Raspberry Pi Email Server Part 1: Postfix

Postfix Logo

This is the first part of a five part tutorial that will show you how to install a full featured email server on your Raspberry Pi. This tutorial covers Postfix, the Mail Transfer Agent.

The parts are:
The Introduction & Contents Page (read first)
Raspberry Pi Email Server Part 1: Postfix
Raspberry Pi Email Server Part 2: Dovecot
Raspberry Pi Email Server Part 3: Squirrelmail
Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin
Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve

Installing Postfix

Note: While you are setting up the mail server on the Pi, it’s a good idea to turn off port forwarding rules for email to the Pi in your router’s firewall. If you don’t have any port forwarding rules now, that’s great, don’t worry – I’ll prompt you to set them up later.

First, log into your Pi with a SSH session and install postfix:

sudo apt-get update
sudo apt-get install postfix

You will see a menu with some choices. Select “Internet Site” and then set the mail name to your domain name, not including www. (e.g. samhobbs.co.uk).

The setup script will then do some automatic configuration for you. The output will look something like this:

Selecting previously unselected package postfix.                                              
(Reading database ... 67653 files and directories currently installed.)                       
Unpacking postfix (from .../postfix_2.9.6-2_armhf.deb) ...                                    
Processing triggers for man-db ...
Setting up postfix (2.9.6-2) ...
Adding group `postfix' (GID XXX) ...
Done.
Adding system user `postfix' (UID XXX) ...
Adding new user `postfix' (UID XXX) with group `postfix' ...
Not creating home directory `/var/spool/postfix'.
Creating /etc/postfix/dynamicmaps.cf
Adding tcp map entry to /etc/postfix/dynamicmaps.cf
Adding sqlite map entry to /etc/postfix/dynamicmaps.cf
Adding group `postdrop' (GID XXX) ...
Done.
setting myhostname: samhobbs
setting alias maps
setting alias database
changing /etc/mailname to samhobbs.co.uk
setting myorigin
setting destinations: samhobbs.co.uk, samhobbs, localhost.localdomain, localhost
setting relayhost: 
setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
setting mailbox_size_limit: 0
setting recipient_delimiter: +
setting inet_interfaces: all
/etc/aliases does not exist, creating it.
WARNING: /etc/aliases exists, but does not have a root alias.

You can edit all of this later.

You may also get some warnings like this:

postmulti: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol

IPv6 is a new type of IP address that was introduced because we’re running out of the “old” IPv4 addresses. Not many ISPs support IPv6 yet, so you probably don’t need it. Unless you fix the warning, you’ll see it every time.

Change directory into the postfix configuration folder:

cd /etc/postfix/

Edit /etc/postfix/main.cf with your favourite command line text editor (e.g. sudo nano main.cf) and add inet_protocols = ipv4 to the end of the file.

Now is also a good time to check that your hostname is specified properly in /etc/postfix/main.cf. The setup script takes the hostname of the server and uses that, but it may not be in the right format, i.e. “samhobbs” instead of “samhobbs.co.uk”. Find the line that begins myhostname = and make sure it is your fully qualified domain name. This is important because your server will use this to talk to other mail servers, and some will reject your emails if you don’t use a fully qualified domain name to say hi! This is covered in more detail in the helo access restrictions later.

Restart postfix and you shouldn’t see the warnings any more:

sudo service postfix restart

Testing and Configuration

Before you start, it’s probably worth backing up the configuration files in their current state. This way, you’ll have something to compare to if you’re ever trying to work out which bits were defaults and which bits you changed yourself:

cd /etc/postfix
sudo cp main.cf main.cf.BAK
sudo cp master.cf master.cf.BAK

Mailbox Setup

There are a couple of different types of mailbox you can use, I’ve chosen to use a “Maildir” rather than “mbox” configuration. For users with “real” UNIX accounts on the system (like the one you’re using to log in), Maildir creates a folder in the user’s home directory and places emails inside it, one file for each email.

I prefer this to the alternatives, because it’s easier to see and understand: you can rummage around in your home folder and see all your emails as individual files.

To tell Postfix to use the Maildir format, add the following lines to /etc/postfix/main.cf:

home_mailbox = Maildir/
mailbox_command =

If there's already a line with mailbox_command, comment it out by adding a # at the start of the line.

We also need to create the mail directory and its subfolders for existing users, and add some things to /etc/skel (the template for new users) so that if you create a new account this will be done automatically.

These commands are part of Dovecot, so first we need to install it:

sudo apt-get update
sudo apt-get install dovecot-common dovecot-imapd

You will get a lot of output: some other dovecot packages will automatically be installed and the config files will be created. You will also see some errors – don’t worry about those for now, I’ll explain how to deal with them in part 2, later.

Now we can create those mail folders. Run the following commands to create the template files:

sudo maildirmake.dovecot /etc/skel/Maildir
sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts
sudo maildirmake.dovecot /etc/skel/Maildir/.Sent
sudo maildirmake.dovecot /etc/skel/Maildir/.Spam
sudo maildirmake.dovecot /etc/skel/Maildir/.Trash
sudo maildirmake.dovecot /etc/skel/Maildir/.Templates

Next, copy the files over to existing users’ home directories, and change the ownership and permissions for privacy (replace USER with the username you are doing this for, and repeat for all existing usernames):

sudo cp -r /etc/skel/Maildir /home/USER/
sudo chown -R USER:USER /home/USER/Maildir
sudo chmod -R 700 /home/USER/Maildir

Initial Testing

Now, the best way to test Postfix during configuration is to use Telnet, because it is such a simple way of communicating between programs and there’s less to go wrong and get confused about.

First, install telnet:

sudo apt-get install telnet

Now, still inside the SSH session to your pi, type this command. It will connect you to port 25 on the Pi:

telnet localhost 25

You can now test sending an email using SMTP. Here are the steps:

  1. send an ehlo command to tell the server who you are, and it will tell you its capabilities
  2. use the mail from command to say who the email is from. If you are sending it from an address that exists on the server, you needn’t include the domain name (i.e. user instead of user@yourdomain.com)
  3. use the rcpt to command to tell the server where to send the email
  4. Use the data command to tell the server that you’re about to start giving it the message you want to send
  5. Type Subject: YOUR SUBJECT then enter to set a subject
  6. Type the body of your email. Once you’re done, press ENTER, then ., then ENTER again.
  7. Type quit to exit

Here’s an example:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 samhobbs.co.uk ESMTP Postfix (Debian/GNU)
ehlo foobar
250-samhobbs.co.uk
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: me        
250 2.1.0 Ok
rcpt to: me@outsideemail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: test
This is a test email
.
250 2.0.0 Ok: queued as A639C3EE6D
quit 
221 2.0.0 Bye

Some Access Restrictions

Add the following to /etc/postfix/main.cf to restrict who can send emails to external mail servers:

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

Reload postfix:

sudo service postfix reload
  • Line 1 begins the list of restrictions.
  • Line 2 permits users who have authenticated with Simple Authentication and Security Layer (SASL) to send email to any destination (this is part of the Dovecot config in Part 2, later).
  • Line 3 will let users send emails to any destination if they have connected from an IP address defined in mynetworks.
  • Line 4 will reject the email if none of the above conditions have been met unless the “rcpt to” address is one of the addresses that your server is accepting email to (as defined in main.cf with the mydestination parameter).

In its present state, the email server will allow you to send external emails because the connection is originating from the Pi itself (you are logged in via SSH) and not an unknown computer. Addresses of “trusted” computers are listed under the mynetworks setting in main.cf, e.g.

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

Try sending an external email again, using telnet as before. You should be able to do so without any issues.

Now we want to see what kind of response someone would get if they were connecting from outside of the IP range defined in mynetworks, to make sure Pi won’t allow everyone to send outgoing emails from your server. To simulate this we can comment out permit_mynetworks under smtpd_recipient_restrictions:

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
#       permit_mynetworks,
        reject_unauth_destination

Now reload the postfix configuration:

sudo service postfix reload

This will let you see what kind of response you would get if you weren’t sending the email from mynetworks. Try sending again, and you should receive an error “554: Relay access denied“:

admin@samhobbs /etc/postfix $ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 samhobbs.co.uk ESMTP Postfix (Debian/GNU)
ehlo samhobbs.co.uk
250-samhobbs
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: USER
250 2.1.0 Ok
rcpt to: me@externalemail.com
554 5.7.1 <me@externalemail.com>: Relay access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.

Perfect. Leave permit_mynetworks commented out in your smtpd_recipient_restrictions (you'll see why in part 2).

Helo access restrictions

Helo access restrictions can be a very useful way of blocking spam.

Note that we’re not talking about unauthorised people being able to send email outside your network any more (that’s taken care of with the smtpd_recipient_restrictions); we’re now talking about stopping spammers from sending incoming mail to your email address.

Spammers try to conceal their identity so that they don’t end up on block lists, so they rarely use helo hostnames that could identify them – these hostnames are written to the mail log files. As a result, they often make up a random string or use an IP address instead of a domain name.

Luckily, these are easily taken care of.

Add the following to /etc/postfix/main.cf:

smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname
  • Line 1 requires people and programs to identify themselves when they send email, using the helo or ehlo commands I mentioned earlier.
  • Line 2 starts the list of restrictions.
  • Line 3 accepts any old rubbish in the ehlo if it comes from an IP address defined in mynetworks. If the connection isn’t connecting from an IP address in mynetworks, then the helo hostname is checked against the rest of the list.
  • Line 4 accepts any helo hostname if the client is authenticated with SASL (I added this to the tutorial recently after troubleshooting problems some people had in the comments – it allows you to connect from any network and still send messages through your Pi. Mobiles will usually work without this because most providers pass mail through their own proxies, so your Pi receives a connection from the proxy – which has a valid hostname – and not from the mobile, which may be called something like “android-b627cfe2efea7e67″).
  • Line 5 rejects connection attempts when the HELO hostname syntax is invalid.
  • Line 6 rejects non-fully qualified domain names (for example, foobar instead of foobar.com). This will also block those random strings, e.g. “kjhrsbvks”.
  • Line 7 rejects the helo hostname if it that domain doesn’t have a valid DNS A or MX record. For example, someone spamming you could make up a domain like theflyingspaghettimonster.com. If that domain doesn’t actually exist and have the right records, then your server won’t accept it as a hostname, and the email will be rejected.

If the helo hostname gets past line 7 and hasn’t been denied, it is accepted. You’d be surprised how much spam these helo access restrictions will block on their own (looking through my log files, I can see numerous spam scripts that have attempted to ehlo with my IP address), but there’s an extra step we can add in here to help:

Blocking people claiming to be your domain name

Many spammers try to send email to you after helo’ing with your own domain name. Since postfix doesn’t check whether or not they’re lying about their helo hostname, this will usually work.

But, since we’ve put permit_mynetworks at the top of the list, anyone actually sending an email from your domain will be accepted already. Anyone using your hostname who isn’t in mynetworks is an imposter.

So, add one more line to the end of the restrictions list:

smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname,
        check_helo_access hash:/etc/postfix/helo_access

That last line checks a file for custom rules you’ve built in. Create the file:

sudo nano /etc/postfix/helo_access

Add the following lines, edited for your domain:

samhobbs.co.uk          REJECT          Get lost - you're lying about who you are
mail.samhobbs.co.uk      REJECT          Get lost - you're lying about who you are

Now tell postfix to map the file, and restart postfix:

sudo postmap /etc/postfix/helo_access
sudo service postfix restart

Now anyone who tries to ehlo with one of the hostnames you defined in that file gets rejected, and sees the “get lost” message. Your legitimate servers won’t have that problem, because they will already have been accepted higher up the list.

Neat, right? I found that little nugget of wisdom at unixwiz.net.

Moving on…

We’re almost done with Postfix now, athough there are a few bits of configuration that we’ll want to do once we’ve set up SASL with Dovecot, which I’ve chosen to lump in with the Dovecot tutorial.

In Raspberry Pi Email Server Part 2: Dovecot, we’ll set up Dovecot to provide SASL authentication and IMAP capability.

Please leave a comment if you’re having trouble with anything in this tutorial, and I’ll try and help you out!

Type: 

Comments

I think you need to configure postfix to use your ISP's mail server as a relayhost. You'll have to look elsewhere for instructions though, every ISP is different.

Sam

Just curious why mailbox_command =
has nothing on the right side.

Also I get this error for these lines
samhobbs.co.uk REJECT Get lost - you're lying about who you are
mail.samhobbs.co.uk REJECT Get lost - you're lying about who you are

postmap: fatal: /etc/postfix/main.cf, line 59: missing '=' after attribute name: "raspberrypi REJECT Get lost - you're lying about who you are"

Also, my email did not send when we did our test email earlier..

I've followed this tutorial word for word (very informative btw). I'm on Raspberian Raspberry PI 2 B

/ect/postfix/main.cf:
"
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Raspbian)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = raspberrypi
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = raspberrypi, localhost.localdomain, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
mailbox_command=

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

smtpd_recipient_restrictions =
permit_sasl_authenticated,
# permit_mynetworks,
reject_unauth_destination

smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname

raspberrypi REJECT Get lost - you're lying about who you are
mail.raspberrypi REJECT Get lost - you're lying about who you are
"
This is definitely the best tutorial out there, so I truly appreciate any help.

Hi,

The RHS is empty because it's making sure there isn't a mailbox command!

You put the GET LOST lines in the wrong file, they should be in helo_access not main.cf! Remember to postmap the file after you edit it.

Sam

Hi Michael,

Thanks for posting that, I should really start a page of user contributed settings for common ISPs...

Sam

Thanks for your comment. I've just tried using the new authenticated configs with Talktalk, but they really have tightened up, rather unnecessarily in my view.
As well as the authentication, they are checking the MAIL FROM in the source emails and comparing it with the authenticated postfix name, thus preventing use of their SMTP server cluster as a relay at all... As I understand it, the only way round this would be to interpose something hand written to amend the MAIL FROM field in the client's mail before it's sent to postfix. Neither google, nor my other provider UK2, do this additional check.

One final comment on the problem with relaying. I've now noticed that if I send an email from the Pi, and use GMail as the relay, then gmail modifies the email so that it appears to have come from the authenticated gmail relay username, rather than the one it was sent from on the Pi. UK2 relay the email unaltered.

Hey. First of all, this tut is great. Thanks.
Whem I press enter after the dot in data, it says

354 Enter mail, end with "." on a line by itself
Subject: test
This is a test email
.
421 4.3.0 collect: Cannot write ./dfu2HD3wK4003818 (bfcommit, uid=0, gid=117): No such file or directory
Connection closed by foreign host.

How can I fix it?
Oh and when I try to reload the service it says that it's not running. Why?

Both of these are probably caused by the same thing, likely a configuration error.

What appears in /var/log/mail.err when you restart (or in the journal if you're using journald: sudo journalctl -u postfix)?

Sam

This is all cat gave me.

raspberrypi ~ $ cat /var/log/mail.err
Mar 17 13:39:12 raspberrypi postfix/master[30496]: fatal: bind 0.0.0.0 port 25: Address already in use
Mar 17 13:42:03 raspberrypi postfix/master[30750]: fatal: bind 0.0.0.0 port 25: Address already in use
Mar 17 13:51:36 raspberrypi dovecot: master: Fatal: Dovecot is already running with PID 2695 (read from /var/run/dovecot/master.pid)
Mar 17 14:05:26 raspberrypi sm-mta[3818]: u2HD3wK4003818: SYSERR(root): collect: Cannot write ./dfu2HD3wK4003818 (bfcommit, uid=0, gid=117): No such file or directory
Mar 17 14:06:12 raspberrypi postfix/master[3979]: fatal: bind 0.0.0.0 port 25: Address already in use
Mar 17 14:07:16 raspberrypi sm-mta[4001]: u2HD6GI1004001: SYSERR(root): collect: Cannot write ./dfu2HD6GI1004001 (bfcommit, uid=0, gid=117): No such file or directory
Mar 17 14:09:28 raspberrypi sm-mta[4074]: u2HD8gif004074: SYSERR(root): collect: Cannot write ./dfu2HD8gif004074 (bfcommit, uid=0, gid=117): No such file or directory
Mar 17 14:12:33 raspberrypi postfix/postfix-script[4126]: fatal: the Postfix mail system is not running
Mar 17 14:12:48 raspberrypi postfix/master[4252]: fatal: bind 0.0.0.0 port 25: Address already in use
Mar 17 14:14:08 raspberrypi sm-mta[4275]: u2HDCrfe004275: SYSERR(root): collect: Cannot write ./dfu2HDCrfe004275 (bfcommit, uid=0, gid=117): No such file or directory
Mar 17 14:14:13 raspberrypi postfix/postfix-script[4359]: fatal: the Postfix mail system is not running
Mar 17 14:14:24 raspberrypi postfix/master[4481]: fatal: bind 0.0.0.0 port 25: Address already in use
Mar 17 14:14:28 raspberrypi postfix/postfix-script[4515]: fatal: the Postfix mail system is not running
Mar 17 14:14:32 raspberrypi postfix[4533]: error: to submit mail, use the Postfix sendmail command
Mar 17 14:14:32 raspberrypi postfix[4533]: fatal: the postfix command is reserved for the superuser
Mar 17 14:14:43 raspberrypi postfix/postfix-script[4540]: error: unknown command: ''Mar 17 14:14:43 raspberrypi postfix/postfix-script[4541]: fatal: usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration)
Mar 17 14:15:58 raspberrypi postfix/postfix-script[4564]: fatal: the Postfix mail system is not running
Mar 17 14:16:04 raspberrypi postfix/master[4679]: fatal: bind 0.0.0.0 port 25: Address already in use
Mar 17 14:16:06 raspberrypi postfix/postfix-script[4712]: fatal: the Postfix mail system is not running
Mar 17 14:24:53 raspberrypi postfix/postmap[4887]: fatal: /etc/postfix/main.cf, line 51: missing '=' after attribute name: "hash:/etc/postfix/helo_access"
Mar 17 14:26:02 raspberrypi postfix/master[5080]: fatal: bind 0.0.0.0 port 25: Address already in use
Mar 17 14:32:57 raspberrypi sm-mta[5178]: u2HDW5s3005178: SYSERR(root): collect: Cannot write ./dfu2HDW5s3005178 (bfcommit, uid=0, gid=117): No such file or directory
Mar 17 17:38:38 raspberrypi sm-mta[8511]: u2HGbetd008511: SYSERR(root): collect: Cannot write ./dfu2HGbetd008511 (bfcommit, uid=0, gid=117): No such file or directory
Mar 17 17:39:10 raspberrypi postfix/postfix-script[8647]: fatal: the Postfix mail system is not running

Reloaded after 17:39. Tried to send a mail before

This line gives a good clue:

Mar 17 14:24:53 raspberrypi postfix/postmap[4887]: fatal: /etc/postfix/main.cf, line 51: missing '=' after attribute name: "hash:/etc/postfix/helo_access"

Postfix thinks hash:/etc/postfix/helo_access is the start of a new line in the configuration file, so you have an error near check_helo_access hash:/etc/postfix/helo_access in your helo restrictions (previous line should end in a comma - might be that?).

This line:

Mar 17 14:14:24 raspberrypi postfix/master[4481]: fatal: bind 0.0.0.0 port 25: Address already in use

...suggests you already have a mail transfer agent installed/running (sendmail, maybe)? You can't have two running at the same time because they both need to bind to port 25.

Sam

Apparently the comment I sent a few hours ago didn't send.

Well thats weird.. I removed sendmail with apt-get remove sendmail-cf apt-get remove sendmail-base (didnt even know I had that installed) but now I can't connect via telnet anymore.

root@raspberrypi:~# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection closed by foreign host.

This is all I get. At least I can reload postfix now!
When I print mail.err with cat this comes Mar 17 22:49:04 raspberrypi postfix/smtpd[10812]: fatal: no SASL authentication mechanisms.
Tried to connect with telnet on Mar 17 22:49

Both comments came through, but I use comment approval to combat spammers... if you use the same browser as you posted with and don't delete cookies etc. then you should see your own comment before it's approved.

You probably still have a configuration error (did you do anything about the first part of my last comment)?

Dovecot provides SASL, so check that it's running and then go back through the dovecot tutorial and double check the "instruct postfix to use Dovecot SASL" section, lots of people get the "service auth" block wrong.

Sam

Oh sorry about that.

Yes I fixed the error in mail.err. Everything is working now after I continued the tutorial. Thanks for the quick help :)

Hi Sam,

Thanks for making such a great tutorial!

However, when I test to see if it works using telnet, it doesn't send an email.

My ISP is BT, and I've added the relay host to main.cf, once with just the relay host and another time by adding the port I think they use, but still no joy. Any suggestions?

Cheers, George

George,

Let's make sure the port is definitely being blocked by your ISP first. If you telnet to samhobbs.co.uk on port 25, does it connect?

Sam

You can remove the relayhost stuff you added, your ISP isn't blocking port 25. The test email you sent is probably in the spam folder!

Sam

I've already checked the spam folder, but no joy! I'm using tightvnc to access my pi, rather than SSH, would that be making a difference?

George

No, that shouldn't make a difference. Is there anything relevant in your mail log?

Sam

Okay, I've looked into the Spamhaus listing a bit more, and this is what it says on their website:

It is the policy of BT Retail that unauthenticated email sent from this IP address should be sent out only via the designated outbound mail server allocated to BT Retail customers. Please consult the following URL for details on how to configure your email client appropriately. http://btybb.custhelp.com/cgi-bin/btybb.cfg/php/enduser/cci/bty_adp.php?...

The link leads no where. Shall I just carry on through the tutorial and sort out the authentication later, or is it something I can sort now?

Thanks!

George

George,

Have a look and see if you can get a static IP address - most of these problems will go away instantly if you do. PlusNet (a BT subsidiary) let me have one for a one-off admin fee of £5, which is excellent - most American ISPs charge an additional monthly fee for a static IP, just because they can.

Sam

BT will only let me buy a static IP if I'm a BT business customer, which I'm not. So does that mean I won't be able to set this up from my home network?

Cheers, George

That's a shame.

It should still be possible if you relay through BT's mail server, but I can't help you with the relay part since I haven't done it myself. If you can find that information elsewhere, go for it.

I'm still confused about why you were able to connect to me on port 25, yet postfix can't, but whatever!

Sam

I've found some bits about BT STMP authentication, so I'll keep going and see if I can get it sorted.

Thanks for all your help, I really appreciate it! It's great to have a tutorial that doesn't just tell you what to do, but tells you why you do it. it helps you understand the whole process!

Thanks again, George

Checked the log, the initial ones says that the email couldn't be sent due to stmp authentication, the more recent ones don't say that anymore, but they do say the email couldn't be sent as the IP was rejected as it is listed in Spamhaus PBL.

Cheers, George

Hi Sam,

My RasPi mail server is now up and running, thanks to your great tutorials. I have had my PTR record created (Virgin Media Business are happy to do it FOC, for anyone who is interested), and dig as well as MX Toolbox show the correct reverse DNS records...

...but I do get an error message on MX Toolbox doing the SMTP check:
SMTP Valid Hostname Reverse DNS is not a valid Hostname

I did some research, and apparently it isn't 'good practice' (though by no means invalid) to use one's FQDN as one's hostname, as is the case for my mail server (frequenzpolitik.com). I have changed my /etc/hostname and my Postfix main.cf to include my FQDN, but MX Toolbox still complains.

Any ideas why that could be? Any other files that need a hostname entry I might have overlooked? I have successfully sent emails to some big providers (gmail, hotmail etc.) that haven't complained or marked my mails as spam, but I still want to make sure I don't end up on a Spamhaus list because of this! :)

Many thanks,

Jay

Weird, I wonder why it doesn't complain about mine? Maybe it's because there are two periods in my FQDN (because mine is a .co.uk instead of .com) so it detects it as a subdomain?

Anyway, I haven't had any problems so you shouldn't worry. You could add a DNS A record for mail.yourdomain.com and replace yourdomain.com with mail.yourdomain.com in your MX record, and then ask Virgin to change your PTR to mail.yourdomain.com... doesn't seem worth it though.

Interesting that it's not considered good practice, I didn't know that.

Sam

Pages

Add new comment