HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   can't receive mail from outgoing postfix (http://www.howtoforge.com/forums/showthread.php?t=28148)

nmy 25th October 2008 15:19

can't receive mail from outgoing postfix
 
hello there,

I can't receive mail from outgoing

so here's my config

foo.bar is connected to the network on eth1 ,and eth2 give net to other lan computer

I have config a mail server on bar.local

I can send mail internal,external but didn't receive outgoing mail

here's a nmap localhost
Quote:

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
113/tcp open auth
143/tcp open imap
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
nmap to foo.com
Quote:

22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
113/tcp open auth
139/tcp open netbios-ssn
445/tcp open microsoft-ds
548/tcp open afpovertcp
704/tcp open elcsd
901/tcp open samba-swat
2049/tcp open nfs
my postfix/main.cf
Quote:

myhostname = mail.foo.com
mydomain = foo.com
myorigin = $mydomain
#relayhost = [smtp.tvcablenet.be]
mynetworks = 127.0.0.0/8, 192.168.1.165

2bounce_notice_recipient = postmaster
bounce_notice_recipient = postmaster
bounce_service_name = bounce
double_bounce_sender = double-bounce
error_notice_recipient = postmaster
show_user_unknown_table_name = no

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
inet_interfaces = all

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq

# Checks on content. PLEASE READ
# header_checks will get rid of any X-DSPAM header signature it finds on incoming emails
# header_checks will only be used on the incoming interface under master.cf
# If you set it here, it will be used system-wide, even on the reinjection interface (localhost:10026)
# It means it would drop OUR X-DSPAM headers. We do not want that if we want DSPAM to work.
#header_checks = regexp:/etc/postfix/header_checks
# keep nested_header_checks empty or postfix could get rid of our X-DSPAM headers
# when emails are forwarded for retraining DSPAM
nested_header_checks =
# This will check for any sensitive file type (zip, exe, etc.). Will automatically reject any incoming mail
# with such files
mime_header_checks = regexp:/etc/postfix/mime_checks

smtpd_banner = Server $myhostname ESMTP
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
delay_warning_time = 1h
# unless you want custom bounce messages
#bounce_template_file = /etc/postfix/bounce.cf

# message_size_limit : email size allowed by Postfix (here, around 40 MB)
message_size_limit = 40971520
# mailbox_size_limit only applies to local mailboxes.
# we do NOT use local mailboxes but still set it *just in case*
mailbox_size_limit = 1048576000
# The minimal amount of free space in bytes in the queue file system that is needed to receive mail (around 150 Mb here)
queue_minfree = 150000000

setgid_group = postdrop
mail_owner = postfix
notify_classes = resource,software

disable_vrfy_command = yes
smtpd_helo_required = yes
biff = no

smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = 5
smtpd_soft_error_limit = 2

default_process_limit = 50

anvil_rate_time_unit = 60s
anvil_status_update_time = 600s

append_at_myorigin = yes
append_dot_mydomain = no

# Client restrictions : which clients postfix will accept in SMTP connections
# Allowing LAN users, SASL authenticated users# Else, RBL checks against the client. If client is listed, the SMTP connection is discarded and is not going to the next step (MAIL FROM).
smtpd_client_restrictions =
permit_mynetworks
# permit_sasl_authenticated required, without that, the remote client would be checked against the RBL
# If listed in the RBL, your trusted client would not be able to send using SMTP AUTH !
permit_sasl_authenticated
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client list.dsbl.org

# Sender restrictions : what postfix will accept in MAIL FROM command
# Reject non FQDN email address from senders (as required by the RFC)
smtpd_sender_restrictions =
reject_non_fqdn_sender

# Recipient restrictions : what postfix will accept in the RCPT TO command
# Relay : will allow users on the LAN, SASL authenticated users.
# Will reject anything else unless "RCPT TO" matches relay_domains or Postfix is the final destination
smtpd_recipient_restrictions =
permit_mynetworks
# allow SMTP authenticated users
permit_sasl_authenticated
reject_unauth_destination

# The following is needed for any setting that uses the proxy:mysql scheme
proxy_read_maps =
$virtual_alias_maps
$virtual_mailbox_maps
$virtual_mailbox_domains
$virtual_mailbox_limit_maps

# MySQL + virtual mailboxes + quota
virtual_mailbox_base = /var/spool/maildirs
virtual_mailbox_maps = proxy:mysql:/etc/postfix/vmailsql/vmailbox
virtual_mailbox_domains = proxy:mysql:/etc/postfix/vmailsql/vdomain
virtual_alias_maps = proxy:mysql:/etc/postfix/vmailsql/valias
# transport_maps used for autoreply/vacation system and DSPAM retrain
# virtual_transport for regular virtual domains
transport_maps = hash:/etc/postfix/transport
virtual_transport = virtual
# IMPORTANT uid and gid 1001 = vmail
virtual_minimum_uid = 1001
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
local_recipient_maps = $virtual_mailbox_maps
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
# virtual_mailbox_limit is the very maximum quota the system should allow (here around 1 Gb)
virtual_mailbox_limit = 1048576000
# virtual_mailbox_limit_maps will check the actual quota for the mailbox
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/vmailsql/quota
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "This account is over quota"
virtual_overquota_bounce = yes

# SMTP AUTH
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

# Postfix TLS
# Always put "smtpd_tls_auth_only = yes" on smtps interface in master.cf
smtpd_tls_auth_only = no
# smtp_use_tls = no : the server won't establish a TLS connection with remote servers offering STARTTLS
smtp_use_tls = yes
# smtpd_use_tls = no : doesn't offer STARTTLS to remote servers
smtpd_use_tls = yes
# smtp_tls_note_starttls_offer : if set to yes, will log the STARTTLS offer made to remote servers
smtp_tls_note_starttls_offer = no
smtpd_tls_cert_file = /etc/ssl/foo.com/smtp/smtp-cert.pem
smtpd_tls_key_file = /etc/ssl/foo.com/smtp/smtp-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# We do NOT deliver emails to local users in this set up, leave this blank
alias_database =
alias_maps =
and here's postfix/master.cf
Quote:

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
-o content_filter=lmtp:unix:/var/run/dspam/dspam.sock
-o header_checks=regexp:/etc/postfix/header_checks
#smtp inet n - n - - smtpd
# -o content_filter=signature
# SMTPS only available for remote users using SMTP AUTH
smtps inet n - n - 10 smtpd
-o content_filter=signature
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes
-o smtpd_helo_restrictions=permit_mynetworks,reject_n on_fqdn_hostname
-o smtpd_client_connection_count_limit=5
-o smtpd_client_connection_rate_limit=5
# DSPAM will reinject emails into Postfix using this interface, will then pipe the reinjected email into procmail check (clamassassin)
localhost:10026 inet n - n - - smtpd
-o content_filter=procmail
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# Procmail for virus scan
# For flags meaning, see "man 8 pipe"
procmail unix - n n - 10 pipe
flags=Rq user=filter argv=/usr/bin/procmail -Y -m /etc/postfix/procmail/master.rc ${sender} ${recipient}
# Signature/Disclaimer
signature unix - n n - - pipe
flags=Rq user=filter argv=/etc/postfix/signature/disclaimer.sh -f ${sender} -- ${recipient}
# DSPAM Retrain (do not forget to edit /etc/postfix/transport)
dspam-retrain unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam-retrain $nexthop $sender $recipient
# Autoreply
vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
netstat -tap
Quote:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 18005/dovecot
tcp 0 0 *:pop3s *:* LISTEN 18005/dovecot
tcp 0 0 localhost:10026 *:* LISTEN 28217/master
tcp 0 0 localhost:mysql *:* LISTEN 27449/mysqld
tcp 0 0 *:pop3 *:* LISTEN 18005/dovecot
tcp 0 0 *:imap2 *:* LISTEN 18005/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1960/portmap
tcp 0 0 *:ssmtp *:* LISTEN 28217/master
tcp 0 0 *:auth *:* LISTEN 2446/inetd
tcp 0 0 *:smtp *:* LISTEN 28217/master
tcp 0 0 *:43804 *:* LISTEN 2489/rpc.statd
tcp 0 0 mail.fovideo.be:imap2 82-212-178-139.te:59113 ESTABLISHED28232/imap
tcp6 0 0 *:www *:* LISTEN 27211/apache2
tcp6 0 0 *:ssh *:* LISTEN 2470/sshd
on the foo.com I have iptables rules like this..
Quote:

:PREROUTING ACCEPT [1:90]
:POSTROUTING ACCEPT [1:78]
:OUTPUT ACCEPT [2:154]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 465 -j DNAT --to-destination 192.168.1.165:465
-A PREROUTING -i eth1 -p tcp -m tcp --dport 995 -j DNAT --to-destination 192.168.1.165:995
-A PREROUTING -i eth1 -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.1.165:993
-A PREROUTING -i eth1 -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.1.165:110
-A PREROUTING -i eth1 -p tcp -m tcp --dport 143 -j DNAT --to-destination 192.168.1.165:143
-A PREROUTING -i eth1 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.165:25
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
someone have an idea?

when I try to send a message from another network server with telnet i have this error in the log

status=deferred (delivery temporarily suspended: connect to mx.fovideo.be[85.201.16.211]: Connection timed out)

marpada 26th October 2008 00:32

Check fw in postifx server so as to make sure port 25 is open.
________
Vapir Genie Vaporizer
________
Ship sale

nmy 26th October 2008 08:56

I don't have any firewall on machine not fw in foo.com and not on the local

falko 26th October 2008 14:59

Please make sure that your ISP doesn't block port 25.

nmy 26th October 2008 15:04

I have cheked that and sure my isp block de port 25 so I have use rollernet.us to redirect smtp to another port like 26


All times are GMT +2. The time now is 05:25.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.