HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Postfix issue. Need help please. (http://www.howtoforge.com/forums/showthread.php?t=60456)

fr0stsp1re 6th February 2013 05:37

Postfix issue. Need help please.
 
Hello all,

I am a n00b here so please forgive me if I sound a bit n00bish on these questions.

So I recently gave Microsoft products the boot and discovered free open source. Recently I ran across ISPConfig (which is awesome work to whomever the compliments are owed.) I went ahead and followed the perfect server tutorial using Ubuntu 12.04 and Apache2.

Everything was working fine for about 30 days. One day out of the blue I was not able to receive any incoming mail.

I sent into my domain e mails from yahoo,gmail and windows live mail. All of them bounced with an error. This was the error in the bounce message:

554 5.7.1 <mail-pb0-f53.google.com[209.85.160.53]>: Client host rejected: Access denied

So I went into my master.cf and commented out smtpd_client_restrictions=permit from this part of the configuration

submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING

That seemed to allow incoming mail but then I started getting an unusual error from yahoo and microsofts web mail. The bounce message read:

Remote host said: 530 5.7.0 Must issue a STARTTLS command first [MAIL_FROM]

So upon doing some research the only answer I could find was to switch off TLS in the main.cf by adding another line.

That works. But randomly. SOme messages will get in, others will bounce. I am using only my yahoo account to test it. It seems gmail woks fine.

I have no idea what is going on. Checking the mail.log I dont see anything in there other than the same error messages that I am finding in the bounce e mail headers. Can anyone be of help?

Here is the output of postconf -n

alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = masterblaster.atomiccomputerservice.com, localhost, localhost.localdomain
myhostname = masterblaster.atomiccomputerservice.com
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
owner_request_special = no
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_message_rate_limit = 100
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = none
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = no
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1


Also I noticed that when I commented out the line in my master.cf I now get a unused parameter warning when I restart the service.

Thanks!

Oh yeah, I also checked to see if I was blacklisted and no my server and domain are not listed. DNS seems to resolve ok too. Dig shows proper MX record for my server.

fr0stsp1re 7th February 2013 23:47

Anyone have any ideas?

This is driving me batty. None of it makes sense as some mail gets in, others do not. I can send into my network 10 e mails from the same address and some will get in others will not so it is not a domain thing. tried gmail, yahoo, msn, aol. Same results with all of them.

falko 9th February 2013 08:42

Is there anything in the mail_access table in the ISPConfig database?

fr0stsp1re 9th February 2013 09:36

Quote:

Originally Posted by falko (Post 291784)
Is there anything in the mail_access table in the ISPConfig database?

The table is empty.

I set smtpd_tls_security_level to "may" and things seem to be working fine for the moment. However everything was running great and I did not have to change anything at all.

falko 9th February 2013 15:43

Quote:

Originally Posted by fr0stsp1re (Post 291793)
I set smtpd_tls_security_level to "may"

AFAIK, this is the default setting. Did you or anyone else modify it?

fr0stsp1re 11th February 2013 00:26

Quote:

Originally Posted by falko (Post 291799)
AFAIK, this is the default setting. Did you or anyone else modify it?

No I did not. Mine was set to encrypt by default. I figure it was forcing TLS on servers trying to connect. It would seem that some servers out there still are not using TLS by default. So I set that to "May" and things seem to be working fine now. Not seeing anything in mail.log that is rejecting anything now.

I don't quite understand the ins and outs TLS as well as I should so correct me if my above statement is wrong and my configuration should be set another way.


All times are GMT +2. The time now is 00:46.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.