The first critical checkpoint is your MX record setup. While your configuration shows proper MX records pointing to mail.example.in, there's redundancy with the www subdomain MX record which should be removed. The clean DNS setup should be:
; Zone file excerpt
example.in. 300 IN A 123.123.3.11
mail.example.in. 300 IN A 123.123.3.11
example.in. 300 IN MX 10 mail.example.in.
Your netstat -nl output shows Postfix listening on all interfaces (0.0.0.0:25), but we need to verify the actual connectivity:
# Test SMTP connectivity from external host
telnet mail.example.in 25
# Should return your Postfix banner:
220 www.example.in ESMTP Postfix (Ubuntu)
Your main.cf shows several configuration issues:
# Problematic settings:
mydestination = $myhostname,localhost.$mydomain, localhost, $mydomain
# Should include mail.example.in:
mydestination = $myhostname, mail.example.in, localhost.$mydomain, localhost, $mydomain
# Security concern:
mynetworks_style = host
# Replace with explicit networks:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 123.123.3.11/32
For AWS EC2, ensure your security group allows inbound traffic on:
- TCP 25 (SMTP)
- TCP 587 (Submission)
- TCP 465 (SMTPS)
Check UFW rules if enabled:
sudo ufw allow 25/tcp
sudo ufw allow 587/tcp
sudo ufw allow 465/tcp
Enable verbose logging in /etc/postfix/main.cf:
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
Then monitor logs in real-time:
tail -f /var/log/mail.log
Use this Perl-based SMTP tester for comprehensive diagnostics:
swaks --to user@example.in --from tester@example.com --server mail.example.in
Many providers reject mail without proper authentication. Set up DKIM:
sudo apt install opendkim opendkim-tools
sudo mkdir -p /etc/opendkim/keys/example.in
sudo opendkim-genkey -D /etc/opendkim/keys/example.in/ -d example.in -s mail
sudo chown -R opendkim:opendkim /etc/opendkim
Add SPF record:
example.in. IN TXT "v=spf1 mx a:mail.example.in -all"
- Verify reverse DNS matches your domain
- Check for ISP blocking port 25 (common with residential IPs)
- Test with multiple email providers (Gmail, Outlook, etc.)
- Validate with MXToolbox or Mail-Tester.com
First, let's verify your DNS records. Your current configuration shows:
A mail.example.in 123.123.3.11 300
A example.in 123.123.3.11 300
MX example.in mail.example.in 300 10
MX www.example.in mail.example.in 300 10
The MX record for www.example.in is unnecessary and potentially problematic. Remove it and keep only:
MX example.in mail.example.in 300 10
Your main.cf has several issues that need addressing:
# Problematic settings:
myhostname = www.example.in # Should be mail.example.in
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain
# Recommended changes:
myhostname = mail.example.in
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.example.in
On AWS EC2, you need to ensure:
# Check security groups:
sudo ufw allow 25/tcp
sudo ufw allow 587/tcp
sudo ufw allow 465/tcp
From another server, test your SMTP connection:
telnet mail.example.in 25
EHLO example.com
MAIL FROM: <test@example.com>
RCPT TO: <youruser@example.in>
Enable detailed logging by editing /etc/postfix/main.cf:
debug_peer_level = 2
debug_peer_list = example.in
Then check logs with:
tail -f /var/log/mail.log
Add a TXT record to prevent email rejection:
example.in. IN TXT "v=spf1 a mx ip4:123.123.3.11 ~all"
Install and configure OpenDKIM:
sudo apt-get install opendkim opendkim-tools
sudo mkdir /etc/opendkim
sudo mkdir /etc/opendkim/keys
sudo chown -R opendkim:opendkim /etc/opendkim
sudo chmod go-rw /etc/opendkim/keys
After making changes, validate your configuration:
sudo postfix check
sudo postfix reload
sudo systemctl restart postfix