I am configuring a Postfix install on Ubuntu Server 12.04 to forward a small volume of mail from a specific address on the server to a specific address at another domain.
$ pwd
/etc/postfix
$ cat main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = awsBeta
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = awsBeta, localhost.localdomain, , localhost, someDomain.com
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_mailbox_domains = someDomain.com
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_domains = someDomain.com
virtual_alias_maps = hash:/etc/postfix/virtual
$ cat virtual
[email protected] [email protected]
$
When I log into the PHP CLI interpreter on the server to send mail, the mail is properly delivered to [email protected]. Note that the dotancohen.com is a Google Apps domain, the MX records are hosted at Google.
$ php -a
Interactive shell
php > mail('[email protected]','Subject','tMessage', 'From: <[email protected]>');
I can see the mail has arrived in the [email protected] inbox. This tells me that the forwarder works. Now I try from my desktop's telnet prompt:
$ telnet mail.someDomain.com 25
Trying x.x.x.x...
Connected to mail.someDomain.com.
Escape character is '^]'.
220 someHostname ESMTP Postfix (Ubuntu)
EHLO dotancohen.com
250-someHostname
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: [email protected]
250 2.1.0 Ok
RCPT TO: [email protected]
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: [email protected]
SUBJECT: Hi, telnet!
This is a second attempt!
.
250 2.0.0 Ok: queued as 9851E81579
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
$
This mail is not delivered, and I find the following in the postfix logs:
Jul 4 16:02:58 someHostname postfix/smtp[24898]: connect to ASPMX.L.GOOGLE.com[2607:f8b0:400c:c03::1b]:25: Network is unreachable
Jul 4 16:02:58 someHostname postfix/smtp[24898]: 935BC81579: to=<[email protected]>, orig_to=<[email protected]>, relay=ASPMX.L.GOOGLE.com[173.194.75.26]:25, delay=15, delays=15/0.02/0.08/0.15, dsn=2.0.0, status=sent (250 2.0.0 OK 1372953778 d3si1064427vck.0 - gsmtp)
That looks like Google got the mail, but decided (probably due to SPF) not to deliver it. It is not in my Spam folder either! Lastly, I try to simply email the domain from an unrelated Hotmail account. This email is not delivered either, but nothing is in the Postfix logs.
For completeness sake, here is the anomitized MX record:
$ dig mx someDomain.com
someDomain.com. 1800 IN MX 10 mail.someDomain.com.
$ dig a mail.someDomain.com
mail.someDomain. 1790 IN A x.x.x.x
I can confirm that x.x.x.x is in fact the correct IP address for the server, and it is the same address to which I had done telnet.
Why might the emails from legitimate email accounts (such as the hotmail account) not be delivered to the [email protected] account?
This line:
implies that there is an ipv6 routing issue between your SMTP server you telnetted to and
2607:f8b0:400c:c03::1bover at Google. A firewall can certainly report that ICMP message too as a way of blocking a packet, but try pinging it. It's possible for instance that you might have partial or intermittent ipv6 routing going on. If you find you can only ping it sometimes or you can't ping it at all and the reply consistently tells you there is no route, your upstream ISP (or whoever is providing you IPv6 routing) needs to fix their routing issue.It is also possible that port 25 blocking is going on. This is extremely common; if you are using hurricane electric for IPv6 connectivity, they block port 25 outgoing unless you specifically request it be allowed; this is the case with most ISPs (because without it being the case, spammers flock to them and restrictive policies that don't favour them start popping up everywhere as they get a reputation as a spam haven).
This issue is not caused by SPF or DKIM or content-based spam filtering; it is a network problem.
The problem was that port 25 was firewalled off! My local IP address (where I sit) had all ports open for it, so I could telnet in. Hotmail and other legitimate email providers did not have port 25 access, therefore there was nothing left in the log files!