Ok, I had followed the perfect setup for CentOs, and its been working great since setup. The problem started when I did some networking at home, and was forced to change the IP on the server. Ever since I changed the IP on the server, I have been unable to send emails, period!

I tried to recreate the SSL key and still no cigar. I will post all info below so that you can see exactly what is happening. Please advise.



Mail log:
Sep 1 08:52:26 3cwired postfix/qmgr[14213]: D7422D1861F: from=<>, size=6071, nrcpt=1 (queue active)
Sep 1 08:52:26 3cwired postfix/qmgr[14213]: D8FD4D18615: removed
Sep 1 08:52:27 3cwired postfix/pickup[14212]: 31432D1861D: uid=10004 from=<web6_xxxxx>
Sep 1 08:52:27 3cwired postfix/cleanup[14545]: 31432D1861D: message-id=<20060901125227.31432D1861D@3cwired.com>
Sep 1 08:52:27 3cwired postfix/qmgr[14213]: 31432D1861D: from=<web6_xxxxx@3cwired.com>, size=353, nrcpt=1 (queue active)
Sep 1 08:52:27 3cwired postfix/local[14561]: 31432D1861D: to=<admispconfig@localhost.localdomain>, relay=local, delay=0, status=sent (delivered to command: /usr/bin/procmail -f-)
Sep 1 08:52:27 3cwired postfix/qmgr[14213]: 31432D1861D: removed
Sep 1 08:52:28 3cwired postfix/local[14552]: D7422D1861F: to=<web6_xxxxx@3cwired.com>, orig_to=<brian@3cwired.com>, relay=local, delay=2, status=sent (delivered to command: /usr/bin/procmail -f-)
Sep 1 08:52:28 3cwired postfix/qmgr[14213]: D7422D1861F: removed
Sep 1 08:52:30 3cwired pop3-login: Login: web6_brian [::ffff:127.0.0.1]
Sep 1 08:52:41 3cwired pop3-login: Login: web6_brian [::ffff:127.0.0.1]
Sep 1 08:54:52 3cwired postfix/smtpd[14611]: unable to get certificate from '/etc/postfix/ssl/smtpd.crt'
Sep 1 08:54:52 3cwired postfix/smtpd[14611]: 14611:error:02001002:system library:fopen:No such file or directory:bss_file.c:259:fopen('/etc/postfix/ssl/smtpd.crt','r'):
Sep 1 08:54:52 3cwired postfix/smtpd[14611]: 14611:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
Sep 1 08:54:52 3cwired postfix/smtpd[14611]: 14611:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:758:
Sep 1 08:54:52 3cwired postfix/smtpd[14611]: TLS engine: cannot load RSA cert/key data
Sep 1 08:54:52 3cwired postfix/smtpd[14611]: connect from mail.corp.valueclick.com[216.34.207.14]
Sep 1 08:54:53 3cwired postfix/smtpd[14611]: B5241D18615: client=mail.corp.valueclick.com[216.34.207.14]
Sep 1 08:54:54 3cwired postfix/cleanup[14612]: B5241D18615: message-id=<AES459196.1008168.37205@mx5.cj.com>
Sep 1 08:54:54 3cwired postfix/qmgr[14213]: B5241D18615: from=<owner-membermessaging@mx5.cj.com>, size=11062, nrcpt=1 (queue active)
Sep 1 08:54:55 3cwired postfix/pickup[14212]: 2E3F0D1861F: uid=10004 from=<web6_xxxxx>
Sep 1 08:54:55 3cwired postfix/cleanup[14612]: 2E3F0D1861F: message-id=<20060901125454.2E3F0D1861F@3cwired.com>
Sep 1 08:54:55 3cwired postfix/qmgr[14213]: 2E3F0D1861F: from=<web6_xxxxx@3cwired.com>, size=354, nrcpt=1 (queue active)
Sep 1 08:54:55 3cwired postfix/local[14622]: 2E3F0D1861F: to=<admispconfig@localhost.localdomain>, relay=local, delay=1, status=sent (delivered to command: /usr/bin/procmail -f-)
Sep 1 08:54:55 3cwired postfix/qmgr[14213]: 2E3F0D1861F: removed
Sep 1 08:54:56 3cwired postfix/local[14613]: B5241D18615: to=<web6_xxxxx@3cwired.com>, orig_to=<webmaster@galants.org>, relay=local, delay=3, status=sent (delivered to command: /usr/bin/procmail -f-)
Sep 1 08:54:56 3cwired postfix/qmgr[14213]: B5241D18615: removed
Sep 1 08:55:00 3cwired postfix/smtpd[14611]: disconnect from mail.corp.valueclick.com[216.34.207.14]



my Main.cf file:

#soft_bounce = no

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

#default_privs = nobody

#myhostname = host.domain.tld
#myhostname = virtual.domain.tld

#mydomain = domain.tld

#myorigin = $myhostname
#myorigin = $mydomain

# RECEIVING MAIL

#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost

#proxy_interfaces =
#proxy_interfaces = 1.2.3.4

#mydestination = $myhostname, localhost.$mydomain, localhost
##mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
##mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# local_recipient_maps = (i.e. empty).
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =

# The unknown_local_recipient_reject_code specifies the SMTP server

unknown_local_recipient_reject_code = 550

#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host

#mynetworks = 192.168.1.1/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
relay_domains = $#mydestination

# INTERNET OR INTRANET

#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]

# REJECTING UNKNOWN RELAY USERS
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients

# INPUT RATE CONTROL
#in_flow_delay = 1s

# ADDRESS REWRITING
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases

#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

# ADDRESS EXTENSIONS (e.g., user+foo)

#recipient_delimiter = +

# DELIVERY TO MAILBOX

#home_mailbox = Mailbox
#home_mailbox = Maildir/

#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail


#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"

#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus

#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local

# JUNK MAIL CONTROLS
#header_checks = regexp:/etc/postfix/header_checks

# FAST ETRN SERVICE
#fast_flush_domains = $relay_domains

# SHOW SOFTWARE VERSION OR NOT
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

# PARALLEL DELIVERY TO THE SAME DESTINATION
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20

debug_peer_level = 2


#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain



# INSTALL-TIME CONFIGURATION INFORMATION
#
sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no

# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man

# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/share/doc/postfix-2.1.5/samples

# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
mailbox_command =

virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names
--------------------------------------------------------

Hopefully this is enough information.

Everything is configured properly through the router.
I am behind a linksys router, in a nat environment. It is on a DSL line, I do have port 25 available.

Also this is the error message I get, I am using the uebimiau webmail client:



Final-Recipient: rfc822; csmoovexxx@hotmail.com
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host mx1.hotmail.com[65.54.244.8] said: 550 Command
rejected for policy reasons. (in reply to MAIL FROM command)

--1AE26D1861D.1157121434/3cwired.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit

Received: from UebiMiau (3cwired.com [127.0.0.1])
by 3cwired.com (Postfix) with SMTP id 1AE26D1861D
for <csmoovexxx@hotmail.com>; Fri, 1 Sep 2006 10:27:28 -0400 (EDT)
Received: from client 192.168.1.135 for UebiMiau2.7 (webmail client); Fri, 1 Sep 2006 10:27:27 +0100
Date: Fri, 1 Sep 2006 10:27:27 +0100
From: "Brian Baxter" <xxx@3cwired.com>
To: "Brian" <csmoovexxx@hotmail.com>
Reply-To: "Brian Baxter" <xxx@3cwired.com>

Final-Recipient: rfc822; csmoovexxx@hotmail.com
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host mx1.hotmail.com[65.54.244.8] said: 550 Command
rejected for policy reasons. (in reply to MAIL FROM command)

I guess you're on a DSL line and/or use a dynamic IP address? Hotmail and some other big freemailers refuse to work with dynamic IP addresses. You should try relaying through your ISP's mail server: http://www.howtoforge.com/forums/showthread.php?t=72&highlight=relayhost

I will try that and see if it resolves the issue. I do however have a static IP address.

Thanks for the quick reply.

Ok I now am getting messages in postfix that are stuck in the queue, and not moving, and they have messages such as

Could not start TLS: client failure

and

delivery temporarily suspended: Could not start TLS: client failure

Any idea?

btw, It still doesn't work, with the addition of the smtp address.

Please post the output of:

netstat -tap

Is TLS activated (uncommented) in /etc/postfix/master.cf ?

Here is my output, sorry for being gone for so long, problem still persists though.



-bash-3.00# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address Stat e PID/Program name
tcp 0 0 *:mysql *:* LIST EN 2883/mysqld
tcp 0 0 *:sunrpc *:* LIST EN 2640/portmap
tcp 0 0 *:10000 *:* LIST EN 13969/perl
tcp 0 0 *:81 *:* LIST EN 3303/ispconfig_http
tcp 0 0 *:721 *:* LIST EN 2659/rpc.statd
tcp 0 0 *:ftp *:* LIST EN 31278/proftpd: (acc
tcp 0 0 3cwired.com:domain *:* LIST EN 3570/named
tcp 0 0 3cwired.com:domain *:* LIST EN 3570/named
tcp 0 0 *:smtp *:* LIST EN 31389/master
tcp 0 0 3cwired.com:rndc *:* LIST EN 3570/named
tcp 1 0 3cwired.com:46748 vhost.sourceforge.net:http CLOS E_WAIT 12672/upgrade.cgi
tcp 1 0 3cwired.com:10000 192.168.1.139:4503 CLOS E_WAIT 12672/upgrade.cgi
tcp 0 0 3cwired.com:46749 osdn.dl.sourceforge.ne:http ESTA BLISHED 12672/upgrade.cgi
tcp 0 0 *:imaps *:* LIST EN 2906/dovecot
tcp 0 0 *:pop3s *:* LIST EN 2906/dovecot
tcp 0 0 *:pop3 *:* LIST EN 2906/dovecot
tcp 0 0 *:imap *:* LIST EN 2906/dovecot
tcp 0 0 *:http *:* LIST EN 3403/httpd
tcp 0 0 *:ssh *:* LIST EN 2764/sshd
tcp 0 0 *:https *:* LIST EN 3403/httpd
tcp 0 0 3cwired.com:http pm81.internetseer.com:2593 TIME _WAIT -
tcp 0 0 3cwired.com:ssh ::ffff:192.168.1.139:2115 ESTA BLISHED 17845/0
tcp 0 0 3cwired.com:http DD-WRT:2113 TIME _WAIT -
tcp 0 0 3cwired.com:imap 3cwired.com:46964 TIME

Looks ok.
Any errors in your mail log?
Please check if you're blacklisted: http://www.mxtoolbox.com/blacklists.aspx

Ok, actually I reinstalled postfix again, and recreated the certificates... I almost rendered my server useless in the process when I was working on it by uninstalling a bunch of http/mail server related files by accident.

Nonetheless I reinstalled all successfully except for saslauth, and the mailserver has been working fine since then. (knock on wood)

I checked my status in the mxtoolbox, and noticed that I was on about 4-6 blacklists, I got all removed except for one, which I am still waiting on.

Thanks for the help, I will recheck my maillog and look for any suspicious errors.

By the way, do you thinks its important to have that saslauth installed?

By the way, do you thinks its important to have that saslauth installed?
Yes, or your server might get abused by spammers. :(

i just checked to see if my ip is blacklisted and unfortunatly i am on 11 because i currently have a dynamic IP address

Just start the process to removed yourself from the different lists, and you should be able to remove yourself from them rather quickly and easily.

could spend the time and request that my IP be un-blacklisted from all 11 or could just get a static IP address :)

The possibility a dynamic IP get's removed from block lists is highly UN-likely. For myself, I block dynamic IP's right at the MTA level and I never look back. There are way too many zombies nowadays.

Getting a proper fixed IP on a home line is rather unlikely. In NL, poroviders say you get a static address, but that still is in the dynamic range, so no luck. Might differ in other countries though. Servers in approved datacenters normally get a real fixed IP, which are worldwide recognized as static.

out here in Canada, well saskatchewan if you want to narrow it down to ISPs we can request a static IP address but it will cost a bit more for the internet like $30cad more then the regular internet with a dynamic IP and well, i cant afford an extra $30 ontop of what i pay for bills

Perhaps you can configure postfix to use your ISP mailserver as a relay? That's the most common 'trick' to avoid sending mail from dynamic IP's. Receivers will then see the mailserver of the ISP as the sender and your mail will not be blocked (unless your ISP is on blacklists :cool: )

Perhaps you can configure postfix to use your ISP mailserver as a relay?
I've written a howto about it: http://www.howtoforge.com/postfix_relaying_through_another_mailserver :)