Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Cannot Get Mail Service to Receive or Send

I just did a fresh install of Mountain Lion 10.8.2 + Server and I can't get the Mail server to work properly.


Here are the behaviours:

  • Receive emails sometimes then it stops
  • Cannot send
  • Client-side connection only works with Cleartext, not with Open Directory authentication settings for Mail (Kerberos and MD5)


I've verified the hostname and DNS settings. Compared to what I had in Lion Server, things look good.

I'm showing my limited knowledge here, but one difference is that I didn't create an MX record on the server because I didn't have one in Lion or Snow Leopard Server, having it at the domain registrar-level instead. From here it sends to mail.mydomain.com where I have an alias from mail to server.mydomain.com.


Ports 993 and 587 (and more) are open although I had to create them manually. For some reason, ML doesn't have this Airport preset.


Anyway, please help if you can.


Thanks

Mac mini, OS X Server, Mid-2010

Posted on Oct 15, 2012 10:53 AM

Reply
19 replies

Oct 15, 2012 11:11 AM in response to OoO_Bailey_OoO

First, do you run OS X Server 2.1.1, which is the latest version of server? You can check by opening the App Store and see if there are updates.


Second, do you run OS X Server at home? I yes, your provider might be blocking port 25 which is needed so that SMTP servers (for delivering mail) can talk to each other. Using a DNS provider that offers SMTP services to another port together with your Airport Extreme, this isn't hard to overcome.


Third, look here to see if you've set up mail correctly: http://krypted.com/mac-os-x/setting-up-the-mail-service-in-mountain-lion-server/

Oct 15, 2012 11:13 AM in response to Mark23

Thank you for your response.


I am running 2.1.1 and I am running this server at home.


I've been running a OS X mail server successfully for a number of years with the same ISP without issues on port 25. Recently, I called to ask them if they were blocking a different port for a different issue and they told me that they "do not block any ports, ever, period".


So I think I am ok there. I've seen that post before, but I'll read through it more carefully this time and report back.

Oct 15, 2012 11:24 AM in response to Mark23

So I ran through the krypted.com page. I can successfully telnet on 25. My fullstatus read-out is pretty much the same as his (except for timestamps of course).


I'm not sure if this is mandatory or not, but I haven't done anything in here and I’m not sure what it's for:

mail:postfix:mynetworks:_array_index:0 = “127.0.0.0/8″ – Add entries to this one to add “local” clients


Other than that, things look good.

Oct 15, 2012 11:47 AM in response to Mark23

Nothing terribly descriptive (to me) unfortunately:


Oct 15 14:30:24 server.mydomain.com log[21712]: imap(pid 21731 user com.apple.calendarserver): Disconnected: Logged out bytes=68/817

Oct 15 14:30:55 server.mydomain.com log[21712]: imap-login: Login: user=<com.apple.calendarserver>, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, mpid=21731, TLS


REPEAT the above two statements a lot


Oct 15 14:30:55 server.mydomain.com log[21712]: imap(pid 21731 user com.apple.calendarserver): Disconnected: Logged out bytes=68/817


SMTP Log shows some things though:

Oct 15 14:24:58 server.mydomain.com postfix/qmgr[21695]: AC28E8D9A9: from=<bounces+18368-a488-bailey=mydomain.com@messages.address.com>, size=27929, nrcpt=1 (queue active)

Oct 15 14:24:58 server.mydomain.com postfix/error[23139]: 667488EAA9: to=<bailey@mydomain.com>, relay=none, delay=21135, delays=21135/0.15/0/0.03, dsn=4.3.0, status=deferred (mail transport unavailable)

Oct 15 14:24:58 server.mydomain.com postfix/error[23142]: AC28E8D9A9: to=<bailey@mydomain.com>, relay=none, delay=33950, delays=33950/0.07/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)

Oct 15 14:24:58 server.mydomain.com postfix/error[23140]: 6ED788EAA5: to=<bailey@mydomain.com>, relay=none, delay=21143, delays=21143/0.11/0/0.02, dsn=4.3.0, status=deferred (mail transport unavailable)

Oct 15 14:29:58 server.mydomain.com mail_groups[23440]: initializing email group services

Oct 15 14:29:59 server.mydomain.com mail_groups[23440]: no enabled mail groups found

Oct 15 14:29:59 server.mydomain.com mail_groups[23440]: sleeping for: 1 hour(s)

Oct 15 14:34:58 server.mydomain.com postfix/qmgr[21695]: 1F6C98DB8A: from=<someone@anotheraddress.com>, size=17580, nrcpt=1 (queue active)

Oct 15 14:34:58 server.mydomain.com postfix/qmgr[21695]: warning: connect to transport private/smtp-amavis: Connection refused

Oct 15 14:34:58 server.mydomain.com postfix/error[23523]: 1F6C98DB8A: to=<bailey@mydomain.com>, relay=none, delay=33807, delays=33807/0.1/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)

Oct 15 14:37:29 server.mydomain.com postfix/smtpd[23565]: warning: hostname proxy.address.com does not resolve to address XX.XXX.XXX.XXX: nodename nor servname provided, or not known

Oct 15 14:37:29 server.mydomain.com postfix/smtpd[23565]: connect from unknown[XX.XXX.XXX.XXX]

Oct 15 14:37:33 server.mydomain.com postfix/smtpd[23565]: lost connection after EHLO from unknown[XX.XXX.XXX.XXX]

Oct 15 14:37:33 server.mydomain.com postfix/smtpd[23565]: disconnect from unknown[XX.XXX.XXX.XXX]

Oct 15, 2012 1:43 PM in response to Mark23

Do you get these errors? Do you think they could be related?


2012-10-15 4:31:17.839 PM com.apple.launchd[1]: (com.apple.collabd.expire[26444]) Exited with code: 1

2012-10-15 4:31:18.000 PM kernel[0]: Sandbox: sandboxd(26449) deny mach-lookup com.apple.coresymbolicationd

2012-10-15 4:31:19.405 PM sandboxd[26449]: ([26445]) collabpp(26445) deny file-read-metadata /private/var/teamsserver

2012-10-15 4:31:19.448 PM sandboxd[26449]: ([26445]) collabpp(26445) deny file-read-data /Library/Preferences/.GlobalPreferences.plist

2012-10-15 4:31:20.456 PM sandboxd[26449]: ([26445]) collabpp(26445) deny file-read-data /Library/Preferences/.GlobalPreferences.plist

2012-10-15 4:34:00.435 PM collabd[116]: [CSContentService:47 cd41000 +19ms] Detected Magic Superuser Auth Token


I'm not sure why there could be so many errors with a fresh install and the basic services set up. Maybe I didn't do it in the right order, but I was following the order of topics in the Apple admin guide.


Is there a recommended order to the initial set up that I should follow?


Thanks

Oct 15, 2012 6:20 PM in response to Mark23

Seems so, but I don't know what I'm looking for. Previously, I increased the size limit, but that's the only thing I've changed that I recognize in here.


I noticed entries for TLS. Is that required on the client side? I would have expected Profile Manager to set that all up when I issued the profiles.


Uncommented lines only:


queue_directory = /Library/Server/Mail/Data/spool


command_directory = /usr/sbin


daemon_directory = /usr/libexec/postfix


data_directory = /Library/Server/Mail/Data/mta


mail_owner = _postfix


unknown_local_recipient_reject_code = 550


debug_peer_level = 2


debugger_command =

PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

xxgdb $daemon_directory/$process_name $process_id & sleep 5


sendmail_path = /usr/sbin/sendmail


newaliases_path = /usr/bin/newaliases


mailq_path = /usr/bin/mailq


setgid_group = _postdrop


html_directory = /usr/share/doc/postfix/html


manpage_directory = /usr/share/man


sample_directory = /usr/share/doc/postfix/examples


readme_directory = /usr/share/doc/postfix


dovecot_destination_recipient_limit = 1


mailbox_size_limit = 0


smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL


tls_random_source = dev:/dev/urandom


imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred


use_sacl_cache = yes

mydomain_fallback = localhost

message_size_limit = 104857600

biff = no

mynetworks = 127.0.0.0/8, [::1]/128

smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit

recipient_delimiter = +

smtpd_tls_ciphers = medium

inet_protocols = all

inet_interfaces = all

config_directory = /Library/Server/Mail/Config/postfix

smtpd_enforce_tls = no

smtpd_use_pw_server = yes

relayhost =

smtpd_tls_cert_file = /etc/certificates/server.mydomain.com.3CFA895E35F8C6ABD1641E07CE2CE315EA908FE1. cert.pem

mydomain = mydomain.com

smtpd_pw_server_security_options = cram-md5,gssapi,login,plain

smtpd_sasl_auth_enable = yes

smtpd_helo_required = no

smtpd_tls_CAfile = /etc/certificates/server.mydomain.com.3CFA895E35F8C6ABD1641E07CE2CE315EA908FE1. chain.pem

content_filter =

smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit

header_checks =

myhostname = server.mydomain.com

smtpd_helo_restrictions =

smtpd_use_tls = yes

smtpd_tls_key_file = /etc/certificates/server.mydomain.com.3CFA895E35F8C6ABD1641E07CE2CE315EA908FE1. key.pem

enable_server_options = yes

recipient_canonical_maps = hash:/Library/Server/Mail/Config/postfix/system_user_maps

virtual_alias_maps = $virtual_maps

smtpd_sasl_local_domain = server.mydomain.com

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

mailbox_transport = dovecot

postscreen_dnsbl_sites =

maps_rbl_domains =

Oct 16, 2012 7:52 AM in response to OoO_Bailey_OoO

I tried resorting to the default and I tried retrofitting someone else's main.cf from another post, but SMTP still doesn't work in either case and IMAP only works with Cleartext.


At this point I think I have to start over and reinstall, but I'd like to find out an appropriate order of operations first.


Unfortunately, Lynda.com didn't do a Mountain Lion Server series so I can't get a subscription there and following the order of topics in the Apple documentation didn't work this time so I'm wondering if someone can point me to a good source of orderly information or tell me their approach.


Here's what I've gleaned from another post (thanks Martyin):


  1. initial Mountain Lion, then install and setup OSX Server (basic)
  2. Adjust and or Check! the DNS for correct operation, as it is the only service started after the basic installation.
    • Question: If I have an MX record at the registrar and a mail -> server.mydomain.com alias on the server, do I need an MX record on the server?
    • Breakdown for DNS records that I would set up. Please correct me if I'm wrong:
      • server. machine record
      • server. name server record (in primary and reverse zones)
      • www alias
      • mail alias
      • _carddav service as per Apple doc
      • _caldav service
      • _xmpp-client
      • _xmpp-server
      • reverse IP to server. mapping
  3. reallocate the Users Map / groups map and or server data location.

    Since I'm doing a new install, I'm not sure if this applies to my case

  4. Create the "missing" teamsserver map and give appropriate rights
    chown _teamsserver:teamsserver teamsserver

    I've noticed this error among many others in the standard install so this is a good time to correct it. Let me know if there are others that I can/should do.

  5. Configure the correct ports / port forwarding

    Question: Including typical Mail ports manually since there is no preset, right?

  6. Check if needed the Certs ( if needed cause you have a commercial one )
  7. Start the Profile Manager configuration (Without starting up the service, just configure)
  8. Check the logs after this
  9. Start Web server and Wiki and Messenger
  10. Start Profile manager
  11. Start rest of the services as needed
  12. After checking logs again and if everything seems ok, THEN start creating users and groups.


Is this an appropriate order? Is anything missing?


Thank you!

Oct 18, 2012 9:31 PM in response to OoO_Bailey_OoO

So I reinstalled following the procedure above and things are better except a couple of issues:


- I can send mail from my Mac but I can't send from the iPhone

- Profile Manager insists on setting up the Mail account with port 143 despite having SSL checked

- Profile Manager also insists on setting up anything with an email address as "@server.mydomain.com" instead of "@mydomain.com" (i.e. with the subdomain)

- I'm getting enormous amounts of mail log errors suddenly tonight

"Oct 18 22:38:51 server.mydomain.com postfix/postscreen[78873]: CONNECT from [173.9.0.233]:10239 to [10.0.1.50]:25

Oct 18 22:38:51 server.mydomain.com postfix/postscreen[78873]: PASS OLD [173.9.0.233]:10239

Oct 18 22:38:51 server.mydomain.com postfix/smtpd[78958]: connect from 173-9-1-233-newengland.hfc.comcastbusiness.net[173.9.0.233]

Oct 18 22:38:52 server.mydomain.com postfix/smtpd[78944]: error: authentication method: LOGIN is not enabled

Oct 18 22:38:52 server.mydomain.com postfix/smtpd[78944]: warning: 173-9-1-233-newengland.hfc.comcastbusiness.net[173.9.0.233]: SASL LOGIN authentication failed"


I don't recognize the IP address which suggests that someone is trying to get in via a brute force attack, but I have a feeling that maybe I have something set wrong. Even if I leave the Mail service off for an hour it comes back as soon as I start it up again.


I tried Icefloor to block the IP with pfctl, but ended up blocking port 25 instead. Mail is set to authenticate by SSL cert (not self-signed), Kerberos or MD5 only so I'm hoping that's good insurance.


What can I do to see if I have something set wrong? I don't really like the idea of having to permanently block port 25 when I never had to before, especially since I'm having send problems.

Cannot Get Mail Service to Receive or Send

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.