Introduction

Warning !

I know, this question has already been asked. But the result can't help me, so I purpose you my error in details.

My presentation

Hello, I am a french student in IT Science, and I am in project comprising to create a email server !

I the past I had several problem in the send and receive of mails...

Result today

Now I have again problem for send and receive mails !

But I am in SSL/TLS so the IMAP port is 993 and the SMTP port is 465.

For create my email server I use postfix and Dovecot. For the domain name I use NoIP.

For confidentiality question, the domain name was : cookie.ddns.net and the domain name of mails was : cookiemail.ddns.net.

In NoIP I had add a MX in cookie.ddns.net which is cookiemail.ddns.net.

The server is on Xubuntu.

Error code

NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <localhost[127.0.0.1]>: Client host rejected: Access denied; from=<admin@cookie.ddns.net> to=<xxxxxx@protonmail.com> proto=ESMTP helo=<cookiemail.ddns.net>

My configuration

/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version# Debian specific:  Specifying a file name will cause the first# line of that file to be used as the name.  The Debian default# is /etc/mailname.myorigin = /etc/mailnamemyhostname = cookiemail.ddns.netmydomain = cookie.ddns.netsmtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)biff = no# appending .domain is the MUA's job.append_dot_mydomain = no# Uncomment the next line to generate "delayed mail" warnings#delay_warning_time = 4hreadme_directory = no# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on# fresh installs.compatibility_level = 2# TLS parameterssmtpd_tls_mandatory_protocols =smtpd_tls_protocols =smtp_use_tls = yessmtp_tls_note_starttls_offer = yessmtpd_tls_auth_only = nosmtpd_tls_key_file = /etc/letsencrypt/live/cookie.ddns.net/privkey.pemsmtpd_tls_cert_file = /etc/letsencrypt/live/cookie.ddns.net/cert.pemsmtpd_tls_CAfile = /etc/letsencrypt/live/cookie.ddns.net/chain.pemsmtpd_tls_loglevel = 3#smtpd_tls_protocols = !SSLv2, !SSLv3smtpd_tls_received_header = yessmtpd_tls_session_cache_timeout = 3600stls_random_source = dev:/dev/urandomsmtpd_recipient_limit = 100#smtpd_helo_restrictions = reject_invalid_hostnamesmtpd_sender_restrictions = reject_unknown_addresssmtpd_recipient_restrictions = permit_sasl_authenticated,  check_recipient_access,  permit_mynetworks,  reject_unauth_destination,  reject_unknown_sender_domain,  reject_unknown_client,  permitsmtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scachesmtp_tls_session_cache_database = btree:${data_directory}/smtp_scache# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for# information on enabling SSL in the smtp client.smtpd_sasl_local_domain = $myhostnamesmtp_sasl_auth_enable = yessmtp_sasl_security_options = noplaintext,noanonymoussmtp_sasl_tls_security_options = noanonymoussmtp_sasl_password_maps = hash:/etc/postfix/sasl_passwdbroken_sasl_auth_clients = yessmtpd_sasl_type = dovecotsmtpd_sasl_path = private/authsmtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destinationtransport_maps = hash:/etc/postfix/transportalias_maps = hash:/etc/aliasesalias_database = hash:/etc/aliasesmyorigin = /etc/mailnamemydestination = $mydomain $myhostname localhost.$mydomain localhostrelayhost = cookie.ddns.net:587mynetworks_style = subnet mynetworks = 127.0.0.0/8 192.168.1.0/24mailbox_size_limit = 51200000recipient_delimiter = +inet_interfaces = allinet_protocols = allmailbox_command = home_mailbox = Maildir/message_size_limit = 20480000

/etc/postfix/master.cf

## Postfix master process configuration file.  For details on the format# of the file, see the master(5) manual page (command: "man 5 master" or# on-line: http://www.postfix.org/master.5.html).## Do not forget to execute "postfix reload" after editing this file.## ==========================================================================# service type  private unpriv  chroot  wakeup  maxproc command + args#               (yes)   (yes)   (no)    (never) (100)# ==========================================================================smtp      inet  n       -       y       -       -       smtpd#smtp      inet  n       -       y       -       1       postscreen#smtpd     pass  -       -       y       -       -       smtpd#dnsblog   unix  -       -       y       -       0       dnsblog#tlsproxy  unix  -       -       y       -       0       tlsproxysubmission inet n       -       y       -       -       smtpd  -o syslog_name=postfix/submission  -o smtpd_tls_security_level=encrypt  -o smtpd_sasl_auth_enable=yes  -o smtpd_sasl_type=dovecot  -o smtpd_sasl_path=private/auth  -o smtpd_sasl_security_options=noanonymous  -o smtpd_sasl_local_domain=$myhostname  -o smtpd_sender_restrictions=reject_sender_login_mismatch  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject  -o smtpd_tls_auth_only=yes  -o smtpd_reject_unlisted_recipient=no  -o smtpd_client_restrictions=permit_sasl_authenticated,reject#  -o smtpd_helo_restrictions=$mua_helo_restrictions#  -o smtpd_sender_restrictions=$mua_sender_restrictions  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject  -o milter_macro_daemon_name=ORIGINATINGsmtps     inet  n       -       y       -       -       smtpd  -o syslog_name=postfix/smtps  -o smtpd_tls_wrappermode=yes  -o smtpd_sasl_auth_enable=yes  -o broken_sasl_auth_clients=yes  -o content_filter=  -o smtpd_reject_unlisted_recipient=no#  -o smtpd_client_restrictions=$mua_client_restrictions#  -o smtpd_helo_restrictions=$mua_helo_restrictions#  -o smtpd_sender_restrictions=$mua_sender_restrictions  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject  -o milter_macro_daemon_name=ORIGINATING#628       inet  n       -       y       -       -       qmqpdpickup    unix  n       -       y       60      1       pickupcleanup   unix  n       -       y       -       0       cleanupqmgr      unix  n       -       n       300     1       qmgr#qmgr     unix  n       -       n       300     1       oqmgrtlsmgr    unix  -       -       y       1000?   1       tlsmgrrewrite   unix  -       -       y       -       -       trivial-rewritebounce    unix  -       -       y       -       0       bouncedefer     unix  -       -       y       -       0       bouncetrace     unix  -       -       y       -       0       bounceverify    unix  -       -       y       -       1       verifyflush     unix  n       -       y       1000?   0       flushproxymap  unix  -       -       n       -       -       proxymapproxywrite unix -       -       n       -       1       proxymapsmtp      unix  -       -       y       -       -       smtprelay     unix  -       -       y       -       -       smtp        -o syslog_name=postfix/$service_name#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5showq     unix  n       -       y       -       -       showqerror     unix  -       -       y       -       -       errorretry     unix  -       -       y       -       -       errordiscard   unix  -       -       y       -       -       discardlocal     unix  -       n       n       -       -       localvirtual   unix  -       n       n       -       -       virtuallmtp      unix  -       -       y       -       -       lmtpanvil     unix  -       -       y       -       1       anvilscache    unix  -       -       y       -       1       scachepostlog   unix-dgram n  -       n       -       1       postlogd## ====================================================================# Interfaces to non-Postfix software. Be sure to examine the manual# pages of the non-Postfix software to find out what options it wants.## Many of the following services use the Postfix pipe(8) delivery# agent.  See the pipe(8) man page for information about ${recipient}# and other message envelope options.# ====================================================================## maildrop. See the Postfix MAILDROP_README file for details.# Also specify in main.cf: maildrop_destination_recipient_limit=1#maildrop  unix  -       n       n       -       -       pipe  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}## ====================================================================## Recent Cyrus versions can use the existing "lmtp" master.cf entry.## Specify in cyrus.conf:#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4## Specify in main.cf one or more of the following:#  mailbox_transport = lmtp:inet:localhost#  virtual_transport = lmtp:inet:localhost## ====================================================================## Cyrus 2.1.5 (Amos Gouaux)# Also specify in main.cf: cyrus_destination_recipient_limit=1##cyrus     unix  -       n       n       -       -       pipe#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}## ====================================================================# Old example of delivery via Cyrus.##old-cyrus unix  -       n       n       -       -       pipe#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}## ====================================================================## See the Postfix UUCP_README file for configuration details.#uucp      unix  -       n       n       -       -       pipe  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)## Other external delivery methods.#ifmail    unix  -       n       n       -       -       pipe  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)bsmtp     unix  -       n       n       -       -       pipe  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipientscalemail-backend unix  -   n   n   -   2   pipe  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}mailman   unix  -       n       n       -       -       pipe  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py  ${nexthop} ${user}

/etc/postfix/transport

cookie.ddns.net :

/etc/dovecot/dovecot.conf

disable_plaintext_auth = nomail_privileged_group = mailmail_location = mbox:~/mail:INBOX=/var/mail/%uuserdb {  driver = passwd}passdb {  args = %s  driver = pam}protocols = " imap"auth_mechanisms = plain loginprotocol imap {  mail_plugins = " autocreate"}plugin {  autocreate = Trash  autocreate2 = Sent  autosubscribe = Trash  autosubscribe2 = Sent}service auth {  unix_listener /var/spool/postfix/private/auth {    group = postfix    mode = 0660    user = postfix  }}ssl=requiredssl_cert = </etc/letsencrypt/live/cookie.ddns.net/cert.pemssl_key = </etc/letsencrypt/live/cookie.ddns.net/privkey.pemssl_min_protocol=TLSv1

Result dig command

; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> cookie.ddns.net MX;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57899;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 65494;; QUESTION SECTION:;cookie.ddns.net.           IN  MX;; ANSWER SECTION:cookie.ddns.net.        1047    IN  MX  5 cookiemail.ddns.net.;; Query time: 0 msec;; SERVER: 127.0.0.53#53(127.0.0.53);; WHEN: mar. avril 21 12:15:30 CEST 2020;; MSG SIZE  rcvd: 65

Tests

Add [::1]/128 on mynetworks variable

When I received a message I had this error :

NOQUEUE: reject: RCPT from mail-40131.protonmail.ch[185.70.40.131]: 451 4.3.5 Server configuration error; from=<xxxxxx@protonmail.com> to=<admin@cookie.ddns.net> proto=ESMTP helo=<mail-40131.protonmail.ch>

But when I edited my /etc/postfix/main.cf :

smtpd_recipient_restrictions = permit_sasl_authenticated,  #check_recipient_access,  #permit_mynetworks,  #reject_unauth_destination,  #reject_unknown_sender_domain,  #reject_unknown_client,  #permit

I didn't have this error and I had :

Apr 21 16:17:55 postfix/smtpd[53393]: connect from mail1.protonmail.ch[185.70.40.18]Apr 21 16:17:55 postfix/smtpd[53393]: 767E842C002D: client=mail1.protonmail.ch[185.70.40.18]Apr 21 16:17:55 postfix/cleanup[53397]: 767E842C002D: message-id=<cBVyJEUSK36qCWUokN9mqHqAx5Mt7FYCL9Jq2FgO3TQ9dk-bEFs6ZkRD336yrrN3Qb8P04okSJjHrDVMZlGm2Qx_WtjJydAYpljxY7n9V9E=@protonmail.com>Apr 21 16:17:55 postfix/smtpd[53393]: disconnect from mail1.protonmail.ch[185.70.40.18] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5Apr 21 16:17:55 postfix/qmgr[53040]: 767E842C002D: from=<xxxxxx@protonmail.com>, size=1862, nrcpt=1 (queue active)Apr 21 16:17:55 postfix/local[53398]: 767E842C002D: to=<admin@cookie.ddns.net>, relay=local, delay=0.07, delays=0.06/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)Apr 21 16:17:55 postfix/qmgr[53040]: 767E842C002D: removed

But I didn't receive any message.

In final

thank you in advance for your help !

I hope you can help me for that !