Installation | Topics | Beyond Lino

Dive, explore, troubleshoot

Test your mail server

You can try to send an email to one (or all) of the following addresses and wait their answer:

check-auth@verifier.port25.com
autorespond+dkim@dk.elandsys.com

You can also use http://www.protodave.com/tools/dkim-key-checker/

or https://tools.sparkpost.com/dkim

One good method to test is using swaks:

swaks -t check-auth2@verifier.port25.com -f user@mydomain.org --server localhost

This will send a test email, and then get a reply with dkim and dmark information. If you don’t have a pop3 or imap server configured you can add this line in your your /etc/aliases to have postfix forward mail to another server for this name:

sudo echo "user: myaddress@otherserver.net" >> /etc/aliases
# Also update the alias map and restart postfix
sudo newaliases; sudo service postfix restart

Or, as explained on abuseat.org:

$ mail -s "test" helocheck@abuseat.org < /dev/null

Explore DKIM

You can use dig to see your published DKIM key:

$ dig mail._domainkey.mydomain.org txt

This should return something like:

;; ANSWER SECTION:
mail._domainkey.mydomain.org. 3600 IN CNAME   mydomain.org.
mydomain.org. 3600    IN      TXT     "v=spf1 ip4:167.114.252.122  -all"
mydomain.org. 3600    IN      TXT     "v=DKIM1; h=sha256; k=rsa; t=y; p=MIIBIj...XBikBmISwIDAQAB"
mydomain.org. 3600    IN      TXT     "v=DMARC1; p=reject; ruf=mailto:postmaster@mydomain.org"

Details in the Debian opendkim wiki

Mail aliases

Check your email aliases in /etc/aliases:

$ cat /etc/aliases
postmaster:    root
root:   joe jim
info:   joe

After editing that file, don’t forget to say:

$ sudo newaliases

The /etc/aliases file also contains aliases generated by mailman:

## mailman mailing list
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

The main.cf configuration file

main.cf

/etc/postfix/main.cf

This is the main configuration file for postfix. See the postfix documentation about the syntax and meaning of the parameters in this file. Summary of the most common ones:

• relayhost : Empty when this server speaks directly to the smtp servers of the recipients. Otherwise the name of a relay host.

• relay_domains :

• mydomain : mydomain.org (the “mail name” you specified during configuration)

• myhostname : mail.$mydomain (the FQDN of the mail server, which in our case points to the same machine as the one where our web server is running)

• myorigin = $mydomain

  Send mail as user@myorigin instead of user@myhostname.

• mydestination

• message_size_limit: The maximal size in bytes of a message, including envelope information. Postfix default value 10 MB, Google had a 25 MB limit as of approximately 2021. In order to raise this to 30 MB (30*1024*1024 bytes), you say:

  message_size_limit = 31457280
  

• mailbox_size_limit: The maximal size in bytes of a mailbox. Default value is 50MB. In order to raise this to 100 MB (100*1024*1024 bytes), you say:

  mailbox_size_limit = 104857600
  

Example:

myhostname = mydomain.org
mail_name = mail.mydomain.org

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

readme_directory = no
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.mydomain.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.mydomain.org/privkey.pem

smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mydomain.org, localhost.net, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

home_mailbox = Maildir/

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

Controlling the postfix service:

$ sudo systemctl enable postfix
$ sudo systemctl stop postfix
$ sudo systemctl start postfix
$ sudo systemctl status postfix

Manually tweak the config files

You can say postconf and doveconf to consult the currently active config values.

Diagnostics and monitoring

Here is what status should say:

$ sudo service postfix status
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
   Active: active (exited) since Thu 2019-12-12 12:01:59 UTC; 7s ago
  Process: 2262 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 2262 (code=exited, status=0/SUCCESS)

Dec 12 12:01:59 my-host-name systemd[1]: Starting Postfix Mail Transport Agent...
Dec 12 12:01:59 my-host-name systemd[1]: Started Postfix Mail Transport Agent.

How to see which version of postfix is running:

$ sudo postconf mail_version
mail_version = 3.4.10

To quickly see the value of a given parameter, type:

$ sudo postconf mydomain

To see a list of all parameters and their values:

$ sudo postconf | grep mydomain

Send a simple mail for testing the mail system:

$ mail -s "some test" joe@mydomain.org mike@mydomain.org

Quickly test whether emails are being sent:

$ echo "the body" | mail -s "the subject" mike@mydomain.org

Display the mail log:

$ sudo less /var/log/mail.log       # before systemd
$ sudo journalctl -u postfix -fn40  # with systemd

Inspect the mail queue

Display a list of queued mail waiting to be delivered (deferred and pending):

$ mailq

Display the content of queued mail:

$ sudo postcat -vq <QueueID>

Delete all queued mail:

$ sudo postsuper -d ALL

Delete deferred mail queue messages:

$ sudo postsuper -d ALL deferred

Common problems when running your own mail server

550 Email blocked means that the recipient’s mail server refuses to accept an incoming mail because the sender’s mail server is blacklisted.

To see whether your server is blacklisted, you can ask http://multirbl.valli.org/lookup/

For some nice examples of why blacklisting is needed, see bobcares.com.

External resources

• https://upcloud.com/community/tutorials/secure-postfix-using-lets-encrypt/

• http://en.linuxreviews.org/HOWTO_Stop_spam_using_Postfix