Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th February 2013, 05:37
fr0stsp1re fr0stsp1re is offline
Junior Member
 
Join Date: Dec 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Postfix issue. Need help please.

Hello all,

I am a n00b here so please forgive me if I sound a bit n00bish on these questions.

So I recently gave Microsoft products the boot and discovered free open source. Recently I ran across ISPConfig (which is awesome work to whomever the compliments are owed.) I went ahead and followed the perfect server tutorial using Ubuntu 12.04 and Apache2.

Everything was working fine for about 30 days. One day out of the blue I was not able to receive any incoming mail.

I sent into my domain e mails from yahoo,gmail and windows live mail. All of them bounced with an error. This was the error in the bounce message:

554 5.7.1 <mail-pb0-f53.google.com[209.85.160.53]>: Client host rejected: Access denied

So I went into my master.cf and commented out smtpd_client_restrictions=permit from this part of the configuration

submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING

That seemed to allow incoming mail but then I started getting an unusual error from yahoo and microsofts web mail. The bounce message read:

Remote host said: 530 5.7.0 Must issue a STARTTLS command first [MAIL_FROM]

So upon doing some research the only answer I could find was to switch off TLS in the main.cf by adding another line.

That works. But randomly. SOme messages will get in, others will bounce. I am using only my yahoo account to test it. It seems gmail woks fine.

I have no idea what is going on. Checking the mail.log I dont see anything in there other than the same error messages that I am finding in the bounce e mail headers. Can anyone be of help?

Here is the output of postconf -n

alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = masterblaster.atomiccomputerservice.com, localhost, localhost.localdomain
myhostname = masterblaster.atomiccomputerservice.com
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
owner_request_special = no
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_message_rate_limit = 100
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_security_level = none
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = no
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1


Also I noticed that when I commented out the line in my master.cf I now get a unused parameter warning when I restart the service.

Thanks!

Oh yeah, I also checked to see if I was blacklisted and no my server and domain are not listed. DNS seems to resolve ok too. Dig shows proper MX record for my server.
Reply With Quote
Sponsored Links
  #2  
Old 7th February 2013, 23:47
fr0stsp1re fr0stsp1re is offline
Junior Member
 
Join Date: Dec 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Anyone have any ideas?

This is driving me batty. None of it makes sense as some mail gets in, others do not. I can send into my network 10 e mails from the same address and some will get in others will not so it is not a domain thing. tried gmail, yahoo, msn, aol. Same results with all of them.
Reply With Quote
  #3  
Old 9th February 2013, 08:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,716 Times in 2,558 Posts
Default

Is there anything in the mail_access table in the ISPConfig database?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 9th February 2013, 09:36
fr0stsp1re fr0stsp1re is offline
Junior Member
 
Join Date: Dec 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Is there anything in the mail_access table in the ISPConfig database?
The table is empty.

I set smtpd_tls_security_level to "may" and things seem to be working fine for the moment. However everything was running great and I did not have to change anything at all.
Reply With Quote
  #5  
Old 9th February 2013, 15:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,716 Times in 2,558 Posts
Default

Quote:
Originally Posted by fr0stsp1re View Post
I set smtpd_tls_security_level to "may"
AFAIK, this is the default setting. Did you or anyone else modify it?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 11th February 2013, 00:26
fr0stsp1re fr0stsp1re is offline
Junior Member
 
Join Date: Dec 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Quote:
Originally Posted by falko View Post
AFAIK, this is the default setting. Did you or anyone else modify it?
No I did not. Mine was set to encrypt by default. I figure it was forcing TLS on servers trying to connect. It would seem that some servers out there still are not using TLS by default. So I set that to "May" and things seem to be working fine now. Not seeing anything in mail.log that is rejecting anything now.

I don't quite understand the ins and outs TLS as well as I should so correct me if my above statement is wrong and my configuration should be set another way.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How cai remove amavis from postfix ? gabrix Server Operation 16 2nd October 2012 09:58
Postfix SMTP Auth to Dovecot Not Working -- HELP! Scratchpad Server Operation 6 12th April 2011 13:29
ftp authentication fails fooboo Installation/Configuration 34 26th March 2010 14:04
421 Unexpected failure Lizard King Installation/Configuration 20 7th July 2009 20:43
postfix, pop3 uvbnserved Server Operation 22 24th May 2009 21:00


All times are GMT +2. The time now is 11:44.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.