Install | Topics | Beyond Lino

Troubleshooting

Diagnostics and monitoring

Here is what status should say:

# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
   Active: active (exited) since Thu 2019-12-12 12:01:59 UTC; 7s ago
  Process: 2262 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 2262 (code=exited, status=0/SUCCESS)

Dec 12 12:01:59 my-host-name systemd[1]: Starting Postfix Mail Transport Agent...
Dec 12 12:01:59 my-host-name systemd[1]: Started Postfix Mail Transport Agent.

The word “(exited)” is confusing but absolutely normal.

See which version of postfix is running:

$ sudo postconf mail_version
mail_version = 3.4.10

See the value of a given parameter:

$ sudo postconf mydomain

See a list of all parameters and their values:

$ sudo postconf | grep mydomain

Test whether emails are being sent:

$ sudo apt install mailutils
$ echo "See https://hosting.lino-framework.org/mail/diag/" | mail -s "It works!" root

See also How to send a simple mail for testing the mail system below.

Display the mail log:

      $ sudo journalctl -u postfix        # after systemd
$ sudo less /var/log/mail.log       # before systemd

Inspect the mail queue

Display a list of queued mail waiting to be delivered (deferred and pending):

$ mailq

Display the content of queued mail:

$ sudo postcat -vq <QueueID>

Delete all queued mail:

$ sudo postsuper -d ALL

Delete deferred mail queue messages:

$ sudo postsuper -d ALL deferred

Websites that help with testing your mail server

How to send a simple mail for testing the mail system

If mailutils is installed correctly:

$ echo foo | mail -s "some test" root

Though this might not be enough because most mail servers refuse emails with a non-existing domain name in the From field.

You can explicitly specify -r (or --return-address). Here is a generic command-line for doing this:

$ echo foo | mail -r `whoami`@`cat /etc/mailname` -s "some test" root

Seems that mail does not consult /etc/mailname, it just uses username@hostname as the default From value, where hostname is just our nickname. Would it be better to set hostname to the the full public name? We set it to the nickname only because we don’t want to see the full public name in every command prompt.

It seems that we can setup Postfix to replace the local hostname by a real FQDN.

The GNU mail program has its own configuration files:

$ mail --show-config-options | grep SYSCONFDIR
SYSCONFDIR=/etc       - System configuration directory

Which means that actually the config files are in /etc/mail. And one of them, /etc/mail/local-host-names contains my default From header.

Ports and services

Which ports is my server listening on? And which service responds to which port?

Say nmap localhost to see this.

Good to know when configuring postfix

  • postconf key1 key2 shows the current settings, one line key=value for each specified key.

  • postconf key=value updates the main.cf file from the command line. This is useful when playing around. You can specify multiple key=value pairs. A value can be empty. Know your bash rules.

  • systemctl restart is more than systemctl reload. When you change inet_interfaces or inet_protocols, reloading won’t do it and postfix even issues a warning… but only in the system journal, not on the command line.

  • In Postfix you can say “/etc/mailname” as the value for myorigin, but not for myhostname. Seems that Postfix checks for a “/” at the beginning only for myorigin. Don’t ask me why.

Troubleshooting

Some problems we had when running our own mail server and how we fixed them

8891@localhost: garbage after numerical service

This was an odd error. On one server the inet socket connection worked fine, on the other server this error was logged by smtpd every time it sent.

I wasn’t able to find the source for this issue. But the solution to use a file based socket. However the default settings for file socket connection gives file not found errors.

The correct settings for postfix and opendkim for a file socket connection::

#/etc/opendkim.conf
umask           002
Socket                      local:/var/spool/postfix/var/spool/opendkim/opendkim.sock
#/etc/default/opendkim
Socket=local:/var/spool/postfix/var/spool/opendkim/opendkim.sock
#/etc/postfix/main.cf
smtpd_milters = local:/var/spool/opendkim/opendkim.sock

The reason for /var/spool/postfix for opendkim is that postfix thinks that is / when looking for the file.

For this solution you also need to create that path and do some permission work.:

sudo mkdir -p /var/spool/postfix/var/spool/opendkim/
sudo chown opendkim:opendkim /var/spool/postfix/var/spool/opendkim/
sudo adduser postfix opendkim

That will allow postfix to use the socket file.

You will see messages like the following in your /var/log/mail.log file:

Oct 16 07:06:16 host mx01.emig.gmx.net[212.227.17.5] refused to talk to me:
554-gmx.net (mxgmx116) Nemesis ESMTP Service not available
554-No SMTP service 554-Bad DNS PTR resource record.
554 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=167.114.229.225&c=rdns

554 Bad DNS PTR resource record means that your reverse DNS record isn’t set up correctly.

550 Email blocked means that the recipient’s mail server refuses to receive your mail because your mail server is blacklisted. To see whether your server is blacklisted, you can ask multirbl.valli.org. For some nice examples of why blacklisting is needed, see bobcares.com.

550-Requested action not taken: mailbox unavailable 550 Sender address has null MX (in reply to MAIL FROM command)) indicates that the From: address of your mail was invalid.

relay=gmail-smtp-in.l.google.com[2a00:1450:4010:c06::1a]:25,
status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:4010:c06::1a] said:
  550-5.7.26 Unauthenticated email from laudate.ee is not accepted due to
  domain's 550-5.7.26 DMARC policy. Please contact the administrator of
  laudate.ee domain 550-5.7.26 if this was a legitimate mail.
  Please visit 550-5.7.26  https://support.google.com/mail/answer/2451690
  to learn about the 550 5.7.26 DMARC initiative.

Lost connection with mail.example.com

When sending an email, Thunderbird says “Sending of the message failed. The message could not be sent because the connection to Outgoing server (SMTP) mail.mydomain.org was lost in the middle of the transaction. Try again.”

Another problem encountered was this:

postfix/smtp[13506]:B08AC130BC: to=<rec@example.com>,
relay=mail.example.com[46.4.136.153]:25, delay=134801,
delays=134798/0.11/1.4/0.9, dsn=4.4.2,
status=deferred (lost connection with mail.example.com[46.4.136.153] while sending MAIL FROM)

We tried to open an manual connection to the server:

$ openssl s_client -connect mail.example.com:25 -starttls smtp