Mail does not send via smtp

Hey all,

I am trying to set up postfix to use an external smtp relay as per this guide: 14.7. Configuration of the mail server — Univention Corporate Server - Manual for users and administrators

I have done everything in there but I keep getting this error:

Mar 15 14:52:35 ucs-6907 postfix/error[23455]: 38EC22A840FC: to=<>, relay=none, delay=0.21, delays=0.15/0/0/0.07, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to[]:10024: Connection refused)

When I do:

echo "This is the body of the email" | mail -s "This is the subject line"

So it looks like it is trying to send trough localhost instead of the provider I have specified…

Please advice?

This is my

# Warning: This file is auto-generated and might be overwritten by
#          univention-config-registry.
#          Please edit the following file(s) instead:
# Warnung: Diese Datei wurde automatisch generiert und kann durch
#          univention-config-registry ueberschrieben werden.
#          Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en):
# 	/etc/univention/templates/files/etc/postfix/
# 	/etc/univention/templates/files/etc/postfix/
# 	/etc/univention/templates/files/etc/postfix/
# 	/etc/univention/templates/files/etc/postfix/
# 	/etc/univention/templates/files/etc/postfix/
# 	/etc/univention/templates/files/etc/postfix/
# 	/etc/univention/templates/files/etc/postfix/

# The message_size_limit parameter limits the total size in bytes of
# a message, including envelope information. Default is 10240000
message_size_limit = 10240000

# mailbox_size_limit limits the max. size of local mailboxes. Default is 51200000
mailbox_size_limit = 51200000

# some basic path definitions
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin

# some basic mail system settings
myhostname =
# mydomain is unset - The default is to use $myhostname minus the first component.
myorigin =
smtp_helo_name =

append_dot_mydomain = no

compatibility_level = 3

inet_interfaces =
inet_protocols = ipv4

mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks =
mynetworks_style = subnet

masquerade_domains = $mydomain
masquerade_exceptions = root

transport_maps = hash:/etc/postfix/transport
relay_domains = $mydestination

# we need to name a smtp relay host to which we forward non-local
# mails. smtp authentication is also possible.
relayhost =
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth

disable_vrfy_command = no

# banner
smtputf8_enable = no

# prevent STMP Smuggling CVE-2023-51764 / Bug 56957
local_header_rewrite_clients = 

canonical_maps = hash:/etc/postfix/canonical
relocated_maps = hash:/etc/postfix/relocated

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

# postscreen settings

postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites = 

postscreen_helo_required = no
postscreen_greet_action = drop
postscreen_greet_ttl = 1d

postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_action = ignore

postscreen_bare_newline_enable = no
postscreen_bare_newline_action = ignore

postscreen_blacklist_action = ignore
postscreen_access_list = permit_mynetworks

# smtpd_sender_restrictions is not defined since all relevant checks have been moved to
# smtpd_recipient_restrictions (see below) and every mail has to pass smtpd_recipient_restrictions too.
#smtpd_sender_restrictions =

smtpd_recipient_restrictions = permit_mynetworks,

# special recipient_restrictions which may be used by smtps/submission services
# (can be configured via UCR: mail/postfix/submission/restrictions/recipient/...)
# submission_recipient_restrictions =

#TLS settings
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = 
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_cert_file = /etc/univention/ssl/
smtpd_tls_key_file = /etc/univention/ssl/

smtpd_tls_received_header = no
smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

# smtp client
smtp_tls_security_level = may
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

# Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN
broken_sasl_auth_clients = yes

# tls logging
smtp_tls_loglevel = 0
smtpd_tls_loglevel = 0

# EDH config
smtpd_tls_dh1024_param_file = /etc/postfix/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem

# use the Postfix SMTP server's cipher preference order instead of the remote client's cipher preference order.
tls_preempt_cipherlist = yes

# The Postfix SMTP server security grade for ephemeral elliptic-curve Diffie-Hellman (EECDH) key exchange
smtpd_tls_eecdh_grade = strong

# if virus scanning is desired, all mails can be redirected through amavis.
content_filter = smtp-amavis:[]:10024

# The following section is included from the file /etc/postfix/
# Please note, that custom options in this file may interfere with the
# standard Postfix configuration of Univention Corporate Server!
relayhost =
default_transport = smtp
# --- end of /etc/postfix/ ---

Is something preventing the connection to amavis?

Not to my knowledge, I have not set up any firewall if thats what you mean…

As far as I remember I have also not set up amaviz… But how can I disable it?

It might be an option in the UCR. If not you should be able to comment it out in the config file. It’s been a while since I’ve had to configure that manually since it’s included by default as part of the univention server, but it should be an easy thing to search for if my memory is poor.

1 Like

Thanks, I’m on the road rn but will look into it later and get back :slight_smile:

Thanks for getting me on track tho :wink: