 since I’m afraid it removes mysql db
I just wish one single mail user, it’s enough with single unix user
but can’t login, and mail.log doesn’t write anything about dovecot attempts, or last one was like user=<>
- Xiao Guoan (Admin)
  8 months ago
  
  Then you probably have followed tutorials on other websites. Don’t mix up mail server tutorials from different websites.
- Xiao Guoan (Admin)
  8 months ago
  If you don’t know where’s wrong, you can add the following line in the /etc/dovecot/dovecot.conf file,
```
mail_debug=yes
```
  then restart dovecot, so dovecot will produce debugging message in the /var/log/mail.log file.

Illia Polianskyi

ok, I can now login as I rebuilt it all
now gmail says as I try to send to gmail address

relay=gmail-smtp-in.l.google.com[64.233.162.27]:25, delay=1, delays=0.12/0.02/0.56/0.31, dsn=5.7.26, status=bounced (host gmail-smtp-in.l.google.com[64.233.162.27] said: 550-5.7.26 This message does not have authentication information or fails to 550-5.7.26 pass authentication checks. To best protect our users from spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26  https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 information. z24si4673817ljk.414 - gsmtp (in reply to end of DATA command))

Xiao Guoan (Admin)
8 months ago

Make sure you have set PTR record for the IP address of your mail server. And follow part 4 to set up SFP and DKIM.

Illia Polianskyi

Hello,
why incoming mails from google for example are removed automatically?
log writes message delivered, but then log writes “removed”

Dec 12 08:56:28 polanski postfix/smtpd[2600]: connect from mail-lf1-f48.google.com[209.85.167.48]
Dec 12 08:56:28 polanski postfix/smtpd[2600]: Anonymous TLS connection established from mail-lf1-f48.google.com[209.85.167.48]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
Dec 12 08:56:28 polanski postfix/smtpd[2600]: 92DC87E0FBD: client=mail-lf1-f48.google.com[209.85.167.48]
Dec 12 08:56:28 polanski postfix/cleanup[2607]: 92DC87E0FBD: message-id=
Dec 12 08:56:28 polanski postfix/qmgr[29282]: 92DC87E0FBD: from=, size=4104, nrcpt=1 (queue active)
Dec 12 08:56:28 polanski postfix/local[2608]: 92DC87E0FBD: to=, relay=local, delay=0.11, delays=0.09/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Dec 12 08:56:28 polanski postfix/qmgr[29282]: 92DC87E0FBD: removed
Dec 12 08:56:28 polanski postfix/smtpd[2600]: disconnect from mail-lf1-f48.google.com[209.85.167.48] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7

Xiao Guoan (Admin)
8 months ago

It’s removed from the Postfix mail queue, not removed from the message store (Inbox).

Thomas