How to receive external emails on email server












0














So far I have an email server set up using postfix / dovecot on a raspberry pi (debian). I can send emails externally and internally no problem however can only receive emails from within my server.



I think it is because I have everything setup for TLS but do not have a valid certificate yet for my server however in order to get a valid certificate, I need a valid email address for my server (admin@myserver.com). Kind of a loop I am stuck in if I need an email address for the cert and require a cert for the email address!



For this reason, how can I temporarily allow my server to accept connections and emails NOT requiring TLS (essentially no security until I get my cert)? Is this the right way to go at it? Perhaps I am in left field, but all I am trying for is to receive emails....



Here is my setup below:



enter image description here



My main.cf file:



# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_CAfile = /etc/postfix/ssl/caroot.crt
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = finendale.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, finendale.com, localhost.finendale.com
smtp_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = noanonymous
relayhost = [relay.dynu.com]:2525
smtp_generic_maps = hash:/etc/postfix/generic
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_help_hostname
check_helo_access hash:/etc/postfix/helo_access
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
#smtpd_tls_auth_only = yes
home_mailbox = Maildir/


My master.cf file:



#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
2525 inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
submission inet n - y - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}


enter image description here










share|improve this question





























    0














    So far I have an email server set up using postfix / dovecot on a raspberry pi (debian). I can send emails externally and internally no problem however can only receive emails from within my server.



    I think it is because I have everything setup for TLS but do not have a valid certificate yet for my server however in order to get a valid certificate, I need a valid email address for my server (admin@myserver.com). Kind of a loop I am stuck in if I need an email address for the cert and require a cert for the email address!



    For this reason, how can I temporarily allow my server to accept connections and emails NOT requiring TLS (essentially no security until I get my cert)? Is this the right way to go at it? Perhaps I am in left field, but all I am trying for is to receive emails....



    Here is my setup below:



    enter image description here



    My main.cf file:



    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = no

    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    #smtpd_tls_CAfile = /etc/postfix/ssl/caroot.crt
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname = finendale.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = localhost, finendale.com, localhost.finendale.com
    smtp_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
    smtp_sasl_security_options = noanonymous
    relayhost = [relay.dynu.com]:2525
    smtp_generic_maps = hash:/etc/postfix/generic
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = ipv4
    smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination
    smtpd_helo_required = yes
    smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_helo_hostname,
    reject_non_fqdn_helo_hostname,
    reject_unknown_help_hostname
    check_helo_access hash:/etc/postfix/helo_access
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    #smtpd_tls_auth_only = yes
    home_mailbox = Maildir/


    My master.cf file:



    #
    # Postfix master process configuration file. For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ==========================================================================
    2525 inet n - - - - smtpd
    #smtp inet n - - - 1 postscreen
    #smtpd pass - - - - - smtpd
    #dnsblog unix - - - - 0 dnsblog
    #tlsproxy unix - - - - 0 tlsproxy
    submission inet n - y - - smtpd
    # -o syslog_name=postfix/submission
    # -o smtpd_tls_security_level=encrypt
    # -o smtpd_sasl_auth_enable=yes
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    smtps inet n - - - - smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    # -o smtpd_sasl_auth_enable=yes
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    #628 inet n - - - - qmqpd
    pickup fifo n - - 60 1 pickup
    cleanup unix n - - - 0 cleanup
    qmgr fifo n - n 300 1 qmgr
    #qmgr fifo n - n 300 1 oqmgr
    tlsmgr unix - - - 1000? 1 tlsmgr
    rewrite unix - - - - - trivial-rewrite
    bounce unix - - - - 0 bounce
    defer unix - - - - 0 bounce
    trace unix - - - - 0 bounce
    verify unix - - - - 1 verify
    flush unix n - - 1000? 0 flush
    proxymap unix - - n - - proxymap
    proxywrite unix - - n - 1 proxymap
    smtp unix - - - - - smtp
    relay unix - - - - - smtp
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n - - - - showq
    error unix - - - - - error
    retry unix - - - - - error
    discard unix - - - - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - - - - lmtp
    anvil unix - - - - 1 anvil
    scache unix - - - - 1 scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent. See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # ====================================================================
    #
    # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
    #
    # Specify in cyrus.conf:
    # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
    #
    # Specify in main.cf one or more of the following:
    # mailbox_transport = lmtp:inet:localhost
    # virtual_transport = lmtp:inet:localhost
    #
    # ====================================================================
    #
    # Cyrus 2.1.5 (Amos Gouaux)
    # Also specify in main.cf: cyrus_destination_recipient_limit=1
    #
    #cyrus unix - n n - - pipe
    # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix - n n - - pipe
    # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp unix - n n - - pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail unix - n n - - pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix - n n - - pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix - n n - 2 pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman unix - n n - - pipe
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    ${nexthop} ${user}


    enter image description here










    share|improve this question



























      0












      0








      0







      So far I have an email server set up using postfix / dovecot on a raspberry pi (debian). I can send emails externally and internally no problem however can only receive emails from within my server.



      I think it is because I have everything setup for TLS but do not have a valid certificate yet for my server however in order to get a valid certificate, I need a valid email address for my server (admin@myserver.com). Kind of a loop I am stuck in if I need an email address for the cert and require a cert for the email address!



      For this reason, how can I temporarily allow my server to accept connections and emails NOT requiring TLS (essentially no security until I get my cert)? Is this the right way to go at it? Perhaps I am in left field, but all I am trying for is to receive emails....



      Here is my setup below:



      enter image description here



      My main.cf file:



      # See /usr/share/postfix/main.cf.dist for a commented, more complete version


      # Debian specific: Specifying a file name will cause the first
      # line of that file to be used as the name. The Debian default
      # is /etc/mailname.
      #myorigin = /etc/mailname

      smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
      biff = no

      # appending .domain is the MUA's job.
      append_dot_mydomain = no

      # Uncomment the next line to generate "delayed mail" warnings
      #delay_warning_time = 4h

      readme_directory = no

      # TLS parameters
      smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
      smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
      #smtpd_tls_CAfile = /etc/postfix/ssl/caroot.crt
      smtpd_use_tls=yes
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

      # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
      # information on enabling SSL in the smtp client.

      myhostname = finendale.com
      alias_maps = hash:/etc/aliases
      alias_database = hash:/etc/aliases
      myorigin = /etc/mailname
      mydestination = localhost, finendale.com, localhost.finendale.com
      smtp_sasl_auth_enable = yes
      broken_sasl_auth_clients = yes
      smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
      smtp_sasl_security_options = noanonymous
      relayhost = [relay.dynu.com]:2525
      smtp_generic_maps = hash:/etc/postfix/generic
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = all
      inet_protocols = ipv4
      smtpd_recipient_restrictions =
      permit_sasl_authenticated,
      permit_mynetworks,
      reject_unauth_destination
      smtpd_helo_required = yes
      smtpd_helo_restrictions =
      permit_mynetworks,
      permit_sasl_authenticated,
      reject_invalid_helo_hostname,
      reject_non_fqdn_helo_hostname,
      reject_unknown_help_hostname
      check_helo_access hash:/etc/postfix/helo_access
      smtpd_sasl_type = dovecot
      smtpd_sasl_path = private/auth
      smtpd_sasl_auth_enable = yes
      #smtpd_tls_auth_only = yes
      home_mailbox = Maildir/


      My master.cf file:



      #
      # Postfix master process configuration file. For details on the format
      # of the file, see the master(5) manual page (command: "man 5 master").
      #
      # Do not forget to execute "postfix reload" after editing this file.
      #
      # ==========================================================================
      # service type private unpriv chroot wakeup maxproc command + args
      # (yes) (yes) (yes) (never) (100)
      # ==========================================================================
      2525 inet n - - - - smtpd
      #smtp inet n - - - 1 postscreen
      #smtpd pass - - - - - smtpd
      #dnsblog unix - - - - 0 dnsblog
      #tlsproxy unix - - - - 0 tlsproxy
      submission inet n - y - - smtpd
      # -o syslog_name=postfix/submission
      # -o smtpd_tls_security_level=encrypt
      # -o smtpd_sasl_auth_enable=yes
      # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      # -o milter_macro_daemon_name=ORIGINATING
      smtps inet n - - - - smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
      # -o smtpd_sasl_auth_enable=yes
      # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      # -o milter_macro_daemon_name=ORIGINATING
      #628 inet n - - - - qmqpd
      pickup fifo n - - 60 1 pickup
      cleanup unix n - - - 0 cleanup
      qmgr fifo n - n 300 1 qmgr
      #qmgr fifo n - n 300 1 oqmgr
      tlsmgr unix - - - 1000? 1 tlsmgr
      rewrite unix - - - - - trivial-rewrite
      bounce unix - - - - 0 bounce
      defer unix - - - - 0 bounce
      trace unix - - - - 0 bounce
      verify unix - - - - 1 verify
      flush unix n - - 1000? 0 flush
      proxymap unix - - n - - proxymap
      proxywrite unix - - n - 1 proxymap
      smtp unix - - - - - smtp
      relay unix - - - - - smtp
      # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
      showq unix n - - - - showq
      error unix - - - - - error
      retry unix - - - - - error
      discard unix - - - - - discard
      local unix - n n - - local
      virtual unix - n n - - virtual
      lmtp unix - - - - - lmtp
      anvil unix - - - - 1 anvil
      scache unix - - - - 1 scache
      #
      # ====================================================================
      # Interfaces to non-Postfix software. Be sure to examine the manual
      # pages of the non-Postfix software to find out what options it wants.
      #
      # Many of the following services use the Postfix pipe(8) delivery
      # agent. See the pipe(8) man page for information about ${recipient}
      # and other message envelope options.
      # ====================================================================
      #
      # maildrop. See the Postfix MAILDROP_README file for details.
      # Also specify in main.cf: maildrop_destination_recipient_limit=1
      #
      maildrop unix - n n - - pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
      #
      # ====================================================================
      #
      # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
      #
      # Specify in cyrus.conf:
      # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
      #
      # Specify in main.cf one or more of the following:
      # mailbox_transport = lmtp:inet:localhost
      # virtual_transport = lmtp:inet:localhost
      #
      # ====================================================================
      #
      # Cyrus 2.1.5 (Amos Gouaux)
      # Also specify in main.cf: cyrus_destination_recipient_limit=1
      #
      #cyrus unix - n n - - pipe
      # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
      #
      # ====================================================================
      # Old example of delivery via Cyrus.
      #
      #old-cyrus unix - n n - - pipe
      # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
      #
      # ====================================================================
      #
      # See the Postfix UUCP_README file for configuration details.
      #
      uucp unix - n n - - pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
      #
      # Other external delivery methods.
      #
      ifmail unix - n n - - pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
      bsmtp unix - n n - - pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
      scalemail-backend unix - n n - 2 pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
      mailman unix - n n - - pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}


      enter image description here










      share|improve this question















      So far I have an email server set up using postfix / dovecot on a raspberry pi (debian). I can send emails externally and internally no problem however can only receive emails from within my server.



      I think it is because I have everything setup for TLS but do not have a valid certificate yet for my server however in order to get a valid certificate, I need a valid email address for my server (admin@myserver.com). Kind of a loop I am stuck in if I need an email address for the cert and require a cert for the email address!



      For this reason, how can I temporarily allow my server to accept connections and emails NOT requiring TLS (essentially no security until I get my cert)? Is this the right way to go at it? Perhaps I am in left field, but all I am trying for is to receive emails....



      Here is my setup below:



      enter image description here



      My main.cf file:



      # See /usr/share/postfix/main.cf.dist for a commented, more complete version


      # Debian specific: Specifying a file name will cause the first
      # line of that file to be used as the name. The Debian default
      # is /etc/mailname.
      #myorigin = /etc/mailname

      smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
      biff = no

      # appending .domain is the MUA's job.
      append_dot_mydomain = no

      # Uncomment the next line to generate "delayed mail" warnings
      #delay_warning_time = 4h

      readme_directory = no

      # TLS parameters
      smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
      smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
      #smtpd_tls_CAfile = /etc/postfix/ssl/caroot.crt
      smtpd_use_tls=yes
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

      # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
      # information on enabling SSL in the smtp client.

      myhostname = finendale.com
      alias_maps = hash:/etc/aliases
      alias_database = hash:/etc/aliases
      myorigin = /etc/mailname
      mydestination = localhost, finendale.com, localhost.finendale.com
      smtp_sasl_auth_enable = yes
      broken_sasl_auth_clients = yes
      smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
      smtp_sasl_security_options = noanonymous
      relayhost = [relay.dynu.com]:2525
      smtp_generic_maps = hash:/etc/postfix/generic
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = all
      inet_protocols = ipv4
      smtpd_recipient_restrictions =
      permit_sasl_authenticated,
      permit_mynetworks,
      reject_unauth_destination
      smtpd_helo_required = yes
      smtpd_helo_restrictions =
      permit_mynetworks,
      permit_sasl_authenticated,
      reject_invalid_helo_hostname,
      reject_non_fqdn_helo_hostname,
      reject_unknown_help_hostname
      check_helo_access hash:/etc/postfix/helo_access
      smtpd_sasl_type = dovecot
      smtpd_sasl_path = private/auth
      smtpd_sasl_auth_enable = yes
      #smtpd_tls_auth_only = yes
      home_mailbox = Maildir/


      My master.cf file:



      #
      # Postfix master process configuration file. For details on the format
      # of the file, see the master(5) manual page (command: "man 5 master").
      #
      # Do not forget to execute "postfix reload" after editing this file.
      #
      # ==========================================================================
      # service type private unpriv chroot wakeup maxproc command + args
      # (yes) (yes) (yes) (never) (100)
      # ==========================================================================
      2525 inet n - - - - smtpd
      #smtp inet n - - - 1 postscreen
      #smtpd pass - - - - - smtpd
      #dnsblog unix - - - - 0 dnsblog
      #tlsproxy unix - - - - 0 tlsproxy
      submission inet n - y - - smtpd
      # -o syslog_name=postfix/submission
      # -o smtpd_tls_security_level=encrypt
      # -o smtpd_sasl_auth_enable=yes
      # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      # -o milter_macro_daemon_name=ORIGINATING
      smtps inet n - - - - smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
      # -o smtpd_sasl_auth_enable=yes
      # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      # -o milter_macro_daemon_name=ORIGINATING
      #628 inet n - - - - qmqpd
      pickup fifo n - - 60 1 pickup
      cleanup unix n - - - 0 cleanup
      qmgr fifo n - n 300 1 qmgr
      #qmgr fifo n - n 300 1 oqmgr
      tlsmgr unix - - - 1000? 1 tlsmgr
      rewrite unix - - - - - trivial-rewrite
      bounce unix - - - - 0 bounce
      defer unix - - - - 0 bounce
      trace unix - - - - 0 bounce
      verify unix - - - - 1 verify
      flush unix n - - 1000? 0 flush
      proxymap unix - - n - - proxymap
      proxywrite unix - - n - 1 proxymap
      smtp unix - - - - - smtp
      relay unix - - - - - smtp
      # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
      showq unix n - - - - showq
      error unix - - - - - error
      retry unix - - - - - error
      discard unix - - - - - discard
      local unix - n n - - local
      virtual unix - n n - - virtual
      lmtp unix - - - - - lmtp
      anvil unix - - - - 1 anvil
      scache unix - - - - 1 scache
      #
      # ====================================================================
      # Interfaces to non-Postfix software. Be sure to examine the manual
      # pages of the non-Postfix software to find out what options it wants.
      #
      # Many of the following services use the Postfix pipe(8) delivery
      # agent. See the pipe(8) man page for information about ${recipient}
      # and other message envelope options.
      # ====================================================================
      #
      # maildrop. See the Postfix MAILDROP_README file for details.
      # Also specify in main.cf: maildrop_destination_recipient_limit=1
      #
      maildrop unix - n n - - pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
      #
      # ====================================================================
      #
      # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
      #
      # Specify in cyrus.conf:
      # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
      #
      # Specify in main.cf one or more of the following:
      # mailbox_transport = lmtp:inet:localhost
      # virtual_transport = lmtp:inet:localhost
      #
      # ====================================================================
      #
      # Cyrus 2.1.5 (Amos Gouaux)
      # Also specify in main.cf: cyrus_destination_recipient_limit=1
      #
      #cyrus unix - n n - - pipe
      # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
      #
      # ====================================================================
      # Old example of delivery via Cyrus.
      #
      #old-cyrus unix - n n - - pipe
      # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
      #
      # ====================================================================
      #
      # See the Postfix UUCP_README file for configuration details.
      #
      uucp unix - n n - - pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
      #
      # Other external delivery methods.
      #
      ifmail unix - n n - - pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
      bsmtp unix - n n - - pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
      scalemail-backend unix - n n - 2 pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
      mailman unix - n n - - pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}


      enter image description here







      email debian raspberry-pi postfix dovecot






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 10 at 19:46

























      asked Dec 10 at 19:30









      Eric F

      2,74531131




      2,74531131






















          1 Answer
          1






          active

          oldest

          votes


















          0















          I think it is because I have everything setup for TLS but do not have a valid certificate yet




          You should first check Postfix logs – and your firewall logs – to make sure that actually is the problem.




          For this reason, how can I temporarily allow my server to accept connections and emails NOT requiring TLS (essentially no security until I get my cert)?




          That depends on how Dynu delivers mail to you. Note that according to your diagram and DNS records, your server is not supposed to receive any direct connections from mail senders, only from the Dynu relay.



          Your diagram says that you've configured Dynu to relay mail to your server on port 465. Because it's an TLS-only port, you must first check the configuration at Dynu to not expect a valid certificate. Depending on what options it offers, either configure the Dynu service to accept invalid certificates (which you already have), or to relay mail on a different port (port 2525 is non-TLS in your configuration).




          • If Dynu is configured to deliver mail to port 465 on your server, the existing self-signed certificate should work well enough to speak TLS.


          • If Dynu is configured to deliver mail to port 2525 on your server, remove the "require TLS" parameters that you've added, specifically smtpd_use_tls. Actually, it should not be set globally in the first place – different ports have different requirements on whether to enforce TLS. (Note how the 'submission' and 'smtps' services already have -o option lines to enforce TLS per port.)







          Note that the certificate's name needs to match the actual (sub)domain that other SMTP clients are connecting to – it is not compared against the @domain in your email address. It is fine if both are identical in your case, but for most people's domains they aren't.



          In direct delivery, the certificate would need to match the name in MX records. For example, if you had MX 0 mail.finendale.com., you would need a cert for "mail.finendale.com".



          But because you're only receiving mail via the Dynu relay, the certificate needs to match whatever hostname is entered within Dynu's configuration.




          Here is my setup below




          The port labels in the diagram don't make sense. Your domain doesn't receive mail on any port nor forward it on any other port. The MX records on finendale.com instead tell senders to directly deliver inbound mail to mx1.dynu.com port 25.






          share|improve this answer























          • Thanks for the detailed response. So I have hashed out smtpd_use_tls and redirected dynu to 2525 (temporarily). Viewing mail.log shows mx1.dynu.com connects then disconnects, without any errors this time (better than before) but I don't see any emails pop up in the folders I set up. If it just shows "connect" then "disconnect" does that mean that postfix did its job? If so then what else could be stopping the mail from reaching its folders?
            – Eric F
            Dec 10 at 21:00










          • If Postfix does not log a queue entry, then there was no message sent. In this case it's more likely something specific to how Dynu performs relaying.
            – grawity
            Dec 10 at 21:42











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1382414%2fhow-to-receive-external-emails-on-email-server%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0















          I think it is because I have everything setup for TLS but do not have a valid certificate yet




          You should first check Postfix logs – and your firewall logs – to make sure that actually is the problem.




          For this reason, how can I temporarily allow my server to accept connections and emails NOT requiring TLS (essentially no security until I get my cert)?




          That depends on how Dynu delivers mail to you. Note that according to your diagram and DNS records, your server is not supposed to receive any direct connections from mail senders, only from the Dynu relay.



          Your diagram says that you've configured Dynu to relay mail to your server on port 465. Because it's an TLS-only port, you must first check the configuration at Dynu to not expect a valid certificate. Depending on what options it offers, either configure the Dynu service to accept invalid certificates (which you already have), or to relay mail on a different port (port 2525 is non-TLS in your configuration).




          • If Dynu is configured to deliver mail to port 465 on your server, the existing self-signed certificate should work well enough to speak TLS.


          • If Dynu is configured to deliver mail to port 2525 on your server, remove the "require TLS" parameters that you've added, specifically smtpd_use_tls. Actually, it should not be set globally in the first place – different ports have different requirements on whether to enforce TLS. (Note how the 'submission' and 'smtps' services already have -o option lines to enforce TLS per port.)







          Note that the certificate's name needs to match the actual (sub)domain that other SMTP clients are connecting to – it is not compared against the @domain in your email address. It is fine if both are identical in your case, but for most people's domains they aren't.



          In direct delivery, the certificate would need to match the name in MX records. For example, if you had MX 0 mail.finendale.com., you would need a cert for "mail.finendale.com".



          But because you're only receiving mail via the Dynu relay, the certificate needs to match whatever hostname is entered within Dynu's configuration.




          Here is my setup below




          The port labels in the diagram don't make sense. Your domain doesn't receive mail on any port nor forward it on any other port. The MX records on finendale.com instead tell senders to directly deliver inbound mail to mx1.dynu.com port 25.






          share|improve this answer























          • Thanks for the detailed response. So I have hashed out smtpd_use_tls and redirected dynu to 2525 (temporarily). Viewing mail.log shows mx1.dynu.com connects then disconnects, without any errors this time (better than before) but I don't see any emails pop up in the folders I set up. If it just shows "connect" then "disconnect" does that mean that postfix did its job? If so then what else could be stopping the mail from reaching its folders?
            – Eric F
            Dec 10 at 21:00










          • If Postfix does not log a queue entry, then there was no message sent. In this case it's more likely something specific to how Dynu performs relaying.
            – grawity
            Dec 10 at 21:42
















          0















          I think it is because I have everything setup for TLS but do not have a valid certificate yet




          You should first check Postfix logs – and your firewall logs – to make sure that actually is the problem.




          For this reason, how can I temporarily allow my server to accept connections and emails NOT requiring TLS (essentially no security until I get my cert)?




          That depends on how Dynu delivers mail to you. Note that according to your diagram and DNS records, your server is not supposed to receive any direct connections from mail senders, only from the Dynu relay.



          Your diagram says that you've configured Dynu to relay mail to your server on port 465. Because it's an TLS-only port, you must first check the configuration at Dynu to not expect a valid certificate. Depending on what options it offers, either configure the Dynu service to accept invalid certificates (which you already have), or to relay mail on a different port (port 2525 is non-TLS in your configuration).




          • If Dynu is configured to deliver mail to port 465 on your server, the existing self-signed certificate should work well enough to speak TLS.


          • If Dynu is configured to deliver mail to port 2525 on your server, remove the "require TLS" parameters that you've added, specifically smtpd_use_tls. Actually, it should not be set globally in the first place – different ports have different requirements on whether to enforce TLS. (Note how the 'submission' and 'smtps' services already have -o option lines to enforce TLS per port.)







          Note that the certificate's name needs to match the actual (sub)domain that other SMTP clients are connecting to – it is not compared against the @domain in your email address. It is fine if both are identical in your case, but for most people's domains they aren't.



          In direct delivery, the certificate would need to match the name in MX records. For example, if you had MX 0 mail.finendale.com., you would need a cert for "mail.finendale.com".



          But because you're only receiving mail via the Dynu relay, the certificate needs to match whatever hostname is entered within Dynu's configuration.




          Here is my setup below




          The port labels in the diagram don't make sense. Your domain doesn't receive mail on any port nor forward it on any other port. The MX records on finendale.com instead tell senders to directly deliver inbound mail to mx1.dynu.com port 25.






          share|improve this answer























          • Thanks for the detailed response. So I have hashed out smtpd_use_tls and redirected dynu to 2525 (temporarily). Viewing mail.log shows mx1.dynu.com connects then disconnects, without any errors this time (better than before) but I don't see any emails pop up in the folders I set up. If it just shows "connect" then "disconnect" does that mean that postfix did its job? If so then what else could be stopping the mail from reaching its folders?
            – Eric F
            Dec 10 at 21:00










          • If Postfix does not log a queue entry, then there was no message sent. In this case it's more likely something specific to how Dynu performs relaying.
            – grawity
            Dec 10 at 21:42














          0












          0








          0







          I think it is because I have everything setup for TLS but do not have a valid certificate yet




          You should first check Postfix logs – and your firewall logs – to make sure that actually is the problem.




          For this reason, how can I temporarily allow my server to accept connections and emails NOT requiring TLS (essentially no security until I get my cert)?




          That depends on how Dynu delivers mail to you. Note that according to your diagram and DNS records, your server is not supposed to receive any direct connections from mail senders, only from the Dynu relay.



          Your diagram says that you've configured Dynu to relay mail to your server on port 465. Because it's an TLS-only port, you must first check the configuration at Dynu to not expect a valid certificate. Depending on what options it offers, either configure the Dynu service to accept invalid certificates (which you already have), or to relay mail on a different port (port 2525 is non-TLS in your configuration).




          • If Dynu is configured to deliver mail to port 465 on your server, the existing self-signed certificate should work well enough to speak TLS.


          • If Dynu is configured to deliver mail to port 2525 on your server, remove the "require TLS" parameters that you've added, specifically smtpd_use_tls. Actually, it should not be set globally in the first place – different ports have different requirements on whether to enforce TLS. (Note how the 'submission' and 'smtps' services already have -o option lines to enforce TLS per port.)







          Note that the certificate's name needs to match the actual (sub)domain that other SMTP clients are connecting to – it is not compared against the @domain in your email address. It is fine if both are identical in your case, but for most people's domains they aren't.



          In direct delivery, the certificate would need to match the name in MX records. For example, if you had MX 0 mail.finendale.com., you would need a cert for "mail.finendale.com".



          But because you're only receiving mail via the Dynu relay, the certificate needs to match whatever hostname is entered within Dynu's configuration.




          Here is my setup below




          The port labels in the diagram don't make sense. Your domain doesn't receive mail on any port nor forward it on any other port. The MX records on finendale.com instead tell senders to directly deliver inbound mail to mx1.dynu.com port 25.






          share|improve this answer















          I think it is because I have everything setup for TLS but do not have a valid certificate yet




          You should first check Postfix logs – and your firewall logs – to make sure that actually is the problem.




          For this reason, how can I temporarily allow my server to accept connections and emails NOT requiring TLS (essentially no security until I get my cert)?




          That depends on how Dynu delivers mail to you. Note that according to your diagram and DNS records, your server is not supposed to receive any direct connections from mail senders, only from the Dynu relay.



          Your diagram says that you've configured Dynu to relay mail to your server on port 465. Because it's an TLS-only port, you must first check the configuration at Dynu to not expect a valid certificate. Depending on what options it offers, either configure the Dynu service to accept invalid certificates (which you already have), or to relay mail on a different port (port 2525 is non-TLS in your configuration).




          • If Dynu is configured to deliver mail to port 465 on your server, the existing self-signed certificate should work well enough to speak TLS.


          • If Dynu is configured to deliver mail to port 2525 on your server, remove the "require TLS" parameters that you've added, specifically smtpd_use_tls. Actually, it should not be set globally in the first place – different ports have different requirements on whether to enforce TLS. (Note how the 'submission' and 'smtps' services already have -o option lines to enforce TLS per port.)







          Note that the certificate's name needs to match the actual (sub)domain that other SMTP clients are connecting to – it is not compared against the @domain in your email address. It is fine if both are identical in your case, but for most people's domains they aren't.



          In direct delivery, the certificate would need to match the name in MX records. For example, if you had MX 0 mail.finendale.com., you would need a cert for "mail.finendale.com".



          But because you're only receiving mail via the Dynu relay, the certificate needs to match whatever hostname is entered within Dynu's configuration.




          Here is my setup below




          The port labels in the diagram don't make sense. Your domain doesn't receive mail on any port nor forward it on any other port. The MX records on finendale.com instead tell senders to directly deliver inbound mail to mx1.dynu.com port 25.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 10 at 20:30

























          answered Dec 10 at 20:24









          grawity

          232k35490546




          232k35490546












          • Thanks for the detailed response. So I have hashed out smtpd_use_tls and redirected dynu to 2525 (temporarily). Viewing mail.log shows mx1.dynu.com connects then disconnects, without any errors this time (better than before) but I don't see any emails pop up in the folders I set up. If it just shows "connect" then "disconnect" does that mean that postfix did its job? If so then what else could be stopping the mail from reaching its folders?
            – Eric F
            Dec 10 at 21:00










          • If Postfix does not log a queue entry, then there was no message sent. In this case it's more likely something specific to how Dynu performs relaying.
            – grawity
            Dec 10 at 21:42


















          • Thanks for the detailed response. So I have hashed out smtpd_use_tls and redirected dynu to 2525 (temporarily). Viewing mail.log shows mx1.dynu.com connects then disconnects, without any errors this time (better than before) but I don't see any emails pop up in the folders I set up. If it just shows "connect" then "disconnect" does that mean that postfix did its job? If so then what else could be stopping the mail from reaching its folders?
            – Eric F
            Dec 10 at 21:00










          • If Postfix does not log a queue entry, then there was no message sent. In this case it's more likely something specific to how Dynu performs relaying.
            – grawity
            Dec 10 at 21:42
















          Thanks for the detailed response. So I have hashed out smtpd_use_tls and redirected dynu to 2525 (temporarily). Viewing mail.log shows mx1.dynu.com connects then disconnects, without any errors this time (better than before) but I don't see any emails pop up in the folders I set up. If it just shows "connect" then "disconnect" does that mean that postfix did its job? If so then what else could be stopping the mail from reaching its folders?
          – Eric F
          Dec 10 at 21:00




          Thanks for the detailed response. So I have hashed out smtpd_use_tls and redirected dynu to 2525 (temporarily). Viewing mail.log shows mx1.dynu.com connects then disconnects, without any errors this time (better than before) but I don't see any emails pop up in the folders I set up. If it just shows "connect" then "disconnect" does that mean that postfix did its job? If so then what else could be stopping the mail from reaching its folders?
          – Eric F
          Dec 10 at 21:00












          If Postfix does not log a queue entry, then there was no message sent. In this case it's more likely something specific to how Dynu performs relaying.
          – grawity
          Dec 10 at 21:42




          If Postfix does not log a queue entry, then there was no message sent. In this case it's more likely something specific to how Dynu performs relaying.
          – grawity
          Dec 10 at 21:42


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1382414%2fhow-to-receive-external-emails-on-email-server%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

          Alcedinidae

          Origin of the phrase “under your belt”?