Install | Topics | Beyond Lino
Troubleshooting¶
Diagnostics and monitoring¶
Here is what status should say:
# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2019-12-12 12:01:59 UTC; 7s ago
Process: 2262 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 2262 (code=exited, status=0/SUCCESS)
Dec 12 12:01:59 my-host-name systemd[1]: Starting Postfix Mail Transport Agent...
Dec 12 12:01:59 my-host-name systemd[1]: Started Postfix Mail Transport Agent.
The word “(exited)” is confusing but absolutely normal.
See which version of postfix is running:
$ sudo postconf mail_version
mail_version = 3.4.10
See the value of a given parameter:
$ sudo postconf mydomain
See a list of all parameters and their values:
$ sudo postconf | grep mydomain
Test whether emails are being sent:
$ sudo apt install mailutils
$ echo "See https://hosting.lino-framework.org/mail/diag/" | mail -s "It works!" root
See also How to send a simple mail for testing the mail system below.
Display the mail log:
$ sudo journalctl -u postfix # after systemd
$ sudo less /var/log/mail.log # before systemd
Inspect the mail queue¶
Display a list of queued mail waiting to be delivered (deferred and pending):
$ mailq
Display the content of queued mail:
$ sudo postcat -vq <QueueID>
Delete all queued mail:
$ sudo postsuper -d ALL
Delete deferred mail queue messages:
$ sudo postsuper -d ALL deferred
Websites that help with testing your mail server¶
How to send a simple mail for testing the mail system¶
If mailutils is installed correctly:
$ echo foo | mail -s "some test" root
Though this might not be enough because most mail servers refuse emails with a
non-existing domain name in the From field.
You can explicitly specify -r (or --return-address). Here is a generic
command-line for doing this:
$ echo foo | mail -r `whoami`@`cat /etc/mailname` -s "some test" root
Seems that mail does not consult /etc/mailname, it just uses
username@hostname as the default From value, where hostname is just our
nickname. Would it be better to set hostname to the the full public name? We
set it to the nickname only because we don’t want to see the full public name in
every command prompt.
It seems that we can setup Postfix to replace the local hostname by a real FQDN.
The GNU mail program has its own configuration files:
$ mail --show-config-options | grep SYSCONFDIR
SYSCONFDIR=/etc - System configuration directory
Which means that actually the config files are in /etc/mail. And one of
them, /etc/mail/local-host-names contains my default From header.
Ports and services¶
Which ports is my server listening on? And which service responds to which port?
Say nmap localhost to see this.
Good to know when configuring postfix
postconf key1 key2shows the current settings, one linekey=valuefor each specified key.postconf key=valueupdates themain.cffile from the command line. This is useful when playing around. You can specify multiple key=value pairs. A value can be empty. Know your bash rules.systemctl restartis more thansystemctl reload. When you change inet_interfaces or inet_protocols, reloading won’t do it and postfix even issues a warning… but only in the system journal, not on the command line.In Postfix you can say “/etc/mailname” as the value for myorigin, but not for myhostname. Seems that Postfix checks for a “/” at the beginning only for myorigin. Don’t ask me why.
Troubleshooting¶
Some problems we had when running our own mail server and how we fixed them
8891@localhost: garbage after numerical service¶
This was an odd error. On one server the inet socket connection worked fine, on the other server this error was logged by smtpd every time it sent.
I wasn’t able to find the source for this issue. But the solution to use a file based socket. However the default settings for file socket connection gives file not found errors.
The correct settings for postfix and opendkim for a file socket connection::
#/etc/opendkim.conf
umask 002
Socket local:/var/spool/postfix/var/spool/opendkim/opendkim.sock
#/etc/default/opendkim
Socket=local:/var/spool/postfix/var/spool/opendkim/opendkim.sock
#/etc/postfix/main.cf
smtpd_milters = local:/var/spool/opendkim/opendkim.sock
The reason for /var/spool/postfix for opendkim is that postfix thinks that is / when looking for the file.
For this solution you also need to create that path and do some permission work.:
sudo mkdir -p /var/spool/postfix/var/spool/opendkim/
sudo chown opendkim:opendkim /var/spool/postfix/var/spool/opendkim/
sudo adduser postfix opendkim
That will allow postfix to use the socket file.
You will see messages like the following in your /var/log/mail.log
file:
Oct 16 07:06:16 host mx01.emig.gmx.net[212.227.17.5] refused to talk to me:
554-gmx.net (mxgmx116) Nemesis ESMTP Service not available
554-No SMTP service 554-Bad DNS PTR resource record.
554 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=167.114.229.225&c=rdns
554 Bad DNS PTR resource record means that your reverse DNS record
isn’t set up correctly.
550 Email blocked means that the recipient’s mail server refuses to
receive your mail because your mail server is blacklisted. To see
whether your server is blacklisted, you can ask multirbl.valli.org. For some nice examples of why
blacklisting is needed, see bobcares.com.
550-Requested action not taken: mailbox unavailable 550 Sender address
has null MX (in reply to MAIL FROM command)) indicates that the From: address
of your mail was invalid.
relay=gmail-smtp-in.l.google.com[2a00:1450:4010:c06::1a]:25,
status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:4010:c06::1a] said:
550-5.7.26 Unauthenticated email from laudate.ee is not accepted due to
domain's 550-5.7.26 DMARC policy. Please contact the administrator of
laudate.ee domain 550-5.7.26 if this was a legitimate mail.
Please visit 550-5.7.26 https://support.google.com/mail/answer/2451690
to learn about the 550 5.7.26 DMARC initiative.
Lost connection with mail.example.com¶
When sending an email, Thunderbird says “Sending of the message failed. The message could not be sent because the connection to Outgoing server (SMTP) mail.mydomain.org was lost in the middle of the transaction. Try again.”
Another problem encountered was this:
postfix/smtp[13506]:B08AC130BC: to=<rec@example.com>,
relay=mail.example.com[46.4.136.153]:25, delay=134801,
delays=134798/0.11/1.4/0.9, dsn=4.4.2,
status=deferred (lost connection with mail.example.com[46.4.136.153] while sending MAIL FROM)
We tried to open an manual connection to the server:
$ openssl s_client -connect mail.example.com:25 -starttls smtp