Postfix not allowing inbound email. Outbound is working fine.

Sep 25 02:40:54 host1 postfix/master[802591]: terminating on signal 15
Sep 25 02:40:54 host1 postfix[803347]: Postfix is running with backwards-compatible default settings
Sep 25 02:40:54 host1 postfix[803347]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Sep 25 02:40:54 host1 postfix[803347]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Sep 25 02:40:54 host1 postfix/postfix-script[803402]: warning: not owned by root: /etc/postfix/./mysql-virtual_vacation.cf
Sep 25 02:40:54 host1 postfix/postfix-script[803415]: starting the Postfix mail system
Sep 25 02:40:54 host1 postfix/master[803417]: daemon started -- version 3.4.8, configuration /etc/postfix
Sep 25 02:40:54 host1 postfix/qmgr[803419]: 47E0B65D4B5: from=<billscott92787@gmail.com>, size=3953, nrcpt=1 (queue active)
Sep 25 02:40:54 host1 postfix/lmtp[803422]: 47E0B65D4B5: to=<kelly@familymaidservices.com>, relay=host1.wvwgssolutions.com[private/dovecot-lmtp], delay=2194, delays=2194/0.02/0/0, dsn=4.2.0, status=deferred (host host1.wvwgssolutions.com[private/dovecot-lmtp] said: 451 4.2.0 <kelly@familymaidservices.com> Internal error occurred. Refer to server log for more information. [2021-09-25 02:40:54] (in reply to end of DATA command))
Sep 25 02:41:04 host1 postfix/smtpd[803432]: connect from c-73-135-99-232.hsd1.md.comcast.net[73.135.99.232]
Sep 25 02:41:17 host1 postfix/smtpd[803442]: connect from mail-oo1-f42.google.com[209.85.161.42]
Sep 25 02:41:17 host1 postfix/smtpd[803442]: warning: loading SNI data for mail.familymaidservices.com: ignoring PEM type: CERTIFICATE REQUEST
Sep 25 02:41:17 host1 postfix/smtpd[803442]: Anonymous TLS connection established from mail-oo1-f42.google.com[209.85.161.42] to mail.familymaidservices.com: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Sep 25 02:41:17 host1 postfix/smtpd[803442]: NOQUEUE: reject: RCPT from mail-oo1-f42.google.com[209.85.161.42]: 450 4.7.0 <Kelly@familymaidservices.com>: Recipient address rejected: defer_if_permit requested; from=<billscott92787@gmail.com> to=<Kelly@familymaidservices.com> proto=ESMTP helo=<mail-oo1-f42.google.com>
Sep 25 02:41:18 host1 postfix/smtpd[803442]: disconnect from mail-oo1-f42.google.com[209.85.161.42] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7



e.com[209.85.210.41] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Sep 25 00:43:07 host1 postfix/pipe[665998]: 2BBA4FC1B7: to=<kelly@familymaidservices.com>, relay=dovecot, delay=0.09, delays=0.06/0.01/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: lda(kelly@familymaidservices.com): Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission denied


I don't know what I'm not doing right or what needs changed to get this working.  A buddy of mine setup CWP, and everything, and email just worked, but mine I've had nothing but issues getting to get it working.    Any tips?  I got this far tailing the log and playing around with settings until I got email to go outbound and not hit spam box.

try to rebuild mail server from cwp, also check the permissions for all files mentioned as error in the logs

Sep 25 02:40:54 host1 postfix/master[802591]: terminating on signal 15
Sep 25 02:40:54 host1 postfix[803347]: Postfix is running with backwards-compatible default settings
Sep 25 02:40:54 host1 postfix[803347]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Sep 25 02:40:54 host1 postfix[803347]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Sep 25 02:40:54 host1 postfix/postfix-script[803402]: warning: not owned by root: /etc/postfix/./mysql-virtual_vacation.cf
Sep 25 02:40:54 host1 postfix/postfix-script[803415]: starting the Postfix mail system
Sep 25 02:40:54 host1 postfix/master[803417]: daemon started -- version 3.4.8, configuration /etc/postfix
Sep 25 02:40:54 host1 postfix/qmgr[803419]: 47E0B65D4B5: from=<billscott92787@gmail.com>, size=3953, nrcpt=1 (queue active)
Sep 25 02:40:54 host1 postfix/lmtp[803422]: 47E0B65D4B5: to=<kelly@familymaidservices.com>, relay=host1.wvwgssolutions.com[private/dovecot-lmtp], delay=2194, delays=2194/0.02/0/0, dsn=4.2.0, status=deferred (host host1.wvwgssolutions.com[private/dovecot-lmtp] said: 451 4.2.0 <kelly@familymaidservices.com> Internal error occurred. Refer to server log for more information. [2021-09-25 02:40:54] (in reply to end of DATA command))
Sep 25 02:41:04 host1 postfix/smtpd[803432]: connect from c-73-135-99-232.hsd1.md.comcast.net[73.135.99.232]
Sep 25 02:41:17 host1 postfix/smtpd[803442]: connect from mail-oo1-f42.google.com[209.85.161.42]
Sep 25 02:41:17 host1 postfix/smtpd[803442]: warning: loading SNI data for mail.familymaidservices.com: ignoring PEM type: CERTIFICATE REQUEST
Sep 25 02:41:17 host1 postfix/smtpd[803442]: Anonymous TLS connection established from mail-oo1-f42.google.com[209.85.161.42] to mail.familymaidservices.com: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
Sep 25 02:41:17 host1 postfix/smtpd[803442]: NOQUEUE: reject: RCPT from mail-oo1-f42.google.com[209.85.161.42]: 450 4.7.0 <Kelly@familymaidservices.com>: Recipient address rejected: defer_if_permit requested; from=<billscott92787@gmail.com> to=<Kelly@familymaidservices.com> proto=ESMTP helo=<mail-oo1-f42.google.com>
Sep 25 02:41:18 host1 postfix/smtpd[803442]: disconnect from mail-oo1-f42.google.com[209.85.161.42] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7



e.com[209.85.210.41] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Sep 25 00:43:07 host1 postfix/pipe[665998]: 2BBA4FC1B7: to=<kelly@familymaidservices.com>, relay=dovecot, delay=0.09, delays=0.06/0.01/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: lda(kelly@familymaidservices.com): Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission denied


I don't know what I'm not doing right or what needs changed to get this working.  A buddy of mine setup CWP, and everything, and email just worked, but mine I've had nothing but issues getting to get it working.    Any tips?  I got this far tailing the log and playing around with settings until I got email to go outbound and not hit spam box.

Something happened in the last update to 0.9.8.1084.

Rebuild your mail server from inside CWP, like @studio4host suggested, and you should be good to go.

I have tried this several times.  It rebuilds BUT it does not seem to build everything correct because I can't send/receive email.  I check tail -f /var/log/maillog and it is getting blocked.  I have looked and it doesn't appear that it creates everything in the postfix SQL database correctly as I don't see all the domains email addresses I've created.  When I edit /etc/postfix/main.cf I can tweak some of the configuration in there to get it to send/receive emails internally and externally (some have got blocked until I made a manual file to permit certain addresses for alias, relay, etc....).  BUT even doing that the mail then doesn't show in the inbox for this email.  Also, when attempting to set the email up using the native iPhone mail app it says there is a certificate error when I have a valid certificate created through CWP.....

Any ideas?  What information would be beneficial to show this?  Also, initially emails would go to spam inbox for new emails sent from postfix/vps/cwp.  I need to figure that out as well because I can't have emails going to spam that will be missed by people that receive emails from this setup.

Postfix is your SMTP (Outgoing)
Dovecot is your IMAP/POP3 (Incoming)

Are you having problems with outbound emails (postfix) or incoming emails (dovecot)?

In your email client, temporarily change you incoming email server name to your server FQDN.
That will troubleshoot if your MX has a problem.

I fixed inbound mail....  But outbound is still an issue.  When attempting to send outbound from one of my domains I get the following in tail-f /var/log/maillog:



Sep 30 15:36:03 host1 postfix/smtpd[306133]: connect from xxxxx

Sep 30 15:36:03 host1 postfix/smtpd[306133]: TLS SNI x.x.x from x

• not matched, using default chain

Sep 30 15:36:03 host1 postfix/smtpd[306133]: Anonymous TLS connection established from x

• : TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)

Sep 30 15:36:03 host1 postfix/smtpd[306133]: lost connection after STARTTLS from x

Sep 30 15:36:03 host1 postfix/smtpd[306133]: disconnect from x

• ehlo=1 starttls=1 commands=2

This might sound like a stupid question, but need to make sure there is a SSL certificate for the server.

The server does have a FQDN pointed to its IP?

Have you run the (Server Settings -> Change Hostname) to get the servers SSL certificate?

Server has FQDN...  I have assigned a hostname, I have updated, I have used let's encrypt SSL, I have used cloudflare SSL, I have multiple domains on the same server and IP address...  So I think what is happening s for some reason it's using the default certificate for the other domain(s). 

Check with CloudFlare.

If you setup the outgoing mail server as the FQDN of your server, it will use that be default, not another domain.
And should work without problem.

But I've seen some weird stuff when using cloudflare.
Because you are using their DNS.

Cloudflare really had nothing to do with it.  I just tried that to see if it was a server thing.  I removed it, had it not even setup through cloudflare, and had the same issue.  I literally said screw this and paid CWP one time support.  The funny thing is they edited /etc/hosts and added server hostname and public IP, and rebuilt email serves.  I did both of these things at least 10 times before paying.  Same issue every single time.  So it's kinda odd that they did the same thing I did but it worked for them and not me?  LOL.