postfix sends but does not receive email

Posted on

Problem :

I am running postfix on a Raspberry Pi behind a home router with dynamic DNS configured. postfix can send email just fine, but it does not seem to receive.

I think the home router and dynamic DNS are fine, I’m hosting a website on the Raspberry Pi, it works fine and is publicly accessible. So either my MX record is not configured properly or postfix isn’t (I think).

(I’ve redacted my hostname below).

Configuration dynamic DNS for myhostname.ddns.net

  • IPv4 address: the IP address of my Raspberry Pi
  • MX Record: myhostname.ddns.net, Priority 1

Port Forwarding configuration on the home router

D   Service Port    Internal Port   IP Address  Protocol
1   80      80      192.168.0.10    ALL     # web server
2   22      22      192.168.0.10    ALL     # ssh
3   25      25      192.168.0.10    TCP     # mail server

on a 3rd computer not the Raspberry Pi

  • ping myhostname.ddns.net: works, I see the IP address of my Raspberry Pi responding.
  • pointing a browser to http://myhostname.ddns.net: works, I see the root of the website. This confirms the dynamic DNS is working and the home router forwarding is working.
  • on a gmail account, sending mail to pi@myhostname.ddns.net fails after about 24 hours with “delivery incomplete, the recipient server did not accept our requests to connect. timed out”. If you know a faster way to test that does not require waiting 24 hours, please let me know.

on the Raspberry Pi, logged in as “pi”

$ mail
No mail for pi

$ dig myhostname.ddns.net MX +short
1 myhostname.ddns.net

$ sudo postfix status
postfix/postfix-script: the Postfix mail system is running: PID: 16232

$ sudo netstat -plutn | grep 25
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      16232/master

$ sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

$ cat /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Raspbian)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination
smtpd_relay_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    defer_unauth_destination
myhostname = myhostname.ddns.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = myhostname.ddns.net, myhostname, localhost.localdomain, 
localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
mailbox_command =
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes

$ cat /etc/mailname
myhostname.ddns.net

Update

Comcast blocks port 25, see https://www.xfinity.com/support/articles/email-port-25-no-longer-supported

Solution :

There are few things here which you need to check.

  1. I guess Google can’t send an email to you because you don’t have MX record. But let’s pretend that’s not an issue for a moment and let’s trouble shoot other issues. (No, DDNS will not give you MX for many good reasons)

  2. make sure that you are allowed to connect to your port 25 from the Internet.
    I guess you will not be able to but to test it please do following:

    nc -vv myhostname.ddns.net 25

or

telnet myhostname.ddns.net 25

That should show if you are allowed to connect to port 25 – mind you, some ISPs might block incoming connections to port 25.
Of course you need to check your internal firewall on your pi (what Linux distro do you run?)

  1. As soon as you are connected to your server you will be able to send an email using telnet/nc.

    EHLO myhostname.ddns.net

(you should get here few lines starting with 250)

mail from: your@myhostname.ddns.net
rcpt to: email@to_send_it_to.com
subject: Test email

and then start tyoping tyour email. End with single “.” in the last line, like that:

Test email from my server.
.

Then you should see that email was sent over or at least accepted. No need to wait 24h 🙂

  1. I really doubt that you will be able to use your Pi email server for anything but few tests. To begin with you have no MX records and no control over DKIM, PTR and SPF… In other words it will not be production ready nor people would accept emails from your server.
    And the fact that you are on dynamic IP means that your IP is blocked by 99% spam filters. yes, just because it’s not static.

As Comcast says on Ports blocked on Comcast’s network you could use port 587.

Edit: ComCast also stated –> If you are running a mail server please contact Comcast Customer Security Assurance at 1-877-807-6580 for more information on this block.

See: How to configure TLS encryption in Postfix

Leave a Reply

Your email address will not be published. Required fields are marked *