Email Troubleshooting

I’m trying to get email working and could use some help from someone smarter than me.

Here’s the error:

[tankie.tube:443] 2024-03-13 16:45:09.217 error: connect ECONNREFUSED ::1:587 {
  "component": "smtp-connection",
  "sid": "nfxW2nyW934"
}
[tankie.tube:443] 2024-03-13 16:45:09.230 error: Failed to connect to SMTP localhost:587. {
  "err": {
    "stack": "Error: connect ECONNREFUSED ::1:587\n    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1605:16)",
    "message": "connect ECONNREFUSED ::1:587",
    "errno": -111,
    "code": "ESOCKET",
    "syscall": "connect",
    "address": "::1",
    "port": 587,
    "command": "CONN"
  }
}

config/production.yaml:

smtp:
  transport: smtp
  sendmail: null
  hostname: localhost
  port: 587
  username: 'noreply'
  password: ${password_of_the_noreply_user}
  tls: false
  disable_starttls: true
  from_address: 'noreply@tankie.tube'

I’m using postfix as my mail transfer agent.

/etc/postfix/main.cf:

alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/bin
compatibility_level = 3.8
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5
debug_peer_level = 2
html_directory = no
inet_interfaces = loopback-only
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
milter_default_action = accept
mydomain = tankie.tube
myhostname = tankie.tube
myorigin = tankie.tube
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = $smtpd_milters
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /etc/postfix
sendmail_path = /usr/bin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtpd_milters = inet:localhost:8891
unknown_local_recipient_reject_code = 550

/etc/postfix/master.cf:

anvil                 unix  -       -       n       -       1       anvil
bounce                unix  -       -       n       -       0       bounce
cleanup               unix  n       -       n       -       0       cleanup
defer                 unix  -       -       n       -       0       bounce
discard               unix  -       -       n       -       -       discard
error                 unix  -       -       n       -       -       error
flush                 unix  n       -       n       1000?   0       flush
lmtp                  unix  -       -       n       -       -       lmtp
local                 unix  -       n       n       -       -       local
pickup                unix  n       -       n       60      1       pickup
postlog               unix-dgram n  -       n       -       1       postlogd
proxymap              unix  -       -       n       -       -       proxymap
proxywrite            unix  -       -       n       -       1       proxymap
qmgr                  unix  n       -       n       300     1       qmgr
relay                 unix  -       -       n       -       -       smtp
        -o syslog_name=postfix/$service_name
retry                 unix  -       -       n       -       -       error
rewrite               unix  -       -       n       -       -       trivial-rewrite
scache                unix  -       -       n       -       1       scache
showq                 unix  n       -       n       -       -       showq
smtp                  inet  n       -       n       -       -       smtpd
smtp                  unix  -       -       n       -       -       smtp
127.0.0.1:submissions inet  n       -       n       -       -       smtpd
tlsmgr                unix  -       -       n       1000?   1       tlsmgr
trace                 unix  -       -       n       -       0       bounce
verify                unix  -       -       n       -       1       verify
virtual               unix  -       n       n       -       -       virtual

Maybe port 25?

No luck.

[tankie.tube:443] 2024-03-13 18:29:59.291 error: connect ECONNREFUSED ::1:25 {
  "component": "smtp-connection",
  "sid": "wBH0VkaHfrc"
}
[tankie.tube:443] 2024-03-13 18:29:59.294 error: Failed to connect to SMTP localhost:25. {
  "err": {
    "stack": "Error: connect ECONNREFUSED ::1:25\n    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1605:16)",
    "message": "connect ECONNREFUSED ::1:25",
    "errno": -111,
    "code": "ESOCKET",
    "syscall": "connect",
    "address": "::1",
    "port": 25,
    "command": "CONN"
  }
}

Is this part of my firewall relevant?

## Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

Port 587 is usually for STARTTLS, so set tls: to true and disable_starttls to false.

Port 587 is usually for STARTTLS, so set tls: to true and disable_starttls to false.

No luck. I’ve also tried port 465 (with both my original tls settings and the one that you suggested).

smtp.username and smtp.password correspond to a user of the operating system appearing in /etc/passwd; is that correct?

I changed smtp.hostname of my original settings from localhost to 127.0.0.1 and now it works!

Weird because I have this line in /etc/hosts:

127.0.0.1       localhost

Peertube is saying it’s sent but I’m not receiving any of my test emails.

I already have DMARC set up so that it passes this utility https://www.learndmarc.com

Edit: I found the problem inside postfix’s log:

host mail.protonmail.ch said: 554 5.7.1 rejected by rspamd filter (in reply to end of DATA command)

Edit2: I’m trying to setup an rDNS PTR record in case that’s the issue.

Oh, of course, i should have thought of it… NodeJS >= 18 changed the way localhost is resolved… Now it uses IPv6 ::1 by default. So, indeed, if your SMTP server only listen on IPv4, you have to set 127.0.0.1.

(this NodeJS change messed up a lot of thing…)

Thanks for the explanation! In that case I probably also could have made it work by adding ipv6 to the inet_protocols line of /etc/postfix/main.cf.

Reverse DNS is properly configured and my outgoing emails are still getting stopped by rspamd. I’m out of ideas now. At think point I’m content to live without functioning email on my instance. Fixing it would just be a pleasant bonus.

To recap:

• PeerTube is working properly.
• Postfix is working properly.

My domain has these TXT records:

1. A sender policy framekwork v=spf1 ip4:84.54.51.139 ~all
2. A DKIM public key called tankiemail._domainkey set to v=DKIM1; k=rsa; s=email; p=<long-string>
3. _dmarc set to v=DMARC1; p=quarantine

Also the rDNS for 84.54.51.139 resolves to tankie.tube.

Thanks for explaining this issue.

Does rspamd give a reason for the blocking?
Usually antispam softwares are adding header with a human-readable message explaining why it was considered as spam.

Does rspamd give a reason for the blocking?

I’ve checked the systemd log for postfix and my mailboxes at /var/spool/mail and I couldn’t find any details more than error code 554 5.7.1. I’m not sure if there are other logs.

I’ve discovered that emails are successfully delivered to my gmail address (status=sent instead of status=bounced). It ends up in the spam box.

I tested my domain at mxtoolbox.com and it said my domain is on 5 blacklists (out of 92).

Checking tankie.tube which resolves to 84.54.51.139 against 92 known blacklists…
Listed 5 times with 1 timeouts

If my IP address is blacklisted then I suposed I’m SOL.

Edit: Research tells me I could use a relay mail server. Is that possible with PeerTube? This is all new to me.

Edit2: Gmail says my email is unencrypted. Maybe that’s the problem: I need to enable TLS.

Check the headers of the mail in the spam box. Usually antispam tools are adding some headers with a human readable message.

Peertube can connect to any smtp server. So, for example, if your registrar gives you free mail accounts with your domain, you can create a dedicated mailbox, and connect to it.