Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th January 2009, 11:31
warlock warlock is offline
Member
 
Join Date: Nov 2008
Posts: 93
Thanks: 1
Thanked 6 Times in 4 Posts
Default NOQUEUE: reject: Relay Access Denied & loops back to myself

Hi Guys I need urgent help, I made a change to my config files and now mail is not being delivered I get the following 2 messages

Code:
postfix/smtpd[11644]: NOQUEUE: reject: RCPT from bay0-omc2-s32.bay0.hotmail.com[65.54.246.168]: 554 5.7.1 <rolf@xxxxx.co.za>: Relay access denied; from=<rolfxxxxx@hotmail.com> to=<rolf@xxxxx.co.za> proto=ESMTP helo=<bay0-omc2-s32.bay0.hotmail.com>
and


Code:
postfix/smtp[11172]: 4B619B1440C: to=<rolf@xxxxx.co.za>, relay=mail.xxxxx.co.za[196.213.164.26]:25, delay=0.15, delays=0.06/0/0.09/0, dsn=5.4.6, status=bounced (mail for xxxxx.co.za loops back to myself
the xxxxx represent the same domain name.

these are my config files, I install Amavis-new, clamav, spamassasin, and Maia MailGaurd. It's been running fine for that past 3 weeks, last week I was doing a compare of my files to ISPConfig3 to do with another issue I have there and I think I made a change to worng server. If it's an easy fix cool if not I have no problem setting my server back to default ISPConfig and scraping the above programs as long as I can get it to work.

master.cf
Code:
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

# This Part is for amavisd-new

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1
main.cf

Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = bigb.xxxxx.co.za
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = bigb.xxxxx.co.za, localhost.xxxxx.co.za, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
amavisd.conf
Code:
# Sample amavisd.conf file for Maia Mailguard 1.0

use strict;

$max_servers = 2;             # number of pre-forked children (2..15 is common)
$daemon_user  = 'amavis';     # (no default;  customary: vscan or amavis)
$daemon_group = 'amavis';     # (no default;  customary: vscan or amavis)

$sa_timeout = 60;             # give SpamAssassin time (in seconds) to do its work

$mydomain = 'xxxxx.co.za'; # a convenient default for other settings

$MYHOME   = '/var/amavisd';   # a convenient default for other settings
$TEMPBASE = "$MYHOME/tmp";    # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE;     # environment variable TMPDIR
#$QUARANTINEDIR = '/var/virusmails';

# Blowfish encryption key file (optional)
# NOTE: leave this commented out to disable encryption features
# $key_file = "$MYHOME/maia.key";

#$daemon_chroot_dir = $MYHOME;   # chroot directory or undef

 $db_home   = "$MYHOME/db";
# $helpers_home = "$MYHOME/var";  # prefer $MYHOME clean and owned by root?
# $pid_file  = "$MYHOME/var/amavisd.pid";
# $lock_file = "$MYHOME/var/amavisd.lock";
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually

# NOTE:  most _maps variables are depreciated in Maia, and may not work, since this
# should be defined in the web interface
#@local_domains_maps = ( [".$mydomain"] );
# @mynetworks = qw( 127.0.0.0/8 );

# Access control list - restricts the hosts allowed to connect to amavisd-maia
# NOTE: this setting is unnecessary for most installations, as amavisd-maia's
#       defaults are usually adequate.
# @inet_acl = qw( 127.0.0.1 );

$log_level = 2;              # verbosity 0..5
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$LOGFILE = "/var/log/amavis.log";
$DO_SYSLOG = 0;              # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # listen on this local TCP port(s) (see $protocol)

$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 5.0;  # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 256*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?
$sa_auto_whitelist = 0;      # turn on AWL in SA 2.63 or older (irrelevant
                             # for SA 3.0, cf option is 'use_auto_whitelist')

# Database connection string
@lookup_sql_dsn = ( ['DBI:mysql:maia:localhost', 'amavis', 'Passwd'] );

$virus_admin               = undef;  # notifications recip.
$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

@addr_extension_virus_maps      = ('virus');
@addr_extension_spam_maps       = ('spam');
@addr_extension_banned_maps     = ('banned');
@addr_extension_bad_header_maps = ('badh');
# $recipient_delimiter = '+';  # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
$recipient_delimiter = undef;

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file        = '/usr/bin/file';   # file(1) utility; use recent versions
$gzip        = 'gzip';
$bzip2       = 'bzip2';
$lzop        = 'lzop';
$rpm2cpio    = ['rpm2cpio.pl','rpm2cpio'];
$cabextract  = 'cabextract';
$uncompress  = ['uncompress', 'gzip -d', 'zcat'];
#$unfreeze    = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc         = ['nomarch', 'arc'];
$unarj       = ['arj', 'unarj'];
$unrar      = ['rar', 'unrar'];
$zoo         = 'zoo';
$lha         = 'lha';
$cpio        = ['gcpio','cpio'];
$ar          = 'ar';
#$dspam       = 'dspam';
$pax         = 'pax';
$ripole      = 'ripole';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 1;  # MIME-wrap passed mail containing banned name

$myhostname = 'mail.xxxxx.co.za';  # must be a fully-qualified domain name!

$notify_method  = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';

$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_DISCARD;
$final_spam_destiny       = D_DISCARD;
$final_bad_header_destiny = D_DISCARD;
$warnvirussender = 0;
$warnspamsender = 0;

$X_HEADER_TAG = 'X-Virus-Scanned';
$X_HEADER_LINE = "Maia Mailguard 1.0.2a";

@viruses_that_fake_sender_maps = (new_RE(
  [qr'\bEICAR\b'i => 0],            # av test pattern name
  [qr'^(WM97|OF97|Joke\.)'i => 0],  # adjust names to match your AV scanner
  [qr/.*/ => 1],  # true for everything else
));

@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',     # don't trust Archive::Zip
));

$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

  # block certain double extensions anywhere in the base name
  qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

# qr'[{}]',      # curly braces in names (serve as Class ID extensions - CLSID)

  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,
  qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types

# [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any type in Unix-compressed
# [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any type in Unix archives
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any type within such archives

# qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
  qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|exe|fxp|hlp|hta|inf|ins|isp|
         js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|ops|pcd|pif|prg|
         reg|scr|sct|shb|shs|vb|vbe|vbs|wsc|wsf|wsh)$'ix,  # banned ext - long

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.

  qr'^\.(exe-ms)$',                       # banned file(1) types
  qr'^\.(exe|lha|cab|dll)$',              # banned file(1) types
);

@score_sender_maps = ({});  # should be empty if using Maia Mailguard

# See https://secure.renaissoft.com/maia/wiki/VirusScannerConfig
# for more virus scanner definitions.
@av_scanners = (

### http://www.clamav.net/
['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# NOTE: run clamd under the same user as amavisd;  match the socket
# name (LocalSocket) in clamav.conf to the socket name in this entry
# When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],

);

# See http://www.maiamailguard.com/maia/wiki/VirusScannerConfig
# for more virus scanner definitions.
@av_scanners_backup = (

### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
    "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

);

1;  # insure a defined return
netstat -tap
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost.localad:10024 *:*                     LISTEN      13178/amavisd (mast
tcp        0      0 *:mysql                 *:*                     LISTEN      5002/mysqld
tcp        0      0 localhost.localad:spamd *:*                     LISTEN      5065/spamd.pid
tcp        0      0 *:www                   *:*                     LISTEN      6297/apache2
tcp        0      0 *:81                    *:*                     LISTEN      6071/ispconfig_http
tcp        0      0 *:ssh                   *:*                     LISTEN      4873/sshd
tcp        0      0 *:smtp                  *:*                     LISTEN      11152/master
tcp        0      0 *:https                 *:*                     LISTEN      6297/apache2
tcp        0      0 bigb.xxxxx.co.za:ssh    MOM:1962                ESTABLISHED 7084/sshd: barts [p
tcp        0      0 bigb.xxxxx.co.za:smtp   outmail005.ash1.t:18480 TIME_WAIT   -
tcp        0    148 bigb.xxxxx.co.za:ssh    MOM:1914                ESTABLISHED 6757/sshd: barts [p
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      5693/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      5731/couriertcpd
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      5709/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      5671/couriertcpd
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      6451/proftpd: (acce
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      4873/sshd
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN      11152/master
tcp6       0      0 bigb.xxxxx.co.za:52887  72.5.124.55%1255454:www ESTABLISHED 5802/java
Please remember the mail always used to work

Last edited by warlock; 19th January 2009 at 13:36.
Reply With Quote
Sponsored Links
  #2  
Old 19th January 2009, 13:10
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,573
Thanks: 792
Thanked 4,980 Times in 3,901 Posts
Default

Add xxxxx.co.za at the end of the /etc/postfix/local-host-names file and restart postfix.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 19th January 2009, 13:29
warlock warlock is offline
Member
 
Join Date: Nov 2008
Posts: 93
Thanks: 1
Thanked 6 Times in 4 Posts
Default

Hi Till,

the domain, actaully all the domains are in there, but I am still getting the error
Reply With Quote
  #4  
Old 19th January 2009, 13:34
warlock warlock is offline
Member
 
Join Date: Nov 2008
Posts: 93
Thanks: 1
Thanked 6 Times in 4 Posts
Default

More info

If I send an email to web3_username@servernamr.FQDN the mail get's delivered and I can retrieve it

I have also just noticed that bind is not working, the service has failed and will not start, we don't use it as we use external DNS servers but would this have an effect on postfix ?

Last edited by warlock; 19th January 2009 at 13:39.
Reply With Quote
  #5  
Old 19th January 2009, 13:38
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,573
Thanks: 792
Thanked 4,980 Times in 3,901 Posts
Default

Which ISPConfig version do you have installed? You wrote above that you use ispconfig 3, but ISPConfig 3 does not have mail users in the form web3_username.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 19th January 2009, 13:43
warlock warlock is offline
Member
 
Join Date: Nov 2008
Posts: 93
Thanks: 1
Thanked 6 Times in 4 Posts
Default

I have another post open about v3 and mail issue, I use v2 for live, the problem I have on this thead is for v2. it runs on ubuntu 8.10
Reply With Quote
  #7  
Old 19th January 2009, 13:47
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,573
Thanks: 792
Thanked 4,980 Times in 3,901 Posts
Default

And you had not tried to install ispconfig 3 on that server before? Because both versions are completely incompatible and you wont get a working mail system in this case.

Also ISPConfig 2 does not use amavisd for spam filtering, it filters with spamassassin and procmail.

If this is really a ispconfig 2 system, then the following 2 lines are missing in main.cf:

virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
kassie (29th April 2009)
  #8  
Old 19th January 2009, 14:06
warlock warlock is offline
Member
 
Join Date: Nov 2008
Posts: 93
Thanks: 1
Thanked 6 Times in 4 Posts
 
Default

Till........ you are da Man !!!!!!!!

it def is a v2

I added these 2 lines :
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names


and the emails are now going through, I shall keep an eye out on the log's

Thanx again and excellent service for a free product
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix: 554 5.7.1 Relay access denied Crog Server Operation 4 26th March 2010 14:19
ISP Config hesitation when opening web pages frankb Installation/Configuration 7 15th December 2008 13:06
Securing Postfix? VanDaMe Server Operation 24 9th December 2008 06:23
Relay Access Denied, Outlook (Ubuntu Server) wurzel Server Operation 2 25th June 2008 21:46
Questions in regards to ISP-Server Setup - Ubuntu 5.10 "Breezy Badger" rbrantley HOWTO-Related Questions 16 10th April 2006 18:26


All times are GMT +2. The time now is 21:38.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.