Email server will not receive emails - Postfix / Dovecot / Raspberry Pi [closed]

Background

I have been working on getting an email server set up using a Raspberry Pi as the host. I have been primarily using this guide as my help but I appear to be stuck. I do have a residential service but have an account at dynu.com with the services "SMTP Outbound relay" and "Email Store / Forward" to get around this. They also host my domain name as well.

Problem

I can send emails no problem, what I am having an issue with is receiving them. I will post a lot of detail as I have tried many things and feel like something is bound to turn up a clue.

Ports

Using a port scanner I can determine the following:

• Port 25 = Blocked
• Port 2525 = Unblocked
• Port 143 = Unblocked
• Port 465 = Unblocked
• Port 993 = Unblocked

All ports are forwarding through the router successfully to my email host.

OpenSSL Testing (works)

Using the command openssl s_client -connect mail.xxx.com:993 -quiet (where xxx is my actual domain) I can login using a login user password , `b select inbox', 'c logout' Using my actual domain name rather than localhost makes me feel that this is set up correctly.

Monitoring mail.log when receiving an email

The only entry that appears:

I see in my Dyno Email Store / Forward service that they just sit there and never transfer:

I have the Dyno email forward / store service set up as follows:

I might not even need this Email Forward / Store service since port 993 is not blocked by my ISP? I just am using it because I can't get it to work without it either so may as well try something different.

Relevant configuration files

Main.cfg

smtpd_banner = $myhostname ESMTP $mail_name (Raspbian)
biff = no

append_dot_mydomain = no

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
defer_unauth_destination
myhostname = xxx.com (I have the real one here)
mydomain = xxx.com (I have the real one here)

myorigin = $mydomain

mydestination = localhost, localhost.localdomain

#added
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous

relayhost = [relay.dynu.com]:2525
smtp_sasl_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_generic_maps = hash:/etc/postfix/generic

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all


smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destinations

smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_helo_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_helo_hostname,
    check_helo_access hash:/etc/postfix/helo_access

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes

Master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
2525       inet  n   -   n   -   -   smtpd
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
#submission inet n       -       y       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
# 
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1 
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} 
${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

Dovecot 10-master.conf

Definitely is listening on port 993 as demonstrated by the login above:

service imap-login {
  port = 143
}
inet_listener imaps {
  port = 993
  ssl = yes
}

If there are any other config files that need to be checked / posted, let me know and I can show.

Dynu email service / fetchmail configuration

Dynu configuration:

I can specify a login username and password as well:

Fetchmailrc:

# /etc/fetchmailrc for system-wide daemon mode

# This file must be chmod 0600, owner fetchmail



set daemon        300                # Pool every 5 minutes

set syslog                        # log through syslog facility

set postmaster  root



set no bouncemail                # avoid loss on 4xx errors

                            # on the other hand, 5xx errors get

                            # more dangerous...

# Hosts to pool


# Defaults ===============================================================
# Set antispam to -1, since it is far safer to use that together with

# no bouncemail

defaults:

timeout 300

antispam -1

batchlimit 100

poll store1.dynu.com protocol POP3 username "eric" password "password"

So, in the configuration above I still do not get emails. Should the user name and password in fetchmail match that in the authentication for dynu? Is the poll store1.dynu.com protocol POP3 username "eric" password "password" portion right?

Solution 1:

You are confusing different services. Your store-and-forward server @ dynu is configured for ETRN. This means you HAVE to trigger email transfer using ETRN protocol and as the result dynu will contact your SMTP server, probably @ ETRN port (993) above. You don't need dovecot listening there, just postfix.

One ETRN client I know about is fetchmail. Its man page has this note:

The ETRN mode allows you to ask a compliant ESMTP server (such as BSD sendmail at release 8.8.0 or higher) to immediately open a sender-SMTP connection to your client machine and begin forwarding any items addressed to your client machine in the server's queue of undelivered mail.

So probably configuring and running it is the last missing piece you need to take care of.

DISCLAMER: I've never run such setup and cannot guarantee this would work.

EDIT: The fetchmail command likely is:

fetchmail store1.dynu.com -p etrn --fetchdomains <your_domain_name>

giving the following poll line:

poll store1.dynu.com protocol etrn fetchdomains <your_domain_name>