postfix interview questions

Top postfix frequently asked interview questions

How do I check the postfix queue size?

What's the postfix equivalent to sendmail -bp?

Source: (StackOverflow)

How to correct Postfix' 'Relay Access Denied'?

This morning, in order to correct a problem with a name mismatch in the security certificate, I followed the recommended steps from How to fix mail server SSL?, but now, when attempting to send an email from a client (in this case the client is Windows Mail), I receive the following error.

The rejected e-mail address was 'email@gmail.com'. Subject 'This is a test. ', Account: 'mail.domain.com', Server: 'mail.domain.com', Protocol: SMTP, Server Response: '554 5.7.1 : Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79

Edit: I can still retrieve emails from this account, and I send emails to other accounts at the same domain. I just can't send emails to recipients outside of our domain.

I tried disabling TLS altogether but no dice, I still get the same error.

When I check file mail.log, I see the following.

Jul 18 08:24:41 company imapd: LOGIN, user=user_name@domain.com, ip=[::ffff:], protocol=IMAP
Jul 18 08:24:42 company imapd: DISCONNECTED, user=user_name@domain.com, ip=[::ffff:], headers=0, body=0, rcvd=83, sent=409, time=1
Jul 18 08:25:19 company postfix/smtpd[29282]: connect from company.university.edu[]
Jul 18 08:25:19 company postfix/smtpd[29282]: NOQUEUE: reject: RCPT from company.university.edu[]: 554 5.7.1 <email@gmail.com>: Relay access denied; from=<user_name@domain.com> to=<email@gmail.com> proto=ESMTP helo=<UserPC>
Jul 18 08:25:19 company postfix/smtpd[29282]: disconnect from company.university.edu[]
Jul 18 08:25:22 company imapd: DISCONNECTED, user=user_name@domain.com, ip=[::ffff:], headers=13, body=142579, rcvd=3289, sent=215892, time=79

File main.cf looks like this:

# Postfix MTA Manager Main Configuration File;
# Please do NOT edit this file manually;

# Postfix directory settings; These are critical for normal Postfix MTA functionallity;

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

# Some common configuration parameters;

inet_interfaces = all
mynetworks =
mynetworks_style = host

myhostname = mail.domain.com
mydomain = domain.com
myorigin = $mydomain

smtpd_banner = $myhostname ESMTP (Debian/GNU)
setgid_group = postdrop

# Receiving messages parameters;

mydestination = localhost, company 
append_dot_mydomain = no
append_at_myorigin = yes
transport_maps = mysql:/etc/postfix/transport.cf

# Delivering local messages parameters;

mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"

biff = no

alias_database = hash:/etc/aliases

local_recipient_maps =

# Delivering virtual messages parameters;

# SASL paramters;
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s

smtp_tls_CAfile = /etc/postfix/ssl/smptd.pem
smtp_tls_cert_file = /etc/postfix/ssl/smptd.crt
smtp_tls_key_file = /etc/postfix/ssl/smptd.key

smtpd_tls_CAfile = /etc/postfix/ssl/smptd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smptd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smptd.key

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

smtpd_sender_restrictions =

smtpd_recipient_restrictions =
        check_recipient_access hash:/etc/postfix/filtered_domains

As a side note, my employer wants to be able to send emails from clients (Thunderbird and Outlook) both from within our local network and outside it.

Source: (StackOverflow)


What ports to open for mail server?

I have just finished setting up a Postfix mail server on a linux (ubuntu) platform. I have it sending and receiving email and it is not an open relay. It also supports secure smtp and imap.

Now this is a pretty beginner question but should I be leaving port 25 open? (since secure smtp is preferred). if so then why?

Also what about port 587?

Also should I require any authentication on either of these ports?

Please excuse my ignorance in this area :P

Source: (StackOverflow)

Automate the installation of postfix on Ubuntu

My system configuration script does an "apt-get install -y postfix". Unfortunately the script is halted when the postfix installer displays a configuration screen. Is there a method to force postfix to use the defaults during installation so that an automated script can continue to the end?

Does the postfix installer maybe check for existing configuration in /etc/postfix, and if it exists, not bother the user with the configuration screen?

Source: (StackOverflow)

DKIM sign outgoing mail from any domain (with Postfix and Ubuntu)

I got DKIM setup on my mail server (postfix and ubuntu) so it signs outgoing emails. I used these instructions: https://help.ubuntu.com/community/Postfix/DKIM

However, I need it to sign emails from any domain (in the From address) and not just my own. I'm building an email newsletter service and clients will be sending their own email through the server.

First I set "Domain *" in /etc/dkim-filter.conf. This got it to include the DKIM headers in all outgoing emails, no matter what the domain.

However, the verification check fails on gmail because it is checking the domain in the from address, and not my domain (and dns record). Does anyone know how to do this?

Source: (StackOverflow)

Is an IPv6-only MTA possible yet?

Has anyone had tried to run an IPv6-only SMTP engine? Pretty much everybody with any sense has IPv6 configured for major front-end servers. I was curious if anyone had tried to run an IPv6-only MTA and received any connection errors.

Is IPv6-only a viable solution yet? Can I expect a few lingering connection issues? Or did a magic fairy come down on the internet and made IPv6-to-IPv4 on port 25 work like magic on a direct connection?

Source: (StackOverflow)

Fixing My MTA's Poor Reputation

I have a web site that needs to send email to customers to deliver files that they have purchased. Reliable email delivery is vital to this business. Unfortunately, most of the emails sent by my server are not delivered due to my MTA's "poor reputation." Here are some sample lines from my mail.log:

Feb 20 02:40:41 servername postfix/smtp[14580]: 4E30B1100C7: host aspmx.l.google.com[] said: 421-4.7.0 [] Our system has detected an unusual amount of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421 4.7.0 to review our Bulk Email Senders Guidelines. 10si1216690ywh.92 (in reply to end of DATA command)

Feb 20 12:49:22 servername postfix/smtp[5651]: A86CB1CC0CF: to=<user@domain.com>, relay=mx3.comcast.net[]:25, delay=55186, delays=55185/0.01/0.93/0, dsn=4.0.0, status=deferred (host mx3.comcast.net[] refused to talk to me: 554 imta36.westchester.pa.mail.comcast.net comcast found on one or more DNSBLs, see http://help.comcast.net/content/faq/BL000001)

Feb 16 10:50:11 servername postfix/smtp[6931]: 98B94380A1: host mx-in-2.webreus.nl[] refused to talk to me: 554-mx-in-2.webreus.nl 554-Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. 554 More information can be found on http://senderbase.org/senderbase_queries/detailhost?search_string=

Feb 16 10:50:12 servername postfix/smtp[6931]: 98B94380A1: to=<user@domain.com>, relay=mx-in-1.webreus.nl[]:25, delay=173653, delays=173650/0.22/2.8/0, dsn=4.0.0, status=deferred (host mx-in-1.webreus.nl[] refused to talk to me: 554-mx-in-1.webreus.nl 554-Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. 554 More information can be found on http://senderbase.org/senderbase_queries/detailhost?search_string=

Steps I've taken to try to improve the situation:

  • set up reverse DNS lookups to work correctly
  • set up SPF records for my domain
  • disallow incoming connections to my SMTP server
  • format messages according to RFC 2822
  • never send unsolicited messages (I never have)

My server is in Rackspace's cloud. Is it possible that the IP address's bad reputation was inherited from a previous customer? Some of the above steps have been taken in the past week--am I going to have to wait for the situation to improve? Are there other things I should be doing? Should I hire a third party to send emails for me?

Source: (StackOverflow)

Why Does hotmail still reject my emails?

I have a very strange problem with my emails being marked as spam by hotmail.
I just have configured Postfix + Dovecot on my server and all works perfectly. I can Send/Receive emails. I only have problems with hotmail accounts, I do not understand the reason, because I also configured:

  • SPF
  • DKIM
  • rDNS
  • My IP is not listed in any backlist, I used: mxtoolbox.com

Checking the headers I see that SPF and DKIM pass correctly. I have no problem with GMAIL, YAHOO, and other, but hotmail seems very strict.

The only problem I think... could be that my IP had no email traffic yet. I've sent very few emails to hotmail.

So, if postfix has no problem, what do I have to do to send emails to hotmail correctly? Because if the only reason is that I had no email traffic yet it means that my first newsletters will be tag as SPAM without no reason.


(An example of email received as SPAM is below)


Authentication-Results: hotmail.com; sender-id=pass (sender IP is header.from=info@example.net; dkim=pass header.d=example.net; x-hmca=pass
X-SID-PRA: info@example.net
X-SID-Result: Pass
X-DKIM-Result: Pass
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD00
X-Message-Info: M98loaK0Lo1j8FOgXol8UFVrP26QMSvVTQXke21+QxXu+DJ5ttCh6cM/eFA+HRgTBFdz52wvmszvfgxVXBCfExvqqIFxcJKaFap8dwTFrYmSiOTK6J40vAbrC+QeYPnMG9Hntes6IFH9T95bydckDQ==
Received: from mail.example.net ([]) by SNT0-MC3-F15.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
     Sun, 30 Sep 2012 14:13:33 -0700
Received: from [] (2-231-150-154.ip207.fastwebnet.it [])
    by mail.example.net (Postfix) with ESMTPA id DD0A3401D9
    for <abcdef@hotmail.it>; Sun, 30 Sep 2012 21:13:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.net;
    s=mail; t=1349039612;
Message-ID: <5068B5FA.7040704@example.net>
Date: Sun, 30 Sep 2012 23:13:30 +0200
From: Aziende Mandanti <info@example.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120911 Thunderbird/15.0.1
MIME-Version: 1.0
To: abcdef@hotmail.it
Subject: Registrazione avvenuta con successo
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 8bit
Return-Path: info@example.net
X-OriginalArrivalTime: 30 Sep 2012 21:13:33.0410 (UTC) FILETIME=[72B24C20:01CD9F50]

Gentile Damiano,
la registrazione รจ avvenuta correttamente.


The IP you see in the headers is correct, I only obfuscated the email addresses

Source: (StackOverflow)

How to redirect all postfix emails to one external email address?

To create a test email server, I have a similar requirement as:


But I need to send all the emails to an external account, not a local one.

I would like to do something like:

  • xyz:email@gmail.com

but xyz is not local nor smtp.

Source: (StackOverflow)

Postfix - how to retry delivery of mail in queue?

I have a backup mail server in case of a failure on the main one. In that case of failure, mails come on the backup server and stay there until the main one is back.

If I wait some times, the delivery will be done automatically as soon as the main server is back but it can be long. So how to force a send retry of all the mails?

For exemple : postqueue -p : give me a list of mails

I then tried postqueue -f (from man page : Flush the queue: attempt to deliver all queued mail.). It surely flushed the queue but mails were not been delivered...

Source: (StackOverflow)

Is there any way to see if the mail sent by my server was received by the recipient server?

I've sent an important email that the recipient claims it wasn't received by them.

They say that they asked their IT team to see if the email was received in their server. According to them the email never reached their server. Also they don't accept the chance that the email was received and marked as SPAM.

Shouldn't I receive an error message in the case the email wasn't delivered?

Is their any way for me to check if they are telling the truth (it sounds very fishy to me).

Thank you.

Source: (StackOverflow)

Do you use postfix or qmail and why [closed]

I am setting up a server and I have the choice of installing qmail or postfix. Can someone help me make the right choice.

Thing I like to see covered are:
- Performance
- Ease of setup
- security

Source: (StackOverflow)

How can I see the contents of the mail whose ID I get from mailq command?

I used mailq command and I got a line like for example:

A705238B4C   603953 Wed May 23 11:09:58  apache@myserver.com

So, now I'm wondering is there a way where I can "read" an actual content of the mail by its id A705238B4C

Source: (StackOverflow)

Is it good practice or too draconian to reject mails from mailservers with no RDNS

I've recently dropped SpamAssassin and am now basing spam rejection on DNSRBL's, grey-listing and other basic tests and I'm wondering whether I should also block hosts that don't have a valid RDNS matching the EHLO?

If I do this, am I going to make trouble for much legitimate mail and upset my customers? I've heard people griping that AOL do this, which makes me think it's perhaps too uncommon for me to do.

I'm also wondering if I can compromise by checking that RDNS is at least set to something, but not try to match it to the EHLO. Is this possible with Postfix (and is it useful)?

Source: (StackOverflow)

Is Postfix the same thing as Sendmail?

I have postfix setup on my server so that I can send outgoing mail using the command-line:

mail -s "Subject" address@example.com

Is this using sendmail or postfix? Is "sendmail" just a software category or a distinct program? If something is "sendmail-ready" does that mean it will work with postfix?

Everything I've read online seems to use these two terms interchangeably.

Source: (StackOverflow)