# Postfix and receive mail from Internet

## Mala Zaba

Hi

I have trouble with postfix for receiving mail from Internet.

I have a domain name and I use DNS from dyndns.org

My mail work wheel in local.  I can send and receive.  But for receive mail from Internet, noting.  I not able to make a telnet creanet.ca 25, but in local, he work!

Any idea?

```
vikings root # cat /etc/hostname

vikings.creanet.ca
```

```
vikings root # postconf

2bounce_notice_recipient = postmaster

access_map_reject_code = 554

alias_database = hash:/etc/mail/aliases

alias_maps = hash:/etc/mail/aliases

allow_mail_to_commands = alias,forward

allow_mail_to_files = alias,forward

allow_min_user = no

allow_percent_hack = yes

allow_untrusted_routing = no

alternate_config_directories =

always_bcc =

append_at_myorigin = yes

append_dot_mydomain = yes

authorized_verp_clients = $mynetworks

berkeley_db_create_buffer_size = 16777216

berkeley_db_read_buffer_size = 131072

best_mx_transport =

biff = yes

body_checks =

body_checks_size_limit = 51200

bounce_notice_recipient = postmaster

bounce_service_name = bounce

bounce_size_limit = 50000

broken_sasl_auth_clients = no

canonical_maps =

cleanup_service_name = cleanup

command_directory = /usr/sbin

command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

command_time_limit = 1000s

config_directory = /etc/postfix

content_filter =

daemon_directory = /usr/lib/postfix

daemon_timeout = 18000s

debug_peer_level = 2

debug_peer_list =

default_database_type = hash

default_delivery_slot_cost = 5

default_delivery_slot_discount = 50

default_delivery_slot_loan = 3

default_destination_concurrency_limit = 10

default_destination_recipient_limit = 50

default_extra_recipient_limit = 1000

default_minimum_delivery_slots = 3

default_privs = nobody

default_process_limit = 100

default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}

default_recipient_limit = 10000

default_transport = smtp

default_verp_delimiters = +=

defer_code = 450

defer_service_name = defer

defer_transports =

delay_notice_recipient = postmaster

delay_warning_time = 0h

deliver_lock_attempts = 20

deliver_lock_delay = 1s

disable_dns_lookups = no

disable_mime_input_processing = no

disable_mime_output_conversion = no

disable_verp_bounces = no

disable_vrfy_command = no

dont_remove = 0

double_bounce_sender = double-bounce

duplicate_filter_limit = 1000

empty_address_recipient = MAILER-DAEMON

error_notice_recipient = postmaster

error_service_name = error

expand_owner_alias = no

export_environment = TZ MAIL_CONFIG

extract_recipient_limit = 10240

fallback_relay =

fallback_transport =

fast_flush_domains = $relay_domains

fast_flush_purge_time = 7d

fast_flush_refresh_time = 12h

fault_injection_code = 0

flush_service_name = flush

fork_attempts = 5

fork_delay = 1s

forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

forward_path = $home/.forward${recipient_delimiter}${extension},$home/.forward

hash_queue_depth = 1

hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold

header_address_token_limit = 10240

header_checks =

header_size_limit = 102400

helpful_warnings = yes

home_mailbox = .maildir/

hopcount_limit = 50

ignore_mx_lookup_error = no

import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY

in_flow_delay = 1s

inet_interfaces = all

initial_destination_concurrency = 5

invalid_hostname_reject_code = 501

ipc_idle = 100s

ipc_timeout = 3600s

line_length_limit = 2048

lmtp_cache_connection = yes

lmtp_connect_timeout = 0s

lmtp_data_done_timeout = 600s

lmtp_data_init_timeout = 120s

lmtp_data_xfer_timeout = 180s

lmtp_lhlo_timeout = 300s

lmtp_mail_timeout = 300s

lmtp_quit_timeout = 300s

lmtp_rcpt_timeout = 300s

lmtp_rset_timeout = 300s

lmtp_sasl_auth_enable = no

lmtp_sasl_password_maps =

lmtp_sasl_security_options = noplaintext, noanonymous

lmtp_skip_quit_response = no

lmtp_tcp_port = 24

local_command_shell =

local_destination_concurrency_limit = 2

local_destination_recipient_limit = 1

local_recipient_maps = proxy:unix:passwd.byname $alias_maps

local_transport = local:$myhostname

luser_relay =

mail_name = Postfix

mail_owner = postfix

mail_release_date = 20030418

mail_spool_directory = /var/spool/mail

mail_version = 2.0.9

mailbox_command = /usr/bin/procmail

mailbox_command_maps =

mailbox_delivery_lock = fcntl, dotlock

mailbox_size_limit = 51200000

mailbox_transport =

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

maps_rbl_domains =

maps_rbl_reject_code = 554

masquerade_classes = envelope_sender, header_sender, header_recipient

masquerade_domains =

masquerade_exceptions =

max_idle = 100s

max_use = 100

maximal_backoff_time = 4000s

maximal_queue_lifetime = 5d

message_size_limit = 10240000

mime_boundary_length_limit = 2048

mime_header_checks = $header_checks

mime_nesting_limit = 100

minimal_backoff_time = 1000s

mydestination = $myhostname, localhost.$mydomain $mydomain

mydomain = creanet.ca

myhostname = vikings.creanet.ca

mynetworks = 127.0.0.0/8 192.168.1.0/24

mynetworks_style = subnet

myorigin = $mydomain

nested_header_checks = $header_checks

newaliases_path = /usr/bin/newaliases

non_fqdn_reject_code = 504

notify_classes = resource,software

owner_request_special = yes

parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps

permit_mx_backup_networks =

pickup_service_name = pickup

prepend_delivered_header = command, file, forward

process_id_directory = pid

program_directory = /usr/lib/postfix

propagate_unmatched_extensions = canonical, virtual

proxy_interfaces =

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks

qmgr_clog_warn_time = 300s

qmgr_fudge_factor = 100

qmgr_message_active_limit = 20000

qmgr_message_recipient_limit = 20000

qmgr_message_recipient_minimum = 10

qmqpd_authorized_clients =

qmqpd_error_delay = 1s

qmqpd_timeout = 300s

queue_directory = /var/spool/postfix

queue_file_attribute_count_limit = 100

queue_minfree = 0

queue_run_delay = 1000s

queue_service_name = qmgr

rbl_reply_maps =

readme_directory = /usr/share/doc/postfix-2.0.9

recipient_canonical_maps =

recipient_delimiter =

reject_code = 554

relay_clientcerts =

relay_domains = $mydestination

relay_domains_reject_code = 554

relay_recipient_maps =

relay_transport = relay

relayhost = smtp1.sympatico.ca

relocated_maps =

require_home_directory = no

resolve_dequoted_address = yes

rewrite_service_name = rewrite

sample_directory = /etc/postfix/sample

sender_canonical_maps =

sendmail_path = /usr/sbin/sendmail

service_throttle_time = 60s

setgid_group = postdrop

show_user_unknown_table_name = yes

showq_service_name = showq

smtp_always_send_ehlo = yes

smtp_bind_address =

smtp_connect_timeout = 30s

smtp_data_done_timeout = 600s

smtp_data_init_timeout = 120s

smtp_data_xfer_timeout = 180s

smtp_destination_concurrency_limit = $default_destination_concurrency_limit

smtp_destination_recipient_limit = $default_destination_recipient_limit

smtp_enforce_tls = no

smtp_helo_name = $myhostname

smtp_helo_timeout = 300s

smtp_line_length_limit = 990

smtp_mail_timeout = 300s

smtp_never_send_ehlo = no

smtp_pix_workaround_delay_time = 10s

smtp_pix_workaround_threshold_time = 500s

smtp_quit_timeout = 300s

smtp_randomize_addresses = yes

smtp_rcpt_timeout = 300s

smtp_sasl_auth_enable = no

smtp_sasl_password_maps =

smtp_sasl_security_options = noplaintext, noanonymous

smtp_skip_4xx_greeting = yes

smtp_skip_5xx_greeting = yes

smtp_skip_quit_response = yes

smtp_starttls_timeout = 300s

smtp_tls_CAfile =

smtp_tls_CApath =

smtp_tls_cert_file =

smtp_tls_cipherlist =

smtp_tls_dcert_file =

smtp_tls_dkey_file = $smtp_tls_dcert_file

smtp_tls_enforce_peername = yes

smtp_tls_key_file = $smtp_tls_cert_file

smtp_tls_loglevel = 0

smtp_tls_note_starttls_offer = no

smtp_tls_per_site =

smtp_tls_session_cache_database =

smtp_tls_session_cache_timeout = 3600s

smtp_use_tls = no

smtpd_banner = $myhostname ESMTP $mail_name

smtpd_client_restrictions =

smtpd_data_restrictions =

smtpd_delay_reject = yes

smtpd_enforce_tls = no

smtpd_error_sleep_time = 1s

smtpd_etrn_restrictions =

smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~smtpd_hard_error_limit = 20

smtpd_helo_required = no

smtpd_helo_restrictions =

smtpd_history_flush_threshold = 100

smtpd_junk_command_limit = 100

smtpd_noop_commands =

smtpd_null_access_lookup_key = <>

smtpd_recipient_limit = 1000

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

smtpd_restriction_classes =

smtpd_sasl_auth_enable = no

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

smtpd_sender_login_maps =

smtpd_sender_restrictions =

smtpd_soft_error_limit = 10

smtpd_timeout = 300s

smtpd_tls_CAfile =

smtpd_tls_CApath =

smtpd_tls_ask_ccert = no

smtpd_tls_auth_only = no

smtpd_tls_ccert_verifydepth = 5

smtpd_tls_cert_file =

smtpd_tls_cipherlist =

smtpd_tls_dcert_file =

smtpd_tls_dh1024_param_file =

smtpd_tls_dh512_param_file =

smtpd_tls_dkey_file = $smtpd_tls_dcert_file

smtpd_tls_key_file = $smtpd_tls_cert_file

smtpd_tls_loglevel = 0

smtpd_tls_received_header = no

smtpd_tls_req_ccert = no

smtpd_tls_session_cache_database =

smtpd_tls_session_cache_timeout = 3600s

smtpd_tls_wrappermode = no

smtpd_use_tls = no

soft_bounce = no

stale_lock_time = 500s

strict_7bit_headers = no

strict_8bitmime = no

strict_8bitmime_body = no

strict_mime_encoding_domain = no

strict_rfc821_envelopes = no

sun_mailtool_compatibility = no

swap_bangpath = yes

syslog_facility = mail

syslog_name = postfix

tls_daemon_random_bytes = 32

tls_daemon_random_source =

tls_random_bytes = 32

tls_random_exchange_name = ${config_directory}/prng_exch

tls_random_prng_update_period = 60s

tls_random_reseed_period = 3600s

tls_random_source =

transport_maps =

transport_retry_time = 60s

trigger_timeout = 10s

undisclosed_recipients_header = To: undisclosed-recipients:;

unknown_address_reject_code = 450

unknown_client_reject_code = 450

unknown_hostname_reject_code = 450

unknown_local_recipient_reject_code = 450

unknown_relay_recipient_reject_code = 550

unknown_virtual_alias_reject_code = 550

unknown_virtual_mailbox_reject_code = 550

verp_delimiter_filter = -=+

virtual_alias_domains = $virtual_alias_maps

virtual_alias_maps = $virtual_maps

virtual_gid_maps =

virtual_mailbox_base =

virtual_mailbox_domains = $virtual_mailbox_maps

virtual_mailbox_limit = 51200000

virtual_mailbox_lock = fcntl

virtual_mailbox_maps =

virtual_minimum_uid = 100

virtual_transport = virtual

virtual_uid_maps =

vikings root #
```

```
vikings root # cat /etc/postfix/master.cf

#

# Postfix master process configuration file.  Each line describes how

# a mailer component program should be run. The fields that make up

# each line are described below. A "-" field value requests that a

# default value be used for that field.

#

# Service: any name that is valid for the specified transport type

# (the next field).  With INET transports, a service is specified as

# host:port.  The host part (and colon) may be omitted. Either host

# or port may be given in symbolic form or in numeric form. Examples

# for the SMTP server:  localhost:smtp receives mail via the loopback

# interface only; 10025 receives mail on port 10025.

#

# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain

# sockets, "fifo" for named pipes.

#

# Private: whether or not access is restricted to the mail system.

# Default is private service.  Internet (inet) sockets can't be private.

#

# Unprivileged: whether the service runs with root privileges or as

# the owner of the Postfix system (the owner name is controlled by the

# mail_owner configuration variable in the main.cf file). Only the

# pipe, virtual and local delivery daemons require privileges.

#

# Chroot: whether or not the service runs chrooted to the mail queue

# directory (pathname is controlled by the queue_directory configuration

# variable in the main.cf file). Presently, all Postfix daemons can run

# chrooted, except for the pipe, virtual and local delivery daemons.

# The proxymap server can run chrooted, but doing so defeats most of

# the purpose of having that service in the first place.

# The files in the examples/chroot-setup subdirectory describe how

# to set up a Postfix chroot environment for your type of machine.

#

# Wakeup time: automatically wake up the named service after the

# specified number of seconds. A ? at the end of the wakeup time

# field requests that wake up events be sent only to services that

# are actually being used.  Specify 0 for no wakeup. Presently, only

# the pickup, queue manager and flush daemons need a wakeup timer.

#

# Max procs: the maximum number of processes that may execute this

# service simultaneously. Default is to use a globally configurable

# limit (the default_process_limit configuration parameter in main.cf).

# Specify 0 for no process count limit.

#

# Command + args: the command to be executed. The command name is

# relative to the Postfix program directory (pathname is controlled by

# the daemon_directory configuration variable). Adding one or more

# -v options turns on verbose logging for that service; adding a -D

# option enables symbolic debugging (see the debugger_command variable

# in the main.cf configuration file). See individual command man pages

# for specific command-line options, if any.

#

# In order to use the "uucp" message tranport below, set up entries

# in the transport table.

#

# In order to use the "cyrus" message transport below, configure it

# in main.cf as the mailbox_transport.

#

# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.

# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.

#

# DO NOT CHANGE THE ZERO PROCESS LIMIT FOR CLEANUP/BOUNCE/DEFER OR

# POSTFIX WILL BECOME STUCK UP UNDER HEAVY LOAD

#

# DO NOT CHANGE THE ONE PROCESS LIMIT FOR PICKUP/QMGR OR POSTFIX WILL

# DELIVER MAIL MULTIPLE TIMES.

#

# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.

#

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

smtp      inet  n       -       n       -       -       smtpd

#smtps    inet  n       -       n       -       -       smtpd

#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

#submission     inet    n       -       n       -       -       smtpd

#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

#628      inet  n       -       n       -       -       qmqpd

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       n       300     1       nqmgr

#tlsmgr   fifo  -       -       n       300     1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

relay     unix  -       -       n       -       -       smtp

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

#

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# maildrop. See the Postfix MAILDROP_README file for details.

#

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

#

# The Cyrus deliver program has changed incompatibly, multiple times.

#

old-cyrus unix  -       n       n       -       -       pipe

  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

# Cyrus 2.1.5 (Amos Gouaux)

cyrus     unix  -       n       n       -       -       pipe

  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail    unix  -       n       n       -       -       pipe

  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp     unix  -       n       n       -       -       pipe

  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
```

I have beside a linksys router and my port 25 tcp is mapping on 192.168.1.2:25

Postfix do not work, also when i set my serveur in DMZhost in the router!

----------

## Chris W

Check that your postfix is binding to the appropriate network interfaces: 

```
netstat -pan --inet | grep postfix
```

Concentrate on your router configuration and the configuration of NetFilter (iptables) on the machine hosting postfix.   From out here, your machine is a black hole.

----------

## Pindrop

In order to get mine working correctly I had to add a relayhost in /etc/postfix/main.cf

```
relayhost = mail.mindspring.com
```

My ISP being Mindspring of course, set yours up accordingly.

----------

## Mala Zaba

I think is not good!

0.0.0.0:25 ?

How I can change it?

```
vikings root # netstat -pan --inet

Connexions Internet actives (serveurs et établies)

Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat        PID/Program name

tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      834/

tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      999/couriertcpd

tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      951/couriertcpd

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      839/apache2

tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      1288/xinetd

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1234/sshd

tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      24784/

tcp        0      0 0.0.0.0:3551            0.0.0.0:*               LISTEN      871/apcupsd

tcp        0      0 192.168.1.2:37879       62.39.122.15:110        TIME_WAIT   -

tcp        0      0 192.168.1.2:80          24.203.159.16:1931      ESTABLISHED 24692/

tcp        0      0 192.168.1.2:22          192.168.1.3:32869       ESTABLISHED 24681/s0

tcp        0      0 192.168.1.2:80          24.203.159.16:1929      ESTABLISHED 24415/

tcp        0      0 192.168.1.2:37878       209.226.175.83:110      TIME_WAIT   -

tcp        0      0 192.168.1.2:143         192.168.1.3:32824       ESTABLISHED 24587/courier-imapd
```

----------

## snoopey

0.0.0.0/25 means that it binds to port 25 on every IP on every interface.

There's nothing wrong with that.

----------

## Mala Zaba

I FOUND!!!!!!!

My isp have blocked her port 25... in the 26-06 night ... when I change my Mandrake server to gentoo.....    :Evil or Very Mad:   :Twisted Evil: 

----------

## Chris W

AARRGGHH!!  No mail for you   :Crying or Very sad: 

----------

## Mala Zaba

I need to change to a other ISP!  :Confused: 

----------

## shaung

 *Mala Zaba wrote:*   

> I need to change to a other ISP! 

 

or get mail traffic redirected to a different port - I think you can do this with the "mail reflector" service offered by http://www.no-ip.com.

----------

