I have a newly installed Debian 8 server, created to replace an old postfix server running on Debian Lenny. I've installed and reconfigured as needed the following newer packages on the new server:
- postfix 2.11.3-1
dovecot 2.2.13-12~deb8u1
amavisd-new 2.10.1-2~deb8u1
spamassasin 3.4.0-6
clamav 0.99.2+dfsg-0+deb8u2
dkimproxy 1.4.1-3
What I cannot do is send to any user, local or external, from the server itself. This affects not just the console program 'mail', but also daily reports sent via scripts called in cron jobs. Attempts using 'mail' or via the script files trying to send to local accounts result in:
Code: Select all
status=deferred (delivery temporarily suspended: host 127.0.0.1[127.0.0.1] refused to talk to me: 421 Internal error (Next hop is down)) Code: Select all
mailbox_size_limit = 0
message_size_limit = 30000000
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = host.domain.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual
mynetworks = 10.0.0.0/8, 127.0.0.0/8
relay_domains =
virtual_alias_domains =
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
content_filter = smtp-amavis:[127.0.0.1]:10028
smtp-amavis_destination_concurrency_limit = 20
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_delay_reject = no
header_checks = regexp:/etc/postfix/header_checks.regexp
nested_header_checks =
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_unlisted_recipient,
check_client_access hash:/etc/postfix/GEN000_override,
check_client_access regexp:/etc/postfix/fqrdns.regexp,
check_helo_access hash:/etc/postfix/access,
check_helo_access regexp:/etc/postfix/helo_blacklist.regexp,
check_sender_access hash:/etc/postfix/blacklist,
check_sender_access regexp:/etc/postfix/sender_blacklist.regexp,
check_sender_mx_access cidr:/etc/postfix/mx_access.txt,
check_sender_access hash:/etc/postfix/bdwl
check_client_access hash:/etc/postfix/broken_helos,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
check_sender_access regexp:/etc/postfix/filter_10026_catchall,
permit_mynetworks,
reject_non_fqdn_hostname,
reject_non_fqdn_recipient,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/restricted,
reject_unknown_client,
reject_unknown_hostname,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
smtpd_data_restrictions =
reject_unauth_pipelining
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.1.5/samples
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
inet_protocols = ipv4 Code: Select all
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
-o content_filter=dkimsign:127.0.0.1:10026
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000 1 tlsmgr
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_sasl_auth_enable=yes
-o content_filter=dkimsign:[127.0.0.1]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_client_restrictions=permit_mynetworks,reject
dkimsign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
127.0.0.1:10028 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8Code: Select all
pickup fifo n - n 60 1 pickup
-o content_filter=dkimsign:127.0.0.1:10026...enables mail sent via 'mail' or cron jobs to be processed. However the problem does not exist with that line enabled on the original postfix (2.5.5-1.1+lenny1) server. Having inherited the old server, I'm not fully up to speed on what that line does, but the old server works and has been for years, so I don't want to blindly take the line out not knowing what I might break in the process.
Here is some of the output from netstat -tapn, showing that the server is listening on port 10026:
Code: Select all
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1/init
tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN 4404/postgrey.pid -
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 4731/amavisd-new (m
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 4699/master
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 4385/mysqld
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 4424/perl
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 4699/master
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 4442/perl
tcp 0 0 127.0.0.1:10028 0.0.0.0:* LISTEN 4699/master
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1/init
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3205/rpcbind Code: Select all
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 3649/postgrey.pid -
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 4254/dovecot
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 3504/amavisd (maste
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 4186/master
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 4098/perl
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 3573/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 4186/master
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 4106/perl
tcp 0 0 127.0.0.1:10028 0.0.0.0:* LISTEN 4186/master
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 4146/inetd
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 4254/dovecotWith the exception of the port for postgrey, I've made sure all of the 100xx ports match functions on both servers.
At this point I don't know where else to look. Please help if you can!