Postfix can't receive external mails since TLS has been set up

Question

I have a postfix mail server with which I am able to :

• send mails (to google for example) with the commande : "echo foo | mail -s 'bar' [email protected]"
• send mails with php mail()
• send and receive internal mails from and to 'root' or 'myusername'. in ~/Maildir/

TLS,spf and dkim are running fine. (ran multiple test on DNSs ...) there is no dmarc system.

My problem is as follow : Before setting TLS I was able to receive mails from gmail. But not now. When i send a mail from gmail to my server example.com I get this in /var/log/mail.log

postfix/smtpd[2495]: connect from mail-pg1-f177.google.com[209.85.215.177]
postfix/smtpd[2495]: fatal: host/service locahost/9898 not found: Temporary failure in name resolution
postfix/master[2272]: warning: process /usr/lib/postfix/sbin/smtpd pid 2495 exit status 1
postfix/master[2272]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling

Since opendkim is binded on localhost:9898 I suspect the problem comming from here but I can't figure out why ?

postfix/main.cf :

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
compatibility_level = 2
tls_random_source = dev:/dev/urandom
smtp_tls_key_file = /etc..
smtp_tls_cert_file = /etc..
smtp_tls_CAfile = /etc..
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
smtp_tls_loglevel = 1
smtpd_tls_key_file=/etc..
smtpd_tls_cert_file= /etc..
smtpd_tls_CAfile = /etc..
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_loglevel = 1
old TLS parameters
smtp_use_tls=yes
smtpd_use_tls=yes
smtp_tls_session_cache_database = btree:${data_directory}/smtpd_scache

authorized_submit_users = static:all
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
myhostname = BricoleServer1.bricole-s.com
masquerade_domains = bricole-s.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
myorigin = localhost
mydestination = $myhostname, localhost.$mydomain, example.com, mail.example.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
home_mailbox = .Maildir/
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:locahost:9898,
non_smtpd_milters = inet:localhost:9898,

master.cf :

(i've replaced '#' by '%')

% ==========================================================================
% service type private unpriv chroot wakeup maxproc command + args
% (yes) (yes) (no) (never) (100)
% ==========================================================================
smtp inet n - y - - smtpd
%smtp inet n - y - 1 postscreen
%smtpd pass - - y - - smtpd
%dnsblog unix - - y - 0 dnsblog
%tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
% -o syslog_name=postfix/submission
-o smtpd_etrn_restrictions=reject
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_helo_restrictions=permit_mynetworks,permit
% -o smtpd_tls_auth_only=yes
% -o smtpd_reject_unlisted_recipient=no
% -o smtpd_client_restrictions=$mua_client_restrictions
% -o smtpd_helo_restrictions=$mua_helo_restrictions
% -o smtpd_sender_restrictions=$mua_sender_restrictions
% -o smtpd_recipient_restrictions=
% -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
% -o milter_macro_daemon_name=ORIGINATING
%smtps inet n - y - - smtpd
% -o syslog_name=postfix/smtps
% -o smtpd_tls_wrappermode=yes
% -o smtpd_sasl_auth_enable=yes
% -o smtpd_reject_unlisted_recipient=no
% -o smtpd_client_restrictions=$mua_client_restrictions
% -o smtpd_helo_restrictions=$mua_helo_restrictions
% -o smtpd_sender_restrictions=$mua_sender_restrictions
% -o smtpd_recipient_restrictions=
% -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
% -o milter_macro_daemon_name=ORIGINATING

I've been on that for a while and I am staying open to add any additional informations.

Answer 1

Typo. In the setting smtpd_milters it says locahost (lacking L) in a place you very likely meant to put localhost.

Answer 2

troubleshooting a mail server is not a simple task, so it would be helpful to actually see the errors in your log, not just some snippets. Anyway I'll try... :)

First of all I would set:

• "smtpd_use_tls=may"
• "smtp_use_tls=may"

This because not many servers in 2022 use encrypted smtp: if you want a real mailserver you have to accept both encrypted and plain incoming/outgoing smtp connections.

Please also fix the typo in smtpd_milter.

If this is not enough send updated logs with the new errors: perhaps there are a few things to fix.

If you want you can also "talk" to your postfix: SMTP is a simple language, so you can just telnet into your smtp port (25) and send a simple email with just a simple dialog (in bold what you should type).

root@mail:/etc/postfix# telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

220 mail.xxx.xxx ESMTP Postfix (Debian/GNU)

helo mydomain

250 mail.xxx.xxx

mail from:<>

250 2.1.0 Ok

rcpt to:[email protected]

250 2.1.5 Ok

data

354 End data with .

whatever, just end this with a dot on a blank line

.

250 2.0.0 Ok: queued as D36896344F

quit

221 2.0.0 Bye

Connection closed by foreign host.