Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Issue with postfix on Debian 11

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
sebmax
Posts: 1
Joined: 2022-08-28 12:05

Issue with postfix on Debian 11

#1 Post by sebmax »

I try to configure mail server on my debian 11
No issue with connection, i can connect (from Thunderbird) to my mail server but can't send or receive any message
I try a lot of differents settings...
Check every log but no utile informations

Here is my syslog

Code: Select all

Aug 28 11:50:13 webmail postfix/proxymap[2692]: name_mask: all
Aug 28 11:50:13 webmail postfix/proxymap[2692]: inet_addr_local: configured 3 IPv4 addresses
Aug 28 11:50:13 webmail postfix/proxymap[2692]: inet_addr_local: configured 2 IPv6 addresses
Aug 28 11:50:13 webmail postfix/proxymap[2692]: process generation: 13 (13)
Aug 28 11:50:13 webmail postfix/proxymap[2692]: whitelisting mysql:/etc/postfix/mysql-virtual-alias-maps.cf from proxy_read_maps
Aug 28 11:50:13 webmail postfix/proxymap[2692]: whitelisting mysql:/etc/postfix/mysql-virtual-email2email.cf from proxy_read_maps
Aug 28 11:50:13 webmail postfix/proxymap[2692]: whitelisting mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf from proxy_read_maps
Aug 28 11:50:13 webmail postfix/proxymap[2692]: whitelisting mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf from proxy_read_maps
Aug 28 11:50:13 webmail postfix/smtpd[2648]: warning: private/proxymap socket: service dict_proxy_open: Connection reset by peer
Aug 28 11:50:13 webmail postfix/smtpd[2648]: proxymap stream disconnect
Aug 28 11:50:13 webmail postfix/master[2639]: warning: process /usr/lib/postfix/sbin/proxymap pid 2692 killed by signal 11
Aug 28 11:50:13 webmail postfix/master[2639]: warning: /usr/lib/postfix/sbin/proxymap: bad command startup -- throttling
Aug 28 11:50:14 webmail postfix/smtpd[2648]: connect to subsystem private/proxymap
Aug 28 11:50:14 webmail postfix/smtpd[2648]: send attr request = open
Aug 28 11:50:14 webmail postfix/smtpd[2648]: send attr table = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
Aug 28 11:50:14 webmail postfix/smtpd[2648]: send attr flags = 0
i got this proxymap reset by peer when i try this command :
`/usr/sbin/sendmail -bv test@yopmail.com`


here is my postfix main.cf conf

Code: Select all

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/webmail.bellamagus.fr/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/webmail.bellamagus.fr/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous

# Authentication
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

# Restrictions
smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unlisted_recipient,
        reject_unauth_destination
smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain
smtpd_relay_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        defer_unauth_destination

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = webmail.bellamagus.fr
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain =bellamagus.fr
myorigin = $mydomain
mydestination = localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
local_recipient_maps =
# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp

# Virtual domains, users, and aliases
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
        proxy:mysql:/etc/postfix/mysql-virtual-email2email.cf

virtual_minimum_uid=100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

# Even more Restrictions and MTA params
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
#smtpd_etrn_restrictions = reject
#smtpd_reject_unlisted_sender = yes
#smtpd_reject_unlisted_recipient = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
#smtpd_hard_error_limit = 1
smtpd_timeout = 30s
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtpd_recipient_limit = 40
minimal_backoff_time = 180s
maximal_backoff_time = 3h

# Reply Rejection Codes
invalid_hostname_reject_code = 550
non_fqdn_reject_code = 550
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
home_mailbox = /home/vmail

And my master.cf

Code: Select all

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
#submission inet n       -       y       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       y       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
anyway i try to purge/reinstall postfix with same result so i suspect it's something else...


When i execute : telnet 127.0.0.1 25

Code: Select all

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
But it doesn't show me smtpd_banner which contains myhostname and should be correct as it's reverse DNS too (ptr record)
and when i ehlo mydomain it doesn't answers anything


But postfix seems to listen as
ss -tlnp

Code: Select all

State                     Recv-Q                    Send-Q                                       Local Address:Port                                         Peer Address:Port                    Process
LISTEN                    70                        100                                                0.0.0.0:25                                                0.0.0.0:*                        users:(("smtpd",pid=28386,fd=6),("master",pid=28382,fd=13))
LISTEN                    0                         100                                                   [::]:25                                                   [::]:*                        users:(("smtpd",pid=28386,fd=7),("master",pid=28382,fd=14))
just noticed that Recv-Q field increase (value 70 when i execute command but few minutes after it's 101)

Then when i try a postqueue -p
i got this : (with debug)

Code: Select all

Aug 28 11:47:29 webmail postfix/showq[2676]: name_mask: all
Aug 28 11:47:29 webmail postfix/showq[2676]: inet_addr_local: configured 3 IPv4 addresses
Aug 28 11:47:29 webmail postfix/showq[2676]: inet_addr_local: configured 2 IPv6 addresses
Aug 28 11:47:29 webmail postfix/showq[2676]: process generation: 6 (6)
Aug 28 11:47:29 webmail postfix/postqueue[2675]: fatal: malformed showq server response
I don't know where to check now so i come for help ! :)

Post Reply