I am trying to set up an email server on an Arch Linux VPS using postfix and dovecot. I'm using plain unix password authentication, in which dovecot handles SASL authentication for postfix. For the purpose of this discussion, let's say my domain is at mydomain.com.
Regardless of how I vary the settings that I discuss below, receiving mail works fine.
With the default postfix settings for mynetworks and relay_domains, I thought that my postfix-dovecot-SASL set up would just enable authenticated senders (= unix users who are part of the mail group) to send emails. But when I try to send a test email to a gmail account, I get the error
550 5.1.1 <user@gmail.com>: Recipient address rejected: outside mail is not deliverable
To try to see why I'm not able to send, I started experimenting with the relay_domains setting. Putting
relay_domains = mydomain.com, gmail.com
I can successfully send a test email to my gmail account. However if I put
relay_domains = *
the test email doesn't make it through, but if I put
relay_domains = *, mydomain.com, gmail.com
then the test email does make it through. I know that in the end I don't want to touch the relay_domains setting, and certainly not to set it to *, but I find it thoroughly weird that the * setting, which is meant to be the most permissive, is being completely ignored.
Can anyone give me a clue what's going on here, or suggest what else I should focus on to figure out my email sending problems?
EDIT: here are some more configuration details.
Some settings in postfix main.cf:
compatibility_level = 3.9
mail_owner = postfix
myhostname = mail.mydomain.com
mydomain = mydomain.com
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks_style = host
default_transport = error: outside mail is not deliverable
home_mailbox = Mail/Inbox/
inet_interfaces = all
inet_protocols = all
SMTP security settings
smtp_tls_security_level = may
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
smtpd_use_tls = yes
smtpd_tls_cert_file = /path/to/cert.pem
smtpd_tls_key_file = /path/to/key.pem
smtpd_tls_security_level = may
added for SPF
smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
check_policy_service unix:private/policy-spf
added for SRS
sender_canonical_maps = socketmap:unix:srs:forward
sender_canonical_classes = envelope_sender
recipient_canonical_maps = socketmap:unix:srs:reverse
recipient_canonical_classes = envelope_recipient, header_recipient
postfix master.cf:
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_unknown_recipient_domain
permit_sasl_authenticated
reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
... etc ...
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
showq unix n - n - - showq
... etc ...
postlog unix-dgram n - n - 1 postlogd
policy-spf unix - n n - 0 spawn user=nobody argv=/usr/bin/policyd-spf
srsd unix - n n - 0 spawn
user=postsrsd
argv=/usr/bin/postsrsd -c /etc/postsrsd/postsrsd.conf
Some dovecot settings:
protocols = imap lmtp
auth_mechanisms = plain login
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
