Postfix mail is held in queue indefinitely...

[squallbsr]

I am running Debian 3.1 on a VMS From TekTonic Hosting.

I installed Postfix, SASL, Courier-IMAP(-SSL), MySQL from this howto: http://www.howtoforge.com/virtual_po..._quota_courier

Postfix 2.1.5

I have gotten the SMTP server authenticating, accepting mail from clients, delivering it to other email servers, but when the mail is destined for the local machine, it just sits in queue. Postfix is successfully chrooted and all authentication is working fine, I do not want to remove it from the chroot, so I cannot remove the proxy:mysql:... entries from the main.cf file. I cannot change those entries to just mysql:... because it breaks the SASL authentication (even when postfix has been removed from chroot mode in master.cf).

Here is a snapshot of my log - which starts with a test email from my personal domain to <username>@hidesato.com.

Code:

Jan 11 22:08:22 mail postfix/smtpd[7407]: connect from cpe-x-x-x-x.satx.res.rr.com[x.x.x.x]
Jan 11 22:08:22 mail postfix/smtpd[7407]: D62AD4832496: client=cpe-xxx-xxx-xxx-xxx.satx.res.rr.com[x.x.x.x], sasl_method=PLAIN, sasl_username=<username>@hidesato.com
Jan 11 22:08:23 mail postfix/cleanup[7423]: D62AD4832496: message-id=<43C5C841.4050103@hidesato.com>
Jan 11 22:08:23 mail postfix/qmgr[5834]: D62AD4832496: from=<username@hidesato.com>, size=568, nrcpt=1 (queue active)
Jan 11 22:08:23 mail postfix/smtpd[7407]: disconnect from cpe-x-x-x-x.satx.res.rr.com[x.x.x.x]
Jan 11 22:08:42 mail postfix/virtual[7798]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
Jan 11 22:08:43 mail postfix/master[5830]: warning: process /usr/lib/postfix/virtual pid 7798 exit status 1
Jan 11 22:08:43 mail postfix/master[5830]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling

My guess is that this is related to the delivery to Maildir under the username vmail, in order to get the IMAP client to connect to the server I had to manually do a maildirmake /home/vmail/<username>. After those directories existed, the IMAP client (thunderbird) connected just fine - but all my mail is stuck in queue.

Code:

mail:/usr/src# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
D62AD4832496*     568 Wed Jan 11 22:08:22  <username>@hidesato.com
                                         <username>@hidesato.com

-- 0 Kbytes in 1 Request.

I really would like to get the mail delivery working, thats the last thing to fix and I can get my email up and going on this new host. Any help would be appreciated. I followed the tutorial very closely, I did change all the references to 127.0.0.1 to localhost in the mysql files because for some reason the loopback ip address wasn't working. I can provide more information if needed of course.

[falko]

Did you run this command, as described in the tutorial:

Code:

postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'

Quote:

Originally Posted by squallbsr

I really would like to get the mail delivery working, thats the last thing to fix and I can get my email up and going on this new host. Any help would be appreciated. I followed the tutorial very closely, I did change all the references to 127.0.0.1 to localhost in the mysql files because for some reason the loopback ip address wasn't working. I can provide more information if needed of course.

What's in /etc/hosts? Also post the output of

Code:

ifconfig

[squallbsr]

Here is the info requested...
I'm in a hurry so here is a big copy/paste with that info

Code:

mail:~# cat /etc/hosts
127.0.0.1  localhost localhost.localdomain
<my-ip> mail.hidesato.com mail
mail:~# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:7881716 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7881716 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1815973554 (1.6 GiB)  TX bytes:1815973554 (1.6 GiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-FF-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:173754 errors:0 dropped:0 overruns:0 frame:0
          TX packets:143919 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:82388623 (78.5 MiB)  TX bytes:24854901 (23.7 MiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-FF-FF-FF-FF-00-00-00-00-00-00-00-00-00-00
          inet addr:<my-ip>  P-t-P:<my-ip>  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

mail:~# postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'

mail:~# /etc/init.d/postfix restart
Stopping mail transport agent: Postfix.
Starting mail transport agent: Postfix.

mail:~# postqueue -f

mail:~# sleep 30 && mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
C231E48324EA*     487 Thu Jan 12 00:00:04  root@mail.hidesato.com
                                         postmaster@hidesato.com

D62AD4832496*     568 Wed Jan 11 22:08:22  <username>@hidesato.com
                                         <username>@hidesato.com

-- 1 Kbytes in 2 Requests.

[falko]

Is this a virtual server?

Anyway, after you've run the postconf command and restarted Postfix, has Postfix delivered the mails in the queue?

[squallbsr]

Yes, this is a virtual server, no the emails have not gone through.

[falko]

What's in the mail log now?
Please post /etc/postfix/main.cf here.

[squallbsr]

Here is the same thing repeated over and over in the mail log...

Code:

Jan 12 21:58:41 mail postfix/virtual[3077]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
Jan 12 21:58:42 mail postfix/master[22249]: warning: process /usr/lib/postfix/virtual pid 3077 exit status 1
Jan 12 21:58:42 mail postfix/master[22249]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling

Here is main.cf

Code:

mail:~# cat /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = mail.hidesato.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
unknown_local_recipient_reject_code = 450
mail:~#

Keep in mind that mail works just fine when it goes to another server, the mail client will logonto smtp-tls (mail.hidesato.com) and send the email to the correct server (i.e. hotmail.com). I don't have refused connections, it just cannot deliver local mail. /me scratches head

[falko]

Have you tried to remove all the proxy: strings in /etc/postfix/main.cf (restart Postfix afterwards)?

[squallbsr]

I remove the proxy: from proxy:mysql:...

Mail still sits in queue. smtp is still chrooted, IMAP-SSL still works fine, SMTP to other mail servers works fine. For some reason it just cannot deliver the mail to one of the MailDir's under /home/vmail (i.e. /home/vmail/hidesato.com/<username>/ OR /home/vmail/mail.hidesato.com/test/)

I would imagine that the proxy items need to be there because of the chroot and not being able to read config from the /etc/postfix directory.

The postfix documentation is confusing because in places talking about virtual hosts and storing all the accounts under one unix account is allowed and can be mapped. But other places talking about the virtual hosts having no privileges on the filesystem and being unable to write to any files. I wish the error messages would lead me to a more conclusive answer...

[falko]

Quote:

Originally Posted by squallbsr

I would imagine that the proxy items need to be there because of the chroot and not being able to read config from the /etc/postfix directory.

No, that's just a performance tuning. If you use proxy, then there's only one MYSQL connection open which is used by all Postfix processes. If you don't use proxy, then every Postfix process which needs to access the database opens a new connection.