Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 25th October 2008, 15:19
nmy nmy is offline
Junior Member
 
Join Date: May 2008
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default can't receive mail from outgoing postfix

hello there,

I can't receive mail from outgoing

so here's my config

foo.bar is connected to the network on eth1 ,and eth2 give net to other lan computer

I have config a mail server on bar.local

I can send mail internal,external but didn't receive outgoing mail

here's a nmap localhost
Quote:
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
113/tcp open auth
143/tcp open imap
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
nmap to foo.com
Quote:
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
113/tcp open auth
139/tcp open netbios-ssn
445/tcp open microsoft-ds
548/tcp open afpovertcp
704/tcp open elcsd
901/tcp open samba-swat
2049/tcp open nfs
my postfix/main.cf
Quote:
myhostname = mail.foo.com
mydomain = foo.com
myorigin = $mydomain
#relayhost = [smtp.tvcablenet.be]
mynetworks = 127.0.0.0/8, 192.168.1.165

2bounce_notice_recipient = postmaster
bounce_notice_recipient = postmaster
bounce_service_name = bounce
double_bounce_sender = double-bounce
error_notice_recipient = postmaster
show_user_unknown_table_name = no

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
inet_interfaces = all

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq

# Checks on content. PLEASE READ
# header_checks will get rid of any X-DSPAM header signature it finds on incoming emails
# header_checks will only be used on the incoming interface under master.cf
# If you set it here, it will be used system-wide, even on the reinjection interface (localhost:10026)
# It means it would drop OUR X-DSPAM headers. We do not want that if we want DSPAM to work.
#header_checks = regexp:/etc/postfix/header_checks
# keep nested_header_checks empty or postfix could get rid of our X-DSPAM headers
# when emails are forwarded for retraining DSPAM
nested_header_checks =
# This will check for any sensitive file type (zip, exe, etc.). Will automatically reject any incoming mail
# with such files
mime_header_checks = regexp:/etc/postfix/mime_checks

smtpd_banner = Server $myhostname ESMTP
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
delay_warning_time = 1h
# unless you want custom bounce messages
#bounce_template_file = /etc/postfix/bounce.cf

# message_size_limit : email size allowed by Postfix (here, around 40 MB)
message_size_limit = 40971520
# mailbox_size_limit only applies to local mailboxes.
# we do NOT use local mailboxes but still set it *just in case*
mailbox_size_limit = 1048576000
# The minimal amount of free space in bytes in the queue file system that is needed to receive mail (around 150 Mb here)
queue_minfree = 150000000

setgid_group = postdrop
mail_owner = postfix
notify_classes = resource,software

disable_vrfy_command = yes
smtpd_helo_required = yes
biff = no

smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = 5
smtpd_soft_error_limit = 2

default_process_limit = 50

anvil_rate_time_unit = 60s
anvil_status_update_time = 600s

append_at_myorigin = yes
append_dot_mydomain = no

# Client restrictions : which clients postfix will accept in SMTP connections
# Allowing LAN users, SASL authenticated users# Else, RBL checks against the client. If client is listed, the SMTP connection is discarded and is not going to the next step (MAIL FROM).
smtpd_client_restrictions =
permit_mynetworks
# permit_sasl_authenticated required, without that, the remote client would be checked against the RBL
# If listed in the RBL, your trusted client would not be able to send using SMTP AUTH !
permit_sasl_authenticated
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client list.dsbl.org

# Sender restrictions : what postfix will accept in MAIL FROM command
# Reject non FQDN email address from senders (as required by the RFC)
smtpd_sender_restrictions =
reject_non_fqdn_sender

# Recipient restrictions : what postfix will accept in the RCPT TO command
# Relay : will allow users on the LAN, SASL authenticated users.
# Will reject anything else unless "RCPT TO" matches relay_domains or Postfix is the final destination
smtpd_recipient_restrictions =
permit_mynetworks
# allow SMTP authenticated users
permit_sasl_authenticated
reject_unauth_destination

# The following is needed for any setting that uses the proxy:mysql scheme
proxy_read_maps =
$virtual_alias_maps
$virtual_mailbox_maps
$virtual_mailbox_domains
$virtual_mailbox_limit_maps

# MySQL + virtual mailboxes + quota
virtual_mailbox_base = /var/spool/maildirs
virtual_mailbox_maps = proxy:mysql:/etc/postfix/vmailsql/vmailbox
virtual_mailbox_domains = proxy:mysql:/etc/postfix/vmailsql/vdomain
virtual_alias_maps = proxy:mysql:/etc/postfix/vmailsql/valias
# transport_maps used for autoreply/vacation system and DSPAM retrain
# virtual_transport for regular virtual domains
transport_maps = hash:/etc/postfix/transport
virtual_transport = virtual
# IMPORTANT uid and gid 1001 = vmail
virtual_minimum_uid = 1001
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
local_recipient_maps = $virtual_mailbox_maps
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
# virtual_mailbox_limit is the very maximum quota the system should allow (here around 1 Gb)
virtual_mailbox_limit = 1048576000
# virtual_mailbox_limit_maps will check the actual quota for the mailbox
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/vmailsql/quota
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "This account is over quota"
virtual_overquota_bounce = yes

# SMTP AUTH
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

# Postfix TLS
# Always put "smtpd_tls_auth_only = yes" on smtps interface in master.cf
smtpd_tls_auth_only = no
# smtp_use_tls = no : the server won't establish a TLS connection with remote servers offering STARTTLS
smtp_use_tls = yes
# smtpd_use_tls = no : doesn't offer STARTTLS to remote servers
smtpd_use_tls = yes
# smtp_tls_note_starttls_offer : if set to yes, will log the STARTTLS offer made to remote servers
smtp_tls_note_starttls_offer = no
smtpd_tls_cert_file = /etc/ssl/foo.com/smtp/smtp-cert.pem
smtpd_tls_key_file = /etc/ssl/foo.com/smtp/smtp-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# We do NOT deliver emails to local users in this set up, leave this blank
alias_database =
alias_maps =
and here's postfix/master.cf
Quote:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
-o content_filter=lmtp:unix:/var/run/dspam/dspam.sock
-o header_checks=regexp:/etc/postfix/header_checks
#smtp inet n - n - - smtpd
# -o content_filter=signature
# SMTPS only available for remote users using SMTP AUTH
smtps inet n - n - 10 smtpd
-o content_filter=signature
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes
-o smtpd_helo_restrictions=permit_mynetworks,reject_n on_fqdn_hostname
-o smtpd_client_connection_count_limit=5
-o smtpd_client_connection_rate_limit=5
# DSPAM will reinject emails into Postfix using this interface, will then pipe the reinjected email into procmail check (clamassassin)
localhost:10026 inet n - n - - smtpd
-o content_filter=procmail
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# Procmail for virus scan
# For flags meaning, see "man 8 pipe"
procmail unix - n n - 10 pipe
flags=Rq user=filter argv=/usr/bin/procmail -Y -m /etc/postfix/procmail/master.rc ${sender} ${recipient}
# Signature/Disclaimer
signature unix - n n - - pipe
flags=Rq user=filter argv=/etc/postfix/signature/disclaimer.sh -f ${sender} -- ${recipient}
# DSPAM Retrain (do not forget to edit /etc/postfix/transport)
dspam-retrain unix - n n - 10 pipe
flags=Ru user=dspam argv=/usr/bin/dspam-retrain $nexthop $sender $recipient
# Autoreply
vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
netstat -tap
Quote:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 18005/dovecot
tcp 0 0 *op3s *:* LISTEN 18005/dovecot
tcp 0 0 localhost:10026 *:* LISTEN 28217/master
tcp 0 0 localhost:mysql *:* LISTEN 27449/mysqld
tcp 0 0 *op3 *:* LISTEN 18005/dovecot
tcp 0 0 *:imap2 *:* LISTEN 18005/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1960/portmap
tcp 0 0 *:ssmtp *:* LISTEN 28217/master
tcp 0 0 *:auth *:* LISTEN 2446/inetd
tcp 0 0 *:smtp *:* LISTEN 28217/master
tcp 0 0 *:43804 *:* LISTEN 2489/rpc.statd
tcp 0 0 mail.fovideo.be:imap2 82-212-178-139.te:59113 ESTABLISHED28232/imap
tcp6 0 0 *:www *:* LISTEN 27211/apache2
tcp6 0 0 *:ssh *:* LISTEN 2470/sshd
on the foo.com I have iptables rules like this..
Quote:
:PREROUTING ACCEPT [1:90]
:POSTROUTING ACCEPT [1:78]
:OUTPUT ACCEPT [2:154]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 465 -j DNAT --to-destination 192.168.1.165:465
-A PREROUTING -i eth1 -p tcp -m tcp --dport 995 -j DNAT --to-destination 192.168.1.165:995
-A PREROUTING -i eth1 -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.1.165:993
-A PREROUTING -i eth1 -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.1.165:110
-A PREROUTING -i eth1 -p tcp -m tcp --dport 143 -j DNAT --to-destination 192.168.1.165:143
-A PREROUTING -i eth1 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.165:25
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
someone have an idea?

when I try to send a message from another network server with telnet i have this error in the log

status=deferred (delivery temporarily suspended: connect to mx.fovideo.be[85.201.16.211]: Connection timed out)

Last edited by nmy; 25th October 2008 at 15:37.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
procmail can't write Hellbound General 27 8th June 2009 21:51
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Problem with dcc-client installation (Postfix) swap-as Installation/Configuration 9 18th September 2008 20:47
Postfix problem: lost connection after CONNECT from unknown fernando_torrez Server Operation 5 30th November 2007 14:17
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16


All times are GMT +2. The time now is 03:50.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.