I setup Postfix + Dovecot (with IMAP) for my Ubuntu 16.04 email server. I sent an email from Gmail to my domain, I can see the postfix log "reacts" with the incoming email, but the incoming email does not appear in the Mailbox.
Here are the related part of the logs:
Mar 30 02:15:17 yourappapp-vm postfix/smtp[27680]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[74.125.24.27]:25: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
Mar 30 02:15:18 yourappapp-vm postfix/smtp[27680]: C5EBB1BCB3B: to=<[email protected]>, orig_to=<[email protected]>, relay=gmail-smtp-in.l.google.com[74.125.24.27]:25, delay=1.3, delays=0/0.01/0.7/0.63, dsn=2.0.0, status=sent (250 2.0.0 OK 1617070518 y128si20297886pfb.155 - gsmtp)
Mar 30 02:15:18 yourappapp-vm postfix/qmgr[27605]: C5EBB1BCB3B: removed
Looks like it is an outgoing email, but I didn't send anything at that time. I only received this when I send an email from Gmail. How can I further debug?
p.s. for the untrusted TLS issue, I fixed it by adding CApath to Postfix config. Still no email in mailbox.
in my ~/Maildir/ sub-folders, all are empty.
p.s. the mail server can send out emails, therefore the SMTP part is fine.
More debugging info below:
Network Ports
Postfix is listening to 25, 587 and 465
$ ss -lnpt | grep master
LISTEN 0 100 *:25 *:* users:(("master",pid=27603,fd=12))
LISTEN 0 100 *:587 *:* users:(("master",pid=27603,fd=16))
LISTEN 0 100 *:465 *:* users:(("master",pid=27603,fd=19))
Dovecot is listening to 143 and 993
$ ss -lnpt | grep dovecot
LISTEN 0 100 *:993 *:* users:(("dovecot",pid=27649,fd=36))
LISTEN 0 100 *:143 *:* users:(("dovecot",pid=27649,fd=35))
main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#Enable TLS Encryption when Postfix receives incoming emails
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.yourappapp.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.yourappapp.com/privkey.pem
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#Enable TLS Encryption when Postfix sends outgoing emails
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_CApath = /etc/ssl/certs
smtpd_tls_CApath = /etc/ssl/certs
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.yourappapp.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = yourappapp.com, $myhostname, localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
# LMTP
mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no
mydomain = yourappapp.com
master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_wrappermode=no
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
SMTP session looks fine as well:
220 mail.yourappapp.com ESMTP Postfix (Ubuntu)
250 mail.yourappapp.com
EHLO test.network-tools.com
250-mail.yourappapp.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
VRFY info
252 2.0.0 info
RSET
250 2.0.0 Ok
EXPN info
502 5.5.2 Error: command not recognized
RSET
250 2.0.0 Ok
MAIL FROM:<[email protected]>
250 2.1.0 Ok
RCPT TO:<[email protected]>
250 2.1.5 Ok
RSET
250 2.0.0 Ok
QUIT
Added debug information based on the answer:
Telnet session log
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.yourappapp.com ESMTP Postfix (Ubuntu)
HELO localhost
250 mail.yourappapp.com
MAIL FROM: <[email protected]>
250 2.1.0 Ok
RCPT TO: <[email protected]>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: <[email protected]>
To: <[email protected]>
Subject: Test from Telnet
This is a test
.
250 2.0.0 Ok: queued as BB9021B9B62
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
Related Mail Log
Mar 31 01:43:27 yourappapp-vm postfix/smtpd[8491]: connect from localhost[127.0.0.1]
Mar 31 01:43:54 yourappapp-vm postfix/smtpd[8491]: BB9021B9B62: client=localhost[127.0.0.1]
Mar 31 01:44:31 yourappapp-vm postfix/cleanup[8494]: BB9021B9B62: message-id=<[email protected]>
Mar 31 01:44:31 yourappapp-vm postfix/qmgr[32352]: BB9021B9B62: from=<[email protected]>, size=391, nrcpt=1 (queue active)
Mar 31 01:44:31 yourappapp-vm postfix/cleanup[8494]: 9636F1B9B63: message-id=<[email protected]>
Mar 31 01:44:31 yourappapp-vm postfix/qmgr[32352]: 9636F1B9B63: from=<[email protected]>, size=526, nrcpt=1 (queue active)
Mar 31 01:44:31 yourappapp-vm postfix/local[8498]: BB9021B9B62: to=<[email protected]>, relay=local, delay=45, delays=45/0/0/0, dsn=2.0.0, status=sent (forwarded as 9636F1B9B63)
Mar 31 01:44:31 yourappapp-vm postfix/qmgr[32352]: BB9021B9B62: removed
Mar 31 01:44:32 yourappapp-vm postfix/smtp[8499]: Trusted TLS connection established to gmail-smtp-in.l.google.com[172.217.194.27]:25: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
Mar 31 01:44:33 yourappapp-vm postfix/smtp[8499]: 9636F1B9B63: to=<[email protected]>, orig_to=<[email protected]>, relay=gmail-smtp-in.l.google.com[172.217.194.27]:25, delay=1.4, delays=0/0.01/0.69/0.71, dsn=2.0.0, status=sent (250 2.0.0 OK 1617155072 u21si587511pfl.125 - gsmtp)
Mar 31 01:44:33 yourappapp-vm postfix/qmgr[32352]: 9636F1B9B63: removed
Mar 31 01:44:35 yourappapp-vm postfix/smtpd[8491]: disconnect from localhost[127.0.0.1] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Both logs look NORMAL, but no email has been received in the mailbox.
While you are already testing your smtp connection you can test email delivery with telnet as well:
What does happen?
Otherwise, it seems to me, that it is really an outgoing email, if there is any incoming connection, it must be above the line provided in the question. This could be an error/bounce.
Edit: Thanks for the additional debug, let's focus on the following part:
First of all you can see
relay=localandstatus=sent, so the email WAS actually accepted locally. The local delivery was used. Interesting part starts just after that with theforwarded as- that's usually not happening for a local email.Next interesting part is
to=<[email protected]>, orig_to=<[email protected]>,which confirms that whatever was delivered to[email protected], was further forwarded back to the [email protected].I am curious what do you have in your
/etc/aliasesfile. Usually the emails are not forwarded back. It looks like a vacation script in place or an alias or some other mechanism I cannot se in the provided config files.