Raspberry Pi Email Server Part 1: Postfix

Powered by Drupal
Submitted by Sam Hobbs on

Postfix Logo This is the first part of a five part tutorial that will show you how to install a full featured email server on your Raspberry Pi. This tutorial covers Postfix, the Mail Transfer Agent.

The parts are:

The Introduction & Contents Page (read first)

Raspberry Pi Email Server Part 1: Postfix

Raspberry Pi Email Server Part 2: Dovecot

Raspberry Pi Email Server Part 3: Squirrelmail

Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin

Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve

Installing Postfix

Note: While you are setting up the mail server on the Pi, it’s a good idea to turn off port forwarding rules for email to the Pi in your router’s firewall. If you don’t have any port forwarding rules now, that’s great, don’t worry – I’ll prompt you to set them up later. First, log into your Pi with a SSH session and install postfix:

sudo apt-get update
sudo apt-get install postfix

You will see a menu with some choices. Select “Internet Site” and then set the mail name to your domain name, not including www. (e.g. samhobbs.co.uk). The setup script will then do some automatic configuration for you. The output will look something like this:

Selecting previously unselected package postfix.                                              
(Reading database ... 67653 files and directories currently installed.)                       
Unpacking postfix (from .../postfix_2.9.6-2_armhf.deb) ...                                    
Processing triggers for man-db ...
Setting up postfix (2.9.6-2) ...
Adding group `postfix' (GID XXX) ...
Done.
Adding system user `postfix' (UID XXX) ...
Adding new user `postfix' (UID XXX) with group `postfix' ...
Not creating home directory `/var/spool/postfix'.
Creating /etc/postfix/dynamicmaps.cf
Adding tcp map entry to /etc/postfix/dynamicmaps.cf
Adding sqlite map entry to /etc/postfix/dynamicmaps.cf
Adding group `postdrop' (GID XXX) ...
Done.
setting myhostname: samhobbs
setting alias maps
setting alias database
changing /etc/mailname to samhobbs.co.uk
setting myorigin
setting destinations: samhobbs.co.uk, samhobbs, localhost.localdomain, localhost
setting relayhost: 
setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
setting mailbox_size_limit: 0
setting recipient_delimiter: +
setting inet_interfaces: all
/etc/aliases does not exist, creating it.
WARNING: /etc/aliases exists, but does not have a root alias.

You can edit all of this later. You may also get some warnings like this:

postmulti: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol

IPv6 is a new type of IP address that was introduced because we’re running out of the “old” IPv4 addresses. Not many ISPs support IPv6 yet, so you probably don’t need it. Unless you fix the warning, you’ll see it every time. Change directory into the postfix configuration folder:

cd /etc/postfix/

Edit /etc/postfix/main.cf with your favourite command line text editor (e.g. sudo nano main.cf) and add inet_protocols = ipv4 to the end of the file. Now is also a good time to check that your hostname is specified properly in /etc/postfix/main.cf. The setup script takes the hostname of the server and uses that, but it may not be in the right format, i.e. “samhobbs” instead of “samhobbs.co.uk”. Find the line that begins myhostname = and make sure it is your fully qualified domain name. This is important because your server will use this to talk to other mail servers, and some will reject your emails if you don’t use a fully qualified domain name to say hi! This is covered in more detail in the helo access restrictions later. Restart postfix and you shouldn’t see the warnings any more:

sudo service postfix restart

Testing and Configuration

Before you start, it’s probably worth backing up the configuration files in their current state. This way, you’ll have something to compare to if you’re ever trying to work out which bits were defaults and which bits you changed yourself:

cd /etc/postfix
sudo cp main.cf main.cf.BAK
sudo cp master.cf master.cf.BAK

Mailbox Setup

There are a couple of different types of mailbox you can use, I’ve chosen to use a “Maildir” rather than “mbox” configuration. For users with “real” UNIX accounts on the system (like the one you’re using to log in), Maildir creates a folder in the user’s home directory and places emails inside it, one file for each email. I prefer this to the alternatives, because it’s easier to see and understand: you can rummage around in your home folder and see all your emails as individual files. To tell Postfix to use the Maildir format, add the following lines to /etc/postfix/main.cf:

home_mailbox = Maildir/
mailbox_command =

If there's already a line with mailbox_command, comment it out by adding a # at the start of the line. We also need to create the mail directory and its subfolders for existing users, and add some things to /etc/skel (the template for new users) so that if you create a new account this will be done automatically. These commands are part of Dovecot, so first we need to install it:

sudo apt-get update
sudo apt-get install dovecot-common dovecot-imapd

You will get a lot of output: some other dovecot packages will automatically be installed and the config files will be created. You will also see some errors – don’t worry about those for now, I’ll explain how to deal with them in part 2, later. Now we can create those mail folders. Run the following commands to create the template files:

sudo maildirmake.dovecot /etc/skel/Maildir
sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts
sudo maildirmake.dovecot /etc/skel/Maildir/.Sent
sudo maildirmake.dovecot /etc/skel/Maildir/.Spam
sudo maildirmake.dovecot /etc/skel/Maildir/.Trash
sudo maildirmake.dovecot /etc/skel/Maildir/.Templates

Next, copy the files over to existing users’ home directories, and change the ownership and permissions for privacy (replace USER with the username you are doing this for, and repeat for all existing usernames):

sudo cp -r /etc/skel/Maildir /home/USER/
sudo chown -R USER:USER /home/USER/Maildir
sudo chmod -R 700 /home/USER/Maildir

Initial Testing

Now, the best way to test Postfix during configuration is to use Telnet, because it is such a simple way of communicating between programs and there’s less to go wrong and get confused about. First, install telnet:

sudo apt-get install telnet

Now, still inside the SSH session to your pi, type this command. It will connect you to port 25 on the Pi:

telnet localhost 25

You can now test sending an email using SMTP. Here are the steps:

  1. send an ehlo command to tell the server who you are, and it will tell you its capabilities
  2. use the mail from command to say who the email is from. If you are sending it from an address that exists on the server, you needn’t include the domain name (i.e. user instead of user@yourdomain.com)
  3. use the rcpt to command to tell the server where to send the email
  4. Use the data command to tell the server that you’re about to start giving it the message you want to send
  5. Type Subject: YOUR SUBJECT then enter to set a subject
  6. Type the body of your email. Once you’re done, press ENTER, then ., then ENTER again.
  7. Type quit to exit

Here’s an example:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 samhobbs.co.uk ESMTP Postfix (Debian/GNU)
ehlo foobar
250-samhobbs.co.uk
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: me        
250 2.1.0 Ok
rcpt to: me@outsideemail.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: test
This is a test email
.
250 2.0.0 Ok: queued as A639C3EE6D
quit 
221 2.0.0 Bye

Some Access Restrictions

Add the following to /etc/postfix/main.cf to restrict who can send emails to external mail servers:

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

Reload postfix:

sudo service postfix reload
  • Line 1 begins the list of restrictions.
  • Line 2 permits users who have authenticated with Simple Authentication and Security Layer (SASL) to send email to any destination (this is part of the Dovecot config in Part 2, later).
  • Line 3 will let users send emails to any destination if they have connected from an IP address defined in mynetworks.
  • Line 4 will reject the email if none of the above conditions have been met unless the “rcpt to” address is one of the addresses that your server is accepting email to (as defined in main.cf with the mydestination parameter).

In its present state, the email server will allow you to send external emails because the connection is originating from the Pi itself (you are logged in via SSH) and not an unknown computer. Addresses of “trusted” computers are listed under the mynetworks setting in main.cf, e.g.

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

Try sending an external email again, using telnet as before. You should be able to do so without any issues. Now we want to see what kind of response someone would get if they were connecting from outside of the IP range defined in mynetworks, to make sure Pi won’t allow everyone to send outgoing emails from your server. To simulate this we can comment out permit_mynetworks under smtpd_recipient_restrictions:

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
#       permit_mynetworks,
        reject_unauth_destination

Now reload the postfix configuration:

sudo service postfix reload

This will let you see what kind of response you would get if you weren’t sending the email from mynetworks. Try sending again, and you should receive an error “554: Relay access denied“:

admin@samhobbs /etc/postfix $ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 samhobbs.co.uk ESMTP Postfix (Debian/GNU)
ehlo samhobbs.co.uk
250-samhobbs
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: USER
250 2.1.0 Ok
rcpt to: me@externalemail.com
554 5.7.1 <me@externalemail.com>: Relay access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.

Perfect. Leave permit_mynetworks commented out in your smtpd_recipient_restrictions (you'll see why in part 2).

Helo access restrictions

Helo access restrictions can be a very useful way of blocking spam. Note that we’re not talking about unauthorised people being able to send email outside your network any more (that’s taken care of with the smtpd_recipient_restrictions); we’re now talking about stopping spammers from sending incoming mail to your email address. Spammers try to conceal their identity so that they don’t end up on block lists, so they rarely use helo hostnames that could identify them – these hostnames are written to the mail log files. As a result, they often make up a random string or use an IP address instead of a domain name. Luckily, these are easily taken care of. Add the following to /etc/postfix/main.cf:

smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname
  • Line 1 requires people and programs to identify themselves when they send email, using the helo or ehlo commands I mentioned earlier.
  • Line 2 starts the list of restrictions.
  • Line 3 accepts any old rubbish in the ehlo if it comes from an IP address defined in mynetworks. If the connection isn’t connecting from an IP address in mynetworks, then the helo hostname is checked against the rest of the list.
  • Line 4 accepts any helo hostname if the client is authenticated with SASL (I added this to the tutorial recently after troubleshooting problems some people had in the comments – it allows you to connect from any network and still send messages through your Pi. Mobiles will usually work without this because most providers pass mail through their own proxies, so your Pi receives a connection from the proxy – which has a valid hostname – and not from the mobile, which may be called something like “android-b627cfe2efea7e67″).
  • Line 5 rejects connection attempts when the HELO hostname syntax is invalid.
  • Line 6 rejects non-fully qualified domain names (for example, foobar instead of foobar.com). This will also block those random strings, e.g. “kjhrsbvks”.
  • Line 7 rejects the helo hostname if it that domain doesn’t have a valid DNS A or MX record. For example, someone spamming you could make up a domain like theflyingspaghettimonster.com. If that domain doesn’t actually exist and have the right records, then your server won’t accept it as a hostname, and the email will be rejected.

If the helo hostname gets past line 7 and hasn’t been denied, it is accepted. You’d be surprised how much spam these helo access restrictions will block on their own (looking through my log files, I can see numerous spam scripts that have attempted to ehlo with my IP address), but there’s an extra step we can add in here to help:

Blocking people claiming to be your domain name

Many spammers try to send email to you after helo’ing with your own domain name. Since postfix doesn’t check whether or not they’re lying about their helo hostname, this will usually work. But, since we’ve put permit_mynetworks at the top of the list, anyone actually sending an email from your domain will be accepted already. Anyone using your hostname who isn’t in mynetworks is an imposter. So, add one more line to the end of the restrictions list:

smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname,
        check_helo_access hash:/etc/postfix/helo_access

That last line checks a file for custom rules you’ve built in. Create the file:

sudo nano /etc/postfix/helo_access

Add the following lines, edited for your domain:

samhobbs.co.uk          REJECT          Get lost - you're lying about who you are
mail.samhobbs.co.uk      REJECT          Get lost - you're lying about who you are

Now tell postfix to map the file, and restart postfix:

sudo postmap /etc/postfix/helo_access
sudo service postfix restart

Now anyone who tries to ehlo with one of the hostnames you defined in that file gets rejected, and sees the “get lost” message. Your legitimate servers won’t have that problem, because they will already have been accepted higher up the list. Neat, right? I found that little nugget of wisdom at unixwiz.net.

Moving on…

We’re almost done with Postfix now, athough there are a few bits of configuration that we’ll want to do once we’ve set up SASL with Dovecot, which I’ve chosen to lump in with the Dovecot tutorial. In Raspberry Pi Email Server Part 2: Dovecot, we’ll set up Dovecot to provide SASL authentication and IMAP capability. Please leave a comment if you’re having trouble with anything in this tutorial, and I’ll try and help you out!

Comments

I misread your earlier post - i thought what you meant was you couldn't send mail between two local accounts, which would be very puzzling. Can you check to see if this works? As for the rest, unless you have a problem with the port forwarding on your router, I expect your ISP is blocking port 25 (so no incoming or outgoing mail) - I can help you check if you tell me your domain name? If you do this:
telnet samhobbs.co.uk 25
...from inside your LAN, can you make a successful connection to my server? If not that's a pretty good sign your ISP is blocking outbound. I'll try the same the other way to test inbound if you tell me your domain name. sam

Damn. Sorry to hear that. Who is your ISP? Check if they unblock it for static IP addresses and how much that would cost you (some are cheap like plusnet, £5 one-off fee, and some charge monthly which seems to be the American way!). Other options are use a relay (but I can't help you with configuration because I haven't tried it) ... or vote with your wallet and change to a more hacker friendly ISP. Sam

My ISP does not allow for static IP's. Some yada crap about they dont want you running business servers in your home. Anyhow, I got it running and have had it running for the past three or so months w/o any significant hicups. Even moved over to the RPI2! I figured out the sending problem by just smtp forwarding through my employers email server which he lets me do for free.

Thanks for the reply!

I have a working setup so far with Dovecot and Squirrelmail, and I can send emails just fine, but incoming emails don't seem to show up, except for those sent from other users on the server. I believe I have all the necessary ports open in my router, but incoming emails dont show up in mail.log or in the Maildir. Any ideas would be greatly appreciated.

I realized that I had forgotten to change the nameservers from the registrar that I purchased the domain on to the zoneedit ones. I'll wait a bit for the changes to propagate and hopefully that will work!

Thanks so much for the tutorial, btw, it's by far the clearest and most helpful out there.

I changed the settings, and dig now returns the correct info, but I still am not receiving emails except from within my server. Any other ideas?

You're welcome :) What's your domain name? It would be strange for your ISP to block incoming mail and not outgoing, so I don't think it's that...but if you tell me the domain name I'll try to connect and we'll know for sure. Check /etc/postfix/main.cf and make sure mydestination has your fully qualified domain name (or your server could be rejecting mail because it thinks it's for another address). Also check your logs at /var/log/mail.log to see if there's anything relevant in there. Sam

i am getting temporary lookup failure. what is it? how can i fix? thanks, I followed your instruction line by line.

ok, got it totally my own doing. didn't creat the folders properly. I finally can send mail now. I am not receiveing any thing at this moment. it keeps saying connection to my smtp timed out. I am not sure what's going on.
the werid part is i can send mail by telnet to port 143 method.

Well done :) As for the new problems, can you be more specific? Is the "connection to smtp timed out" message from your logs? I guess you mean you can send mail using the telnet to port 25 method (143 is for IMAP). Sam

When postfix was installed, I may have inserted an incorrect domain name. I changed this later in main.cf. However, when I ran email tests the return address is always: jmn@wrong.domain.name event though myhostname in main.cf is correct.domain.name

Question: I cannot find where wrong.domain.name is kept so that I can change it. Thanks...John

Thanks for the comment. I found wrong.domain.com embedded in a file in Maildir while I was still in your test phase. So I don't think this is a client side problem. I could not find the initial configuration phase for postfix so eventually I deleted postfix and re-installed everything and started again. Problem solved.

I had planned to have an IP routed subnet which which would look after the Pi mailserver with its own public IP address. However, Plusnet will only allow one IP address per customer rather than the two I would need in addition to the primary IP address. I will find a solution.

Thanks for a first-rate tutorial for postfix/dovecot installation along with the various tests. Apart from my mistake, the whole procedure worked without any problems. Now I need to go live - but that will be delayed....

That's an interesting discovery, thanks! I didn't know the Maildir stored information like that. For future reference, you can run the configure script again with dpkg-reconfigure, see here: http://manpages.ubuntu.com/manpages/lucid/man8/dpkg-reconfigure.8.html I looked into getting two IP addresses with plusnet too, at the time I was playing with SIP and wanted to enable IP address discovery with a STUN/TURN server to facilitate NAT traversal. Gave up on that in the end because it's way too complicated. I think to get a second IP address you'd have to pay for a business package, which is more than double the cost of unlimited fiber. Hardly surprising that they're being tight with IPv4 addresses, since we're running out of them! Thanks again for commenting, Sam

Hi,
I just set up and its working.
Now I try to send mail using command line.
When I write mail -s subject aa@aa.com the cursor goes down and waits for the body message. After that waits for . to complete and send mail.
How can I do it in one line?
Thanks

Hi,

I'm doing this on a Linux virtual machine, I guess it's a similar concept. I actually have a Pi but not set it up yet. If this goes well I'll probably redo it on the Pi.

My question is re the usernames: so my user on the virtual machine is called azureuser. if i want an email username e.g. dave, do i have to set up a user on the vm called Dave?

i.e. can I do:
sudo cp -r /etc/skel/Maildir /home/dave/
sudo chown -R azureuser /home/dave/Maildir
sudo chmod -R 700 /home/dave/Maildir

or will i need to set up a "dave" user and do:
sudo cp -r /etc/skel/Maildir /home/dave/
sudo chown -R dave /home/dave/Maildir
sudo chmod -R 700 /home/dave/Maildir

just wondering because i'm setting this up for an app with the idea of having accounts named "noreply" (for sending verification type emails); "support" (for user queries/support) and "dave" (for my correspondence)...

thanks
Dave

Hi Dave, Once you have created the files in /etc/skel, any new user you create will have those files automatically created in their home directory, you only need to do it manually for existing users. You don't need a login for noreply, just allow localhost to send email without authentication, replies will bounce. Assuming you want support email to go to your dave account too, I suggest you create a login called dave and then make support an alias for dave in /etc/aliases (then run sudo newaliases). Sam

ok, thanks. that's helpful.

if i make support and alias for dave, would i be able to send and receive mail as support, or only receive?

Once you have authenticated as any user on the server, you can send mail from any address you like. The configuration in this tutorial doesn't enforce any rules where you must send the email from the same user as you authenticated as. Normally you can configure these "identities" in your email client. Sam

First off thanks for a great article ! and also thanks for fixing my problems I had before. - reading the comments helps a lot !!

Now I have a problem sending or receiving any emails. After may hours checking I've comment out permit_mynetworks and it works again, sort of. When I reset it doesn't work again ..

smtpd_helo_required = yes
smtpd_helo_restrictions =
# permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname
check_helo_access hash:/etc/postfix/helo_access

Any ideas ? please.
Dave.

Hi Dave, Does your file have no tabs in front of each item in the restrictions list? I'm not sure off the top of my head whether the tabs are important or not, but I have a feeling they might be, i.e. postfix treats it as a new parameter if you don't have a tab at the start. I prefer to have each list item on a separate line because it's easier to read and comment out individual lines, but If in doubt, you can write it all in one line (comma separated). Sam

Dave

Sat, 11/07/2015 - 17:13

In reply to by Sam Hobbs

I've done as you said and doesn't seem to make any difference, I assumed white space would be ignored (not 100% sure with tabs though). What seems to happen is when I reset the Pi it stops working (no mail). What I did today is looked at the config files and did a 'sudo service postfix restart' and it all works again - most weird. It could be a DNS issue but I can see packets coming in on port 25 when I send an email to myself - did this by changing the IP of the open ports to my laptop then I can see them in the firewall.

Dave.

Hi Sam,

Still trying to get to the bottom of these problems

After a sudo reboot northing works and looking at the status of Postfix and Dovecot reveals this:-

sudo service postfix status
â postfix.service - LSB: Postfix Mail Transport Agent
Loaded: loaded (/etc/init.d/postfix)
Drop-In: /run/systemd/generator/postfix.service.d
ââ50-postfix-$mail-transport-agent.conf
Active: active (running) since Mon 2015-11-09 11:56:43 UTC; 19min ago
Process: 671 ExecStart=/etc/init.d/postfix start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/postfix.service
ââ 864 /usr/lib/postfix/master
ââ 865 pickup -l -t unix -u -c
ââ 866 qmgr -l -t unix -u
ââ1112 tlsmgr -l -t unix -u -c
ââ1113 anvil -l -t unix -u -c
ââ1294 smtpd -n smtp -t inet -u -c -o stress= -s 2

Nov 09 12:13:48 raspberrypi postfix/smtpd[1294]: disconnect from unknown[157.55.1.170]
Nov 09 12:13:49 raspberrypi postfix/smtpd[1294]: connect from unknown[157.55.1.172]
Nov 09 12:13:50 raspberrypi postfix/smtpd[1294]: NOQUEUE: reject: RCPT from unknown[157.55.1.172]: 450 4.7.1 : Helo command reje...mail.com>
Nov 09 12:13:50 raspberrypi postfix/smtpd[1294]: disconnect from unknown[157.55.1.172]
Nov 09 12:13:53 raspberrypi postfix/smtpd[1294]: connect from unknown[157.55.1.158]
Nov 09 12:13:54 raspberrypi postfix/smtpd[1294]: NOQUEUE: reject: RCPT from unknown[157.55.1.158]: 450 4.7.1 : Helo command reje...mail.com>
Nov 09 12:13:54 raspberrypi postfix/smtpd[1294]: disconnect from unknown[157.55.1.158]
Nov 09 12:14:26 raspberrypi postfix/smtpd[1294]: connect from unknown[157.55.1.151]
Nov 09 12:14:26 raspberrypi postfix/smtpd[1294]: NOQUEUE: reject: RCPT from unknown[157.55.1.151]: 450 4.7.1 : Helo command reje...mail.com>
Nov 09 12:14:27 raspberrypi postfix/smtpd[1294]: disconnect from unknown[157.55.1.151]
Hint: Some lines were ellipsized, use -l to show in full.

And Sudo service dovecot status -

sudo service dovecot status
â dovecot.service - LSB: Dovecot init script
Loaded: loaded (/etc/init.d/dovecot)
Active: active (running) since Mon 2015-11-09 11:56:41 UTC; 23min ago
Process: 546 ExecStart=/etc/init.d/dovecot start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/dovecot.service
ââ 654 /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
ââ 659 dovecot/anvil
ââ 660 dovecot/log
ââ 662 dovecot/config
ââ1083 dovecot/imap-login
ââ1086 dovecot/imap-login
ââ1095 dovecot/imap
ââ1102 dovecot/imap
ââ1117 dovecot/imap-login
ââ1125 dovecot/imap
ââ1127 dovecot/imap-login
ââ1134 dovecot/imap
ââ1135 dovecot/imap-login
ââ1142 dovecot/imap
ââ1411 dovecot/auth

Nov 09 11:56:41 raspberrypi dovecot[654]: master: Dovecot v2.2.13 starting up for imap (core dumps disabled)
Nov 09 11:56:41 raspberrypi dovecot[546]: Starting IMAP/POP3 mail server: dovecot.
Nov 09 11:56:41 raspberrypi systemd[1]: Started LSB: Dovecot init script.
Nov 09 11:56:54 raspberrypi dovecot[660]: imap-login: Login: user=, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=192.168.1.30, mpid=1095, TLS, session=
Nov 09 11:56:54 raspberrypi dovecot[660]: imap-login: Login: user=, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=192.168.1.30, mpid=1102, TLS, session=<42ANShokLgBfrOxI>
Nov 09 12:02:48 raspberrypi dovecot[660]: imap-login: Login: user=, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=192.168.1.30, mpid=1125, TLS, session=<+a4yXxok5wBfrOxI>
Nov 09 12:02:54 raspberrypi dovecot[660]: imap-login: Login: user=, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=192.168.1.30, mpid=1134, TLS, session=<30OPXxokEgBfrOxI>
Nov 09 12:03:01 raspberrypi dovecot[660]: imap-login: Login: user=, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=192.168.1.30, mpid=1142, TLS, session=
Hint: Some lines were ellipsized, use -l to show in full.

This after a sudo reboot . - If I do a 'sudo service postfix restart' it starts working again ???.

Dave.

Hi Dave, Sorry I didn't reply sooner, had a busy weekend. Was thinking about your problem though. None of the output you just posted indicates that postfix hadn't started properly after a reboot. Are you sure you left enough time for the services to all start up before you started testing it? Immediately after boot, if postfix is up and running fine then I don't see why restarting/reloading it would make a difference (might be a coincidence?). Sam

Hi Sam, More diagnostics. It's looks like it's an issue with permissions still - I don't understand why it would after I restart postfix though. I rebooted and left it for a few minutes to load and sent it an email and got this from tail -f /var/log/mail.log

Nov 10 09:24:22 raspberrypi postfix/smtpd[1109]: connect from unknown[157.55.1.162]
Nov 10 09:24:22 raspberrypi postfix/smtpd[1109]: NOQUEUE: reject: RCPT from unknown[157.55.1.162]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo=
Nov 10 09:24:23 raspberrypi postfix/smtpd[1109]: disconnect from unknown[157.55.1.162]

And my permissions looks like this:-

smtpd_helo_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_helo_hostname,reject_non_fqdn_helo_hostname,reject_unknown_helo_hostname,check_helo_access hash:/etc/postfix/helo_access

Thanks for bearing with me - so near yet so far !

Dave.

Add new comment

The content of this field is kept private and will not be shown publicly.

Filtered HTML

  • Web page addresses and email addresses turn into links automatically.
  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.