Navigation

dumb-medic · #1 11th January 2006, 15:49

Hi,

got this in var/log/mail:

Jan 11 16:16:43 www postfix/smtpd[11550]: connect from mail.gmx.net[213.165.64.21]
Jan 11 16:16:43 www postfix/smtpd[11550]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead
Jan 11 16:16:43 www postfix/smtpd[11550]: 637801E148: client=mail.gmx.net[213.165.64.21]
Jan 11 16:16:43 www postfix/cleanup[11553]: 637801E148: message-id=<16151.1136988890@www12.gmx.net>
Jan 11 16:16:43 www postfix/qmgr[4467]: 637801E148: from=<sendingclient@gmx.net>, size=886, nrcpt=1 (queue active)
Jan 11 16:16:43 www postfix/qmgr[4467]: 637801E148: to=<web4_test@mail.mydomain.tld>, orig_to=<web4_test@mydomain.tld>, relay=none, delay=0, status=deferred (delivery temporarily suspended: connect to mydomain.tld[x.x.x.x]: Connection refused)
Jan 11 16:16:43 www postfix/smtpd[11550]: disconnect from mail.gmx.net[213.165.64.21]

regards,
dumb-medic

till · #2 11th January 2006, 17:03

Does the website for www.mydomain.tld has an co-domain mydomain.tld where the host field is empty? If not, create the co-domain.

Is mydomain.tld in the file /etc/postfix/local-host-names ?

dumb-medic · #3 11th January 2006, 17:58

hi till,

yep, mydomain.tld is a co-domain without <host> on ip 192.168.x.x

cat of /etc/postfix/local-host-names (exactly, only fqdn changed)

###################################
#
# ISPConfig local-host-names Configuration File
# Version 1.0
#
###################################
localhost
www.mydomain.tld
localhost.www.mydomain.tld
localhost.mydomain.tld
www.myseconddomain.tld
mydomain.tld
#### MAKE MANUAL ENTRIES BELOW THIS LINE!

for info:
mydomain.tld is bound to a fw which is masq. to 192.168..x.x
but telnet mydomain.tld 25 (or www.mydomain.tld or mail.mydomain.tld) always get through, but i don't think that here's soemthing wrong, i would not be able to send mails if so.

please have a look at this:
zonefile:
$TTL 86400
@ IN SOA ns.somedomain.tld. admin.mydomain.tld. (
2006011001 ; serial, todays date + todays serial #
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;
NS ns.somedomain.tld. ; Inet Address of name server 1
NS mydomain.tld. ; Inet Address of name server 2
;

mail MX 10 mydomain.tld.

mydomain.tld. A x.x.x.x
mydomain.tld A x.x.x.x
mail A x.x.x.x
www A x.x.x.x

;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;;

wondering why "mydomain.tld" is listed twice, only difference is the dot after the first listed mydomain.tld
could be the problem?
i've had problems setting up dns (zonefiles werde edited manually), but i thought it was fixed because of 100% functionality...

regards,
dumb-medic

falko · #4 11th January 2006, 19:16

Do

Code:

dig mydomain.tld

and

Code:

dig MX mydomain.tld

show the correct values?

dumb-medic · #5 11th January 2006, 20:44

looks ok to me:
# dig mydomain.at
; <<>> DiG 9.2.4 <<>> mydomain.at
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30748
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mydomain.at. IN A

;; ANSWER SECTION:
mydomain.tld. 86400 IN A 212.69.161.236

;; AUTHORITY SECTION:dig mydomain.at
mydomain.tld. 86400 IN NS ns.sonedomain.tld.
mydomain.tld. 86400 IN NS mydomain.tld.

;; ADDITIONAL SECTION:
ns.sonedomain.tld. 86400 IN A x.x.x.x
mydomain.tld. 86400 IN A x.x.x.x

;; Query time: 15 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Wed Jan 11 21:29:40 2006
;; MSG SIZE rcvd: 121

# dig mx mydomain.tld
; <<>> DiG 9.2.4 <<>> mx mydomain.tld
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32964
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomain.tld. IN MX

;; AUTHORITY SECTION:
mydomain.tld. 86400 IN SOA ns.somedomain.tld. admin.mydomain.tld. 2006011001 28800 7200 604800 86400

;; Query time: 15 msec
;; SERVER: 216.200.116.12#53(216.200.116.12)
;; WHEN: Wed Jan 11 21:39:21 2006
;; MSG SIZE rcvd: 87

regards,
dumb-medic

dumb-medic · #6 11th January 2006, 20:45

take tld as at ;-)

falko · #7 12th January 2006, 01:46

Looks ok, however you should consider creating an MX record for your domain.

Please post the output of

Code:

netstat -tap

Also, what's the value of inet_interfaces in /etc/postfix/main.cf?

dumb-medic · #8 12th January 2006, 09:53

netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 3643/mysqld
tcp 0 0 *:netbios-ssn *:* LISTEN 3974/smbd
tcp 0 0 *:5901 *:* LISTEN 4212/xinetd
tcp 0 0 *:sunrpc *:* LISTEN 3419/portmap
tcp 0 0 *:hosts2-ns *:* LISTEN 4306/ispconfig_http
tcp 0 0 *:ftp *:* LISTEN 4586/proftpd: (acce
tcp 0 0 192.168.x.x:domain *:* LISTEN 4525/named
tcp 0 0 www.mydomain.a:domain *:* LISTEN 4525/named
tcp 0 0 localhost:domain *:* LISTEN 4525/named
tcp 0 0 *:ipp *:* LISTEN 3917/cupsd
tcp 0 0 *:smtp *:* LISTEN 18602/master
tcp 0 0 localhost:953 *:* LISTEN 4525/named
tcp 0 0 localhost:6010 *:* LISTEN 27991/3
tcp 0 0 *:microsoft-ds *:* LISTEN 3974/smbd
tcp 0 0 *:imaps *:* LISTEN 3741/couriertcpd
tcp 0 0 *

op3s *:* LISTEN 3701/couriertcpd
tcp 0 0 *

op3 *:* LISTEN 3697/couriertcpd
tcp 0 0 *:imap *:* LISTEN 3747/couriertcpd
tcp 0 0 *:www-http *:* LISTEN 4378/httpd2-prefork
tcp 0 0 *:ssh *:* LISTEN 3605/sshd
tcp 0 0 *:smtp *:* LISTEN 18602/master
tcp 0 0 localhost:953 *:* LISTEN 4525/named
tcp 0 0 localhost:6010 *:* LISTEN 27991/3
tcp 0 0 *:https *:* LISTEN 4378/httpd2-prefork
tcp 48 0 www.mydomain.tld:ssh 192.168.x.x:1046 ESTABLISHED 27991/3

Also, what's the value of inet_interfaces in /etc/postfix/main.cf?
inet_interfaces = all

complete file (skipped comments):

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
#virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = mail.$mydomain
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
#mydestination = $myhostname, localhost.$mydomain
defer_transports =
disable_dns_lookups = no
relayhost =
mailbox_command =
mailbox_transport =
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_ relay_domains
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
mydomain = mydomain.at
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names

regards,
dumb-medic

dumb-medic · #9 12th January 2006, 15:02

found out that on my ispconfig-machine a nslookup of mydomain.tld points to the official internet-ip,
this cannot be right i think, my firewall masquerades all traffic coming from the internet
to my lan-ip 192.168.x.x

if postfix tries to connect to mydomain.tld it is obviously connecting to my firewall.
to proof this i've captured via tethereal while sending a mail to mydomain.tld, and i am right:
Capturing on eth0 (ispconfig-machine)
0.000000 192.168.x.x -> x.x.x.x TCP 53916 > smtp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=98438570 TSER=0 WS=2
0.000191 x.x.x.x -> 192.168.x.x TCP smtp > 53916 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0

192.168.x.x is the ispconfig-machine.
x.x.x.x is my official ip, bound to the firewall.

i am slightly confused why postfix don't know that mydomain.tld == localhost?

regards,
dumb-medic